Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters


Chronological Thread 
  • From: Stijn De Weirdt <>
  • To: James Babb <>, Nick Roy <>
  • Cc: Albert Wu <>, Scott Koranda <>, "" <>, "Fleury, Terry" <>, "" <>, "" <>, David Shafer <>
  • Subject: Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
  • Date: Fri, 22 Mar 2019 09:02:50 +0100

hi all,

i can now login on cilogon.

a big thanks to all involved for fixing this!


stijn


On 3/20/19 8:59 PM, James Babb wrote:
> Stijn and all--
>
> The new MDA is deployed as of this afternoon. After tomorrow's metadata
> signing and publication (3PM-ish US Eastern Daylight Time),
> https://identity.ugent.be/simplesaml/saml2/idp/metadata.php will be in the
> published metadata available to CILogon.
>
>
> On 3/19/19, 11:12 AM, "Stijn De Weirdt" <> wrote:
>
> hi nick,
>
> thanks for the update. clearly i was just a bit too impatient ;)
>
> stijn
>
> On 3/19/19 5:08 PM, Nick Roy wrote:
> > Hi Stijn,
> >
> > We plan to release the MDA upgrade tomorrow, after we sign metadata,
> about 3-4 p.m. US Eastern Time. If for some reason we aren't able to do it
> then, we will plan for Monday, March 25th.
> >
> > Best,
> >
> > Nick
> >
> > On 18 Mar 2019, at 10:46, Stijn De Weirdt wrote:
> >
> >> hi all,
> >>
> >> is there any news (or an ETA) on resolving this issue?
> >>
> >> many thanks,
> >>
> >> stijn
> >>
> >> On 2/25/19 5:26 PM, Nick Roy wrote:
> >>> Thanks - I have James Babb, InCommon support engineer, assigned to
> follow this with Ian and get it released. Cheers!
> >>>
> >>> Nick
> >>>
> >>> On 25 Feb 2019, at 9:07, Stijn De Weirdt wrote:
> >>>
> >>>> hi nick,
> >>>>
> >>>> that is great news. looking forward to the fix and thanks again. i
> owe
> >>>> you a few beers ;)
> >>>>
> >>>> stijn
> >>>>
> >>>> On 2/25/19 5:05 PM, Nick Roy wrote:
> >>>>> After a brief discussion with Ian, we believe it is safe to allow
> mixed-case scopes, so we will work to get this updated. I will ping Ian on
> the status of the fix after Global Summit (week of March 11).
> >>>>>
> >>>>> Best,
> >>>>>
> >>>>> Nick
> >>>>>
> >>>>> On 19 Feb 2019, at 11:10, Albert Wu wrote:
> >>>>>
> >>>>>> Hi Scott and Stijin,
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> I just briefed Nick Roy regarding this case. He is taking this
> to the Ops Advisory Group to determine a course of action.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> To the best of my understanding, InCommon filters upper case
> lettering in the scope to guard against potential identity mismatch in SP’s
> due to inconsistent handling of case sensitivities in identifiers.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Thank you for your patience. I will follow up as soon as the Ops
> Advisory Group produces a recommendation.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> albert
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> **From:** Scott Koranda <>
> >>>>>> **Date:** Tuesday, February 19, 2019 at 5:15 AM
> >>>>>> **To:** David Shafer <>, Albert Wu
> <>
> >>>>>> **Cc:** ""
> <>, "Fleury, Terry" <>,
> "" <>, ""
> <>, Stijn De Weirdt <>, Scott
> Koranda <>
> >>>>>> **Subject:** Re: [Metadata-Support] ERROR -
> checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Hi Dave and Albert,
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Can you provide an update on this issue?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Thanks,
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Scott K
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Wed, Feb 13, 2019 at 8:55 AM David Shafer
> <[](<>)> wrote:
> >>>>>>
> >>>>>>> Jim, just letting you know that I received this message from
> Feb. 13, but not the earlier messages from Feb. 12 or Feb. 8. Checking the
> list archives at
> <https://lists.incommon.org/sympa/arc/metadata-support/2019-02/> confirms
> the earlier messages didn't get through (but they might be waiting in an
> approval queue?).
> >>>>>>>
> >>>>>>> We'll investigate the original metadata issue-- and the
> apparent email list issue-- and get back to everyone.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>>
> >>>>>>> Dave
> >>>>>>>
> >>>>>>> \-----Original Message-----
> >>>>>>> From:
> <[](<>)>
> on behalf of "Basney, Jim"
> <[](<>)>
> >>>>>>> Reply-To:
