metadata-support - Re: [Metadata-Support] testidp with qa idp
Subject: InCommon metadata support
List archive
- From: Stijn De Weirdt <>
- To: Scott Koranda <>,
- Cc: Terry Fleury <>, ,
- Subject: Re: [Metadata-Support] testidp with qa idp
- Date: Tue, 12 Feb 2019 19:30:30 +0100
hello all,
can we help with some more info or something else to get some progress
on this?
many thanks,
stijn
On 2/8/19 12:26 PM, Scott Koranda wrote:
>
> This time including ...
>
>> Hi Stijn,
>>
>> I am forwarding your note to . They will be
>> able to explain in detail why the metadata for your IdP has been
>> excluded from the InCommon metadata feed that CILogon uses. They will
>> also be able if necessary to consult with eduGAIN and the Belnet
>> Federation operators.
>>
>> Thanks,
>>
>> Scott K for CILogon
>>
>>> hi terry,
>>>
>>>> [java] ERROR - Item
>>>> https://identity.ugent.be/simplesaml/saml2/idp/metadata.php (BE) was
>>>> marked with the following Error status messages
>>>> [java] ERROR - checkScopes/upperCase: scope 'UGent.be' includes
>>>> upper-case characters
>>> oh boy...
>>>
>>>>
>>>>
>>>> The rules for eduGAIN metadata import can be found at
>>>> https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy
>>> the rules do not mention anything about not allowing uppercase letters
>>> (not that we checked upfront years ago, but still).
>>>
>>>> .
>>>>
>>>> After you fix this issue in your local federation metadata,
>>> unfortunately, that will not happen that easily. we would need to change
>>> our scope, and who knows what the fallout will be.
>>>
>>> we would also need some very good argument why this is needed (aside
>>> from the fatc that we need the CILogon service ;)
>>> ideally there is some document stating that uppercase is not allowed;
>>> but edugain doesn't seem to mind.
>>> eg if
>>> https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml
>>> is an actual edugain policy, we are clearly not compliant with edugain
>>> (and that is (or might be) a valid reason to fix it, even with large
>>> fallout)
>>>
>>> however, if it is not, then we have a serious problem.
>>>
>>> it is also annoying that even for regexps, uppercase is not allowed.
>>> and to make it worse in our case, even with uppercase regex allowed, the
>>> regex literal tail is a valid existing domainname;
>>> on the other hand if the uppercase regex would constitute a valid
>>> domain, then we should be able to use it as valid scope.
>>>
>>> do you have any contact info for the people who are familiar with this
>>> policy?
>>>
>>> many thanks,
>>>
>>>
>>> stijn
- Re: [Metadata-Support] testidp with qa idp, Scott Koranda, 02/08/2019
- [Metadata-Support] Fwd: testidp with qa idp, Scott Koranda, 02/11/2019
- Re: [Metadata-Support] testidp with qa idp, Stijn De Weirdt, 02/12/2019
- [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Basney, Jim, 02/13/2019
- Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Stijn De Weirdt, 02/19/2019
- [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters, Basney, Jim, 02/13/2019
Archive powered by MHonArc 2.6.19.