Using ProtectNetwork to test your SP

(NB: The UK federation now has its own test IdP and test accounts configured to release a range of attributes)

ProtectNetwork offer an open-access IdP within the UK federation that can be used to test your SP's deployment. Your SP must already be registered in the UK federation, and you will need to sign up for a free End User Account to take advantage of ProtectNetwork's IdP. Using ProtectNetwork to test your SP without registering it in the UK federation is outside the scope of this document.

Please note that the ProtectNetwork IdP has no SAML1 Attribute Authority, and so cannot be used to test the back-channel attribute queries from your SP.

  1. Fill out the End User Account registration form on this page to request a ProtectNetwork UserID
  2. Check your email inbox for an automatically-generated registration email and follow the instructions in that email.
  3. You should now have a ProtectNetwork End User Account.

Testing your SP

  1. Attempt to log into your SP using federated access.
  2. At the Discovery Service Page, select ProtectNetwork.
  3. Log in with your ProtectNetwork credentials.

You will be able to view the credentials received by your SP in your SP's logs. If this does not work, you can check what credentials are being passed by ProtectNetwork (sign in to your ProtectNetwork End User Account and view the "visited sites" section). You can also test that the ProtectNetwork credentials are being passed correctly by using the UK federation's test SP in step 1 (above).

ProtectNetwork's attribute release policy

ProtectNetwork releases eduPersonTargetedID and a few other attributes by default. You can find the ProtectNetwork attribute release policy here. Please note that the documentation implies that eduPersonScopedAffiliation is not released by default, but tests on Friday 13 April 2012 show that it is released.

If you want to test your SP by releasing additional attributes you will need an Administrator Account, which is available on a 30-day free trial. Registering and setting up the account to release additional attributes is a multi-step process which may take several working days to fully authorise and set-up:

  • you will need to provide a business case for both registering the account and for releasing the additional attributes,
  • you will have to register your SP with ProtectNetwork,
  • you will have to associate an End User Account with your SP, and
  • you may have to edit your attribute-map.xml and attribute-policy.xml files to use some of the additional attributes in your web application.

Register for a ProtectNetwork Administrator Account here.