Test organisation in the integration test environment

An administrator in MitID Erhverv can create a test organization with your CVR number in the integration test environment. This addition takes place in MitID Erhverv.

Before you start, 2 conditions must be met:

1. Your organisation must be connected to MitID Erhverv.
2. You must be an organisation administrator in MitID Erhverv.

You can create a test organisation in MitID Erhverv on NemLog-in's integration test environment.

You can create 2 different types of test organisations:

• Test organisations with a genuine CVR number, i.e. your organisation’s own CVR number – here you can only create your own organisation by connecting your organisation’s own CVR number to MitID Erhverv in the production environment, which will ensure the connection to the CVR number.
• Test organisations with a system-generated and fictitious CVR number starting with the digit 9. You can create several of these.

You must already have finalised the connection process to MitID Erhverv in the production environment before you create a test organisation with a genuine CVR number, i.e. your organisation’s own CVR number.

Note that only you have access to create, delete or change the organisation's setup.

Step 1: Open the page on creating a test organisation in MitID Erhverv

Your organisation must first be created in MitID Erhverv in NemLog-in's production environment. After this, an organisation administrator can create the test organisation. Open the page for administration of test organisations in MitID Erhverv.

Creating your organisation in MitID Erhverv

Step 2: Fill in information under “Integration test environment details”

Fill in information under "Integration test environment details" in MitID Erhverv

The organisation administrator must fill out:

• the email address and password you want to log in with as an administrator for your test organisation,
• an API access key that ensures that only your organisation can make changes to the organisation.

You must then click on the "Approve" button.

Now your CVR number has been created in the integration test environment.

Step 3: You will receive an email with information for setting up

The organisation administrator receives an email that:

• states that your organisation has been created,
• describes that you must set up the organisation in the integration test environment,
• contains details of the test user you will use for testing.

Step 4: Test functionality

The test takes place in the MitID Erhverv integration test environment and IT systems connected to it.

MitID Erhverv integration test environment

Step 1: Complete the form on the test portal (no login required)

Create a test organisation on the test portal  (In Danish)

Step 2: The test organisation is created

After completing the form, a test organisation is created including a MitID Simulator user who can act as an administrator for this by, for example, logging into Danish Agency for Digital Government’s Internal Test SP OIOSAML-3.0.

Danish Agency for Digital Government’s Internal Test SP OIOSAML-3.0

Step 3: Test functionality

The administrator created in step 2 can:

• create (test) business users,
• issue certificates,
• assign rights and power of attorney.

The test users can then log on (and sign) at service providers connected to the MitID Erhverv integration test environment.

 

In the integration test environment, you can test essential functionalities in MitID Erhverv, as the environment (as a general rule) displays the same version of MitID Erhverv as the production environment.

You can use the integration test environment for the following purposes:

• Creation of test users
• Issuance of test certificates
• IdM integration
• Local IdP: Test connection and use
• Login and signing at service providers connected to the integration test environment

If you want to test IdM integration and Local IdP, you must contact the NemLog-in Administration to gain access. Remember to inform the NemLog-in of:

• the CVR number.
• that your request is for the integration test environment.
• which of the 3 functionalities mentioned above you should test.

NemLog-in can then make these functions available for the test organisation.

Contact the NemLog-in administration

NemLog-in contains a MitID Simulator for creating MitID private users who can log in via the 'Test Login' tab in NemLog-in with user name and password. You can later change these users to (test) business users in MitID Erhverv.

Please note that you must not create test users with real CPR numbers and names in the integration test environment. CPR numbers and names must be fictitious.

Access the MitID Simulator

Enter:

• username
• password
• first name
• last name
• fictitious CPR number
• email address.

You can enter your own email address as the administrator email address if you later need to change the test identity data.

Remember: Tick off “private MitID” if you need to use this test user for MitID private login.

Click 'Create identity'.

NemLog-in contains a Certificate Authority (CA) that can issue OCES certificates according to OCES3 policies and profiles. You can easily order certificates through the user interface in MitID Erhverv in the integration test environment (or alternatively the associated APIs).

Read more about OCES3 policies and profiles on the Danish State's Trust Services website

You can download an example of an OCES3 system certificate below:

Download OCES3 system certificate

The certificate file is in PKCS#12 format and the password is: c5,PnmF8;m4I

Tip:

The key files generated via MitID Erhverv are in PKCS#12 format and encrypted with the AES algorithm. This can cause problems for older software to read them, and if necessary, you can repack the files to another encryption algorithm using a tool like XCA, OpenSSL or similar.

Root certificate and issuing certificate for testing:

You can retrieve the root certificate and issuing certificate for testing from the test certificate's .12 file using relevant software for the purpose.

Note:

Block lists and OCSP services in the OCES3 infrastructure are not issued from fixed IP addresses due to the DDOS protection of these services. This means that any firewall rules for outgoing traffic in your organisation must be defined on the host name and not on IP addresses.

If you are testing IdM integration, you must contact NemLog-in to gain access. Remember to state

• your CVR number.
• that it concerns the integration test environment.

NemLog-in can then open up the IdM functionality for the test organisation.

