Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] reference for expired certificate warning

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] reference for expired certificate warning


Chronological Thread 
  • From: Nick Roy <nroy AT internet2.edu>
  • To: Warda Al Habsi <warda AT omren.om>
  • Cc: Leif Johansson <leifj AT sunet.se>, "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] reference for expired certificate warning
  • Date: Wed, 20 Nov 2019 17:42:39 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4RbWAKq/MaL6mna8cIRhhYiH64II9eV2gJJMemIR3ys=; b=MAiy4rXnE1YgfiypIabEzWnkMeyexSlUbYx+lWt8bG6uV3qQDlcpphh4w/EKqeJ568+Kark9RY2mia0phoBsl9RXfI03fPnAF/bmVacrGsHnaejZSoJkU9LrtM+X6sL3p/LuCm0tpaUSZhQnzGbVkw6uM2MTm1/NauNA0EFmEjT00wd7qVncAPGXHyRG4mpdMG/2RUSgS8sG54usNZXMkjBIxxh6NV+Wx+vRCPJy20HHEgQcUFYpW84tFSya2+ZpUwEhBeT3MwTTIWCml3+25ATJcFeaCH8H3RT5qWMEFBj7GnkitMl8b25jZ7A2L4ptFg1Erw5nusRcurEMhtIXMA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KFq4/AFLO5mSZdq3l+0r2YYG/88WuAXtVnuM8GxYjWvdcuBCSp7oAGBMVUCvBVecgoEQ+LuPdvT/6hUCJRKHNWimeTPJe4LDLTp6otoMEDmFZ+yBVD1k3c22C5PPosNBsjDEoyAuNBb+2GmyIsXdg4zb3rSNMa8hpfEw/K8gS5QCl1RD3Tzij0SsyUwZgA1sKOghazFaFfz+thehQAQ55OEQ7/Kmpw+/ckDOZcKMwkjGbXK5JzovFyadrP2HWuO2kYOa5T3nJzRvLUWnzIbNKurBvfbRcM6qk2qfY7R2TJF2LdiwsGZgbXHFOk7nQ7Z05ee7pEiUVpzoXUI71r7ipw==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=nroy AT internet2.edu;

Hi Warda,

Are they using ADFStoolkit or something similar in order to load metadata on
a regular basis?

Best,

Nick

On 20 Nov 2019, at 9:41, Warda Al Habsi wrote:

> Hi all,
>
> I would like to share the OMREN experience, 100% of our members are on ADFS
> and support is normal compared to Shibboleth. I'm a team member who worked
> on two different federations on both Shibboleth and ADFS.
> I can see a big difference between the two options at least in Oman. Our
> members are more interested and responsive with ADFS and they can do the
> initial troubleshooting. Our users are not forced to use ADFS, they can
> select other options as well. We were able to form a task force team from
> the members, so they collaborate and help each other.
>
> Regards,
>
> Warda Al Habsi,
> Applications Manager
> Oman Research and Education Network - OMREN,
> The Research Council
> P.O.Box 92, Innovation Park Muscat - Al Khoud 123,
> Sultanate of Oman
> M: +968 90991133
> F: +968 22305820
> E:  warda AT omren.om
> W: www.omren.om
> ORCID ID: https://orcid.org/0000-0003-1769-4670
>
> OMREN is an initiative by the research council Oman (TRC) to contribute to
> the rise of an effective national innovation ecosystem, and provide the
> research and education community in the sultanate of Oman with a common
> network and collaboration infrastructure dedicated and adapted to their
> needs.
>
>
>
> -----Original Message-----
> From: edugain-discuss-request AT lists.geant.org
> <edugain-discuss-request AT lists.geant.org> On Behalf Of Leif Johansson
> Sent: Wednesday, November 20, 2019 2:34 PM
> To: edugain-discuss AT lists.geant.org
> Subject: Re: [eduGAIN-discuss] reference for expired certificate warning
>
> On 2019-11-20 09:50, Peter Schober wrote:
>> * Nick Roy <nroy AT internet2.edu> [2019-11-20 00:03]:
>>> Perhaps counterproductively adding to my rant below: ADFS is
>>> terrible, but works just well enough to lull people into the belief
>>> that it won’t screw everything up, as it invariably does, down the
>>> road. I spend at least 80% of my direct-end-user-contact time
>>> coaching people with ADFS problems. ADFS *should not be used* in the
>>> context of R&E federations, nor should other similar software. This
>>> is a real problem that I don’t know how to address in our context,
>>> but the problem is getting worse every day.
>>
>> Thank you for your very clear words in this regard.
>>
>> Maybe this should be made known more widely? Open to ideas how that
>> would work. A REFEDS blog post? A disclaimer message to be relayed by
>> (Full Mesh) federations?
>> I'll start by quoting your post above in our documentation.
>>
>> At this time we only have a single MS-ADFS entity registered, so my
>> communication has been pretty clear and seemingly was effective so
>> far. That one entity could end up being used a lot more, though,
>> through services proxied behind its SP-side...
>>
>> -peter
>>
>
> While I tend to agree the pain is mostly localized to those that choose to
> sniff this particular sock. The organizations who run ADFS do that for
> reasons that will not be influenced by what REFEDS say.
>
> We may be able to get MSFT to improve things... I have had some chats with
> their new head of identity (or whatever the title is) Pamela Dingle who at
> least make the right noices. I know this is not the first time somebody
> said this too.
>
> Possibly a statement from REFEDS if wielded in a smart way may serve to
> make things a bit more concrete.
>
> Cheers Leif

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page