The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> During the last 6-8 months several inst-admins have complained about lost 
> access to cat admin.
> I’m the NRO-admin and when going to the admin web I still see them as being 
> admins.
> When I re-invite they regain access, and I see a double entry with their 
> mail address in the admin GUI.
> 
> Can this origin in some sort of db field corruption ?
> The link btw IdP and the cat-account is another possible failing point.
> 
> Any established knowledge on this issue?

We had a couple of reports about similar problems. They were always due
to change of user identifiers on the IdP side (i.e. different
eduPersonTargetedID value).

That is the nature of federated ID - the (supposed to be) stable and
reliable user identifier we see is issued by a third party. If that
third party changes the ID, we see an entirely new user, with no
particular privilege until such privilege has been assigned to the "new"
person. The fact that those two users have the same email address is
insignificant: the mail address is *not* the user identifier.

Greetings,

Stefan Winter

> 
> 
> Best, Ole
> --
> ole.frendved.hansen AT deic.dk
> DeIC, Danish e-Infrastructure Cooperation, www.deic.dk
> 
> 
> 
> 
> Den 31/05/2016 kl. 16.16 skrev Per Mejdal Rasmussen 
> <pmr AT its.aau.dk>:
> 
>> Det virkede.
>>
>> On 31-05-2016 16:15, eduroam CAT Invitation System wrote:
>>> Hello,
>>>
>>> an administrator of the eduroam Identity Provider "Aalborg University"
>>> has invited you to manage the IdP together with him. To enlist as an
>>> administrator for that IdP, please click on the following link:
>>>
>>> https://cat.eduroam.org/admin/action_enrollment.php?token=...
>>>
>>> If clicking the link doesn't work, you can also go to the eduroam CAT
>>> Administrator Interface at
>>>
>>> https://cat.eduroam.org/admin/
>>>
>>> and enter the invitation token
>>>
>>> ...
>>> manually. Please do not reply to this email, it is a send-only address.
>>>
>>> We wish you a lot of fun with the eduroam CAT.
>>>
>>> Sincerely,
>>>
>>> Your friendly folks from eduroam Operations
>>>
>>
>> --
>> Per Mejdal Rasmussen
>> To unsubscribe, send this message: 
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link: 
>> https://lists.geant.org/sympa/sigrequest/cat-users
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature