Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] testidp with qa idp

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] testidp with qa idp

Chronological Thread 
  • From: Stijn De Weirdt <>
  • To: Scott Koranda <>,
  • Cc: Terry Fleury <>, ,
  • Subject: Re: [Metadata-Support] testidp with qa idp
  • Date: Tue, 12 Feb 2019 19:30:30 +0100

hello all,

can we help with some more info or something else to get some progress
on this?

many thanks,


On 2/8/19 12:26 PM, Scott Koranda wrote:
> This time including ...
>> Hi Stijn,
>> I am forwarding your note to . They will be
>> able to explain in detail why the metadata for your IdP has been
>> excluded from the InCommon metadata feed that CILogon uses. They will
>> also be able if necessary to consult with eduGAIN and the Belnet
>> Federation operators.
>> Thanks,
>> Scott K for CILogon
>>> hi terry,
>>>> [java] ERROR - Item
>>>> (BE) was
>>>> marked with the following Error status messages
>>>> [java] ERROR - checkScopes/upperCase: scope '' includes
>>>> upper-case characters
>>> oh boy...
>>>> The rules for eduGAIN metadata import can be found at
>>> the rules do not mention anything about not allowing uppercase letters
>>> (not that we checked upfront years ago, but still).
>>>> .
>>>> After you fix this issue in your local federation metadata,
>>> unfortunately, that will not happen that easily. we would need to change
>>> our scope, and who knows what the fallout will be.
>>> we would also need some very good argument why this is needed (aside
>>> from the fatc that we need the CILogon service ;)
>>> ideally there is some document stating that uppercase is not allowed;
>>> but edugain doesn't seem to mind.
>>> eg if
>>> is an actual edugain policy, we are clearly not compliant with edugain
>>> (and that is (or might be) a valid reason to fix it, even with large
>>> fallout)
>>> however, if it is not, then we have a serious problem.
>>> it is also annoying that even for regexps, uppercase is not allowed.
>>> and to make it worse in our case, even with uppercase regex allowed, the
>>> regex literal tail is a valid existing domainname;
>>> on the other hand if the uppercase regex would constitute a valid
>>> domain, then we should be able to use it as valid scope.
>>> do you have any contact info for the people who are familiar with this
>>> policy?
>>> many thanks,
>>> stijn

Archive powered by MHonArc 2.6.19.

Top of Page