Quick skip links and site assistance

  • Jump to menu
  • Jump to content
  • Jump to footer
  • Get assistance with this site

Australian Government

USI - Unique Student Identifier

Australian Government coat of arms
USI - Unique Student Identifier

Search the site

  • Home
  • About
  • Students
  • Training Organisations
  • System developers
  • Help centre

You are here

Home » System developers » Connecting to USI production environment
Listen

Connecting to USI production environment

  • Scheduled System Outages
  • Device Auskey Certificate Renewal
  • Supporting products and processes
  • Authentication and Authorisation
  • Connecting to USI test environment
  • Connecting to USI production environment
  • USI Developer Forums
  • Third party testing environment
  • Error Codes
  • Troubleshooting

Want to stay up- to-date with the USI System?

Sign up here to to receive updates and alerts via email. 

Requirements

To use the USI web services in the production environment, a training organisation must be authenticated and authorised to access the USI Registry System. To do so a training organisation must meet the following requirements. 

  1. Training.gov.au (TGA)
    Be listed on training.gov.au (TGA). The USI Registry System uses the organisation ABN and OrgCode details as listed on TGA for authentication purposes.

    Check that the ABN listed in TGA is the same one linked to their AUSkey registered with the Australian Business Register. Production connection will fail if an ABN is not the same.

    If an organisation has changed their ABN recently, they need to contact their Regulator to update their TGA details.

    Where organisations have a single ABN and multiple OrgCodes, note that:

    a single Device AUSkey can be used.
    An access form needs to be submitted for each RTO, as defined by OrgCode requesting access to web services and accepting the Terms and Conditions of Use.
     
  2. Student Management System
    Have a Student Management System that has incorporated the USI Technical Services Contract.
     
  3. Production Device AUSkey
    Have a Production Device AUSkey installed in their SMS infrastructure.
     
  4. USI Registry online access form
    Complete the USI Registry online access form to request access to use web services and accept the terms and conditions of use.

Organisations must read and understand the Terms and Conditions of using the USI Registry System.

Other VET related organisations wishing to use web services, must also have a Device AUSkey, register themselves with the USI Registrar so they can be issued an OrgCode which must be supplied as a part of all web service calls, and agree to the terms and conditions of use.

  • I am testing the system but it is telling me the certificate has expired, what do I do?

    An updated AUSkey (keystore.xml) can be supplied by sending a request to:USIIT@education.gov.au

    Close the I am testing the system but it is telling me the certificate has expired, what do I do? FAQ item.
  • Where is the USI Developers Kit located?

    The USI Developers Kit will be sent to you after you have completed the USI Authentication Developers Kit (ADK) request form.

    Close the Where is the USI Developers Kit located? FAQ item.
  • What is the 3PT AUSkey KeyStore password?

    The AUSkey KeyStore case sensitive password for 3PT is: Password1!

    Close the What is the 3PT AUSkey KeyStore password? FAQ item.
  • How do I find my IP address?

    To display your IP address go to https://www.whatismyip.com/

    Close the How do I find my IP address? FAQ item.
  • What are the End Point URL’s for the USI System?

    Section 4.2.2 of the USI Technical Services Contract (TSC) identifies the complete range of Production URLs.

    Close the What are the End Point URL’s for the USI System? FAQ item.
  • What is meant by the error message ‘The relying party specified in the Applies to element is not recognised'. Event Code [E2044]?

    This error is encountered when code has been migrated from the test environment into the production environment.  To resolve this remove:

    • any references to the 3PT realm in the 'Applies To' element of the request to the production Security Token Service (STS) at VANguard; and
    • any testing references (for example ‘3PT’ or ‘third party’) from all endpoint Production URLs.
    Close the What is meant by the error message ‘The relying party specified in the Applies to element is not recognised'. Event Code [E2044]? FAQ item.
  • What is meant by an error message ‘Unknown KeyStore exception – 4699’?

    For dotNet using IIS manager

    In the IIS Applications Pool change the Advanced Setting ‘Load User Profile’ to true.

    For dotNET

    Organisations experiencing various connection problems with specific machines may be able to resolve the issue by having dotNET Framework reinstalled and/or upgraded.

    Close the What is meant by an error message ‘Unknown KeyStore exception – 4699’? FAQ item.
  • What is meant by an error message ‘An error occurred when verifying security for the message’?

    In the USI request, all the EncryptedData elements and EncryptedAssertion elements need to appear before all instances of the Signature element.

    It is understood that some developers have been able to resolve the issue by changing the order of the classpath parameters for the java execution.

    Close the What is meant by an error message ‘An error occurred when verifying security for the message’? FAQ item.
  • What is meant by an error/SOAP response message ‘At least one security token in the message could not be validated’?

    Two possible causes for this error have been identified;

    • The error can be encountered if the (case sensitive) USI end points are not correctly formatted.
    • The security token in the header of the request to USI has been modified and is thus invalid.
      This can be as simple as the addition of some whitespace in part of the message that is covered by the signature.
      (How the security information in the header is being populated is checked.)
    Close the What is meant by an error/SOAP response message ‘At least one security token in the message could not be validated’? FAQ item.
  • What is meant by an error message ‘Could not establish trust relationship for the SSL/TLS secure channel with authority 'authentication.business.gov.au'.’?

    Check whether a 2003 server that is not compatible with USI Web Services is being used.

    Close the What is meant by an error message ‘Could not establish trust relationship for the SSL/TLS secure channel with authority 'authentication.business.gov.au'.’? FAQ item.
  • previous
  • 2 of 2
  •  

Last modified on Monday 12 November 2018 [3416|46311]

Up arrow

Key Links

  • Contact us
  • Feedback
  • Other Languages
  • News
  • Outages

Other Links

  • Disclaimer
  • Copyright
  • Using this Site - Accessibility
  • USI Feedback Policy
  • Privacy Policy

Other Skills Links

  • Training.gov.au
  • MySkills.gov.au
  • Total VET activity reporting
  • Training Complaints Hotline

Regulators

  • ASQA
  • VRQA
  • WA TAC

Skills Industry

  • NCVER
  • Australian Training Awards
  • Australian Apprenticeships
  • Apprenticeships Ambassadors

VET Real Skills for Real Careers logo

Creative Commons Licence This work is licensed under a Creative Commons Attribution 3.0 Australia License.