Contact NemLog-in

Organisations that would like to handle their users in their own local systems can integrate with the IdM API in MitID Erhverv. In this way, local users can be provisioned for MitID Erhverv. Note that a local user must be created in MitID Erhverv before the user can authenticate via Local IdP through NemLog-in's broker.

Download documentation package (V1.12) for IdM and Certificate API (zip) - updated on 21st november 2024

The package consists of:

• Introduction and descriptions of concepts
• Descriptions of flows, e.g. authentication
• Data models
• REST OpenAPI specifications (.yaml)
• SOAP WSDL.

The package also contains separate documentation for the Certificate API. The certificate API makes it possible to issue and renew certificates. Please note that users do not normally have associated certificates in NemLog-in, as certificates are not used for login.

Note: when synchronising a large number of users (i.e. thousands users) via the API, we recommend that this is done at night or at least extended over a longer period of time (e.g. 60-120 minutes). In addition, one should not perform a login for each and every user that is updated, but instead update batches of users with the same login.

Rate limiting

There is a restriction on the use of the API based on the number of calls within a given time period. This has been introduced to avoid unreasonable load on the system and to ensure operational stability. This means that using the API that exceeds this limit will result in the http 429 (Too Many Requests) return code.

If, for example, you synchronise a large number of users (thousands) over a short period, you may get this error code. If this happens, we recommend that you immediately stop the synchronisation and possibly resume later with a delay between the calls.

Email validation was introduced on August 12th, 2024

When your organisation issues certificates from which an email address appears, you cannot issue the certificates correctly without validation of the email address you have specified beforehand.

If your organisation has integration with the IdM API, you must be aware that there is a risk that your API integration will no longer work after August 15th, 2024. If the API integration does not work, code changes may be needed at you to get your API integration working again.

Learn more about the upcoming change in mid-August 2024 (only in Danish)

Learn more about this change in the news: Check your integration to the IdM API before Augsut 2024 (only in Danish)

If you intend to test Local IdP, you must contact the NemLog-in Administration to gain access. Remember to state:

• your CVR number.
• that it is Local IdP in the integration test environment.

The NemLog-in Administration can then open up Local IdP functionalities for the test organisation.

Contact the NemLog-in

You integrate a Local IdP, which means that you are thereby responsible for the authentication of local users. In this case, the OIOSAML Local IdP Profile must be complied with for the integration with NemLog-in's broker. Below you will find instructions, specifications and metadata for the integration test environment for NemLog-in in the role of SAML Service Provider, which must be imported into your Local IdP.

Download the integration guide for Local IdP (pdf) (only in Danish, updated on 14 December 2023):

Metadata to be used for the integration test environment:

You can find the metadata to be used for the integration test environment on the page: Metadata at NemLog-in.dk.

Download metadata for Local IdP in the integration test environment (in Danish)

Tips:

• Remember to set the lifetime in Assertion from Local IdP to a maximum of 10 minutes, otherwise it will be rejected by the NemLog-in broker.
• If you need to debug a rejected request, you can use the log viewer on the environment, which you can access below.

NemLog-in test environment Log viewer

In the MitID Erhverv integration test environment, you can find the list of administrators that you have created.

The organisation administrator in your organisation has access to manage your test organisation in the integration test environment.

You can add a new organisation administrator, for example if:

• your organisation administrator is not able to log in.
• you have a new organisation administrator.

To add a new organisation administrator, your current organisation administrator must first log in to MitID Erhverv.

Go to the page for managing test organisationer in MitID Erhverv

You fill in the email and password for the new organisation administrator who need to log in to the integration test environment. You should use an email address that has never been used for an administrator in the integration test environment. You must then click on "Approve". Now the new administrator has been created.

Note that the administrator has been assigned a username. This will be shown at the blue bar on the page. Remember to write down the username and password, as the new administrator will not receive an email with the information.

It is not possible to have the username and password re-sent. If you lose your username or password, you must create a new administrator with a different email.

You have the option to update the API key if you e.g.:

• forgot the API Key.
• do not want a former administrator to be able to manage the organisation with the old API key.

To update the API Key, you must first log in to MitID Erhverv.

Open the page for administration of test organisations in MitID Erhverv

Under "Details for integration test environment", you enter a new API Key, which ensures that only your organisation can call the API.

You must then click on "Approve". Now the API Key for your NemLog-in integration test environment is updated.

NemLog-in has a pre-production environment where you can also create test organisations in MitID Erhverv. The pre-production environment is intended for early testing of upcoming features that are coming up through NemLog-in's environments, but have not yet been released in the integration test environment. Testing takes place in the same way as described above, but you must set up a test organisation in a pre-production environment.

Please note that the pre-production environement does not have a service level agreement, which means that it is not always stable.

Pre-production environment for user organisations (Devtest4) på NemLog-in.dk

If you:

• are a service provider,
• are connected to NemLog-in,
• use several services in NemLog-in,

please read and use the instructions on NemLog-in's service provider website, which also describes tests of integration with the self-developed service (login and signing).

Read more about NemLog-in's integration test environment