[Tf-aai] Practical improvement to be made to SAML metadata processing/monitoring for SPF, increasing robustness
Sander Maijers
sander at clarin.eu
Tue Oct 20 16:14:30 CEST 2015
Hi Oliver,
On Tue, Oct 20, 2015 at 3:08 PM, Oliver Schonefeld <
schonefeld at ids-mannheim.de> wrote:
> Hi Sander,
>
> Am 20.10.2015 um 14:28 schrieb Dieter Van Uytvanck:
> > On 20/10/15 14:18, Sander Maijers wrote:
> >
> >> What do you think of automatic fetching of SAML metadata from the
> >> SAML metadata generator endpoint of production SPs (e.g.
> >>
> https://ekrksso.keeleressursid.ee/simplesaml/module.php/saml/sp/metadata.php/ekrk-sp
> >> or https://clarin.oeaw.ac.at/Shibboleth.sso/Metadata), and
> >> automatically importing each SP's EntityDescriptor into the SAML
> >> metadata batch about SPF SPs in our SVN?
> >
> > Hi Sander,
> >
> > how would this affect the manually post-edited entries (like the
> > CoC-link that is added)? Or do you foresee some smart merging between
> > the pure technical snippets automatically generated by the SP and the
> > full enriched SAML entries, as currently available in our SVN?
>
> Right, also parts like contact addresses, descriptions, mdui extensions,
> etc. are not part of the automatically generated metadata.
> So, we would need to find a way to add those to the generated metadata
> (up to now, I've failed to find a mechanism in the Shibboleth SP
> software) or need to automatically (and in a robust manner) merge them
> with hand-edited stuff in the SVN.
>
An SP operator can simply provide a SAML metadata template with such fixed
content, in Shibboleth at least. I've described and tested this, see:
https://cdn.rawgit.com/clarin-eric/SPF-tutorial/master/Shib_SP_tutorial.html#_creating_saml_metadata_about_your_sp_for_external_distribution
Best,
> Oliver
> --
> Oliver Schonefeld
> Institut für Deutsche Sprache, Zentrale Forschung
> R5, 6-13, D-68161 Mannheim
> +49-(0)621-1581-451 | http://www.ids-mannheim.de
> _______________________________________________
> Tf-aai mailing list
> Tf-aai at lists.clarin.eu
> https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20151020/679c3a62/attachment.htm>
More information about the Tf-aai
mailing list