Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata


Chronological Thread 
  • From: Miroslav Milinovic <miro AT srce.hr>
  • To: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata
  • Date: Sat, 28 Jun 2014 12:47:31 +0200
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

Following on Peter's comment I'd also need some more info about this tool.

I could not resist to compare it with
http://monitor.eduroam.org/edugain_mon/

and I do wonder if this is the time when we should/could set the list of requirements (and standards) for monitoring tools.

Regards

Miro

On 27.6.2014. 19:06, Peter Schober wrote:
* Mikael Linden <mikael.linden AT csc.fi> [2014-06-27 15:48]:
Jozef Misutka of Charles University in Czech republic has implemented a tool
which takes (eduGAIN) SAML2 metadata, browses through the IdPs and gives a
try for each of them. See Jozef’s mail below. The tool has been implemented
for the CLARIN community and is available in:

https://lindat.mff.cuni.cz/secure/aai-idps-weblicht

From an admittedly quick look I must say I don't understand what this
tests: On the URL above I currently see 6 IDPs in red (with error
messages) and clicking on any of their names the 2 German ones load
their IDP login page (maybe the error data is just stale) and for the
4 Dutch ones the SP running at https://lindat.mff.cuni.cz/ states that
*it* does not have SAML metadata for the IDP in question (not the
other way round):

opensaml::saml2md::MetadataException at
https://lindat.mff.cuni.cz/Shibboleth.sso/Login

Unable to locate metadata for identity provider
(http://federation.nioo.knaw.nl/adfs/services/trust)

Which hardly is an error the IDP in question can do anything about?

Also what is it you get when you click on the "Terena report"?
https://lindat.mff.cuni.cz/secure/aai-idps-terena
An all red page with 236 (?) errors and what is their relation to
TERENA? All IDPs that the TERENA SP proxy offers for login (which may
be interesting for the TERENA AAIs staff but hardly anyone else, esp
since the TERENA AAI stuff decided to include basically any SAML
metadata they can get their hands on), and they are all broken
(whatever that means)?

So before I raise my hand to say "this is great, let's have this as a
GEANT service" at least I would need some more explanation.

Best regards,
-peter







Archive powered by MHonArc 2.6.19.

Top of Page