inc-ops-notifications - [InCommon NOTICE] Question about entity category for SPs that don't consume metadata
Subject: InCommon Operations Notifications
List archive
[InCommon NOTICE] Question about entity category for SPs that don't consume metadata
Chronological Thread
- From: Nick Roy <>
- To:
- Subject: [InCommon NOTICE] Question about entity category for SPs that don't consume metadata
- Date: Thu, 16 Nov 2017 16:24:51 -0700
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:5E48zBc6dp1m9Dy52a+lr0mJlGMj4u6mDksu8pMizoh2WeGdxcS4Zh7h7PlgxGXEQZ/co6odzbGH4+a4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM37mHZhNFzgqxVrh2uqABwzYHVYIyOKPpzfbnQcc8GSWdPXMtcUTFKDIOmb4sICuoMJf5Wr4jhqFsNsBCwGQ6sBePywTJPgH/2x6o60uQ6HAHH2gwgA8wBsG7SrNrrKKceT/q5w7fVwjXedv5b3yr25ovQch05vP2AQb19fdDexEQtDQ/IgUmcpZbhMj6UzugAsWaW4/B9We+gkWIrthx9rzi1yssxiITFm4QYwU3e+ypj2oY6P9i4RVZ7YdG6FJtQsDmXOZNqT80lX21ltj82x6Mft5KmZSQKz48oyADFZ/yAboiI/gnsVOGMITd+mX1pYqq/hwy18Ui81OLzStW00FdNripDiNXMsW0N1wDX6siATft9/V2t1iqI1wDW8u1EIEY0mrTHK5M537I8ipUevV7MEyL0gkn7g7Oael8g9+Wp8+jnZ6/ppp6YN496kAH+NaEul9S5AeQiNQgPX3OW+eW61L3/40L5WrNKgeMqkqXHqpzVO9kUprOhDw9Pzokj8wq/Dyuh0NkAnHkHKk5KeBWCj4jsPFHOJur0DfClg1SjiTtrxvbGMaH4DpXKNnjDi67tfbB6605AyQozw9Ff6I5OBbEdIfLzXUnxtMfDAx89Mgy02PrnCM5j2o8EWGKPBLOZP73IsV+O+O0vP/eAaJULtzngNvh2r8Lp2H4/khoaZbLs25wLaX65Ff16IkKfelLthNwGFGINuEw5VuO5pkeFVGt1Zn2xF5g793lvDpihHK/CQJygmrqMwH39E5FLMDMVQmuQGGvlIt3XE8wHbzifd5ds
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
A couple meetings ago, Scott requested that we look at adding an entity
category that would be self-assertable by SPs that don't consume
metadata. That would enable people who need to do key rollover on their
IdP to know which SPs to reach out to and work through the change
management problem with.
It occurs to me that we could do something like this:
1) Publish an IdP in metadata
2) Set its HTTP Redirect and HTTP post endpoints to values X and Y on day 1
3) Initiate with that IdP with each SP in metadata, record results
4) On day 2, update that IdP's configuration and its metadata to change
the endpoint locations
5) On day 4 (after having waited for metadata to propagate), repeat step
(3), record results
6) Compare results from (3) with (5) and label SPs that did not respond
to (3), or responded to (3) but not (5) as metadata non-refreshers
Scott, it seems like you could do at least part of this with any
existing IdP in metadata using a script. Would that get you over the
hump with your key rollover until ops could look at automating a check
like this?
Thanks,
Nick
- [InCommon NOTICE] Question about entity category for SPs that don't consume metadata, Nick Roy, 11/16/2017
- Re: [InCommon NOTICE] Question about entity category for SPs that don't consume metadata, Nick Roy, 11/16/2017
Archive powered by MHonArc 2.6.19.