The AAF operates two independent federation services, a Test Federation and a Production Federation. The AAF is the developer of the web application Federation Registry (FR) which they use for the management of these federations.
The AAF utilises the Test Federation to evaluate FR patches, upgrades and configuration changes before deploying those modifications to the Production Federation. The Production Federation provides a high level of trust, high availability, and is only for the registration of production services.
The Test Federation is available to subscribers to test the configuration of their Identity Providers or Services Providers. The Test Federation enables organisations to assess the technologies and services of the AAF and for developing and testing their services. The AAF Usage Policy applies to these services.
For all services, the AAF recommends that:
a service is only in one federation,
where feasible, a test instance of a Production service exists in the Test environment,
all installations, changes, upgrades and patches are first successful in the Test environment before modifications of the service in the Production environment.
Federation Registry provides the administrative interface for managing each federation instance. Each federation has unique configuration items.
These configuration items include:
Administrative user interface URLs,
Service end-point URLs,
The following table lists the major technical components and details the differences between the Test and Production federations.
Most of the AAF Test environment components will display either "AAF Test Environment" or "AAF -Test Federation Deployment" prominently on their web user interface.
Federation Metadata file
eduGAIN Metadata file for interfederation
Federation Registry access
Discovery Service (WAYF)
Directs users to their home institution as part of the login process. Required by service providers in the shibboleth2.xml configuration file.
AAF Virtual Home Identity Provider
For users who require access but are not closely associated or affiliated to an organisation with an IdP.
Allows a user to view the attributes which can be released, and check for potential problems.
Note the differences in URL, for Production, the word 'test' is not in the domain name.