Joining the test environment

In the test environment, a client organisation can prepare to deploy Suomi.fi e-Identification, explore the modifications required in its own service and test the implementation of its service. Any service that requires user authentication can be connected to the test environment.

The API of the test environment is on a public network. The trust relationship between the e-Identification service and the external service is established by registering metadata.

The client organisation will be using only test and training material, it does not need to obtain a data access authorisation for the Population Information System from the Digital and Population Data Services Agency.

Steps of joining the test environment

1. Preparing the client service

Start by reading about the functions of the e-Identification service’s API.

 The use cases for logging in and out must be implemented in the testing or development environment of the service. Because Suomi.fi e-Identification includes a single sign-on functionality, each service connected to it must also support single logout. In practice, this means that the service must be able to handle the following messages (in parentheses, reference to the test case):

• sending an identification request (1)
• receiving an identification response (1)
• sending a logout request (2)
• receiving a logout request (3)
• receiving a logout response (2)
• sending a logout response. (3)

Implement and test all use cases before production roll-out.

The aforementioned test cases are:

1. Logging in from own service
2. Logging out from own service
3. Logging out from another service (for example https://testipalvelu.apro.tunnistus.fi/)

The logout request and the logout response are implemented in a hidden IFRAME frame, which is opened in the Authentication service.

Note! if you have problems logging out, the "Content-Security-Policy: frame-ancestors 'self' https://testi.apro.tunnistus.fi/;" and/or the "X-Frame-Options: allow-from https://testi.apro.tunnistus.fi/" settings may help. For the production environment, the URL is https://tunnistautuminen.suomi.fi/. Please note that browsers operating within an IFRAME context may not send the cookies used by the client service. Therefore, logout functionality should also work without cookies.

Use the test serviceOpens in a new window. to test the SLO scenarios.

The testing must be carried out using different browsers and different data security settings. This ensures that logout is processed correctly by e-Identifications. Read more about browser settings.

2. Uploading metadata to e-Identifications

Upload the metadata of your service in the Suomi.fi e-Identification service of Suomi.fi Service Management.

Read more about the contents of the metadata file.

3. Checking of the client service’s metadata and addition to the test system

 The maintenance of Suomi.fi e-Identification checks the content of the uploaded metadata file and adds the details of the client service to the test environment.

The metadata file must include contact persons, who are contacted in case of errors. The metadata will be deleted if it does not contain any valid addresses.

4. Establishing the trust relationship

Establish a trust relationship with the Suomi.fi e-Identification serviceOpens in a new window. with the test environment metadata.

 We recommend that you dynamically update your IdP metadata from https://static.apro.tunnistus.fi/static/metadata/idp-metadata.xml.

5. Service test use can begin

In the Suomi.fi e-Identification test environment, you can use the test tokens provided by banks as well as the e-Identification service's own test tokens.

Also read the quick troubleshooting guide.