The AAF provides two complementary technical Federations, a TestFederation and a Production Federation.
The AAF Production Federation provides a high level of trust, high availability and is only for the registration of production services. The AAF Test Federation is provided to enable organisations to assess the technologies of the AAF and for software development and testing.
Policy on the use of each federation can be found here:AAF Usage Policy
The two federations operate completely independently. The AAF Test federation is just that a test environment that is used by the AAF to test patches and upgrades before applying to Production. Similarly the test environment can be used be subscribers to test their Identity Providers and Services before migration to production.
The AAF recommends
- Each IdP and SP be registered in only one federation at any time
- Where feasible, a test version of all Production IdPs and SPs be deployed into the AAF Test environment
- All installations, changes, upgrades and patches be successfully performed in the AAF Test environment before changing the production environment.
Having two independent federations requires that they will have different addresses, names, certificates, metadata etc., which will create subtle differences in the configuration of the various components. The major difference will be in the URLs used to reference various components. In general, the test federation will use the domain 'test.aaf.edu.au' while production will use 'aaf.edu.au'. (The word 'test' is removed from the domain).
The following tables provide a list of major technical components detailing the differences between the Test and Production federations.
Most of the AAF Test environment components will display either "AAF Test Environment" or "AAF -Test Federation Deployment" prominently on their web user interface.
|Metadata Files||Federation Metadata||Federation Metadata|
|Discovery Service (WAYF)|
Directs users to their home institution as part of the login process. Required by service providers in the shibboleth2.xml configuration file.
AAF Virtual Home
Identity Provider for users who require access but are not closely associated with an organisation with an IdP.
Attribute ValidatorAllow you to see your own attributes and check for potential problems.