An open discussion list for topics related to the eduGAIN interfederation service.

[Nick Roy <nroy AT internet2.edu>]

Thanks Peter - please don't quote me by name, but feel free to use my words, 
or modify them as needed. A REFEDS blog post on this topic would be 
excellent, and it might be best to come from a nameless "editorial board" or 
something, to avoid blowback. I'd volunteer to contribute to the anonymous 
authorship of such a post.

It is not just ADFS that has these problems, it's stuff like Oracle/IBM FIM, 
even Ping to some extent. Don't get me started on the IDaaS stuff...

Nick

On 20 Nov 2019, at 1:50, Peter Schober wrote:

> * Nick Roy <nroy AT internet2.edu> [2019-11-20 00:03]:
>> Perhaps counterproductively adding to my rant below: ADFS is
>> terrible, but works just well enough to lull people into the belief
>> that it won’t screw everything up, as it invariably does, down the
>> road. I spend at least 80% of my direct-end-user-contact time
>> coaching people with ADFS problems. ADFS *should not be used* in the
>> context of R&E federations, nor should other similar software. This
>> is a real problem that I don’t know how to address in our context,
>> but the problem is getting worse every day.
>
> Thank you for your very clear words in this regard.
>
> Maybe this should be made known more widely? Open to ideas how that
> would work. A REFEDS blog post? A disclaimer message to be relayed by
> (Full Mesh) federations?
> I'll start by quoting your post above in our documentation.
>
> At this time we only have a single MS-ADFS entity registered, so my
> communication has been pretty clear and seemingly was effective so
> far. That one entity could end up being used a lot more, though,
> through services proxied behind its SP-side...
>
> -peter

Attachment: signature.asc
Description: OpenPGP digital signature