edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Thijs Kinkhorst <thijs.kinkhorst AT surfnet.nl>
- To: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
- Subject: Re: [eduGAIN-discuss] reference for expired certificate warning
- Date: Wed, 20 Nov 2019 13:33:02 +0100
- Organization: SURFnet bv
Op 20-11-19 om 00:02 schreef Nick Roy:
> Perhaps counterproductively adding to my rant below: ADFS is terrible, but
> works just well enough to lull people into the belief that it won’t screw
> everything up, as it invariably does, down the road. I spend at least 80%
> of my direct-end-user-contact time coaching people with ADFS problems.
> ADFS /should not be used/ in the context of R&E federations, nor should
> other similar software. This is a real problem that I don’t know how to
> address in our context, but the problem is getting worse every day.
Just to provide some counter viewpoint. In our federation 66% of IdPs use
ADFS and this hardly gives rise to problems. These institutions have in
many cases standardised on Microsoft internally and they are very happy
that they can interface with us by using their vendor of choice and are
not forced to use a different product.
So I'd like to avoid blanket statements of the form "should not be used in
the context of R&E federations" as this rather disqualifies many of our
institutions which are using it competently and with much success
precisely in an R&E federation.
There are indeed some bugs in ADFS and ideally they would be fixed. For
IdP usage rejecting the scoping element springs to mind. But our 'biggest'
problem with ADFS is the SP side which (in our view) erroneously puts a
UNIQUE constraint on IdP certificates. This makes e.g. the CERN SP broken
for us and from time to time we get a user that complains about it. But
given that this specific SP itself is not so interested in promoting
federated authn (they put edugain only as the very bottom most option on
their login screen after four(!) other options) we have not prioritized this.
Cheers,
Thijs
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [eduGAIN-discuss] reference for expired certificate warning, (continued)
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Leif Johansson, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nicole Harris, 20-Nov-2019
- RE: [eduGAIN-discuss] reference for expired certificate warning, Warda Al Habsi, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- RE: [eduGAIN-discuss] reference for expired certificate warning, Warda Al Habsi, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Leif Johansson, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Thijs Kinkhorst, 11/20/2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Tomasz Wolniewicz, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Zenon Mousmoulas, 20-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Guy Halse, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Sv: [eduGAIN-discuss] reference for expired certificate warning, Pål Axelsson, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 21-Nov-2019
Archive powered by MHonArc 2.6.19.