- Q: Does RAF impose requirements on user authentication?
- A: No, you may consider using RAF together with authentication profiles like REFEDS MFA/SFA.
- Q: Does RAF cover non-person identities such as automated bots or hosts?
- A: No, RAF purely deals with user accounts which belong to a single, natural person. Functional/Shared accounts are not in the scope either.
- Q: Is RAF reflected in federation metadata?
- A: No, compliance to RAF is asserted by using the eduPersonAssurance attribute.
Testing your SAML Identity Provider
To test whether your Identity Provider releases RAF values (eduPersonAssurance attribute) you can use the SWITCHaai’s attribute test service
- Go to SWITCHaai’s attribute test service and select your home organization
- Log in using username and password
- Attributes being released are shown on the main page