metadata-support - Re: [Metadata-Support] testidp with qa idp
Subject: InCommon metadata support
List archive
- From: Scott Koranda <>
- To: Stijn De Weirdt <>,
- Cc: Terry Fleury <>, ,
- Subject: Re: [Metadata-Support] testidp with qa idp
- Date: Fri, 8 Feb 2019 05:26:08 -0600
This time including ...
> Hi Stijn,
>
> I am forwarding your note to . They will be
> able to explain in detail why the metadata for your IdP has been
> excluded from the InCommon metadata feed that CILogon uses. They will
> also be able if necessary to consult with eduGAIN and the Belnet
> Federation operators.
>
> Thanks,
>
> Scott K for CILogon
>
> > hi terry,
> >
> > > [java] ERROR - Item
> > > https://identity.ugent.be/simplesaml/saml2/idp/metadata.php (BE) was
> > > marked with the following Error status messages
> > > [java] ERROR - checkScopes/upperCase: scope 'UGent.be' includes
> > > upper-case characters
> > oh boy...
> >
> > >
> > >
> > > The rules for eduGAIN metadata import can be found at
> > > https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy
> > the rules do not mention anything about not allowing uppercase letters
> > (not that we checked upfront years ago, but still).
> >
> > > .
> > >
> > > After you fix this issue in your local federation metadata,
> > unfortunately, that will not happen that easily. we would need to change
> > our scope, and who knows what the fallout will be.
> >
> > we would also need some very good argument why this is needed (aside
> > from the fatc that we need the CILogon service ;)
> > ideally there is some document stating that uppercase is not allowed;
> > but edugain doesn't seem to mind.
> > eg if
> > https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml
> > is an actual edugain policy, we are clearly not compliant with edugain
> > (and that is (or might be) a valid reason to fix it, even with large
> > fallout)
> >
> > however, if it is not, then we have a serious problem.
> >
> > it is also annoying that even for regexps, uppercase is not allowed.
> > and to make it worse in our case, even with uppercase regex allowed, the
> > regex literal tail is a valid existing domainname;
> > on the other hand if the uppercase regex would constitute a valid
> > domain, then we should be able to use it as valid scope.
> >
> > do you have any contact info for the people who are familiar with this
> > policy?
> >
> > many thanks,
> >
> >
> > stijn
- Re: [Metadata-Support] testidp with qa idp, Scott Koranda, 02/08/2019
- [Metadata-Support] Fwd: testidp with qa idp, Scott Koranda, 02/11/2019
- Re: [Metadata-Support] testidp with qa idp, Stijn De Weirdt, 02/12/2019
- [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Basney, Jim, 02/13/2019
- Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Stijn De Weirdt, 02/19/2019
- [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Basney, Jim, 02/13/2019
Archive powered by MHonArc 2.6.19.