Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] eduGAIN WebSSO profile refers to SAML2int profile that badly needs an update!

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] eduGAIN WebSSO profile refers to SAML2int profile that badly needs an update!


Chronological Thread 
  • From: Nick Roy <nroy AT internet2.edu>
  • To: <edugain-discuss AT lists.geant.org>, <tac AT incommon.org>, <kwessel AT illinois.edu>
  • Subject: Re: [eduGAIN-discuss] eduGAIN WebSSO profile refers to SAML2int profile that badly needs an update!
  • Date: Tue, 16 Aug 2016 12:30:44 -0600
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=nroy AT internet2.edu;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

InCommon is just about to spin up a deployment profile working group to
address this (and other needed bits and pieces) The intent is to come
to the REFEDS community to seek members for that working group.

Would that be a good way to handle this?

Best,

Nick

On 8/16/16 9:20 AM, Thomas Lenggenhager wrote:
> The eduGAIN WebSSO profile [1] refers to SAML2int v0.2.
>
> However, the SAML2int v0.2.1 currently online needs an urgent update
> to reflect the reality with securely deploying SAML.
>
> SAML2int requires the IdP to sign the assertion, however, the default
> for Shib IdPv3 is to sign the response. Scott well explains in this
> thread on shib-dev how it happened and why the SAML2int needs an update:
> http://shibboleth.net/pipermail/dev/2016-August/008478.html
>
> How can eduGAIN get the SAML2int profile fixed or push the newer
> federation interoperability profile now at Kantara forward so that
> eduGAIN finally can refer to profile(s) that support a secure deployment?
>
> In the interim, eduGAIN should make recommendations on how not to
> endanger interoperability.
>
> Thomas
>
> [1]
> https://technical.edugain.org/doc/eduGAIN%20SAML%202.0%20WebSSO%20Profile.pd

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page