Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Shibboleth integration

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Shibboleth integration


Chronological Thread 
    < Chronological >      < Thread >
  • From: Kathy E Wright CCIT <address@concealed>
  • To: Vlad Mencl <address@concealed>, "address@concealed" <address@concealed>
  • Subject: Re: [[cat-users]] Shibboleth integration
  • Date: Fri, 30 Jun 2023 12:30:56 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=clemson.edu; dmarc=pass action=none header.from=clemson.edu; dkim=pass header.d=clemson.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HRv8Io40UBiw8IRfuY3MkMFVZQyRlnpE9gE8/qV+ky0=; b=l0F5g3cl94BAujP4zqDHs/9hwTWpg+95O7XzgcR7QgvWiM5qoLP72Z/0ceC0vRxCoC0FNC9u2iPRcqHT0OjKArVx8rm3paq122A5+KpssGTkgObUvN4YsoUrkf39QHifeUtEwc1A87eXJzeWishnlKXCTyHvW1FNjQVhGv/6n01qzwH7tNQYuUL4zFQZLzCu+kzD7/fEg7grKmuEN7zt04oKWJtb7GpcTWtRE8raaN9ukpSfYqUSQIeTiqxYS8fBq9U1qaG4G+a9969tJiGH1B45ie+m6xRzSx6eKFVThieYDPROxC53kQamlyMukOaumRMM8lk9L4jJJnnlT59M6A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LwnlV4UshAO3zuUWZ0E/+uuWN8e7UER9VdyJR/G4NUI3lBs7cM1l9qAuowIqU7SeKlUhZ/EIcKX1FBjLhukc2D0O+veXs11f/Ozned2uSX528CKj1uSoAxBLfVSmnP5eP9nyTdxXuzI8lGLobXjHgNLguNfcy1M2n2ndhU/WThY+gzRPPOrfTQqOuv8G8SbmgRQPmPK7Zok/D0qcvDPbeHEriX8/vN1XCt1uk8q9UWiKrwzlaEn1Djbe3Rewn3Mti+gR7IMevk7dCoy3rHpNTk8rCryhBo+6KfexBTCEonWy0BHIe1a3ueG7VtA9MqCMOiEZokOHvmJx4hJwDSu8Ww==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=clemson.edu;

Vlad,

We have updated our release party and Shibboleth integration is now working.  However, one of our administrators has now lost access to the eduroam Configuration Assistant Tool.   He is Sam Beckler, address@concealed.  He will need a new invite, please.


Please advise, how we should go about getting this done.

Thank you,

Kathy

 

 

 

Kathy E Wright
CCIT - Clemson University
 

 

 

From: Vlad Mencl <address@concealed>
Date: Thursday, June 29, 2023 at 7:19 PM
To: Kathy E Wright CCIT <address@concealed>, address@concealed <address@concealed>
Subject: Re: [[cat-users]] Shibboleth integration


Hi Kathy,

CAT (or eduroam.org sites in general) have long supported the
identifiers listed in the error message you received - which (after
leaving out those specific to Google/Facebook/LinkedIn/Twitter) are:

    * eduPersonTargetedID
    * samlPairwiseID
    * samlSubjectID

Note that eduPersonPrincipalName is not on the list.  That attribute is
not considered trustworthy enough, as some institutions use it in a way
where usernames may be reassigned.  Even though many other institutions
use it with usernames that are not reassigned, as the specification did
not explicitly rule it out, the attribute is not trustworthy anymore -
and is thus not accepted by eduroam.org.

If this worked for you before and does not now, your institution must
have made a change, stopping to provide one of the attributes that were
used before.

I suggest you raise it with your institution's IT department.

Hope this helps.

Best regards,
Vlad



On 30/06/23 03:01, Kathy E Wright CCIT (via cat-users Mailing List) wrote:
> Hello,
>
> Our ability to logon to the Eduroam admin portal has broken.  It has
> worked until today.  We are getting the following error message.
>
> We are releasing eduPersonPrincipalName as the unique identifier. 
> Please advise if something has changed.
>
> Kathy E Wright
> CCIT - Clemson University
>
> To unsubscribe, send this message:
> mailto:address@concealed?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users

--
Vladimir Mencl
Lead Software Engineer

Research & Education
Advanced Network NZ Ltd

E  address@concealed
www.reannz.co.nz


Archive powered by MHonArc 2.6.24.

Top of Page