Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] IdP without DNS records

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] IdP without DNS records


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] IdP without DNS records
  • Date: Tue, 8 May 2018 16:40:01 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=univie.ac.at
  • Organization: ACOnet

* Niels van Dijk <niels.vandijk AT surfnet.nl> [2018-05-08 16:23]:
> While testing with the eduGAIN metadata, I note the entity
> https://idp.vle.ase.md/saml/saml2/idp/metadata.php  has no DNS records,
> hence is totally not functional.

Also note that your conclusion above is incorrect: An entityID is a
name (of xsd:type anyURI), not a location. (Counter example:
"urn:mace:incommon:osu.edu" has no DNS record, so it must be totally
unfunctional, too?)

Such an entity could function perfectly fine if the protocol endpoints
were reachable.

Of course in this specific case it's obvious to humans that have
experience with SAML federations that the entityID here clearly is
using the auto-generated value from the deployed SAML implementation
(SimpleSAMLphp) and as such /will/ be based on its actual host name,
meaning it will /share/ that host name portion with its own protocol
endpoints, meaning those protocol endpoints will be just as
unreachable, resulting in the actual problem: Unreachable protocol
endpoints.

-peter



Archive powered by MHonArc 2.6.19.

Top of Page