Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters


Chronological Thread 
    < Chronological >      < Thread >
  • From: James Babb <>
  • To: Stijn De Weirdt <>, Nick Roy <>
  • Cc: Albert Wu <>, Scott Koranda <>, "" <>, "Fleury, Terry" <>, "" <>, "" <>, David Shafer <>
  • Subject: Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
  • Date: Wed, 20 Mar 2019 19:59:35 +0000
Stijn and all--

The new MDA is deployed as of this afternoon. After tomorrow's metadata
signing and publication (3PM-ish US Eastern Daylight Time),
https://identity.ugent.be/simplesaml/saml2/idp/metadata.php will be in the
published metadata available to CILogon.


On 3/19/19, 11:12 AM, "Stijn De Weirdt" <> wrote:

hi nick,

thanks for the update. clearly i was just a bit too impatient ;)

stijn

On 3/19/19 5:08 PM, Nick Roy wrote:
> Hi Stijn,
>
> We plan to release the MDA upgrade tomorrow, after we sign metadata,
about 3-4 p.m. US Eastern Time. If for some reason we aren't able to do it
then, we will plan for Monday, March 25th.
>
> Best,
>
> Nick
>
> On 18 Mar 2019, at 10:46, Stijn De Weirdt wrote:
>
>> hi all,
>>
>> is there any news (or an ETA) on resolving this issue?
>>
>> many thanks,
>>
>> stijn
>>
>> On 2/25/19 5:26 PM, Nick Roy wrote:
>>> Thanks - I have James Babb, InCommon support engineer, assigned to
follow this with Ian and get it released. Cheers!
>>>
>>> Nick
>>>
>>> On 25 Feb 2019, at 9:07, Stijn De Weirdt wrote:
>>>
>>>> hi nick,
>>>>
>>>> that is great news. looking forward to the fix and thanks again. i
owe
>>>> you a few beers ;)
>>>>
>>>> stijn
>>>>
>>>> On 2/25/19 5:05 PM, Nick Roy wrote:
>>>>> After a brief discussion with Ian, we believe it is safe to allow
mixed-case scopes, so we will work to get this updated. I will ping Ian on
the status of the fix after Global Summit (week of March 11).
>>>>>
>>>>> Best,
>>>>>
>>>>> Nick
>>>>>
>>>>> On 19 Feb 2019, at 11:10, Albert Wu wrote:
>>>>>
>>>>>> Hi Scott and Stijin,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I just briefed Nick Roy regarding this case. He is taking this to
the Ops Advisory Group to determine a course of action.
>>>>>>
>>>>>>
>>>>>>
>>>>>> To the best of my understanding, InCommon filters upper case
lettering in the scope to guard against potential identity mismatch in SP’s
due to inconsistent handling of case sensitivities in identifiers.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you for your patience. I will follow up as soon as the Ops
Advisory Group produces a recommendation.
>>>>>>
>>>>>>
>>>>>>
>>>>>> albert
>>>>>>
>>>>>>
>>>>>>
>>>>>> **From:** Scott Koranda <>
>>>>>> **Date:** Tuesday, February 19, 2019 at 5:15 AM
>>>>>> **To:** David Shafer <>, Albert Wu
<>
>>>>>> **Cc:** ""
<>, "Fleury, Terry" <>,
"" <>, ""
<>, Stijn De Weirdt <>, Scott
Koranda <>
>>>>>> **Subject:** Re: [Metadata-Support] ERROR - checkScopes/upperCase:
scope 'UGent.be' includes upper-case characters
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi Dave and Albert,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Can you provide an update on this issue?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Scott K
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Feb 13, 2019 at 8:55 AM David Shafer
<[](<>)> wrote:
>>>>>>
>>>>>>> Jim, just letting you know that I received this message from Feb.
13, but not the earlier messages from Feb. 12 or Feb. 8. Checking the list
archives at <https://lists.incommon.org/sympa/arc/metadata-support/2019-02/>
confirms the earlier messages didn't get through (but they might be waiting
in an approval queue?).
>>>>>>>
>>>>>>> We'll investigate the original metadata issue-- and the apparent
email list issue-- and get back to everyone.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Dave
>>>>>>>
>>>>>>> \-----Original Message-----
>>>>>>> From:
<[](<>)>
on behalf of "Basney, Jim"
<[](<>)>
>>>>>>> Reply-To:
"[](<>)"
<[](<>)>
>>>>>>> Date: Wednesday, February 13, 2019 at 3:46 AM
