The services are connected on the GÉANT AAI Service in two phases; first on the test environment and later on the production environment.
Phase 1 - Connection to the test environment.
Initially, services are connected to the test environment. The test environment is exactly the same as the production environment. The purpose of this step is to allow service owners to ensure that the connection with the GEANT AAI Service is working correctly, user information is processed as needed and all configurations are in place.
During this phase access to the service is restricted to users that have opted in to the "Sandbox" group. The first time that a user tries to access a service that is connected to the test environment the user will be presented with message denying access to the service, unless the user opts-in to join the Sandbox group. By clicking the registration link for the Sandbox group, the user will be redirected to register on the Sandbox group. From then on, users will see a warning about the status of the service on the Consent Page.
Phase 2 - Promotion to production.
Once the service owner is certain that the connection of the service with the GEANT AAI Service is working as expected, the service owner can request to promote the service to production.
The Test environment
Section |
---|
This environment is used to test the connection of |
Testing environment
Section |
---|
Section |
---|
DescriptionThis is the initial environment for testing services against the GÉANT AAI Service to ensure the future connection works correctly.It is the same environment as Production services with . Services ensure that they works correctly, in line with the policies and restrictions set by the GÉANT AAI Service. The test environment is exactly the same as Production environment, but only a restricted group of people who can access the service (connected services. This group is defined by the members of the Sandbox group - go to 1.2.). In this the test environment, services-owners ensure: - the connection between the service and the GÉANT AAI Service is properly established
- the authentication flow is successful when connecting using the SAML or OpenID Connect protocols
- the configuration of the service is stable and properly set
- the service can correctly process the attributes and entitlements of users (see also Attributes available to Connected Services)
Section |
---|
Requirements to connect a service on the Test environmentSee the Required fields for Service Registration for the requirements to connect a service to the Test environment. The required fields in the service registration form are less strict for the Test environment. Only mandatory information for the service connection is needed. The reason is to be able to test the service even before all requirements are ready. |
Section |
---|
How can a user | you can test:- The authentication flow while connecting your service using SAML or OIDC protocol
- Configuration of your new service
- Processing user's attributes (userID, username, name, email, affiliation) and entitlements (groups the user is part of)
Section |
---|
How to become a member of the Sandbox Groupgroup?The first time a user tries to access a service that is While accessing the service connected to the Test environment for the first timeenvironment, the user will get a message denying access to the service (, unless the user is already a member of joins the Sandbox group). As part of this message, there is a registration link for registering into By clicking on the link that is presented for the Sandbox group, the user is directed to a registration page that allows to opt-in to the Sandbox group. From then on, users the user will see a warning about the status of the service status on the Consent Page consent page. |
Section |
---|
RequirementsThe required fields in the registration form are less strict for the Testing environment. As you can find here: Required fields for Service Registration (Test environment column) Only mandatory information for the service connection is needed. The reason is to be able to test the service even before all requirements are ready. Section |
---|
Ready to go to the Transition to the Production environmentYour service is ready to be part of the Production environment when: - All requirements have been met - Requirements for Services
- Your service is working well in the Testing environment
- All Required required fields in the service form were provided - have been provided (Production environment column)
- for the requirements to transition to the production environment
- Your service is tested and behaves as expected in the Test environment
|
|
...
The Production environment
Section |
---|
Section |
---|
DescriptionOnce the service owner is sure that the connection of the service with the GÉANT AAI Service is working as expected, the service owner can request to promote the service to the Production environment. Access to the service will be then re-configured in the GÉANT AAI Service to allow access to all GÉANT users or a subset of GÉANT users defined by their entitlements. This restriction can be further discussed and configured with a help of the GÉANT support team - help@geant.org All users accessing the production service have to go through registration to consent to the GÉANT AAI Service Acceptable Use Policy.
|
Section |
---|
RequirementsThe requirements for the production service are more strict, and you should be sure that they have all been met before requesting the promotion of the service to the production environment. Please check these pages: |
|
...