#760 closed task (fixed)
please add Slovenian SP clarin.si to SPF (Clarin Homeless IdP)
| Reported by: | tomaz.erjavec@ijs.si | Owned by: | Sander Maijers |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | AAI | Version: | |
| Keywords: | SPF | Cc: | Sander Maijers, jona.javorsek@ijs.si, Jozef Mišutka |
Description (last modified by )
Metadata has been committed[6187].
Action points
Ask Dieter about connecting the SPF to ArnesAAI.Ask Dieter how to go about creating a centre in the Centre Registry (it can be done before attaining type B certification, that is normal).After your centre has been registered, inform spf@clarin.eu and ask them to register your SP in the Centre Registry (as production-ready).Then reconfigure your SP to either use the CLARIN Discovery Service or to accept both Discovery Services by maintaining both SAML2 protocol (login) handlers and discovery handlers (requires revision of both the SAML metadata about your SP and your SP's configuration).Next, take up contact with spf@clarin.eu again, and if all is well, I will start registering your SP with the identity federations and you can follow the status of that on the SPF page of the Centre Registry.- In progress: Finally, you can test your SP across identity federations as described on this draft Trac page.
Change History (10)
comment:1 Changed 9 years ago by
| Cc: | Sander Maijers added |
|---|
comment:2 Changed 9 years ago by
| Owner: | set to Sander Maijers |
|---|---|
| Status: | new → accepted |
comment:3 Changed 9 years ago by
| Cc: | jona.javorsek@ijs.si Jozef Mišutka added; jmisutka removed |
|---|
comment:4 Changed 9 years ago by
Sander, thank you for the comprehensive summary.
Few minor corrections:
- clarin.si SP already harvests CLARIN IdP metadata feed
- clarin.si already shows CLARIN IdP, just enter clarin into the search box in discojuice (it has been working properly for a few days)
comment:5 follow-up: 6 Changed 9 years ago by
Hi Jozef,
- To be clear, I didn't assert it didn't, I only mentioned it as I expected you to have to go back to the config to modify the discovery handler anyway. Considering that I couldn't check your configuration's further state myself, I mentioned it immediately to prevent going back and forth later.
- I was using the default SessionInitiator? endpoint https://www.clarin.si/Shibboleth.sso/Login, also referred to in the SAML metadata commit that I was informed about. Requesting this URL redirected me to the discovery service I wrote about. That's going to be a problem if your SP will want to use the CLARIN DS, because the CLARIN DS sends you back to https://www.clarin.si/Shibboleth.sso/Login, as specified in the SAML metadata in the commit. But what I was pointing out in my previous comment is, that the current DS that I knew of doesn't show the CLARIN IdP. I cannot find a login button or something similar on http://www.clarin.si/. Could you please help me and tell me where to look? (Please note that https://www.clarin.si/ shows an internal default page publically).
comment:6 Changed 9 years ago by
Replying to sander@…:
- I was using the default SessionInitiator? endpoint https://www.clarin.si/Shibboleth.sso/Login, also referred to in the SAML metadata commit that I was informed about. Requesting this URL redirected me to the discovery service I wrote about. That's going to be a problem if your SP will want to use the CLARIN DS, because the CLARIN DS sends you back to https://www.clarin.si/Shibboleth.sso/Login, as specified in the SAML metadata in the commit. But what I was pointing out in my previous comment is, that the current DS that I knew of doesn't show the CLARIN IdP. I cannot find a login button or something similar on http://www.clarin.si/.
The login button is in the repository (https://www.clarin.si/repository/xmlui/).
Thank you for the other comments.
Best,
Jozef
comment:7 Changed 9 years ago by
| Description: | modified (diff) |
|---|
Thanks, I found it now. An app-embedded DiscoJuice? is also okay, indeed. So, the ticket's title/request is no longer current. I've copied the action points I noted earlier, and let's keep track of it that way. In sum, now we're waiting on the centre registration.
comment:8 Changed 9 years ago by
| Description: | modified (diff) |
|---|
comment:9 Changed 9 years ago by
| Description: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | accepted → closed |
Hi Tomaz,
Have you initiated user acceptance testing as per the last bullet point? I'm closing the ticket for now.
comment:10 Changed 8 years ago by
Hi,
and sorry for the tardy reply - it took us a long time to get together to test this, but this happened exactly when CLARIN went down.. But we did it now, we went through the eduGAIN Access Check and everything went through ok.
Best,
Tomaž
Note: See
TracTickets for help on using
tickets.
After you commit the SAML metadata about your SP, it is included in https://infra.clarin.eu/aai/md_about_spf_sps.xml automatically and the CLARIN IdP uses that (preproduction + production) SAML metadata batch as MetadataProvider?. So in that sense nothing needs to be added. I'll give an overview of the next steps:
First of all, please make sure you have added the SAML metadata about the CLARIN IdP and the SAML metadata batch about SPF IdPs as a MetadataProvider? in your SP configuration. However, your SP is configured to use a different Discovery Service than the CLARIN central Discovery Service, and it doesn't show the CLARIN IdP. On the other hand, the CLARIN Discovery Service doesn't show Slovenian IdPs?, because we don't have relations with your national identity federation (ArnesAAI). Please ask Dieter whether there are plans to connect to your identity federation. I suppose there should be. Moreover, to be included in the production SAML metadata about SPF SPs, it is necessary to register the SP in the Centre Registry.
Action points