> "[](<>)"
> <[](<>)>
> >>>>>>> Date: Wednesday, February 13, 2019 at 3:46 AM
> >>>>>>> To: Stijn De Weirdt
> <[](<>)>, Scott
> Koranda
> <[](<>)>,
> "[](<>)"
> <[](<>)>
> >>>>>>> Cc: "Fleury, Terry"
> <[](<>)>,
> "[](<>)"
> <[](<>)>, ""
> <>
> >>>>>>> Subject: [Metadata-Support] ERROR - checkScopes/upperCase:
> scope 'UGent.be' includes upper-case characters
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> I think our messages aren't getting through to
> [](<>).
> I'm trying again to see if we can get assistance with this InCommon eduGAIN
> metadata import problem.
> >>>>>>>
> >>>>>>> -Jim
> >>>>>>> ________________________________________
> >>>>>>> From: Stijn De Weirdt
> <[](<>)>
> >>>>>>> Sent: Tuesday, February 12, 2019 12:30 PM
> >>>>>>> To: Scott Koranda;
> [](<>)
> >>>>>>> Cc: Fleury, Terry;
> [](<>);
> >>>>>>> Subject: Re: testidp with qa idp
> >>>>>>>
> >>>>>>> hello all,
> >>>>>>>
> >>>>>>> can we help with some more info or something else to get
> some progress
> >>>>>>> on this?
> >>>>>>>
> >>>>>>> many thanks,
> >>>>>>>
> >>>>>>> stijn
> >>>>>>>
> >>>>>>> On 2/8/19 12:26 PM, Scott Koranda wrote:
> >>>>>>> >
> >>>>>>> > This time including ...
> >>>>>>> >
> >>>>>>> >> Hi Stijn,
> >>>>>>> >>
> >>>>>>> >> I am forwarding your note to
> [](<>).
> They will be
> >>>>>>> >> able to explain in detail why the metadata for your IdP
> has been
> >>>>>>> >> excluded from the InCommon metadata feed that CILogon
> uses. They will
> >>>>>>> >> also be able if necessary to consult with eduGAIN and
> the Belnet
> >>>>>>> >> Federation operators.
> >>>>>>> >>
> >>>>>>> >> Thanks,
> >>>>>>> >>
> >>>>>>> >> Scott K for CILogon
> >>>>>>> >>
> >>>>>>> >>> hi terry,
> >>>>>>> >>>
> >>>>>>> >>>> [java] ERROR - Item
> <https://identity.ugent.be/simplesaml/saml2/idp/metadata.php> (BE) was
> marked with the following Error status messages
> >>>>>>> >>>> [java] ERROR - checkScopes/upperCase: scope
> 'UGent.be' includes upper-case characters
> >>>>>>> >>> oh boy...
> >>>>>>> >>>
> >>>>>>> >>>>
> >>>>>>> >>>>
> >>>>>>> >>>> The rules for eduGAIN metadata import can be found at
> >>>>>>> >>>>
> <https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy>
> >>>>>>> >>> the rules do not mention anything about not allowing
> uppercase letters
> >>>>>>> >>> (not that we checked upfront years ago, but still).
> >>>>>>> >>>
> >>>>>>> >>>> .
> >>>>>>> >>>>
> >>>>>>> >>>> After you fix this issue in your local federation
> metadata,
> >>>>>>> >>> unfortunately, that will not happen that easily. we
> would need to change
> >>>>>>> >>> our scope, and who knows what the fallout will be.
> >>>>>>> >>>
> >>>>>>> >>> we would also need some very good argument why this is
> needed (aside
> >>>>>>> >>> from the fatc that we need the CILogon service ;)
> >>>>>>> >>> ideally there is some document stating that uppercase
> is not allowed;
> >>>>>>> >>> but edugain doesn't seem to mind.
> >>>>>>> >>> eg if
> >>>>>>> >>>
> <https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml>
> >>>>>>> >>> is an actual edugain policy, we are clearly not
> compliant with edugain
> >>>>>>> >>> (and that is (or might be) a valid reason to fix it,
> even with large
> >>>>>>> >>> fallout)
> >>>>>>> >>>
> >>>>>>> >>> however, if it is not, then we have a serious problem.
> >>>>>>> >>>
> >>>>>>> >>> it is also annoying that even for regexps, uppercase
> is not allowed.
> >>>>>>> >>> and to make it worse in our case, even with uppercase
> regex allowed, the
> >>>>>>> >>> regex literal tail is a valid existing domainname;
> >>>>>>> >>> on the other hand if the uppercase regex would
> constitute a valid
> >>>>>>> >>> domain, then we should be able to use it as valid
> scope.
> >>>>>>> >>>
> >>>>>>> >>> do you have any contact info for the people who are
> familiar with this
> >>>>>>> >>> policy?
> >>>>>>> >>>
> >>>>>>> >>> many thanks,
> >>>>>>> >>>
> >>>>>>> >>>
> >>>>>>> >>> stijn
> >>>>>>>
> >>>>>>> \--
> >>>>>>> You received this message because you are subscribed to
> the Google Groups "help" group.
> >>>>>>> To unsubscribe from this group and stop receiving emails
> from it, send an email to
> [](<>).
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>
> >>>>>
> >>>>>
>
>



Archive powered by MHonArc 2.6.19.

Top of Page