[Tf-aai] check CPH SAML metadata

Martin Matthiesen martin.matthiesen at csc.fi
Mon Apr 3 08:25:26 CEST 2017 

Hi Mitchell, 

I think you need to contact DFN-AAI: hotline at aai.dfn.de. They have some daily checking in place and retract the EC if for example the PP is not working. This does not seem to be the case here, so I would not know what it is, but they will, if there is a problem with the metadata from their standpoint. 

Cheers, 
Martin 

-- 
Martin Matthiesen 
CSC - Tieteen tietotekniikan keskus 
CSC - IT Center for Science 
PL 405, 02101 Espoo, Finland 
+358 9 457 2376, martin.matthiesen at csc.fi 
Public key : https://pgp.mit.edu/pks/lookup?op=get&search=0x74B12876FD890704 
Fingerprint: AA25 6F56 5C9A 8B42 009F BA70 74B1 2876 FD89 0704 

> From: "Mitchell Seaton" <seaton at hum.ku.dk>
> To: "tf-aai" <tf-aai at lists.clarin.eu>
> Cc: "Daan Broeder" <daan.broeder at mpi.nl>
> Sent: Monday, 3 April, 2017 05:19:01
> Subject: Re: [Tf-aai] check CPH SAML metadata

> Dear AAI-TF,

> On 04/01/2017 02:04 AM, Jozef Misutka wrote:

>> On 31 March 2017 at 16:49, Daan Broeder < [ mailto:daan.broeder at meertens.knaw.nl
>> | daan.broeder at meertens.knaw.nl ] > wrote:

>>> Dear AAI-TF
>>> Could you please check if the CPH centre SAML metadata has a valid link to a
>>> privacy policy statement.

> Yes, the privacy link is valid.

>> Yes.

>> But it does not have a CoCo conforming saml:AttributeValue, see
>> [ http://monitor.edugain.org/coc/?show=list_sps |
>> http://monitor.edugain.org/coc/?show=list_sps ]
>> entityId -> [
>> http://monitor.edugain.org/coc/?f_id_sp=1301&f_entityID=clarin.dk&page=1&f_order=ts+desc&show=list_sp_tests&f_is_changed=1
>> | https://infra.clarin.dk/shibboleth ]

> This is incorrect the necessary entity SAML attributes are there in the metadata
> - see [ https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml |
> https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml ]

> < saml:Attribute Name =" [ http://macedir.org/entity-category |
> http://macedir.org/entity-category ] " NameFormat ="
> urn:oasis:names:tc:SAML:2.0:attrname-format:uri " >
> < saml:AttributeValue >
> [ http://www.geant.net/uri/dataprotection-code-of-conduct/v1 |
> http://www.geant.net/uri/dataprotection-code-of-conduct/v1 ]
> </ saml:AttributeValue >
> </ saml:Attribute >

>> To see real xml metadata from various federations, see
>> [
>> https://met.refeds.org/met/entity/https%253A%252F%252Finfra.clarin.dk%252Fshibboleth/
>> |
>> https://met.refeds.org/met/entity/https%253A%252F%252Finfra.clarin.dk%252Fshibboleth/
>> ]

> To me the problem seems to be AAI-DFN as the register - is using different SP
> metadata.
> Does someone know what is going on here with AAI-DFN?

> SP metadata is updated and valid within CLARIN SPF - pushed to eduGAIN and WAYF
> is currently pulling from eduGAIN as of this year.

>> Best,
>> Jozef

>>> Please send me a copy of the metadata.

>>> Thanks,
>>> Daan

>>> Daan Broeder
>>> Tel. [ tel:+31%2020%20462%208625 | +31 20
>>>                             4628625 ]
>>> [ mailto:Daan.broeder at meertens.knaw.nl | Daan.broeder at meertens.knaw.nl ]
>>> Meertens Instituut (Afdeling Technische Ontwikkeling)
>>> Oudezijds Achterburgwal 185
>>> 1012 DK Amsterdam

>>> Postbus 10855
>>> 1001 EW Amsterdam
>>> ----

>>> _______________________________________________
>>> Tf-aai mailing list
>>> [ mailto:Tf-aai at lists.clarin.eu | Tf-aai at lists.clarin.eu ]
>>> [ https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai |
>>> https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai ]

> [Plain text file:ATT00001]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20170403/bebadf0e/attachment.htm>

More information about the Tf-aai mailing list