>>>>>>> To: Stijn De Weirdt
<[](<>)>, Scott Koranda
<[](<>)>,
"[](<>)"
<[](<>)>
>>>>>>> Cc: "Fleury, Terry"
<[](<>)>,
"[](<>)"
<[](<>)>, ""
<>
>>>>>>> Subject: [Metadata-Support] ERROR - checkScopes/upperCase: scope
'UGent.be' includes upper-case characters
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I think our messages aren't getting through to
[](<>). I'm
trying again to see if we can get assistance with this InCommon eduGAIN
metadata import problem.
>>>>>>>
>>>>>>> -Jim
>>>>>>> ________________________________________
>>>>>>> From: Stijn De Weirdt
<[](<>)>
>>>>>>> Sent: Tuesday, February 12, 2019 12:30 PM
>>>>>>> To: Scott Koranda;
[](<>)
>>>>>>> Cc: Fleury, Terry;
[](<>);
>>>>>>> Subject: Re: testidp with qa idp
>>>>>>>
>>>>>>> hello all,
>>>>>>>
>>>>>>> can we help with some more info or something else to get
some progress
>>>>>>> on this?
>>>>>>>
>>>>>>> many thanks,
>>>>>>>
>>>>>>> stijn
>>>>>>>
>>>>>>> On 2/8/19 12:26 PM, Scott Koranda wrote:
>>>>>>> >
>>>>>>> > This time including ...
>>>>>>> >
>>>>>>> >> Hi Stijn,
>>>>>>> >>
>>>>>>> >> I am forwarding your note to
[](<>). They
will be
>>>>>>> >> able to explain in detail why the metadata for your IdP
has been
>>>>>>> >> excluded from the InCommon metadata feed that CILogon
uses. They will
>>>>>>> >> also be able if necessary to consult with eduGAIN and the
Belnet
>>>>>>> >> Federation operators.
>>>>>>> >>
>>>>>>> >> Thanks,
>>>>>>> >>
>>>>>>> >> Scott K for CILogon
>>>>>>> >>
>>>>>>> >>> hi terry,
>>>>>>> >>>
>>>>>>> >>>> [java] ERROR - Item
<https://identity.ugent.be/simplesaml/saml2/idp/metadata.php> (BE) was marked
with the following Error status messages
>>>>>>> >>>> [java] ERROR - checkScopes/upperCase: scope
'UGent.be' includes upper-case characters
>>>>>>> >>> oh boy...
>>>>>>> >>>
>>>>>>> >>>>
>>>>>>> >>>>
>>>>>>> >>>> The rules for eduGAIN metadata import can be found at
>>>>>>> >>>>
<https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy>
>>>>>>> >>> the rules do not mention anything about not allowing
uppercase letters
>>>>>>> >>> (not that we checked upfront years ago, but still).
>>>>>>> >>>
>>>>>>> >>>> .
>>>>>>> >>>>
>>>>>>> >>>> After you fix this issue in your local federation
metadata,
>>>>>>> >>> unfortunately, that will not happen that easily. we
would need to change
>>>>>>> >>> our scope, and who knows what the fallout will be.
>>>>>>> >>>
>>>>>>> >>> we would also need some very good argument why this is
needed (aside
>>>>>>> >>> from the fatc that we need the CILogon service ;)
>>>>>>> >>> ideally there is some document stating that uppercase is
not allowed;
>>>>>>> >>> but edugain doesn't seem to mind.
>>>>>>> >>> eg if
>>>>>>> >>>
<https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml>
>>>>>>> >>> is an actual edugain policy, we are clearly not
compliant with edugain
>>>>>>> >>> (and that is (or might be) a valid reason to fix it,
even with large
>>>>>>> >>> fallout)
>>>>>>> >>>
>>>>>>> >>> however, if it is not, then we have a serious problem.
>>>>>>> >>>
>>>>>>> >>> it is also annoying that even for regexps, uppercase is
not allowed.
>>>>>>> >>> and to make it worse in our case, even with uppercase
regex allowed, the
>>>>>>> >>> regex literal tail is a valid existing domainname;
>>>>>>> >>> on the other hand if the uppercase regex would
constitute a valid
>>>>>>> >>> domain, then we should be able to use it as valid scope.
>>>>>>> >>>
>>>>>>> >>> do you have any contact info for the people who are
familiar with this
>>>>>>> >>> policy?
>>>>>>> >>>
>>>>>>> >>> many thanks,
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>> stijn
>>>>>>>
>>>>>>> \--
>>>>>>> You received this message because you are subscribed to the
Google Groups "help" group.
>>>>>>> To unsubscribe from this group and stop receiving emails
from it, send an email to
[](<>).
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>>



Archive powered by MHonArc 2.6.19.

Top of Page