edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update

From: Davide Vaghetti <davide.vaghetti AT garr.it>
To: Etienne Dysli Metref <etienne.dysli-metref AT switch.ch>, edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update
Date: Wed, 20 Nov 2019 15:31:00 +0100

Hi Etienne,

On 20/11/19 13:37, Etienne Dysli Metref wrote:
> Hi all,
>
> (Sorry for the out-of-thread reply. I just subscribed to this list
> because of this issue.)
>
>> At 4:10pm CET, Chris Philips (Canarie) alerted us of an error that was
>> preventing their MDA to correctly parse some entities in the eduGAIN
>> feed. Canarie is using Shibbolteh MDA. The error was:
>>
>> "ERROR - validateSchema reported: UndeclaredPrefix: Cannot resolve
>> 'xs:string' as a QName: the prefix 'xs' is not declared."
>
> Our old Shib MDA also choked the exact same way yesterday and I was
> wondering why when the error suddenly disappeared... :O
>
>> With the help of Ian Young we found out that:
>> 1. what is causing the issue is that the "xs" namespace is declared in
>> `EntitiesDescriptor` on the latest version of the eduGAIN MDS, versus
>> per `AttributeValue` in the previous version.
>> 2. we're hitting on an old Shibboleth MDA bug which is preventing the
>> MDA to resolve namespaces declared "too far" from the element where they
>> are used --- see https://issues.shibboleth.net/jira/browse/MDA-47
>> 3. other identity federations using Shibboleth MDA, such as UKf and many
>> others, were not hit by the issue because they strip out all the
>> `xsi:type="xs:string"` elements as part of their aggregation process.
>
> So what's the way out for users of the Shib MDA? Is there a release
> where this bug is fixed (apparently not)? How can I configure the
> workaround?
>

In IDEM we use the clean-import.xsl that is part of the UK federation
Metadata Toolchain. The rule that is stripping out the `xsi:type`
attribute from the `AttributeValue` elements is the following:


<xsl:template match="saml:AttributeValue/@xsi:type"/>

> Also, as the person operating the metadata signing for SWITCHaai and
> given that we consume the eduGAIN feed, where shall I keep myself
> informed about such eduGAIN changes? Is this the right mailing list?

Both edugain-discuss and edugain-sg lists are used for such
communications, but edugain-sg is the only official one.

Cheers,
Davide

>
> Cheers,
> Etienne
>

--
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[eduGAIN-discuss] eduGAIN SAML profile and MDS update, Davide Vaghetti, 19-Nov-2019
- Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Nick Roy, 19-Nov-2019
- Message not available
  - Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Etienne Dysli Metref, 20-Nov-2019
    - Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Davide Vaghetti, 11/20/2019
      - Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Etienne Dysli Metref, 20-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Peter Schober, 20-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Cantor, Scott, 20-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Nick Roy, 20-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Etienne Dysli Metref, 21-Nov-2019
    - Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Ian Young, 20-Nov-2019
      - Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Etienne Dysli Metref, 22-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Davide Vaghetti, 22-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Nick Roy, 22-Nov-2019
        
        Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update, Ian Young, 25-Nov-2019