edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain

From: "Nicholas Roy" <nroy AT internet2.edu>
To: "Daniel Muscat" <daniel.muscat AT um.edu.mt>
Cc: edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain
Date: Fri, 15 May 2020 08:18:10 -0600
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KYAW4wyGXOJmI1L1MEDNqKVS29p9zbhYxsdKJ1ITeKw=; b=cBi2g7E0boWPX009BhaNK6eb4R3EGpKO+anwpuwRB4XWPMCK5JhL7V8qM0Am+QGWxYJuJq+D56q9WjsU1iMy2yXEs8f8/0QQQdY6vycGuq62ZbV+Sf03cfNfbKanXkTtLwRSIs09WkmVpWQmsgoDCfDTtTM8y+3kjJLflYuk6H6cd+nDpFTTZl6GBy0dK0DZza4lSr+VhnX9dx121dynWhe9Xe0pD4HwhqLCXYMI0nAddJaQn0YZezfF9jypgUWEFScKBO/2YoDd848iDFZASvq07yKiAoswyRDHdiG1xglNGXiFagtmGQz/aYXAHx4LEF/cN+xhoSVXwPbtbwy+Cg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LJrF1gtP5xRJUN/YIeqJKnpXXDmduObS25fYCnanNXu/EB80z0I66G3sZlNq8ZNzzP8y+TZQH7ZG+nbBPTsCHU1tv36IrOyQdvqmvUH0mQGMGUGu5l1+z69E9wOiW53DiH2NlYLttSVN5MLNU9AOU3gr2htjyhz2jx1Gtk/9R0A3NhMTFdM9enU/Z+JLMTpIpbJzOiz+7o7TsDbF3JaD+k2rJ6txy0YMPHQrQnFWLNuWcSgSmz6ptnfsolYCCrAvcTmQw+Lq4pHXPEGUEQ/S6vbvDsM2+fcB3rxnOzGEf3f1iOsf23ZvCZ4/IWNDyhSDHneNtetbijJwM2qcDaNlBQ==
Authentication-results: um.edu.mt; dkim=none (message not signed) header.d=none;um.edu.mt; dmarc=none action=none header.from=internet2.edu;

I’d be interested to know which relying parties already, or prospectively,
published in eduGAIN use WS-Fed endpoints. I’d be surprised if there are any.

Nick

On 15 May 2020, at 8:13, Davide Vaghetti wrote:

> Hi Daniel,
>
> On 15/05/20 14:57, Daniel Muscat wrote:
>> Peter,
>>
>> You are creating confusion here. Please bear in mind that we are a very
>> small organisation and essentially I fit in the role of all that you
>> mentioned :) As an IDP administrator I cannot get support from my local
>> federation because that's me!
>>
>> What I am looking is :
>>
>> Does eduGAIN have the policy to accept or not accept IDPs using WS-Fed?
>
> No, it doesn't, but as Peter was saying, if you can stuff WS-Fed
> configuration in the SAML 2.0 metadata of an entity without breaking it,
> then you are done.
>
>> Is eduGAIN structured to really support such IDPs. For example, I am
>> using the hosted FaaS system and it does not seem to allow me to input
>> an IDP with WS-Fed protocol
>
> eduGAIN is structured to support SAML 2. The same is true for FaaS.
> Moreover, for FaaS I think Jagger will not let you register metadata it
> does not understand (read WS-Fed), but maybe Janjanusz Ulanowski --- the
> Jagger developer --- can comment on this?
>
>
>> I am asking for an example entity as cannot find one myself
>>
>
> I'm afraid I cannot provide any example as we do not have any in IDEM.
>
> Cheers,
> Davide
>
>> Regards
>> Daniel
>>
>>
>>
>> I think we have to distinguish between publishing around XML and
>> supporting it
>>
>> On Fri, 15 May 2020 at 14:22, Peter Schober <peter.schober AT univie.ac.at
>> <mailto:peter.schober AT univie.ac.at>> wrote:
>>
>> * Daniel Muscat <daniel.muscat AT um.edu.mt
>> <mailto:daniel.muscat AT um.edu.mt>> [2020-05-15 14:06]:
>> > Hi Leif, Can you give me an example of such entity, need to see
>> what will
>> > be contained in the Metadata to define the WS Protocol.
>>
>> Daniel, either you have SAML Metadata available from such a system (in
>> which case register it in your federation and maybe re-publish it into
>> eduGAIN, too) or you don't (in which case you'd have to get it from
>> the WS-Fed system's operator). Once you have it, GOTO step 1.
>>
>> It's really that simple.
>>
>> -peter
>>
>>
>>
>> --
>> Regards
>> Daniel
>
> --
> Davide Vaghetti
> Consortium GARR
> Tel: +390502213158
> Mobile: +393357779542
> Skype: daserzw

Attachment: signature.asc
Description: OpenPGP digital signature

[eduGAIN-discuss] Support for WS Federation protocol in edugain, Daniel Muscat, 15-May-2020
- Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Peter Schober, 15-May-2020
  - Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Daniel Muscat, 15-May-2020
    - Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Peter Schober, 15-May-2020
  - Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Leif Johansson, 15-May-2020
    - Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Daniel Muscat, 15-May-2020
      - Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Peter Schober, 15-May-2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Daniel Muscat, 15-May-2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Davide Vaghetti, 15-May-2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Nicholas Roy, 05/15/2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Peter Schober, 15-May-2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Peter Schober, 15-May-2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Peter Schober, 15-May-2020
      - Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Leif Johansson, 15-May-2020
        
        Re: [eduGAIN-discuss] Support for WS Federation protocol in edugain, Pål Axelsson, 15-May-2020