FAQ

  • Q: Does RAF impose requirements on user authentication?
    • A: No, you may consider using RAF together with authentication profiles like REFEDS MFA/SFA.
  • Q: Does RAF cover non-person identities such as automated bots or hosts?
    • A: No, RAF purely deals with user accounts which belong to a single, natural person. Functional/Shared accounts are not in the scope either.
  • Q: Is RAF reflected in federation metadata?
    • A: No, compliance to RAF is asserted by using the eduPersonAssurance attribute.


Testing your SAML Identity Provider

To test whether your Identity Provider releases RAF values (eduPersonAssurance attribute) you can use the NIH Security Compliance Check Tool, the SWAMID Entity Category Release Check or the SWITCHaai’s attribute test service.

User instructions NIH:

  1. Go to NIH Security Compliance Check Tool and select your home organisation.
  2. Log in using your credentials.
  3. Result including released attributes are shown.

User instructions SWAMID:

  1. Go to SWAMID Entity Category Release Check and click on the button "Login and show attributes".
  2. Select your home organisation via Seamless Access.
  3. Log in using your credentials.
  4. Attributes being released are shown on the result page.

User instructions SWITCHaai:

  1. Go to SWITCHaai’s attribute test service and select your home organisation.
  2. Log in using your credentials.
  3. Attributes being released are shown on the main page.


  • No labels