Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] IdP without DNS records

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] IdP without DNS records


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] IdP without DNS records
  • Date: Tue, 8 May 2018 16:49:23 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=univie.ac.at
  • Organization: ACOnet

* Niels van Dijk <niels.vandijk AT surfnet.nl> [2018-05-08 16:23]:
> While testing with the eduGAIN metadata, I note the entity
> https://idp.vle.ase.md/saml/saml2/idp/metadata.php  has no DNS records,
> hence is totally not functional. Is eduGIAN in any way testing this
> before adding entities to metadata?

With several literal answers out of the way let's start over:

I'm not aware of anything in eduGAIN that monitors the reachability of
protocol endpoints in SAML metadata.

Personally (i.e., for eduID.at) I check these things during
registation, but not afterwards -- with the exception of mdui:Logo
URLs, which I check automatically (but not too frequently).

I should probably also check mdui:PrivacyStatementURL, etc.
The CoCo monitors the latter, but only for CoCo SPs, of course.

The eduGAIN support also has recently start notifying federations
about unreachable or unsuitable (as far as their tooling could
determine) mdui:Logos.

So some machinery is in place, for different bits, but probably not in
the general sense you're suggesting.

-peter



Archive powered by MHonArc 2.6.19.

Top of Page