Skip to Content.
Sympa Menu

edugain-discuss - RE: [eduGAIN-discuss] Problems and issues with SAML SPs in federations and eduGAIN

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

RE: [eduGAIN-discuss] Problems and issues with SAML SPs in federations and eduGAIN


Chronological Thread 
  • From: Alan Lewis <alan.lewis AT geant.org>
  • To: Thijs Kinkhorst <thijs.kinkhorst AT surf.nl>, "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: RE: [eduGAIN-discuss] Problems and issues with SAML SPs in federations and eduGAIN
  • Date: Thu, 15 Apr 2021 11:44:44 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=geant.org; dmarc=pass action=none header.from=geant.org; dkim=pass header.d=geant.org; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z2nzlpWLWQ7tk3oVQrrZCxrjiLah7QI0h147tG7cok8=; b=amElAR6pEtATA9Oh+EoV4ekMgfapC4OJ05iSIy5Ltv7E4Bw8CstO9LusRJ/pOHSMFDLOAEIXH6vvoXXv04XFx4+fKp2eHc/SOXF3o5rPO5D4i1tJcbnPO5nQiBhDpiXaG9HidVDzv/8QuGUXSrBpI5QCUAqg69U8y88efm868iNTMlwYoawLXL7Sjef8tpetYqkig86OihbCjuW176jZ+NJ4yU7RLXUWenPU4wOxX3p6mNuecK6fLQeiZHtZs5KAn4cL2yN9wu/TKWuN5Dy3rqOv8+93OIw4yIImA96+Sme2cVeIt8WiggxIP1AEKeLnfQcwuw3PEFbiWhUXTwj52A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=joaZttLfZt1jeH2sCaz6iqvmk4E5LrRq76UXx+jS/A4Qj0pefCzhMFbqhAcMk1WIM3ALGeDX0x4aNvdpCYfiXdxxsbZSXqqiWQCKeNoZMdURziYllvnxNMYYaSkJ2K1R5gnHcEQpqOJojJPFZDNUePDVh/PoGZ3bL9730WzCMnRmuaDFyXsPC32a0IUYjRHNVUmedXxZ1dRQlfYtnYK5z77MM4M+Zfpwk0M2z0FjIEwORgdtA1Wrt0ZGwIco0LqG1sPK9sEF++trb/ZHjxVPYxJ7tHdzzfOFjGDaNWtMAECav2FmrQfu2i+5nczfKodfwY1rFqZXGgpZ6PXnt8mveA==
  • Authentication-results: surf.nl; dkim=none (message not signed) header.d=none;surf.nl; dmarc=none action=none header.from=geant.org;

Hello Thijs,

Thanks, that's a good check to include.

Best regards

Alan

Alan Lewis
Trust and Identity Services Product Manager

GÉANT
Direct Tel: +44 (0)1223 371409
Mobile: +44 (0) 7500 891616
Switchboard: +44 (0)1223 371300
Networks • Services • People
Learn more at www.geant.org​

GÉANT Vereniging (Association) is registered with the Chamber of Commerce in
Amsterdam with registration number 40535155 and operates in the UK as a
branch of GÉANT Vereniging. Registered office: Hoekenrode 3, 1102BR
Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills
Road, Cambridge CB2 1PQ, UK.

-----Original Message-----
From: edugain-discuss-request AT lists.geant.org
<edugain-discuss-request AT lists.geant.org> On Behalf Of Thijs Kinkhorst
Sent: 15 April 2021 11:54
To: edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] Problems and issues with SAML SPs in
federations and eduGAIN

Hi Alan,

Op 15-04-2021 om 12:39 schreef Alan Lewis:
> Within the WP T&I Incubator activity we are looking at the
> requirements for developing a Test IdP service that will be closely
> aligned to the needs of R&E and the federations that support it.
>
> One aim would be to assist SPs in ensuring their SAML SP is correctly
> setup to be trustworthy and requesting the ‘right’ data in the right way.
>
> To make any service as useful as possible it would be very helpful to
> understand as many situations as possible where the SAML flow with an
> SP fails. This could be due to metadata semantics,
>
> configuration issues at the SP, or even more basic errors.
>
> I’d be grateful to hear about the most common problems that you have
> with SAML integration of your SPs which will help us in building up
> some test case error scenarios.
>
> Looking forward to sharing your problems.

Sounds interesting! One thing we'd love to test whether assertions that are
not correctly signed/signed with a different certificate are indeed not
accepted. SP's tweak until logging in "works", but we want to ensure that it
does _not_ work when it shouldn't.


Kind regards,
Thijs

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19.

Top of Page