[Tf-aai] Fwd: Please test WAYF's new federation hub platform with your web service
Mitchell Seaton
seaton at hum.ku.dk
Thu Apr 19 15:55:35 CEST 2018
Dear CLARIN SPF group,
A test using the WAYF Orphange IdP (through the CLARIN SPF discovery
service) against the new WAYF-DK platform installation shows no problems
with SAML2 attributes, as far as I can see for our infra.clarin.dk
Service Provider. If anyone else wishes to test against their SP for any
issues with the new platform, a developer account can be created and
approved fiarly quickly - see the instructions at
https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service
Kind Regards,
Mitchell Seaton
-------- Forwarded Message --------
Subject: Please test WAYF's new federation hub platform with your web
service
Date: Tue, 10 Apr 2018 12:31:16 +0200
From: WAYF <campaign at wayf.dk>
To: Mr. Mitchell Seaton <seaton at hum.ku.dk>
Please test WAYF's new federation hub platform with your web service
*FOR ENGLISH, PLEASE SEE BELOW*
Kære WAYF-ansvarlige!
Du modtager mailen her fordi WAYF har dig registreret som kontaktperson
for din WAYF-tilsluttede webtjeneste. WAYF har brug for at du snarest
gennemfører en simpel login-test — læs herunder:
Din webtjeneste kommunikerer med WAYFs centrale servere hver gang en
bruger logger ind på tjenesten via WAYF. Det er vores plan i maj 2018 at
erstatte den nuværende software på de servere med en helt ny software
som vi selv har udviklet.
Det har i udgangspunktet ingen betydning for din tjeneste at WAYF
skifter software på sine centrale servere: I burde ikke behøve foretage
jer noget — ikke behøve ændre noget i jeres egen opsætning. Vi laver
nemlig ikke om på den tekniske grænseflade mellem din tjeneste og WAYFs
servere — kun på softwaren bag grænsefladen.
Vores nye software er blevet sikkerhedsgennemgået af eksperter fra det
tyske firma Hackmanit GmbH og er ifølge dem meget sikker. Programkoden
er velafprøvet og har langt mindre omfang og langt mindre kompleksitet
end vores nuværende software og bliver derfor markant nemmere for os at
vedligeholde.
Men for at kunne være helt sikre på at WAYFs nye software virker sammen
med din tjenestes WAYF-opsætning, vil vi bede dig gennemføre en simpel
login-test. Hvis du ikke har en brugerkonto ved en institution som er
tilsluttet WAYF, kan du bruge en testkonto fra WAYF Orphanage
<https://orphanage.wayf.dk>. Du kan lave testen allerede nu — ved at
følge den korte vejledning her
<https://wayf.dk/da/test-af-wayfs-kommende-platform-0>.
Med den nye software på serverne vil WAYF i princippet have helt samme
adfærd udadtil som med den nuværende software.
Bemærk at vores nye software protokolmæssigt sigter på at overholde
KANTARAs deployment-profil for føderations-interoperabilitet — se
https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html. Dét
giver begrundet håb om at softwaren vil fungere sammen med de fleste
eller alle institutioner og webtjenester i WAYF og i eduGAIN.
KANTARA-profilen forventes at ville afløse den SAML2-profil som WAYF og
eduGAIN bygger på nu, nemlig https://saml2int.org/profile/current/. Den
software som WAYF har brugt hidtil, tilgiver muligvis visse
profilafvigelser fra jeres side som vores nye software ikke tilgiver.
Bl.a. derfor er det vigtigt at I får testet jeres tjeneste op imod WAYFs
kommende platform inden vi sætter den rigtigt i drift.
Mange venlige hilsner
WAYF-sekretariatet
WAYF <https://wayf.dk>
------------------------------------------------------------------------
Dear WAYF contact!
You receive thie e-mail because WAYF <https://wayf.dk/en> has you
registered as a contact point for the web service you have connected to
WAYF. WAYF needs you to perform a simple login test as soon as you can
please see below:
Your webservice communicates with WAYF's central servers whenever a user
attempts to log in at your service through WAYF. We plan to replace the
software currently running on those servers with an entirely new
software that we've developed ourselves.
It shouldn't be of any significance to your webservice that WAYF
replaces the software on its servers: It shouldn't be necessary for you
to do anything — shouldn't be necesary for you to make any changes to
the configuration on your own servers. For we're not changing the
interface between WAYF and your webservice — only the software behind
that interface.
Our new software has been penetration tested by experts from German IT
security company Hackmanit GmbH and found by them to be very secure. The
program code is being tested thoroughly and is far smaller than the code
base of our current platform, and so will be markedly easier for us to
maintain.
But to be sure that WAYF's new software works with your web service, we
kindly ask you to perform a simple login test. If you don't hold a user
account with one of the identity providers connected to WAYF, you can
use a testing from the WAYF Orphanage <https://orphanage.wayf.dk>. You
can do the test now already — by following the instructions published
here <https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service> .
With the new software running on its servers, WAYF will, in principle,
display the same behaviour externally as with the current software platform.
Please note that our new software aims to comply with KANTARA's
Deployment Profile for Federation Interoperability
<https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html>. This
justifies our hope that the platform will work well with most or all
service and identity providers in both WAYF and eduGAIN. This KANTARA
profile is expected to replace the SAML2 profile currently adhered to by
WAYF, i.e. https://saml2int.org/profile/current/. The software currently
running on WAYF's servers may be forgiving wrt. a number of deviations
from the profile on your part that our new platform may be less
forgiving about. For this reason, too, it is important that you test
your webservice with WAYF's new platform before we deploy it in production.
Many kind regards,
WAYF Secretariat
WAYF <https://wayf.dk/en>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20180419/17aed10a/attachment.htm>
More information about the Tf-aai
mailing list