Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters


Chronological Thread 
  • From: Nick Roy <>
  • To: Stijn De Weirdt <>
  • Cc: James Babb <>, Albert Wu <>, Scott Koranda <>, "" <>, "Fleury, Terry" <>, "" <>, "" <>, David Shafer <>
  • Subject: Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
  • Date: Fri, 22 Mar 2019 14:33:32 +0000

Excellent! Thank you for confirming and for your patience.

Best,

Nick

On 22 Mar 2019, at 2:02, Stijn De Weirdt wrote:

> hi all,
>
> i can now login on cilogon.
>
> a big thanks to all involved for fixing this!
>
>
> stijn
>
>
> On 3/20/19 8:59 PM, James Babb wrote:
>> Stijn and all--
>>
>> The new MDA is deployed as of this afternoon. After tomorrow's metadata
>> signing and publication (3PM-ish US Eastern Daylight Time),
>> https://identity.ugent.be/simplesaml/saml2/idp/metadata.php will be in the
>> published metadata available to CILogon.
>>
>>
>> On 3/19/19, 11:12 AM, "Stijn De Weirdt" <> wrote:
>>
>> hi nick,
>>
>> thanks for the update. clearly i was just a bit too impatient ;)
>>
>> stijn
>>
>> On 3/19/19 5:08 PM, Nick Roy wrote:
>> > Hi Stijn,
>> >
>> > We plan to release the MDA upgrade tomorrow, after we sign metadata,
>> about 3-4 p.m. US Eastern Time. If for some reason we aren't able to do it
>> then, we will plan for Monday, March 25th.
>> >
>> > Best,
>> >
>> > Nick
>> >
>> > On 18 Mar 2019, at 10:46, Stijn De Weirdt wrote:
>> >
>> >> hi all,
>> >>
>> >> is there any news (or an ETA) on resolving this issue?
>> >>
>> >> many thanks,
>> >>
>> >> stijn
>> >>
>> >> On 2/25/19 5:26 PM, Nick Roy wrote:
>> >>> Thanks - I have James Babb, InCommon support engineer, assigned to
>> follow this with Ian and get it released. Cheers!
>> >>>
>> >>> Nick
>> >>>
>> >>> On 25 Feb 2019, at 9:07, Stijn De Weirdt wrote:
>> >>>
>> >>>> hi nick,
>> >>>>
>> >>>> that is great news. looking forward to the fix and thanks again.
>> i owe
>> >>>> you a few beers ;)
>> >>>>
>> >>>> stijn
>> >>>>
>> >>>> On 2/25/19 5:05 PM, Nick Roy wrote:
>> >>>>> After a brief discussion with Ian, we believe it is safe to
>> allow mixed-case scopes, so we will work to get this updated. I will ping
>> Ian on the status of the fix after Global Summit (week of March 11).
>> >>>>>
>> >>>>> Best,
>> >>>>>
>> >>>>> Nick
>> >>>>>
>> >>>>> On 19 Feb 2019, at 11:10, Albert Wu wrote:
>> >>>>>
>> >>>>>> Hi Scott and Stijin,
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> I just briefed Nick Roy regarding this case. He is taking this
>> to the Ops Advisory Group to determine a course of action.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> To the best of my understanding, InCommon filters upper case
>> lettering in the scope to guard against potential identity mismatch in
>> SP’s due to inconsistent handling of case sensitivities in identifiers.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> Thank you for your patience. I will follow up as soon as the
>> Ops Advisory Group produces a recommendation.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> albert
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> **From:** Scott Koranda <>
>> >>>>>> **Date:** Tuesday, February 19, 2019 at 5:15 AM
>> >>>>>> **To:** David Shafer <>, Albert Wu
>> <>
>> >>>>>> **Cc:** ""
>> <>, "Fleury, Terry" <>,
>> "" <>, ""
>> <>, Stijn De Weirdt <>,
>> Scott Koranda <>
>> >>>>>> **Subject:** Re: [Metadata-Support] ERROR -
>> checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> Hi Dave and Albert,
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> Can you provide an update on this issue?
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> Thanks,
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> Scott K
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> On Wed, Feb 13, 2019 at 8:55 AM David Shafer
>> <[](<>)> wrote:
>> >>>>>>
>> >>>>>>> Jim, just letting you know that I received this message from
>> Feb. 13, but not the earlier messages from Feb. 12 or Feb. 8. Checking the
>> list archives at
>> <https://lists.incommon.org/sympa/arc/metadata-support/2019-02/> confirms
>> the earlier messages didn't get through (but they might be waiting in an
>> approval queue?).
>> >>>>>>>
>> >>>>>>> We'll investigate the original metadata issue-- and the
>> apparent email list issue-- and get back to everyone.
>> >>>>>>>
>> >>>>>>> Thanks,
>> >>>>>>>
>> >>>>>>> Dave
>> >>>>>>>
>> >>>>>>> \-----Original Message-----
>> >>>>>>> From:
>> <[](<>)>
