diff --git a/resources/presentation.html b/resources/presentation.html
new file mode 100644
index 0000000000000000000000000000000000000000..c6342fa43070ad37d24b116e1d28e964613e4804
--- /dev/null
+++ b/resources/presentation.html
@@ -0,0 +1,359 @@
+
+<?xml version="1.0" encoding="utf-8" ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/x
+html1/DTD/xhtml1-transitional.dtd">
+<html xml:lang="" xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
+
+<link rel="icon" type="image/png" href="/resources/images/favicon.png" />
+
+<!-- Foundation css -->
+<link rel="stylesheet" type="text/css" href="/resources/foundation/css/normalize.css">
+<link rel="stylesheet" type="text/css" href="/resources/foundation/css/foundation.css">
+
+<link href="/resources/jquery.steps.css" rel="stylesheet">
+<link rel="stylesheet" type="text/css" href="/resources/jquery-ui-1.11.1/jquery-ui.min.css" />
+<link rel="stylesheet" type="text/css" href="/resources/css/style.css" />
+
+<script type="text/javascript" src="/resources/jquery-1.11.1.min.js"></script>
+<script type="text/javascript" src="/resources/jquery-ui-1.11.1/jquery-ui.min.js"></script>
+<script type="text/javascript" src="/resources/jquery.validate.1.13.0.min.js"></script>
+<script type="text/javascript" src="/resources/jquery.cookie-1.4.1.min.js"></script>
+<script type="text/javascript" src="/resources/jquery.steps.1.1.0.min.js"></script>
+
+<SCRIPT TYPE="text/javascript">
+<!--
+
+ // To confirm on a link (A HREF)
+ function request_confirm_link(my_url, my_message) {
+ question = confirm(my_message);
+ if (question !="0") {
+ top.location = my_url;
+ }
+ }
+
+function showhide(div){
+ var oDiv = document.getElementById(div);
+ if(oDiv.style.display == "none"){
+ oDiv.style.display = "block";
+ }else{
+ oDiv.style.display = "none";
+ }
+}
+
+function hide(div) {
+ var oDiv = document.getElementById(div);
+ oDiv.style.display = "none";
+}
+
+jQuery(function($){
+
+ $.widget( "custom.combobox", {
+ _create: function() {
+ this.wrapper = $( "<span>" )
+ .addClass( "custom-combobox" )
+ .insertAfter( this.element );
+
+ this.element.hide();
+ this._createAutocomplete();
+ this._createShowAllButton();
+ },
+
+ _createAutocomplete: function() {
+ var selected = this.element.children( ":selected" ),
+ value = selected.val() ? selected.text() : "";
+
+ this.input = $( "<input>" )
+ .appendTo( this.wrapper )
+ .val( value )
+ .attr( "title", "" )
+ .addClass( "custom-combobox-input ui-widget ui-widget-content ui-state-default ui-corner-left error required" )
+ .autocomplete({
+ delay: 0,
+ minLength: 0,
+ source: $.proxy( this, "_source" )
+ })
+ .tooltip({
+ tooltipClass: "ui-state-highlight"
+ });
+
+ this._on( this.input, {
+ autocompleteselect: function( event, ui ) {
+ ui.item.option.selected = true;
+ this._trigger( "select", event, {
+ item: ui.item.option
+ });
+ },
+
+ autocompletechange: "_removeIfInvalid"
+ });
+ },
+
+ _createShowAllButton: function() {
+ var input = this.input,
+ wasOpen = false;
+
+ $( "<a>" )
+ .attr( "tabIndex", -1 )
+ .attr( "title", "Show All Items" )
+ .tooltip()
+ .appendTo( this.wrapper )
+ .button({
+ icons: {
+ primary: "ui-icon-triangle-1-s"
+ },
+ text: false
+ })
+ .removeClass( "ui-corner-all" )
+ .addClass( "custom-combobox-toggle ui-corner-right" )
+ .mousedown(function() {
+ wasOpen = input.autocomplete( "widget" ).is( ":visible" );
+ })
+ .click(function() {
+ input.focus();
+
+ // Close if already visible
+ if ( wasOpen ) {
+ return;
+ }
+
+ // Pass empty string as value to search for, displaying all results
+ input.autocomplete( "search", "" );
+ });
+ },
+
+ _source: function( request, response ) {
+ var matcher = new RegExp( $.ui.autocomplete.escapeRegex(request.term), "i" );
+ response( this.element.children( "option" ).map(function() {
+ var text = $( this ).text();
+ if ( this.value && ( !request.term || matcher.test(text) ) )
+ return {
+ label: text,
+ value: text,
+ option: this
+ };
+ }) );
+ },
+
+ _removeIfInvalid: function( event, ui ) {
+
+ // Selected an item, nothing to do
+ if ( ui.item ) {
+ return;
+ }
+
+ // Search for a match (case-insensitive)
+ var value = this.input.val(),
+ valueLowerCase = value.toLowerCase(),
+ valid = false;
+ this.element.children( "option" ).each(function() {
+ if ( $( this ).text().toLowerCase() === valueLowerCase ) {
+ this.selected = valid = true;
+ return false;
+ }
+ });
+
+ // Found a match, nothing to do
+ if ( valid ) {
+ return;
+ }
+
+ // Remove invalid value
+ this.input
+ .val( "" )
+ .attr( "title", value + " didn't match any item" )
+ .tooltip( "open" );
+ this.element.val( "" );
+ this._delay(function() {
