The AAF operates two independent federation services, a Test Federation and a Production Federation. The AAF is the developer of the web application Federation Manager (FM) which they use for the management of these federations. 


The AAF utilises the Test Federation to evaluate FM patches, upgrades and configuration changes before deploying those modifications to the Production Federation. The Production Federation provides a high level of trust, high availability, and is only for the registration of production services. 

The Test Federation is available to subscribers to test the configuration of their Identity Providers or Services Providers. The Test Federation enables organisations to assess the technologies and services of the AAF and for developing and testing their services. The AAF Usage Policy applies to these services.

For all services, the AAF recommends that:

  • a service is only in one federation,

  • where feasible, a test instance of a Production service exists in the Test environment,

  • all installations, changes, upgrades and patches are first successful in the Test environment before modifications of the service in the Production environment.

Federation Differences

The Federation Manager Tool provides the administrative interface for managing each federation instance. Each federation has unique configuration items.

These configuration items include:

  • Federation Name,

  • Administrative user interface URLs,

  • Service end-point URLs,

  • certificates,

  • metadata

The following table lists the major technical components and details the differences between the Test and Production federations. 

Most of the AAF Test environment components will display either "AAF Test Environment" or "AAF -Test Federation Deployment"  prominently on their web user interface.

Component URLs



Federation Metadata file

eduGAIN Metadata file for interfederation

Federation Registry access

Discovery Service (WAYF)

Directs users to their home institution as part of the login process. Required by service providers in the shibboleth2.xml configuration file.

AAF Virtual Home Identity Provider

For users who require access but are not closely associated or affiliated to an organisation with an IdP.

Attribute Validator

Allows a user to view the attributes which can be released, and check for potential problems.

Note the differences in URL, for Production, the word 'test' is not in the domain name.


Who can use the Australian Access Federation

How do I access services in the AAF?

Joining the AAF

Test Federation

Production Federation