An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

Btw, would this have anything to do with the
https://access-check.edugain.org/ IDP in eduGAIN?

* Alan Lewis <alan.lewis AT geant.org> [2021-04-15 12:40]:
> To make any service as useful as possible it would be very helpful
> to understand as many situations as possible where the SAML flow
> with an SP fails.

A currently "popular" issue is the one of supported encryption
algorithms in light of finally moving away from known-bad algos (such
as AES-CBC) and towards better replacements (such as AES-GCM).

So testing with "AES-GCM" encryption enforced by the IDP would be
interesting, I think, and could possibly be used to motivate the SP to
add support for that, or (at the very least) to have the SP's metadata
amended with (only) AES-CBC (if that's still missing) to clearly
signal its broken nature.

But of course I'd also like to know this for the many more SPs only
available in my local federation, so we probably would have to do
something about that ourselfs (or expose such an IDP also to local
federations and vice versa have it also load non-eduGAIN metadata
feeds).

-peter