>> on behalf of "Basney, Jim"
>> <[](<>)>
>> >>>>>>> Reply-To:
>> "[](<>)"
>> <[](<>)>
>> >>>>>>> Date: Wednesday, February 13, 2019 at 3:46 AM
>> >>>>>>> To: Stijn De Weirdt
>> <[](<>)>, Scott
>> Koranda
>> <[](<>)>,
>> "[](<>)"
>> <[](<>)>
>> >>>>>>> Cc: "Fleury, Terry"
>> <[](<>)>,
>> "[](<>)"
>> <[](<>)>, ""
>> <>
>> >>>>>>> Subject: [Metadata-Support] ERROR - checkScopes/upperCase:
>> scope 'UGent.be' includes upper-case characters
>> >>>>>>>
>> >>>>>>> Hi,
>> >>>>>>>
>> >>>>>>> I think our messages aren't getting through to
>> [](<>).
>> I'm trying again to see if we can get assistance with this InCommon
>> eduGAIN metadata import problem.
>> >>>>>>>
>> >>>>>>> -Jim
>> >>>>>>> ________________________________________
>> >>>>>>> From: Stijn De Weirdt
>> <[](<>)>
>> >>>>>>> Sent: Tuesday, February 12, 2019 12:30 PM
>> >>>>>>> To: Scott Koranda;
>> [](<>)
>> >>>>>>> Cc: Fleury, Terry;
>> [](<>);
>> >>>>>>> Subject: Re: testidp with qa idp
>> >>>>>>>
>> >>>>>>> hello all,
>> >>>>>>>
>> >>>>>>> can we help with some more info or something else to get
>> some progress
>> >>>>>>> on this?
>> >>>>>>>
>> >>>>>>> many thanks,
>> >>>>>>>
>> >>>>>>> stijn
>> >>>>>>>
>> >>>>>>> On 2/8/19 12:26 PM, Scott Koranda wrote:
>> >>>>>>> >
>> >>>>>>> > This time including ...
>> >>>>>>> >
>> >>>>>>> >> Hi Stijn,
>> >>>>>>> >>
>> >>>>>>> >> I am forwarding your note to
>> [](<>).
>> They will be
>> >>>>>>> >> able to explain in detail why the metadata for your
>> IdP has been
>> >>>>>>> >> excluded from the InCommon metadata feed that CILogon
>> uses. They will
>> >>>>>>> >> also be able if necessary to consult with eduGAIN and
>> the Belnet
>> >>>>>>> >> Federation operators.
>> >>>>>>> >>
>> >>>>>>> >> Thanks,
>> >>>>>>> >>
>> >>>>>>> >> Scott K for CILogon
>> >>>>>>> >>
>> >>>>>>> >>> hi terry,
>> >>>>>>> >>>
>> >>>>>>> >>>> [java] ERROR - Item
>> <https://identity.ugent.be/simplesaml/saml2/idp/metadata.php> (BE) was
>> marked with the following Error status messages
>> >>>>>>> >>>> [java] ERROR - checkScopes/upperCase: scope
>> 'UGent.be' includes upper-case characters
>> >>>>>>> >>> oh boy...
>> >>>>>>> >>>
>> >>>>>>> >>>>
>> >>>>>>> >>>>
>> >>>>>>> >>>> The rules for eduGAIN metadata import can be found at
>> >>>>>>> >>>>
>> <https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy>
>> >>>>>>> >>> the rules do not mention anything about not allowing
>> uppercase letters
>> >>>>>>> >>> (not that we checked upfront years ago, but still).
>> >>>>>>> >>>
>> >>>>>>> >>>> .
>> >>>>>>> >>>>
>> >>>>>>> >>>> After you fix this issue in your local federation
>> metadata,
>> >>>>>>> >>> unfortunately, that will not happen that easily. we
>> would need to change
>> >>>>>>> >>> our scope, and who knows what the fallout will be.
>> >>>>>>> >>>
>> >>>>>>> >>> we would also need some very good argument why this
>> is needed (aside
>> >>>>>>> >>> from the fatc that we need the CILogon service ;)
>> >>>>>>> >>> ideally there is some document stating that uppercase
>> is not allowed;
>> >>>>>>> >>> but edugain doesn't seem to mind.
>> >>>>>>> >>> eg if
>> >>>>>>> >>>
>> <https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml>
>> >>>>>>> >>> is an actual edugain policy, we are clearly not
>> compliant with edugain
>> >>>>>>> >>> (and that is (or might be) a valid reason to fix it,
>> even with large
>> >>>>>>> >>> fallout)
>> >>>>>>> >>>
>> >>>>>>> >>> however, if it is not, then we have a serious problem.
>> >>>>>>> >>>
>> >>>>>>> >>> it is also annoying that even for regexps, uppercase
>> is not allowed.
>> >>>>>>> >>> and to make it worse in our case, even with uppercase
>> regex allowed, the
>> >>>>>>> >>> regex literal tail is a valid existing domainname;
>> >>>>>>> >>> on the other hand if the uppercase regex would
>> constitute a valid
>> >>>>>>> >>> domain, then we should be able to use it as valid
>> scope.
>> >>>>>>> >>>
>> >>>>>>> >>> do you have any contact info for the people who are
>> familiar with this
>> >>>>>>> >>> policy?
>> >>>>>>> >>>
>> >>>>>>> >>> many thanks,
>> >>>>>>> >>>
>> >>>>>>> >>>
>> >>>>>>> >>> stijn
>> >>>>>>>
>> >>>>>>> \--
>> >>>>>>> You received this message because you are subscribed to
>> the Google Groups "help" group.
>> >>>>>>> To unsubscribe from this group and stop receiving emails
>> from it, send an email to
>> [](<>).
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>>
>>

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page