+ this.input.tooltip( "close" ).attr( "title", "" );
+ }, 2500 );
+ this.input.autocomplete( "instance" ).term = "";
+ },
+
+ _destroy: function() {
+ this.wrapper.remove();
+ this.element.show();
+ }
+ });
+});
+
+//-->
+</SCRIPT>
+
+
+<title>Learn more about eduGAIN Access Check </title>
+
+</head>
+
+<body>
+<div id="header">
+ <ul>
+ <li class="logo align-left"><a href="/accountmanager" title="eduGAIN Access Check home page"><img alt="eduGAIN logo" width="200" src="/resources/images/edugain_logo.png "/></a></li>
+ <li> </li>
+ <li class="logo align-right"><a href="http://www.geant.net" title="Géant home page" target="_blank"><img alt="GEANT logo" width="100" src="/resources/images/geant_logo_rgb_300dpi.jpg"/></a></li>
+ </ul>
+ <div class="title">
+ <span class="hide-for-small"><h1>Learn more about eduGAIN Access Check</h1></span>
+ </div>
+</div>
+
+
+<div id="wrapper">
+
+ <!--<div id="bandeau">
+ <div class="logo">
+ <img alt="GEANT logo" width="150" src="/resources/geant_logo_rgb_300dpi.jpg"/>
+ </div>
+ </div>-->
+
+ <div id="content">
+
+
+
+
+ <!-- notifications -->
+
+
+
+
+
+ <script type="text/javascript">
+
+$(function() {
+
+ $('#start_testing').on('click',function() {
+ window.location.href='https://dev-edugain.renater.fr/accountmanager?action=account_wizard';
+ });
+});
+
+</script>
+
+
+<div class="row">
+
+<h2>What for?</h2>
+In their daily lives federation operators and eduGAIN experts are frequently asked,
+how access to a production federated service can be tested. A simple login test to a federated service requires a federated account at an
+organisation that is part of the federation/eduGAIN. However, on one hand commercial service operators normally don't have and normally
+don't received federated accounts in a national federation and eduGAIN. On the other hand, even if they had a single account of their
+own or if they asked a real-world user to test, this would not be sufficient to thouroughly test federated login with multiple identities
+and different sets of attributes.
+<br/><br/>
+Setting up an own Identity Provider and configuring it with their SP would be ideal but is non-trivial and therefore
+in most cases too much effort. Using self-registration IdPs (e.g. <a href="https://openidp.feide.no/">https://openidp.feide.no/</a>)
+and configuring them bilaterally with their SP might be sufficient for development but as these IdPs are not part of eduGAIN,
+they don't allow federated login under real conditions from an eduGAIN IdP. Also, self-registration IdPs usually don't allow
+certain attributes (e.g. affiliation) to be set.
+<br/><br/>
+The eduGAIN Access Check solves most of the above-mentioned problems because it provides SP operators an easy way to test
+federated login on their eduGAIN service with test identities that have different attribute profiles.
+
+<h2>Benefits of the eduGAIN Access Check</h2>
+
+The eduGAIN Access Check allows SP administrators to ensure proper functioning of their services within eduGAIN.
+It is especially useful for services not hosted by an R&E institution, because they can't use their own IdP to login
+and test their production eduGAIN-enabled service. Setting up an IdP on their own would require considerable efforts on their part.
+<br/><br/>
+The eduGAIN Access Check provides realistic user profiles (e.g. including non-ascii characters, typical attributes) to help SP
+administrators to improve and adapt their eduGAIN-enabled services to the constraints of variable attribute release in an
+international context. In particular, the eduGAIN Access Check makes the SP operators aware that 1) different eduGAIN IdPs will
+release varying set of attributes 2) the vocabulary and semantics of some attributes (i.e. eduPersonAffiliation) differ from federation to federation.
+<br/><br/>
+SAML2 entity categories (GÉANT Data Protection Code of Conduct, REFEDS Research & Scholarship) support for attribute
+release management is a non-trivial concept within eduGAIN. The eduGAIN Access Check releases a reasonable set of attributes
+to SPs, depending on the entity categories they belong to. This should encourage SP administrators to follow the eduGAIN guidelines
+and facilitate the use of entity categories.
+
+<h2>Frequently asked questions</h2>
+
+<h3>I run a SAML-enabled service. How can I use the eduGAIN Access Check?</h3>
+
+Your Service Provider first needs to be registered in eduGAIN metadata. Therefore you should contact your nearest federation operators (<a href="http://edugain.org/technical/status.php">check the list
+of eduGAIN participating federations</a>) to find out about the local process to join eduGAIN.
