[Tf-aai] check CPH SAML metadata

André Moreira andre at clarin.eu
Mon Apr 3 14:55:52 CEST 2017 

Hi Jozef and all,

I could not follow the whole conversation so I can’t say anything about the original problem.

As about the missing CoCo attribute in the DFN and eduGAIN versions of the metadata, it turns out that DFN is removing the CoCo SAML attribute because according to them:  the document referenced by the “PrivacyStatementURL” attribute does not contain a link to http://www.geant.net/uri/dataprotection-code-of-conduct/v1 (as mandated by the guidelines). I have checked this document and I see that this link is in fact there so I just requested DFN to reinsert the missing CoCo attribute.

I hope this helps to clarify what’s going on.

Kind regards,
----
André Moreira
CLARIN ERIC
https://www.clarin.eu

> On 3 Apr 2017, at 08:33, Jozef Misutka <misutka at ufal.mff.cuni.cz> wrote:
> 
> 
> 
> On 3 April 2017 at 04:19, Mitchell Seaton <seaton at hum.ku.dk> wrote:
> Dear AAI-TF,
> 
> On 04/01/2017 02:04 AM, Jozef Misutka wrote:
>> 
>> 
>> On 31 March 2017 at 16:49, Daan Broeder <daan.broeder at meertens.knaw.nl> wrote:
>> Dear AAI-TF
>> Could you please check if the CPH centre SAML metadata has a valid link to a privacy policy statement.
> Yes, the privacy link is valid.
>> 
>> Yes.
>> 
>> 
>> But it does not have a CoCo conforming saml:AttributeValue, see
>> http://monitor.edugain.org/coc/?show=list_sps
>> entityId -> https://infra.clarin.dk/shibboleth
> 
> This is incorrect the necessary entity SAML attributes are there in the metadata - see https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml
> 
> <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue>  http://www.geant.net/uri/dataprotection-code-of-conduct/v1 </saml:AttributeValue>
> </saml:Attribute>
> 
>> 
>> To see real xml metadata from various federations, see
>> https://met.refeds.org/met/entity/https%253A%252F%252Finfra.clarin.dk%252Fshibboleth/
>> 
> To me the problem seems to be AAI-DFN as the register - is using different SP metadata.
> Does someone know what is going on here with AAI-DFN?
> 
> CCing SPF, can you find out why the following differ for infra.clarin.dk?
> 
> Metadata from DFN
> https://met.refeds.org/met/entity/https%3A//infra.clarin.dk/shibboleth/?viewxml=true&federation=dfn-aai
> and infra.clarin.dk metadata from SPF
> https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml
> 
> Thank you,
> Jozef
> 
> 
> 
> 
> SP metadata is updated and valid within CLARIN SPF - pushed to eduGAIN and WAYF is currently pulling from eduGAIN as of this year.
> 
>> Best,
>> Jozef
>> 
>> Please send me a copy of the metadata.
>> 
>> Thanks,
>> Daan
>> 
>> Daan Broeder
>> Tel. +31 20 4628625
>> Daan.broeder at meertens.knaw.nl
>> Meertens Instituut (Afdeling Technische Ontwikkeling)
>> Oudezijds Achterburgwal 185
>> 1012 DK Amsterdam
>> 
>> Postbus 10855
>> 1001 EW Amsterdam
>> ----
>> 
>> 
>> _______________________________________________
>> Tf-aai mailing list
>> Tf-aai at lists.clarin.eu
>> https://lists.clarin.eu/cgi-bin/mailman/listinfo/tf-aai
>> 
>> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20170403/df0c1ff3/attachment.sig>

More information about the Tf-aai mailing list