Introduction

The AAF operates two independent federation services, a Test Federation and a Production Federation. The AAF is the developer of the web application Federation Registry (FR) which they use for the management of these federations. 


Details

The AAF utilises the Test Federation to evaluate FR patches, upgrades and configuration changes before deploying those modifications to the Production Federation. The Production Federation provides a high level of trust, high availability, and is only for the registration of production services. 


The Test Federation is available to subscribers to test the configuration of their Identity Providers or Services Providers. The Test Federation enables organisations to assess the technologies and services of the AAF and for developing and testing their services. The AAF Usage Policy applies to these services.


For all services, the AAF recommends that:

  • a service is only in one federation,

  • where feasible, a test instance of a Production service exists in the Test environment,

  • all installations, changes, upgrades and patches are first successful in the Test environment before modifications of the service in the Production environment.

Federation Differences

Federation Registry provides the administrative interface for managing each federation instance. Each federation has unique configuration items.


These configuration items include:

  • Name,

  • Administrative user interface URLs,

  • Service end-point URLs,

  • certificates,

  • metadata


The following table lists the major technical components and details the differences between the Test and Production federations. 


Most of the AAF Test environment components will display either "AAF Test Environment" or "AAF -Test Federation Deployment"  prominently on their web user interface.


Component URLs

Test

Production

Federation Metadata file

https://md.test.aaf.edu.au/aaf-test-metadata.xml

https://md.aaf.edu.au/aaf-metadata.xml

eduGAIN Metadata file for interfederation

https://md.test.aaf.edu.au/aaf-edugain-test-metadata.xml

https://md.aaf.edu.au/aaf-edugain-metadata.xml

Federation Registry access

https://manager.test.aaf.edu.au/federationregistry

https://manager.aaf.edu.au/federationregistry

Discovery Service (WAYF)


Directs users to their home institution as part of the login process. Required by service providers in the shibboleth2.xml configuration file.

https://ds.test.aaf.edu.au/discovery

https://ds.aaf.edu.au/discovery

AAF Virtual Home Identity Provider


For users who require access but are not closely associated or affiliated to an organisation with an IdP. 

https://vho.test.aaf.edu.au

https://vho.aaf.edu.au

Attribute Validator

Allows a user to view the attributes which can be released, and check for potential problems.

https://validator.test.aaf.edu.au

https://validator.aaf.edu.au


Note the differences in URL, for Production, the word 'test' is not in the domain name.


Links

Who can use the Australian Access Federation

How do I access services in the AAF?

Joining the AAF