+<br/><br/>
+Once your SP metadata get included into eduGAIN's, <a href="/accountmanager?action=account_wizard">you can start the test accounts creation process</a>.
+Before you obtain these test accounts, we'll need to ensure you are a legitimate administrator of your SP. This is achieved via an email challenge.
+<br/><br/>
+You can then initiate a login at your SP. You will select "eduGAIN Access Check" as your Identity Provider and use the credentials of one provided test account.
+Once authenticated, the eduGAIN Access Check IdP will send your SP realistic sets of user attributes to help you validate your service behaves as expected.
+
+<h3>How long can I use the eduGAIN Access Check test accounts?</h3>
+
+Test accounts expire automatically after a few days. However you can ask for new test accounts, via the same process, if you still need it.
+
+
+<h3>How can I provide the eduGAIN Access Check within my federation?</h3>
+
+The code of the eduGAIN Access Check Account manager is published as open source. It's available at:
+<a href="svn+ssh://svn@svn.geant.net/GEANT/edugain_testidp_account_manager">svn+ssh://svn@svn.geant.net/GEANT/edugain_testidp_account_manager</a>. You can install it to
+run you own instance of the service.
+<br/><br/>
+If national federations don't want to have their own service but still have the test idp in their federation for anybody,
+they could ask and request for that, in which case the eduGAIN Access Check then would also load the federation metadata
+of that federation in addition to eduGAIN. The national federation then would have to add the eduGAIN Access Check IdP on their own to their local federation.
+
+<h3>How does this identity provider compare with test identity providers and guest identity providers?</h3>
+Test identity providers provide test accounts, with well-known accounts credentials. If such a test IdP is registered
+in eduGAIN, it allows access to any registered SP, through these test accounts, unless the test IdP is white-listed,
+either at the SP level or at national federation level.
+<br/><br/>
+Guest identity providers provide user account to users who don't/can't have an account at an institutional IdP.
+These guest IdP rely on mail address verification (based on a challenge for instance) as a provisioning method.
+This type of IdP provides a poor user profile (name, email, user identifier) and cannot release user attributes carrying privileges.
+It is not recommended to register these IdPs in eduGAIN.
+<br/><br/>
+
+Unlike a test IdP, eduGAIN Access Check test accounts credentials are provided to the requestor only.<br/>
+Unlike a guest IdP, duGAIN Access Check test accounts creation is a restricted feature; you need to proove you are admin of an eduGAIN production SP to use it.<br/>
+Unlike a standard IdP, duGAIN Access Check test accounts can be used to access a single SP. If you request test accounts
+as admin of SP A; these test accounts won't allow login if the client SP is not SP A.
+
+<h3>What prevents this identity provider to be used to impersonate real eduGAIN users?</h3>
+
+Test accounts by the eduGAIN Access Check have a hard-coded domain set to "@access-check.edugain.org" that cannot be customized.
+The eduGAIN Access Check will have the scope "access-check.edugain.org" in its published metadata. Therefore, an SP with enabled scope
+check would not accept any eduPersonPrincipalName with a different scope than this.
+<br/><br/>
+The creation of eduGAIN Access Check test accounts is limited to administrators of an SP published in eduGAIN metadata. The SP admin validation process
+relies on a standard email challenge sent to the declared technical contacts in the SP's official metadata.
+<br/><br/>
+Test identities can be used exclusively to access a single SP (the one of the verified SP admin). Authentication requests for other SPs are rejected.
+
+
+
+</div>
+
+
+
+
+
+
+ <!-- IF errors -->
+
+<p>
+
+
+
+ <div>
+
+<div id="footer">
+ <div class="row align-center">
+ <span>eduGAIN Access Check</span>
+ </div>
+</div>
+ </div>
+ </div>
+</div>
+
+ <script src="/resources/foundation/js/foundation.min.js"></script>
+ <script src="/resources/foundation/js/foundation/foundation.tooltip.js"></script>
+ <script>
+ $(document).foundation();
+ </script>
+
+
+</div>
+</body>
+</html>
diff --git a/templates/web/home.tt2.html b/templates/web/home.tt2.html
index c1df6f97f73d71562235379cbac182a827b7cd89..838c2d838b040d3a39bf984030d6c5e5e0201e20 100644
--- a/templates/web/home.tt2.html
+++ b/templates/web/home.tt2.html
@@ -15,7 +15,7 @@ $(function() {
<p>[% conf.app_name %] allows administrators of a Service
Provider (SP) registered in <a href="http://www.geant.net/service/eduGAIN/Pages/home.aspx">eduGAIN</a> to create test
accounts with different profiles to validate the behaviour and test
-federated login. The test accounts can only be used to access own services.
+federated login. The test accounts can only be used to access own services. <a href="/resources/presentation.html">Learn more about this service...</a>
</p>
<h3>Start testing your eduGAIN service</h3>
<p>