[Tf-aai] Fwd: Please test WAYF's new federation hub platform with your web service

Mitchell Seaton seaton at hum.ku.dk
Thu Apr 19 15:55:35 CEST 2018 

Dear CLARIN SPF group,

A test using the WAYF Orphange IdP (through the CLARIN SPF discovery 
service) against the new WAYF-DK platform installation shows no problems 
with SAML2 attributes, as far as I can see for our infra.clarin.dk 
Service Provider. If anyone else wishes to test against their SP for any 
issues with the new platform, a developer account can be created and 
approved fiarly quickly - see the instructions at 
https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service

Kind Regards,

Mitchell Seaton



-------- Forwarded Message --------
Subject: 	Please test WAYF's new federation hub platform with your web 
service
Date: 	Tue, 10 Apr 2018 12:31:16 +0200
From: 	WAYF <campaign at wayf.dk>
To: 	Mr. Mitchell Seaton <seaton at hum.ku.dk>



Please test WAYF's new federation hub platform with your web service

*FOR ENGLISH, PLEASE SEE BELOW*

Kære WAYF-ansvarlige!

Du modtager mailen her fordi WAYF har dig registreret som kontaktperson 
for din WAYF-tilsluttede webtjeneste. WAYF har brug for at du snarest 
gennemfører en simpel login-test — læs herunder:

Din webtjeneste kommunikerer med WAYFs centrale servere hver gang en 
bruger logger ind på tjenesten via WAYF. Det er vores plan i maj 2018 at 
erstatte den nuværende software på de servere med en helt ny software 
som vi selv har udviklet.

Det har i udgangspunktet ingen betydning for din tjeneste at WAYF 
skifter software på sine centrale servere: I burde ikke behøve foretage 
jer noget — ikke behøve ændre noget i jeres egen opsætning. Vi laver 
nemlig ikke om på den tekniske grænseflade mellem din tjeneste og WAYFs 
servere — kun på softwaren bag grænsefladen.

Vores nye software er blevet sikkerhedsgennemgået af eksperter fra det 
tyske firma Hackmanit GmbH og er ifølge dem meget sikker. Programkoden 
er velafprøvet og har langt mindre omfang og langt mindre kompleksitet 
end vores nuværende software og bliver derfor markant nemmere for os at 
vedligeholde.

Men for at kunne være helt sikre på at WAYFs nye software virker sammen 
med din tjenestes WAYF-opsætning, vil vi bede dig gennemføre en simpel 
login-test. Hvis du ikke har en brugerkonto ved en institution som er 
tilsluttet WAYF, kan du bruge en testkonto fra WAYF Orphanage 
<https://orphanage.wayf.dk>. Du kan lave testen allerede nu — ved at 
følge den korte vejledning her 
<https://wayf.dk/da/test-af-wayfs-kommende-platform-0>.

Med den nye software på serverne vil WAYF i princippet have helt samme 
adfærd udadtil som med den nuværende software.

Bemærk at vores nye software protokolmæssigt sigter på at overholde 
KANTARAs deployment-profil for føderations-interoperabilitet — se 
https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html. Dét 
giver begrundet håb om at softwaren vil fungere sammen med de fleste 
eller alle institutioner og webtjenester i WAYF og i eduGAIN. 
KANTARA-profilen forventes at ville afløse den SAML2-profil som WAYF og 
eduGAIN bygger på nu, nemlig https://saml2int.org/profile/current/. Den 
software som WAYF har brugt hidtil, tilgiver muligvis visse 
profilafvigelser fra jeres side som vores nye software ikke tilgiver. 
Bl.a. derfor er det vigtigt at I får testet jeres tjeneste op imod WAYFs 
kommende platform inden vi sætter den rigtigt i drift.

Mange venlige hilsner
WAYF-sekretariatet
WAYF <https://wayf.dk>

------------------------------------------------------------------------

Dear WAYF contact!

You receive thie e-mail because WAYF <https://wayf.dk/en> has you 
registered as a contact point for the web service you have connected to 
WAYF. WAYF needs you to perform a simple login test as soon as you can 
please see below:

Your webservice communicates with WAYF's central servers whenever a user 
attempts to log in at your service through WAYF. We plan to replace the 
software currently running on those servers with an entirely new 
software that we've developed ourselves.

It shouldn't be of any significance to your webservice that WAYF 
replaces the software on its servers: It shouldn't be necessary for you 
to do anything — shouldn't be necesary for you to make any changes to 
the configuration on your own servers. For we're not changing the 
interface between WAYF and your webservice — only the software behind 
that interface.

Our new software has been penetration tested by experts from German IT 
security company Hackmanit GmbH and found by them to be very secure. The 
program code is being tested thoroughly and is far smaller than the code 
base of our current platform, and so will be markedly easier for us to 
maintain.

But to be sure that WAYF's new software works with your web service, we 
kindly ask you to perform a simple login test. If you don't hold a user 
account with one of the identity providers connected to WAYF, you can 
use a testing from the WAYF Orphanage <https://orphanage.wayf.dk>. You 
can do the test now already — by following the instructions published 
here <https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service> .

With the new software running on its servers, WAYF will, in principle, 
display the same behaviour externally as with the current software platform.

Please note that our new software aims to comply with KANTARA's 
Deployment Profile for Federation Interoperability 
<https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html>. This 
justifies our hope that the platform will work well with most or all 
service and identity providers in both WAYF and eduGAIN. This KANTARA 
profile is expected to replace the SAML2 profile currently adhered to by 
WAYF, i.e. https://saml2int.org/profile/current/. The software currently 
running on WAYF's servers may be forgiving wrt. a number of deviations 
from the profile on your part that our new platform may be less 
forgiving about. For this reason, too, it is important that you test 
your webservice with WAYF's new platform before we deploy it in production.

Many kind regards,
WAYF Secretariat
WAYF <https://wayf.dk/en>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20180419/17aed10a/attachment.htm>

More information about the Tf-aai mailing list