Per-Entity Metadata Working Group

[Nicholas Roy <>]

Is the addition of in-house infrastructure that proxies v6 introducing 
an additional point of failure?  Do you think the risk is worth 
supporting v6 right now?

Thanks,

Nick

On 10/27/16 12:55 PM, Tom Scavo wrote:
> On Thu, Oct 27, 2016 at 12:22 PM, Rhys Smith 
> <>
>  wrote:
> > What’s weird is that the first two worked at all… Unless your client decided 
> > to do v4 for those queries for some reason. If it did work over v6, I have 
> > *no* idea how!
> After you made the patch, I can confirm that all three use IPv6.
> However, I don't have verbose output that pre-dates your patch, sorry.
>
> Tom
>
> > > On 27 Oct 2016, at 13:37, Tom Scavo 
> > > <>
> > >  wrote:
> > >
> > > On Thu, Oct 27, 2016 at 8:25 AM, Rhys Smith 
> > > <>
> > >  wrote:
> > > > Should be fixed…
> > > Yup, works great.
> > >
> > > Thanks,
> > >
> > > Tom
> > >
> > > > > On 27 Oct 2016, at 13:04, Rhys Smith 
> > > > > <>
> > > > >  wrote:
> > > > >
> > > > > Oh bo*****s. Yes, sorry, that’s v6 at play. The UKf infrastructure is v4 only 
> > > > > hosted in azure, with a set of v6 proxies hosted on our own infrastructure 
> > > > > that proxies to the v4 for the MD dist and CDS. I set up the MDQ stuff on the 
> > > > > servers themselves, and forgot to update the v6 proxy config accordingly.
> > > > >
> > > > > Thanks for pointing this out :-). I’ll fix that later so v6 works as well.
> > > > >
> > > > > Rhys.
> > > > > --
> > > > > Dr Rhys Smith
> > > > > Chief Technical Architect, Trust & Identity
> > > > > Jisc
> > > > >
> > > > > T: +44 (0) 1235 822145
> > > > > M: +44 (0) 7968 087821
> > > > > Skype: rhys-smith
> > > > > GPG: 0x4638C985
> > > > > Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
> > > > >
> > > > > jisc.ac.uk
> > > > >
> > > > > Jisc is a registered charity (number 1149740) and a company limited by 
> > > > > guarantee which is registered in England under Company No. 5747339, VAT No. 
> > > > > GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, 
> > > > > Bristol, BS2 0JA. T 0203 697 5800.
> > > > >
> > > > > > On 27 Oct 2016, at 12:47, Tom Scavo 
> > > > > > <>
> > > > > >  wrote:
> > > > > >
> > > > > > On Thu, Oct 27, 2016 at 2:09 AM, Rhys Smith 
> > > > > > <>
> > > > > >  wrote:
> > > > > > > > On 27 Oct 2016, at 01:28, Tom Scavo 
> > > > > > > > <>
> > > > > > > >  wrote:
> > > > > > > >
> > > > > > > > On Wed, Oct 26, 2016 at 5:11 PM, Rhys Smith 
> > > > > > > > <>
> > > > > > > >  wrote:
> > > > > > > > > > On 26 Oct 2016, at 22:04, Rhys Smith 
> > > > > > > > > > <>
> > > > > > > > > >  wrote:
> > > > > > > > > >
> > > > > > > > > > UKf Test IdP: curl --compress 
> > > > > > > > > > http://mdq.ukfederation.org.uk/entities/https%3A%2F%2Ftest-idp.ukfederation.org.uk%2Fidp%2Fshibboleth
> > > > > > > > > > UKf Test IdP (SHA1 query): curl --compress 
> > > > > > > > > > http://mdq.ukfederation.org.uk/entities/%7Bsha1%7D9bbc0354ea6f33ee008fcbe3c7680c0460e9cd1b
> > > > > > > > > Sorry, that second one should be:  curl --compress 
> > > > > > > > > http://mdq.ukfederation.org.uk/entities/%7Bsha1%7D52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
> > > > > > > > The latter two URLs work fine, the first one does not.
> > > > > > > Does not in what way? Seems to work for me.
> > > > > > That's weird, I get 404 not found:
> > > > > >
> > > > > > $ curl --version
> > > > > > curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport 
> > > > > > zlib/1.2.5
> > > > > > Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> > > > > > pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> > > > > > Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> > > > > > NTLM_WB SSL libz UnixSockets
> > > > > >
> > > > > > $ curl --verbose --compress
> > > > > > http://mdq.ukfederation.org.uk/entities/https%3A%2F%2Ftest-idp.ukfederation.org.uk%2Fidp%2Fshibboleth
> > > > > > *   Trying 2001:630:1:174::83...
> > > > > > *   Trying 52.169.160.61...
> > > > > > * Connected to mdq.ukfederation.org.uk (2001:630:1:174::83) port 80 (#0)
> > > > > > > GET /entities/https%3A%2F%2Ftest-idp.ukfederation.org.uk%2Fidp%2Fshibboleth 
> > > > > > > HTTP/1.1
> > > > > > > Host: mdq.ukfederation.org.uk
> > > > > > > User-Agent: curl/7.43.0
> > > > > > > Accept: */*
> > > > > > > Accept-Encoding: deflate, gzip
> > > > > > < HTTP/1.1 404 Not Found
> > > > > > < Date: Thu, 27 Oct 2016 11:43:49 GMT
> > > > > > < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips
> > > > > > < Content-Length: 258
> > > > > > < Content-Type: text/html; charset=iso-8859-1
> > > > > > <
> > > > > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> > > > > > <html><head>
> > > > > > <title>404 Not Found</title>
> > > > > > </head><body>
> > > > > > <h1>Not Found</h1>
> > > > > > <p>The requested URL
> > > > > > /entities/https://test-idp.ukfederation.org.uk/idp/shibboleth was not
> > > > > > found on this server.</p>
> > > > > > </body></html>
> > > > > > * Connection #0 to host mdq.ukfederation.org.uk left intact