In the Test Federation, please conduct connection tests of IdPs and SPs according to the following rules.
GakuNin Production Federation draws up administration standards in a separate document called “System Administration Standards for the GakuNin” (“System Administration Standards”).
Based on the “System Administration Standards”, the Rules of the Test Federation amends and mitigates standards in order to serve the Test Federation. Please read the following rules as well as the “System Administration Standards” of the Production Federation, and be aware of the differences.
GakuNin Academic Access Management Federation, Rules of the Test Federation (Ver 1.1)
1. The System of the Test Federation
The Test Federation utilizes each system listed below as a test environment,
independent from the production environment of the GakuNin Production Federation.
1.1) Metadata (the Test Federation Metadata)
Public URL: https://metadata.gakunin.nii.ac.jp/gakunin-test-metadata.xml
1.2) Certificate for Federation Metadata Signature
In the Test Federation, the following Signature Certificate is used:
Public URL: https://metadata.gakunin.nii.ac.jp/gakunin-test-signer-2020.cer
1.3) DS (Discover Service which is provided within the Test Federation)
1.4) Attribute Viewer Service
The Test Federation provides the following attribute viewer service.This is a
service that displays attribute values sent from the testing IdP.
Furthermore, the attribute information (including personal information such as
names and email addresses) which are exchanged between test SPs and IdPs
will be recorded in an access log and published on the Web for debugging
purposes. Therefore, please make sure to use dummy data for connection tests.
(*) In order to enable an IdP to conduct tests, ‘test-sp1’ and ‘test-sp3’
provide a function that displays a Shibbolized SP’s access log so that the
entity can check for errors on SP’s side.
1.5) IdP for connection test to SP
In order to enable an SP to conduct tests, following test IdP is provided to the
SP developer. Please contact GakuNin Office if you would like to use testing IDs.
Entity ID = “https://test-idp1.gakunin.nii.ac.jp/idp/shibboleth”
DisplayName in DS=“GakuNin Test IdP”
2. The Mitigation of the System Administration Standards
The following items are the subject of mitigated rules for the purposes of
An entity may conduct tests with various protocols as long as they do not affect
the Test Federation as a whole.
2.2) Attribute Information
An entity may use various attribute information as long as they do not affect the
Test Federation as a whole.
2.3) Trusted Certificate Authority
Regarding the certificates for XML signature or TLS mutual authentication,
an entity may use any certificates according to the system environment of each
In order to maintain the security of each Test-Federation participating entity,
an entity must comply with the following items stipulated in this section.
3.1) The Use of the Test Account
When using the Test Federation, please do so with a test account and attributes
prepared within an IdP. In cases where the use of real accounts or attributes is
inevitable,please ensure to use them with a full understanding of the associated
risks and at the entity’s own responsibility, and, if necessary, with an
agreement in advance among the participating entities. This is because the Test
Federation was developed and is operated on the assumption that each entity
only uses test accounts and attributes. Therefore, it is highly possible that it
lacks in the consideration necessary for using real accounts and attributes, and
thus, there may be risks such as personal information leak.
3.2) The Responsibility of Participating Organizations
The organizations that participate in the Test Federation shall not be liable for
damages incurred by connection tests, apart from damages caused by intent or
gross negligence. This rule, however, does not prevent an entity from making a
separate arrangement among the participating organizations regarding the
liability of connection tests.
Joining the Test Federation