An open discussion list for topics related to the eduGAIN interfederation service.

[Daniel Muscat <daniel.muscat AT um.edu.mt>]

Thanks for the help Alex,

Very helpful, I'll have a look at shibmd:Scope elements. 

Regards

Daniel

On Thu, 5 Dec 2019 at 16:52, Alex Stuart <Alex.Stuart AT jisc.ac.uk> wrote:

Hi Daniel,

It's Alex from the UK federation team here. I've taken your IdP's metadata from the eduGAIN entities database & run it through our metadata checks. As far as I can tell, the IdP will be imported into the UK federation aggregate on the next publishing run.

One thing to note is that, although we publish new metadata once per working day at approximately 1630, any new metadata must be downloaded by the CDS. Off the top of my head, the CDS is configured to refresh metadata every 2 hours. I'd therefore suggest waiting until 1900 GMT to test.

Another thing to note is that your IdP's metadata doesn't contain any shibmd:Scope elements, which isn't wrong, but it means that SPs will filter out any scoped attributes your IdP asserts. This will make interoperability with UK federation-registered SPs difficult as many of them make authorization decisions based around eduPersonScopedAffiliation.

Hope that helps,
Alex

> On 5 Dec 2019, at 15:11, Daniel Muscat <daniel.muscat AT um.edu.mt> wrote:
>
> Thanks Chris
>    I think I'll have to wait for another hour or so to see the new published IDP on the UK Federation WAYF, might have missed yesterdays' import by a few minutes. The link you gave me was very helpful.
>
> On Thu, 5 Dec 2019 at 15:59, Chris Phillips <Chris.Phillips AT canarie.ca> wrote:
>
> Hi Daniel,
>
> In the edugain Slack area, under the channel #edugain_support, the UKFed publishes their import log once a day at this url:
>
> https://www.ukfederation.org.uk/fed/edugain-import-log-with-diff.txt
>
> That will allow you to see what is filtered at the UKFed (if anything) with their validation suite.
>
> Hope that helps.
>
> C
>
> On 2019-12-05, 9:45 AM, "edugain-discuss-request AT lists.geant.org on behalf of Peter Schober" <edugain-discuss-request AT lists.geant.org on behalf of peter.schober AT univie.ac.at> wrote:
>
>     * Daniel Muscat <daniel.muscat AT um.edu.mt> [2019-12-05 15:33]:
>     > ---------- Forwarded message ---------
>     > From: Daniel Muscat <daniel.muscat AT um.edu.mt>
>     > Date: Thu, 5 Dec 2019 at 15:15
>     > Subject: Need help on a new published IDP
>     > To: <edugain-sg AT lists.geant.org>
>     >
>     > Dear all,
>     >     I am writing here to request help, particularly from the UK Federation.
>     >
>     > Yesterday we published a new IDP for the University of Malta (ourselves)
>     > under the entity id https://accounts.um.edu.mt/saml/saml2/idp. The
>     > validator gave no error and many entities picked up the new IDP (example in
>     > academia and the Geant Wiki), but until now the WAYF service of the UK
>     > federation is still not listing the new IDP. Is this normal? or there are
>     > some extra rules that the UK Federation imposes on IDPs be listed in their
>     > WAYF service?  Could it be some technical problem?
>
>     First of all. if you're asking about the UKf's policy or operations
>     why not ask them? Contact details are available at
>     https://technical.edugain.org/status
>
>     From a quick look at the UKf edugain import logs...
>     https://www.ukfederation.org.uk/fed/
>     it seems there simply was no import run today so far -- the last one
>     published there is from yesterday 16:41 (in whatever timezone).
>
>     So maybe just try again in an hour or two.
>
>     -peter
>
>
>
> --
> Regards
> Daniel

—
Alex Stuart, Principal technical support specialist (UK federation)               
alex.stuart AT jisc.ac.uk
UK federation helpdesk: service AT ukfederation.org.uk

--

Regards

Daniel