[Tf-aai] Introduction of Martin Hennelly and Use of Discojuice in CLARIN Infrastructure
Dieter Van Uytvanck
dieter at clarin.eu
Thu Feb 13 14:28:32 CET 2020
On 13/02/2020 10:20, Martin Hennelly wrote:
> I have been reviewing our security implementation. One concern is the
> use of discojuice service for discovery of the available IdP. It is
> available at discojuice.org hosted by UNINETT. The discojuice service
> was officially closed on 31st December 2019.
>
> SADiLaR are currently using that discojuice for IdP discovery for the
> user to identify and select the available institutional logins before
> transitioning to the local federated IdP for the actual federated login
> through the SAML session. It is providing an essential first step in
> identifying the IdP that we will use for login.
>
> Despite the formal news that the service is closed from 31st December
> 2019, the server is still up and continues to deliver service. We as
> SADiLaR started to see some operational degrade with service calls not
> answered and we are starting to address the issue to swap out the
> discojuice service.
>
> I have inspected around 10 implementation of CLARIN B centres and it
> seems that 80% of the centre call discojuice service directly or else
> call the discovery.clarin.eu/discojuice. Given the service is formally
> not operational, it seems that the whole community is at risk of users
> not being able to login should discojuice become actually un-operational.
>
> Is the community taking unified action to address this? If so I would
> like to align and collaborate with the other community members.
Hi Martin,
(adding our AAI taskforce and Alexander König who have been working on
this mater)
Indeed this matter was discussed. It was the main reason we created a
discovery service and a SAML feed that support all CLARIN countries and
eduGAIN.
More on this topic at
https://www.clarin.eu/blog/centre-news-vol-46-november-2019 (Updated
CLARIN discovery section)
It can be used in combination with DSpace. An example configuration can
be found at:
https://gitlab.inf.unibz.it/commul/docker/clarin-dspace/blob/72992d8b5e9d107f4fbf0d21aa24cd13d072ace1/clarin-dspace-docker/commul-customization/shibboleth2.xml
If you want to include all eduGAIN identity providers (recommended since
I suppose you want to support African users) you will need to replace
https://discovery.clarin.eu/discojuice
by
https://discovery.clarin-dev.eu/feed/edugain
and
https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml
by
https://infra.clarin.eu/aai/prod_md_about_edugain_idps.xml
(@Alex: if other changes are required, can you please comment?)
best regards,
--
Dieter Van Uytvanck
Technical Director CLARIN ERIC
www.clarin.eu | tel. +31-(0)850091363 | skype: dietervu.mpi
More information about the Tf-aai
mailing list