wiki:ServiceProviderFederation/DistributionMatrix

Table of Contents

  1. SAML metadata about SPF SPs: distribution to identity federations by ERIC
    1. Service Providers in the production SPF
      1. Accepted
    2. Current distribution to national federations
    3. Procedure for changing/adding and distributing new SAML metadata about …
    4. Issues with production SPs

SAML metadata about SPF SPs: distribution to identity federations by ERIC

This page provides a status overview of the SP metadata distribution across the various CLARIN SPF identity federations. It is still under construction (October 2017) so some information might be missing or incomplete. If you are looking for the old matrix page you can find it here but keep in mind that the whole metadata workflow changed once the SPF infrastructure was dockerized and the SP metadata file moved from the CLARIN SVN to github. A detailed description of the new workflow can be found in the service provider federation page.

Service Providers in the production SPF

This means the SP entityID is whitelisted. Only the SPs that are whitelisted, will be filtered and passed on to the production SAML metadata. In order to be whitelisted an SP needs to have signed the SPF agreement.

All Service Providers in the production SPF will be registered directly in DFN-AAI (DE), Belnet (BE), Haka (FI), eduID.cz, SURFconext (NL) and via eduGAIN in the various other national federations.

Accepted

See the centre registry SPF page, all the SPs with a checked "Prod?" column.

Current distribution to national federations

Center Service Provider Latest metadata version DFN (DE) version eduGAIN version ./BE version ./CZ version ./NL version ./PT version
ACDH-ARCHE (Vienna) https://acdh.oeaw.ac.at/shibboleth d72e40f latest latest latest not yet latest not yet
ACDH-ARCHE (Vienna) https://arche.acdh.oeaw.ac.at/shibboleth d72e40f latest latest latest not yet latest not yet
ACDH-ARCHE (Vienna) https://clarin.oeaw.ac.at/shibboleth d72e40f latest latest latest latest latest latest
ACDH-ARCHE (Vienna) https://redmine.acdh.oeaw.ac.at/shibboleth d72e40f latest latest latest not yet latest not yet
ACDH-ARCHE (Vienna) https://registries.clarin-dariah.eu/shibboleth d72e40f latest latest latest not yet latest not yet
ACDH-ARCHE (Vienna) https://teach.dariah.eu/shibboleth d72e40f latest latest latest not yet latest not yet
BAS (München) https://clarin.phonetik.uni-muenchen.de cee4eb9 latest latest latest latest latest latest
BBAW (Berlin) https://shibboleth.bbaw.de/shibboleth cee4eb9 latest latest latest latest latest latest
CELR-EKK (Tartu) https://ekrksso.keeleressursid.ee/simplesaml/module.php/saml/sp/metadata.php/ekrk-sp cee4eb9 latest latest latest latest latest latest
CLARIN-DK-UCPH (København) https://infra.clarin.dk/shibboleth 57bab02 latest latest ?? ?? ?? latest
CLARIN-LT (Kaunas) https://sp.clarin.vdu.lt cee4eb9 latest latest latest latest latest latest
CLARIN-PL1 (Wrocław) http://www.clarin-pl.eu/shibboleth cee4eb9 latest latest latest latest latest latest
CLARINO Bergen (Bergen) https://clarino.uib.no/ cee4eb9 latest latest latest latest latest latest
CLARINO Bergen (Bergen) https://repo.clarino.uib.no/shibboleth/sp cee4eb9 latest latest latest latest latest latest
CLARINSI (Ljubljana) https://sp.clarin.si/ cee4eb9 latest latest latest latest latest latest
CMU (Pittsburgh) https://childes.talkbank.org/shibboleth cee4eb9 latest latest latest latest latest latest
CMU (Pittsburgh) https://talkbank.talkbank.org/shibboleth cee4eb9 latest latest latest latest latest latest
EKUT (Tübingen) https://webanno.sfs.uni-tuebingen.de cee4eb9 latest latest latest latest latest latest
EKUT (Tübingen) https://weblicht.sfs.uni-tuebingen.de cee4eb9 latest latest latest latest latest latest
ERCC (Bolzano / Bozen) https://clarin.eurac.edu/Shibboleth.sso/Metadata ece41ce latest latest latest not yet ?? not yet
FIN-CLARIN (Helsinki) http://sp.lat.csc.fi cee4eb9 latest latest latest latest latest latest
FIN-CLARIN (Helsinki) https://lbr.csc.fi/shibboleth 15196c3 latest latest cee4eb9 cee4eb9 cee4eb9 cee4eb9
FIN-CLARIN (Helsinki) https://sp.korp.csc.fi/ cee4eb9 latest latest latest latest latest latest
Huygens (Den Haag) https://engine.proxy.clariah.nl/authentication/sp/metadata cee4eb9 latest latest latest latest latest latest
Huygens (Den Haag) https://secure.huygens.knaw.nl cee4eb9 latest latest latest latest latest latest
HZSK (Hamburg) http://sp.vs1.corpora.uni-hamburg.de cee4eb9 latest latest latest latest latest latest
IDS (Mannheim) https://clarin.ids-mannheim.de/shibboleth cee4eb9 latest latest latest latest latest latest
IDS (Mannheim) https://repos.ids-mannheim.de/shibboleth cee4eb9 latest latest latest latest latest latest
ILC4CLARIN (Pisa) https://dspace-clarin-it.ilc.cnr.it/Shibboleth.sso/Metadata cee4eb9 latest latest latest not yet latest latest
IVDNT (Leiden) https://portal.clarin.inl.nl/ 2b8282f latest latest latest latest latest latest
LINDAT (Praha) https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp 16b7b0b latest latest ?? ?? ?? ??
MI (Amsterdam) https://openskos.meertens.knaw.nl/shibboleth cee4eb9 latest latest latest latest latest latest
MI (Amsterdam) https://www.meertens.knaw.nl/Shibboleth.sso/Metadata cee4eb9 latest latest latest latest latest latest
MI (Amsterdam) https://www.nederlab.nl/shibboleth cee4eb9 latest latest latest latest latest latest
MPI-PL (Nijmegen) https://archive.mpi.nl a0c767a latest latest latest not yet latest not yet
MPI-PL (Nijmegen) https://sp.catalog.clarin.eu cf7fea0 latest latest latest latest latest latest
MPI-PL (Nijmegen) https://sp.corpus1.mpi.nl cee4eb9 latest latest latest latest latest latest
MPI-PL (Nijmegen) https://sp.mpi.nl a0c767a latest latest latest not yet latest not yet
NB.NO (Oslo) https://lap.clarino.uio.no/simplesaml/module.php/saml/sp/metadata.php/default-sp f6c3ca9 latest latest latest latest latest latest
Sprakbanken (Göteborg) https://sp.spraakbanken.gu.se/shibboleth/clarin e5939f7 latest latest latest not yet not yet not yet
TextLab (Oslo) https://tekstlab.uio.no/glossa2/saml/metadata d738063 latest latest ?? ?? ?? ??
UIL-OTS (Utrecht) https://dev.clarin.nl/shibboleth cee4eb9 latest latest latest latest latest latest
DEV SPs
FZJ (Jülich) https://b2access.eudat.eu:8443/unitygw/saml-sp-metadata 5e75267 No No No No latest latest
?? https://auth.dariah.eu/shibboleth 52c2637 No No No No No No
Future portuguese centre ? https://clarinportulan.net 150694f No No No No No ??
ERCC (Bolzano / Bozen) https://clarin-dev.eurac.edu/Shibboleth.sso/Metadata ff0b669 No No No No No No

