Interfederation

[Scott Koranda <>]

Hello,

I apologize that I have to miss the call today. I am traveling again.

I also apologize that I did not complete consuming Stephen's metadata
feed and integrating the Cardiff IdP with the LIGO SP. I did, however,
make some progress.

In order to fully federate my SP I want to be able to detect missing
attributes and display a proper error. I cannot leverage the nice
InCommon federated error handling service since it will not have
access to all of the metadata for all of our partners (we have
non-InCommon partners).

So I built a similar tool for LIGO. For example:

https://error.ligo.org/SAML/attribute/missing?idp=https%3A//sso.brown.edu/idp/shibboleth&sp=https%3A//wiki.ligo.org/shibboleth-sp&attribute=eppn

With this tool in hand, I can now configure a session hook for my
Shibboleth SP hosting the wiki to detect a missing attribute (eppn)
and forward to this tool. I will also configure the tool to consume
Stephen's feed so it has access to the metadata and can attempt to
find the necessary details to display to the user.

Again I apologize I am not ready today to consume the feed. Thanks for
indulging me while I evolve our infrastructure to "properly" handle
federated IdM errors.

Thanks,

Scott K