metadata-support - [Metadata-Support] Fwd: testidp with qa idp
Subject: InCommon metadata support
List archive
- From: Scott Koranda <>
- To:
- Subject: [Metadata-Support] Fwd: testidp with qa idp
- Date: Mon, 11 Feb 2019 17:28:35 +0100
Hello InCommon metadata-support,
This time including ...
> Hi Stijn,
>
> I am forwarding your note to . They will be
> able to explain in detail why the metadata for your IdP has been
> excluded from the InCommon metadata feed that CILogon uses. They will
> also be able if necessary to consult with eduGAIN and the Belnet
> Federation operators.
>
> Thanks,
>
> Scott K for CILogon
>
> > hi terry,
> >
> > > [java] ERROR - Item https://identity.ugent.be/simplesaml/saml2/idp/metadata.php (BE) was marked with the following Error status messages
> > > [java] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
> > oh boy...
> >
> > >
> > >
> > > The rules for eduGAIN metadata import can be found at
> > > https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy
> > the rules do not mention anything about not allowing uppercase letters
> > (not that we checked upfront years ago, but still).
> >
> > > .
> > >
> > > After you fix this issue in your local federation metadata,
> > unfortunately, that will not happen that easily. we would need to change
> > our scope, and who knows what the fallout will be.
> >
> > we would also need some very good argument why this is needed (aside
> > from the fatc that we need the CILogon service ;)
> > ideally there is some document stating that uppercase is not allowed;
> > but edugain doesn't seem to mind.
> > eg if
> > https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml
> > is an actual edugain policy, we are clearly not compliant with edugain
> > (and that is (or might be) a valid reason to fix it, even with large
> > fallout)
> >
> > however, if it is not, then we have a serious problem.
> >
> > it is also annoying that even for regexps, uppercase is not allowed.
> > and to make it worse in our case, even with uppercase regex allowed, the
> > regex literal tail is a valid existing domainname;
> > on the other hand if the uppercase regex would constitute a valid
> > domain, then we should be able to use it as valid scope.
> >
> > do you have any contact info for the people who are familiar with this
> > policy?
> >
> > many thanks,
> >
> >
> > stijn
Can you confirm that you have received the note below from the Belnet IdP and will have time to look into it?
Please let me know if you need anything more that I can help provide.
Thanks much,
Scott
---------- Forwarded message ---------
From: Scott Koranda <>
Date: Fri, Feb 8, 2019 at 12:26 PM
Subject: Re: testidp with qa idp
To: Stijn De Weirdt <>, <>
Cc: Terry Fleury <>, <>, <>
From: Scott Koranda <>
Date: Fri, Feb 8, 2019 at 12:26 PM
Subject: Re: testidp with qa idp
To: Stijn De Weirdt <>, <>
Cc: Terry Fleury <>, <>, <>
This time including ...
> Hi Stijn,
>
> I am forwarding your note to . They will be
> able to explain in detail why the metadata for your IdP has been
> excluded from the InCommon metadata feed that CILogon uses. They will
> also be able if necessary to consult with eduGAIN and the Belnet
> Federation operators.
>
> Thanks,
>
> Scott K for CILogon
>
> > hi terry,
> >
> > > [java] ERROR - Item https://identity.ugent.be/simplesaml/saml2/idp/metadata.php (BE) was marked with the following Error status messages
> > > [java] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
> > oh boy...
> >
> > >
> > >
> > > The rules for eduGAIN metadata import can be found at
> > > https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy
> > the rules do not mention anything about not allowing uppercase letters
> > (not that we checked upfront years ago, but still).
> >
> > > .
> > >
> > > After you fix this issue in your local federation metadata,
> > unfortunately, that will not happen that easily. we would need to change
> > our scope, and who knows what the fallout will be.
> >
> > we would also need some very good argument why this is needed (aside
> > from the fatc that we need the CILogon service ;)
> > ideally there is some document stating that uppercase is not allowed;
> > but edugain doesn't seem to mind.
> > eg if
> > https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml
> > is an actual edugain policy, we are clearly not compliant with edugain
> > (and that is (or might be) a valid reason to fix it, even with large
> > fallout)
> >
> > however, if it is not, then we have a serious problem.
> >
> > it is also annoying that even for regexps, uppercase is not allowed.
> > and to make it worse in our case, even with uppercase regex allowed, the
> > regex literal tail is a valid existing domainname;
> > on the other hand if the uppercase regex would constitute a valid
> > domain, then we should be able to use it as valid scope.
> >
> > do you have any contact info for the people who are familiar with this
> > policy?
> >
> > many thanks,
> >
> >
> > stijn
- Re: [Metadata-Support] testidp with qa idp, Scott Koranda, 02/08/2019
- [Metadata-Support] Fwd: testidp with qa idp, Scott Koranda, 02/11/2019
- Re: [Metadata-Support] testidp with qa idp, Stijn De Weirdt, 02/12/2019
- [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Basney, Jim, 02/13/2019
- Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Stijn De Weirdt, 02/19/2019
- [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Basney, Jim, 02/13/2019
Archive powered by MHonArc 2.6.19.