Please note: for the other countries we use the eduGAIN metadata distribution. Therefore they are not listed in the distribution matrix.

For an explanation about why this dual distribution mechanism is in use, please see the opt-in page.

Procedure for changing/adding and distributing new SAML metadata about SPF SPs

Adding a new SP or changing SAML metadata about an existing one and distributing it is a complicated procedure.

  1. Check for pull requests in the CLARIN SPF metadata repository on GitHub. Emails are automatically sent by GitHub when a new pull request is created.
  2. Make sure the pull request is as marked XSD valid by Travis CI. This is visible on the pull request page a couple of minutes after it is created.
  3. Merge the pull request into the master branch and wait for Travis CI to generate the QA report visible in this table.
  4. Make sure the QA report does not present any issue marked in red concerning the SP in question. Follow up with the committers (i.e., SP operators) on whether their submissions meet the guidelines based on e.g. this sheet.
  5. Create a pull request from the master to the production branch and merge it.
  6. Cron job 1 running under the spf-cron user on the docker clarin_spf_pipelines_1 image deployed at clarin-vps5, will update the SAML metadata batch at ​https://infra.clarin.eu/aai/md_about_spf_sps.xml. The CLARIN IdP will use this preproduction batch.
  7. Organize login tests for every new SP using the CLARIN IdP.
  8. Mark every new SP entity as production SP. Do this by adding the SP's entity ID to the list in the relevant job definition file on GitHub.
  9. Cron job 1 running under the spf-cron user on the docker clarin_spf_pipelines_1 image deployed at clarin-vps5, will update the SAML metadata batches under ​https://infra.clarin.eu/aai/ (this time, including prod_md_about_spf_sps.xml).
  10. To help everyone track new SPs and their registration statuses across identity federations, add the SPs to the Centre Registry.
  11. Cronjob 2 running under spf-cron user on the docker clarin_spf_pipelines_1 image deployed at clarin-vps5, will use the information in the Centre Registry to analyze the SAML metadata batches under ​https://infra.clarin.eu/aai/ into useful pieces under ​https://infra.clarin.eu/aai/sps_at_identity_federations/.
  12. DFN-AAI will pick up the mutations to ​SAML metadata batch. This will ensure that it is distributed throughout eduGAIN, and reviewed additionally by DFN-AAI.
  13. Once DFN-AAI has picked up the new SP (and thus the SP is in eduGAIN) which you can determine via the ​Centre Registry, add the SP to further identity federations. Click on the country code columns in the above table for details on the identity federation-specific procedure.
  14. Finally, check whether any new SP has been registered for multiple identity federations using ​this eduGAIN webapp (i.e., a clash). In case a clash is found, request the SP operator to remove the registration with any federation other than the CLARIN SPF.

Issues with production SPs

Please avoid expiring SAML signing certificates by doing a certificate roll-over on time.

Current SPs with expired certificates:

Remedy: create new SAML metadata, sign with a valid certificate (could be self-signed)

Last modified 6 years ago Last modified on 06/21/18 15:08:42