Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Problems and issues with SAML SPs in federations and eduGAIN

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Problems and issues with SAML SPs in federations and eduGAIN


Chronological Thread 
  • From: Thijs Kinkhorst <thijs.kinkhorst AT surf.nl>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] Problems and issues with SAML SPs in federations and eduGAIN
  • Date: Thu, 15 Apr 2021 12:54:03 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pSaDentUIs19m+GDISut+oa2ntSBK4slAhHG/IWtbyk=; b=JwnNPkUh0dZ3CLxN9Cu54Z8eE9Bj7gNz+QjvaQk53T8Ft8Atrm8VVlP39qLAEHBz5qnX87skUKbu23QGLYsP+/ZroAjkT+dqVAhK5Zq6MGlmpGIr5efvKBt7iltfbzzOodNDDf5qnRPXunonU3LY40svJM+gqBBhiWJkP5A6fHMPGo4z2y6xX2yNahexJxP+d6HynuttKOEtEbuDWIFZfnUac+7/aELS00s2Ll/HwFdfKpGvipuoV6o25AQnUo9V6e0zTwa4we0YciYHwJRYm26X/8g+OI5xheWweR5pmB2j0xanUemqqWl7lWncwH60rrvVj8j99w0y7rbgILm7yg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bU7RazjyR97v3ifMDTufx3HvEJlDje9voojgAdxZdav/BHJrZKYIt5vmduyXTRBk4aN3r29lvXKiMuHTDQpFFgQYQNhwwG+jTgrDsQnup8DVin250yec9utq3w4y9PvjEafvBMWKURLoCy12/r1aq/V65bNRkNEXEgheP+1ne5mnsLqMyUNgyHEcN3mHGWBtVq0Czj9Zc7Arad0xJVdNwTSC2GJrMneiX3wTjleOsVfI79xqq2GGMjsSLmZeOs/PJHik9CdCuKFHP931Gs8zKqyXAGB/oM9uYfV87VBO7AOzFFt98SrayXI0oA98WzpW6MACytgq3+J4VUH11xyphA==
  • Authentication-results: lists.geant.org; dkim=none (message not signed) header.d=none;lists.geant.org; dmarc=none action=none header.from=surf.nl;
  • Organization: SURF

Hi Alan,

Op 15-04-2021 om 12:39 schreef Alan Lewis:
Within the WP T&I Incubator activity we are looking at the requirements for developing a Test IdP service that will be closely aligned to the needs of R&E and the federations that support it.

One aim would be to assist SPs in ensuring their SAML SP is correctly setup to be trustworthy and requesting the ‘right’ data in the right way.

To make any service as useful as possible it would be very helpful to understand as many situations as possible where the SAML flow with an SP fails. This could be due to metadata semantics,

configuration issues at the SP, or even more basic errors.

I’d be grateful to hear about the most common problems that you have with SAML integration of your SPs which will help us in building up some test case error scenarios.

Looking forward to sharing your problems.

Sounds interesting! One thing we'd love to test whether assertions that are not correctly signed/signed with a different certificate are indeed not accepted. SP's tweak until logging in "works", but we want to ensure that it does _not_ work when it shouldn't.


Kind regards,
Thijs



Archive powered by MHonArc 2.6.19.

Top of Page