An open discussion list for topics related to the eduGAIN interfederation service.

[Nicole Harris <harris AT terena.org>]

Well my first and primary question would be under what terms Jozef is
using the metadata?  I cannot find his service URL registered with any
federation or with eduGAIN.  Is it connected to some sort of proxy and
if not, under what terms is the metadata being used?

I'd agree here.  I had a very confusing conversation with Jozef at TNC
and he has a very strange idea of what constitutes a broken IdP and how
it should be tested IMHO.   This is also NOT eduGAIN metadata, but
rather metadata from all and any federation he can get his hands on,
which again will of course cause problems.  

There are a few genuine problems, but a lot of these are because of the
process Jozef has applied. As Peter points out, the Dutch ones are
failing because they are supposed to fail, the service is not registered.

Yes of course there is more that federations can do to ensure that IdPs
are up and that error messages are elegant, but I am entirely
unsympathetic with this approach.

On 28/06/2014 11:47, Miroslav Milinovic wrote:
> Following on Peter's comment I'd also need some more info about this
> tool.
>
> I could not resist to compare it with
> http://monitor.eduroam.org/edugain_mon/
>
> and I do wonder if this is the time when we should/could set the list
> of requirements (and standards) for monitoring tools.
>
> Regards
>
> Miro
>
> On 27.6.2014. 19:06, Peter Schober wrote:
>> * Mikael Linden <mikael.linden AT csc.fi> [2014-06-27 15:48]:
>>> Jozef Misutka of Charles University in Czech republic has
>>> implemented a tool
>>> which takes (eduGAIN) SAML2 metadata, browses through the IdPs and
>>> gives a
>>> try for each of them. See  Jozef’s mail below. The tool has been
>>> implemented
>>> for the CLARIN community and is available in:
>>>
>>> https://lindat.mff.cuni.cz/secure/aai-idps-weblicht
>>
>>  From an admittedly quick look I must say I don't understand what this
>> tests: On the URL above I currently see 6 IDPs in red (with error
>> messages) and clicking on any of their names the 2 German ones load
>> their IDP login page (maybe the error data is just stale) and for the
>> 4 Dutch ones the SP running at https://lindat.mff.cuni.cz/ states that
>> *it* does not have SAML metadata for the IDP in question (not the
>> other way round):
>>
>>    opensaml::saml2md::MetadataException at
>>    https://lindat.mff.cuni.cz/Shibboleth.sso/Login
>>
>>    Unable to locate metadata for identity provider
>> (http://federation.nioo.knaw.nl/adfs/services/trust)
>>
>> Which hardly is an error the IDP in question can do anything about?
>>
>> Also what is it you get when you click on the "Terena report"?
>> https://lindat.mff.cuni.cz/secure/aai-idps-terena
>> An all red page with 236 (?) errors and what is their relation to
>> TERENA? All IDPs that the TERENA SP proxy offers for login (which may
>> be interesting for the TERENA AAIs staff but hardly anyone else, esp
>> since the TERENA AAI stuff decided to include basically any SAML
>> metadata they can get their hands on), and they are all broken
>> (whatever that means)?
>>
>> So before I raise my hand to say "this is great, let's have this as a
>> GEANT service" at least I would need some more explanation.
>>
>> Best regards,
>> -peter
>>
>
>


-- 
----------------
Project Development Officer
TERENA
Singel 468 D
Amsterdam, 1017 AW
The Netherlands

T: +31(0)20 5304488
F: +31(0)20 5304499 

mob: +31(0)646 105395