[Tf-aai] Fwd: Please test WAYF's new federation hub platform with your web service

Mitchell Seaton seaton at hum.ku.dk
Wed Jul 11 13:37:39 CEST 2018 

Dear CLARIN SPF group,

FYI, https://wayf.dk/da/ny-brugeroplevelse-i-wayf-fra-2-juli WAYF-DK has 
as of 2nd July migrated to their new platform.

Kind Regards,

Mitchell Seaton


On 04/19/2018 03:55 PM, Mitchell Seaton wrote:
>
> Dear CLARIN SPF group,
>
> A test using the WAYF Orphange IdP (through the CLARIN SPF discovery 
> service) against the new WAYF-DK platform installation shows no 
> problems with SAML2 attributes, as far as I can see for our 
> infra.clarin.dk Service Provider. If anyone else wishes to test 
> against their SP for any issues with the new platform, a developer 
> account can be created and approved fiarly quickly - see the 
> instructions at 
> https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service
>
> Kind Regards,
>
> Mitchell Seaton
>
>
>
> -------- Forwarded Message --------
> Subject: 	Please test WAYF's new federation hub platform with your web 
> service
> Date: 	Tue, 10 Apr 2018 12:31:16 +0200
> From: 	WAYF <campaign at wayf.dk>
> To: 	Mr. Mitchell Seaton <seaton at hum.ku.dk>
>
>
>
> Please test WAYF's new federation hub platform with your web service
>
> *FOR ENGLISH, PLEASE SEE BELOW*
>
> Kære WAYF-ansvarlige!
>
> Du modtager mailen her fordi WAYF har dig registreret som 
> kontaktperson for din WAYF-tilsluttede webtjeneste. WAYF har brug for 
> at du snarest gennemfører en simpel login-test — læs herunder:
>
> Din webtjeneste kommunikerer med WAYFs centrale servere hver gang en 
> bruger logger ind på tjenesten via WAYF. Det er vores plan i maj 2018 
> at erstatte den nuværende software på de servere med en helt ny 
> software som vi selv har udviklet.
>
> Det har i udgangspunktet ingen betydning for din tjeneste at WAYF 
> skifter software på sine centrale servere: I burde ikke behøve 
> foretage jer noget — ikke behøve ændre noget i jeres egen opsætning. 
> Vi laver nemlig ikke om på den tekniske grænseflade mellem din 
> tjeneste og WAYFs servere — kun på softwaren bag grænsefladen.
>
> Vores nye software er blevet sikkerhedsgennemgået af eksperter fra det 
> tyske firma Hackmanit GmbH og er ifølge dem meget sikker. Programkoden 
> er velafprøvet og har langt mindre omfang og langt mindre kompleksitet 
> end vores nuværende software og bliver derfor markant nemmere for os 
> at vedligeholde.
>
> Men for at kunne være helt sikre på at WAYFs nye software virker 
> sammen med din tjenestes WAYF-opsætning, vil vi bede dig gennemføre en 
> simpel login-test. Hvis du ikke har en brugerkonto ved en institution 
> som er tilsluttet WAYF, kan du bruge en testkonto fra WAYF Orphanage 
> <https://orphanage.wayf.dk>. Du kan lave testen allerede nu — ved at 
> følge den korte vejledning her 
> <https://wayf.dk/da/test-af-wayfs-kommende-platform-0>.
>
> Med den nye software på serverne vil WAYF i princippet have helt samme 
> adfærd udadtil som med den nuværende software.
>
> Bemærk at vores nye software protokolmæssigt sigter på at overholde 
> KANTARAs deployment-profil for føderations-interoperabilitet — se 
> https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html. Dét 
> giver begrundet håb om at softwaren vil fungere sammen med de fleste 
> eller alle institutioner og webtjenester i WAYF og i eduGAIN. 
> KANTARA-profilen forventes at ville afløse den SAML2-profil som WAYF 
> og eduGAIN bygger på nu, nemlig https://saml2int.org/profile/current/. 
> Den software som WAYF har brugt hidtil, tilgiver muligvis visse 
> profilafvigelser fra jeres side som vores nye software ikke tilgiver. 
> Bl.a. derfor er det vigtigt at I får testet jeres tjeneste op imod 
> WAYFs kommende platform inden vi sætter den rigtigt i drift.
>
> Mange venlige hilsner
> WAYF-sekretariatet
> WAYF <https://wayf.dk>
>
> ------------------------------------------------------------------------
>
> Dear WAYF contact!
>
> You receive thie e-mail because WAYF <https://wayf.dk/en> has you 
> registered as a contact point for the web service you have connected 
> to WAYF. WAYF needs you to perform a simple login test as soon as you 
> can please see below:
>
> Your webservice communicates with WAYF's central servers whenever a 
> user attempts to log in at your service through WAYF. We plan to 
> replace the software currently running on those servers with an 
> entirely new software that we've developed ourselves.
>
> It shouldn't be of any significance to your webservice that WAYF 
> replaces the software on its servers: It shouldn't be necessary for 
> you to do anything — shouldn't be necesary for you to make any changes 
> to the configuration on your own servers. For we're not changing the 
> interface between WAYF and your webservice — only the software behind 
> that interface.
>
> Our new software has been penetration tested by experts from German IT 
> security company Hackmanit GmbH and found by them to be very secure. 
> The program code is being tested thoroughly and is far smaller than 
> the code base of our current platform, and so will be markedly easier 
> for us to maintain.
>
> But to be sure that WAYF's new software works with your web service, 
> we kindly ask you to perform a simple login test. If you don't hold a 
> user account with one of the identity providers connected to WAYF, you 
> can use a testing from the WAYF Orphanage <https://orphanage.wayf.dk>. 
> You can do the test now already — by following the instructions 
> published here 
> <https://wayf.dk/en/testing-wayfs-new-hub-platform-your-web-service> .
>
> With the new software running on its servers, WAYF will, in principle, 
> display the same behaviour externally as with the current software 
> platform.
>
> Please note that our new software aims to comply with KANTARA's 
> Deployment Profile for Federation Interoperability 
> <https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html>. 
> This justifies our hope that the platform will work well with most or 
> all service and identity providers in both WAYF and eduGAIN. This 
> KANTARA profile is expected to replace the SAML2 profile currently 
> adhered to by WAYF, i.e. https://saml2int.org/profile/current/. The 
> software currently running on WAYF's servers may be forgiving wrt. a 
> number of deviations from the profile on your part that our new 
> platform may be less forgiving about. For this reason, too, it is 
> important that you test your webservice with WAYF's new platform 
> before we deploy it in production.
>
> Many kind regards,
> WAYF Secretariat
> WAYF <https://wayf.dk/en>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20180711/5f8ed319/attachment.htm>

More information about the Tf-aai mailing list