[Tf-aai] Fwd: Please test WAYF's new federation hub platform with your web service
Mitchell Seaton
seaton at hum.ku.dk
Wed Jul 11 13:37:39 CEST 2018
Dear CLARIN SPF group,
FYI, https://wayf.dk/da/ny-brugeroplevelse-i-wayf-fra-2-juli WAYF-DK has
as of 2nd July migrated to their new platform.
Kind Regards,
Mitchell Seaton
On 04/19/2018 03:55 PM, Mitchell Seaton wrote:
>
> Dear CLARIN SPF group,
>
> A test using the WAYF Orphange IdP (through the CLARIN SPF discovery
> service) against the new WAYF-DK platform installation shows no
> problems with SAML2 attributes, as far as I can see for our
> infra.clarin.dk Service Provider. If anyone else wishes to test
> against their SP for any issues with the new platform, a developer
> account can be created and approved fiarly quickly - see the
> instructions at
> https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service
>
> Kind Regards,
>
> Mitchell Seaton
>
>
>
> -------- Forwarded Message --------
> Subject: Please test WAYF's new federation hub platform with your web
> service
> Date: Tue, 10 Apr 2018 12:31:16 +0200
> From: WAYF <campaign at wayf.dk>
> To: Mr. Mitchell Seaton <seaton at hum.ku.dk>
>
>
>
> Please test WAYF's new federation hub platform with your web service
>
> *FOR ENGLISH, PLEASE SEE BELOW*
>
> Kære WAYF-ansvarlige!
>
> Du modtager mailen her fordi WAYF har dig registreret som
> kontaktperson for din WAYF-tilsluttede webtjeneste. WAYF har brug for
> at du snarest gennemfører en simpel login-test — læs herunder:
>
> Din webtjeneste kommunikerer med WAYFs centrale servere hver gang en
> bruger logger ind på tjenesten via WAYF. Det er vores plan i maj 2018
> at erstatte den nuværende software på de servere med en helt ny
> software som vi selv har udviklet.
>
> Det har i udgangspunktet ingen betydning for din tjeneste at WAYF
> skifter software på sine centrale servere: I burde ikke behøve
> foretage jer noget — ikke behøve ændre noget i jeres egen opsætning.
> Vi laver nemlig ikke om på den tekniske grænseflade mellem din
> tjeneste og WAYFs servere — kun på softwaren bag grænsefladen.
>
> Vores nye software er blevet sikkerhedsgennemgået af eksperter fra det
> tyske firma Hackmanit GmbH og er ifølge dem meget sikker. Programkoden
> er velafprøvet og har langt mindre omfang og langt mindre kompleksitet
> end vores nuværende software og bliver derfor markant nemmere for os
> at vedligeholde.
>
> Men for at kunne være helt sikre på at WAYFs nye software virker
> sammen med din tjenestes WAYF-opsætning, vil vi bede dig gennemføre en
> simpel login-test. Hvis du ikke har en brugerkonto ved en institution
> som er tilsluttet WAYF, kan du bruge en testkonto fra WAYF Orphanage
> <https://orphanage.wayf.dk>. Du kan lave testen allerede nu — ved at
> følge den korte vejledning her
> <https://wayf.dk/da/test-af-wayfs-kommende-platform-0>.
>
> Med den nye software på serverne vil WAYF i princippet have helt samme
> adfærd udadtil som med den nuværende software.
>
> Bemærk at vores nye software protokolmæssigt sigter på at overholde
> KANTARAs deployment-profil for føderations-interoperabilitet — se
> https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html. Dét
> giver begrundet håb om at softwaren vil fungere sammen med de fleste
> eller alle institutioner og webtjenester i WAYF og i eduGAIN.
> KANTARA-profilen forventes at ville afløse den SAML2-profil som WAYF
> og eduGAIN bygger på nu, nemlig https://saml2int.org/profile/current/.
> Den software som WAYF har brugt hidtil, tilgiver muligvis visse
> profilafvigelser fra jeres side som vores nye software ikke tilgiver.
> Bl.a. derfor er det vigtigt at I får testet jeres tjeneste op imod
> WAYFs kommende platform inden vi sætter den rigtigt i drift.
>
> Mange venlige hilsner
> WAYF-sekretariatet
> WAYF <https://wayf.dk>
>
> ------------------------------------------------------------------------
>
> Dear WAYF contact!
>
> You receive thie e-mail because WAYF <https://wayf.dk/en> has you
> registered as a contact point for the web service you have connected
> to WAYF. WAYF needs you to perform a simple login test as soon as you
> can please see below:
>
> Your webservice communicates with WAYF's central servers whenever a
> user attempts to log in at your service through WAYF. We plan to
> replace the software currently running on those servers with an
> entirely new software that we've developed ourselves.
>
> It shouldn't be of any significance to your webservice that WAYF
> replaces the software on its servers: It shouldn't be necessary for
> you to do anything — shouldn't be necesary for you to make any changes
> to the configuration on your own servers. For we're not changing the
> interface between WAYF and your webservice — only the software behind
> that interface.
>
> Our new software has been penetration tested by experts from German IT
> security company Hackmanit GmbH and found by them to be very secure.
> The program code is being tested thoroughly and is far smaller than
> the code base of our current platform, and so will be markedly easier
> for us to maintain.
>
> But to be sure that WAYF's new software works with your web service,
> we kindly ask you to perform a simple login test. If you don't hold a
> user account with one of the identity providers connected to WAYF, you
> can use a testing from the WAYF Orphanage <https://orphanage.wayf.dk>.
> You can do the test now already — by following the instructions
> published here
> <https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service> .
>
> With the new software running on its servers, WAYF will, in principle,
> display the same behaviour externally as with the current software
> platform.
>
> Please note that our new software aims to comply with KANTARA's
> Deployment Profile for Federation Interoperability
> <https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html>.
> This justifies our hope that the platform will work well with most or
> all service and identity providers in both WAYF and eduGAIN. This
> KANTARA profile is expected to replace the SAML2 profile currently
> adhered to by WAYF, i.e. https://saml2int.org/profile/current/. The
> software currently running on WAYF's servers may be forgiving wrt. a
> number of deviations from the profile on your part that our new
> platform may be less forgiving about. For this reason, too, it is
> important that you test your webservice with WAYF's new platform
> before we deploy it in production.
>
> Many kind regards,
> WAYF Secretariat
> WAYF <https://wayf.dk/en>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20180711/5f8ed319/attachment.htm>
More information about the Tf-aai
mailing list