edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?

From: Alex Stuart <alex.stuart AT ed.ac.uk>
To: edugain-discuss AT geant.net
Subject: Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?
Date: Wed, 05 Feb 2014 09:34:28 +0000
List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
List-id: eduGAIN discussion list <edugain-discuss.geant.net>

Hi Jan,

This is intentional behaviour. The UK federation imports eduGAIN entities and re-publishes them into its production metadata aggregate. However we operate an opt-in to export metadata to eduGAIN rather than export the whole aggregate. This arrangement means the opt-in is a straightforward administrative decision rather than one that requires reconfiguring the entity.

So, yes, users accessing SPs via the UK federation central discovery service, or an unfiltered embedded discovery service, will be allowed to choose IdPs that haven't exchanged metadata. That's a side-effect of decreased friction for the entity operators, and whether this is a bug/feature depends on your point of view.

Like Brook said: if there are UK federation services that your exported IdP wishes to access, you can contact them directly to ask that they export to eduGAIN. Or you can contact the UK federation service desk (service AT ukfederation.org.uk) and we can facilitate.

Regards,
Alex

On 05/02/2014 08:54, Jan Tomášek wrote:

Hello,

we have discovered that UK federation republishes all entities from eduGAIN into their metadata:
http://metadata.ukfederation.org.uk/ukfederation-metadata.xml
but they are not doing oposite. So entites from UK federation are not being republished into eduGAIN.

I think this could confuse users. By a short experimenting I've found SP https://www.scran.ac.uk/ which offer login by using CESNET, Univerzita Karlova v Praze, ... IdP but those login will always fail because https://www.scran.ac.uk/ is not being exported into eduGAIN, our IdP doesn't know about https://www.scran.ac.uk/ and refuses login. Poor user, poor IdP admin who has to explain to users.

Is this intentional or is this a bug?

--
Alex Stuart
Team Leader - Federated Access Management
EDINA, University of Edinburgh

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

[eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Jan Tomášek, 05-Feb-2014
- Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Brook Schofield, 05-Feb-2014
  - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Glenn Wearen, 05-Feb-2014
    - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Nicole Harris, 05-Feb-2014
      - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Glenn Wearen, 05-Feb-2014
- Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Alex Stuart, 02/05/2014
  - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Jan Tomášek, 05-Feb-2014
    - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Tomasz Wolniewicz, 05-Feb-2014
    - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Nicole Harris, 05-Feb-2014
    - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Peter Schober, 05-Feb-2014
      - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Peter Schober, 05-Feb-2014
  - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Leif Johansson, 05-Feb-2014
    - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Jan Tomášek, 05-Feb-2014
      - Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Peter Schober, 05-Feb-2014
        
        Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Leif Johansson, 05-Feb-2014
- Re: [eduGAIN-discuss] ALL eduGAIN entities in UK federation?, Ian Young, 05-Feb-2014