An open discussion list for topics related to the eduGAIN interfederation service.

[Dick Visser <dick.visser AT geant.org>]

This could be a nice addition for @Rhys Smith 's script that generates
https://www.ukfederation.org.uk/fed/edugain-import-log-with-diff.txt.
If a signing certificate is issued by Let's Encrypt, then it is highly
likely that it will be automagically replaced at regular intervals,
thereby breaking things.
Although technically correct, IMHO this should trigger an error.

I've noticed this issue as well with SPs that connect to the GEANT SAML proxy.
SP operators apparently "need a certificate", and when they find one
that is used for the web server, it's just too tempting to not use it.

DIck


On Wed, 18 Sep 2019 at 11:03, Peter Schober <peter.schober AT univie.ac.at> 
wrote:
>
> * Zenon Mousmoulas <zmousm AT noc.grnet.gr> [2019-09-18 08:09]:
> > I suppose this signature should have been stripped at some point.
>
> FWIW, that Signature never made it into our aggregates since I run
> (a slightly modified version of) pyff's tidy.xsl script on all imports:
> https://github.com/IdentityPython/pyFF/blob/master/src/pyff/xslt/tidy.xsl
>
> Thanks, @leifj!
>
> (My own modification relates to the old WS-* XSD schema validation issue,
> https://lists.geant.org/sympa/arc/edugain-discuss/2014-11/msg00031.html
> I'll send a PR for that to get that one-line addition included upstream.)
>
> -peter



--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT