Release-check
Released attributes from IdP
Instructions
This test service is a replacement for sp.swamid.se with extended functionality. All tabs does different tests.
Click on the green button to see what attributes your Identity Provider releases. If you want to test an Identity Provider that is registered in the SWAMID test federation please use the the outlined button in the upper right corner.
Description of all test avaiable in the SWAMID identity federation test suite:
- The Attributes tab shows all attributes the service release to the entityId https://release-check.swamid.se/shibboleth. The entityId uses all entity categories used in SWAMID including Géant Data Protection Code of Conduct and all SWAMID Best Practice attributes.
- The Entity category tab does an exetensive testing of that an Identity Provider follows SWAMID Best Practice attribute release via entity categories.
- The MFA tab checks if an Identity Provider is correctly configured for handling request for multi-factor login as expected by SWAMID.
- The Ladok tab verifies if the Identity Provider release the right attributes to the Swedish student information system Ladok.
SWAMID Best Practice Attribute Release check
Instructions
In order for SWAMID to work as effectively as possible for students and employees as well as for service providers and identity providers, SWAMID recommends that service providers use entity categories to get the attributes that they require.
In order for services within the SWAMID federation to work as effectively as possible, SWAMID recommends the use of entity categories. Entity categories benefits not only students and employees but also administrators of relying and identity providers by providing a stable framework for the release of attributes.
During autumn 2019, SWAMID has updated its entity category recommendations and these will be implemented in our production environment during 2020 and 2021.
This service is designed to help administrators of identity providers verify that their IdP follows the new recommendations.
SWAMID’s current recommendations for attribute release are available at https://wiki.sunet.se/display/SWAMID/SAML+WebSSO+Service+Provider+Best+Current+Practice.
Example configuration for Shibboleth can be found in the section entitled “Example of metadata configuration, attribute resolvers and attribute filters” on the following wiki page https://wiki.sunet.se/display/SWAMID/SAML+WebSSO+Identity+Provider+Best+Current+Practice.
The SWAMID best practice attribute release check consists of the following tests:
- Test 1 - The IDP should NOT release any attributes if no entity category is requested
- Test 2 - The IDP SHOULD release name, email and eduPersonPrincipalName is the requested entity category is Refeds R&S
- Test 3 - The IdP SHOULD release some requested attributes in accordance with Géant Code of Conduct (CoCo) (from a SWAMID-based service provider)
- Test 4 - The IdP SHOULD release some other requested attributes in accordance with Géant Code of Conduct (CoCo) (from a SWAMID service provider)
- Test 5 - The IdP should NOT release a Swedish civic number (personnummer) in accordance with Géant Code of Conduct (CoCo) (from a non-SWAMID service provider)
For further information on how personal data is processed in SWAMID Best Practice Attribute Release check see https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy
Instructions
Coming soon
Until then use mfa-check.swamid.se
SWAMID Best Practice Attribute Release check
Instructions
Ladok uses the entity category GÉANT Dataprotection Code of Conduct for release of attributes from the user's identity provider to Ladok. This test verifies that all required attributes for Ladok are released during login.