Versions Compared

Old Version 12

changes.mady.by.user Ioannis Kanakarakis

Saved on

compared with

New Version 13

changes.mady.by.user Ioannis Kanakarakis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The services are connected on the GÉANT AAI Service in two phases; first on the test environment and later on the production environment.

Phase 1 - Connection to the test environment.

Initially, services are connected to the test environment. The test environment is exactly the same as the production environment. The purpose of this step is to allow service owners to ensure that the connection with the GEANT AAI Service is working correctly, user information is processed as needed and all configurations are in place.

During this phase access to the service is restricted to users that have opted in to the "Sandbox" group. The first time that a user tries to access a service that is connected to the test environment the user will be presented with message denying access to the service, unless the user opts-in to join the Sandbox group. By clicking the registration link for the Sandbox group, the user will be redirected to register on the Sandbox group. From then on, users will see a warning about the status of the service on the Consent Page.

Phase 2 - Promotion to production.

Once the service owner is certain that the connection of the service with the GEANT AAI Service is working as expected, the service owner can request to promote the service to production.


The Test environment

Section

This environment is used to test the connection of services against the GÉANT AAI Service. Services ensure that they works correctly, in line with the policies and restrictions set by the GÉANT AAI Service.

The test environment is exactly the same as Production environment, but only a restricted group of people can access the connected services. This group is defined by the members of the Sandbox group.

In the test environment, services-owners ensure:

  • the connection between the service and the GÉANT AAI Service is properly established
  • the authentication flow is successful when connecting using the SAML or OpenID Connect protocols
  • the configuration of the service is stable and properly set
  • the service can correctly process the attributes and entitlements of users (see also Attributes available to Connected Services)


Section

Requirements to connect a service on the Test environment

See the Required fields for Service Registration for the requirements to connect a service to the Test environment.

The required fields in the service registration form are less strict for the Test environment. Only mandatory information for the service connection is needed. The reason is to be able to test the service even before all requirements are ready.


Section

How can a user become a member of the Sandbox group?

The first time a user tries to access a service that is connected to the Test environment, the user will get a message denying access to the service, unless the user joins the Sandbox group.

By clicking on the link that is presented for the Sandbox group, the user is directed to a registration page that allows to opt-in to the Sandbox group.

From then on, the user will see a warning about the status of the service status on the consent page.


Section

Transition to the Production environment

Your service is ready to be part of the Production environment when:

  • All required fields in the service form have been provided
  • Your service is tested and behaves as expected in the Test environment



The Production environment

Section

Once the service owner is certain that the connection of the service with the GÉANT AAI Service is fully working as expected, the service owner can request to promote the service to the Production environment.

Access on GÉANT AAI Service will be then reconfigured to allow access from all GÉANT users, or a subset of GÉANT users, as defined by the authorization policies set for the service. These policies and restrictions can be further discussed and configured with the help of the GÉANT Helpdesk team.


Section

Requirements to connect a service on the Production environment

See the Required fields for Service Registration for the requirements to connect a service to the Production environment.

The required fields in the service registration form are less strict for the Test environment. Only mandatory information for the service connection is needed. The reason is to be able to test the service even before all requirements are ready.

The requirements to connect to the production environment are stricter, and service-owners must ensure that their service meets all of them before requesting the promotion of the service to the production environment.