[[PageOutline(1-5,Table of Contents,pullout)]]

= SAML metadata about SPF SPs: distribution to identity federations by ERIC =
This page provides a status overview of the SP metadata distribution across the various CLARIN SPF identity federations. It is still under construction (October 2017) so some information might be missing or incomplete. If you are looking for the old matrix page you can find it [../OldDistributionMatrix here] but keep in mind that the whole metadata workflow changed once the SPF infrastructure was dockerized and the SP metadata file moved from the CLARIN SVN to [https://github.com/clarin-eric/SPF-SPs-metadata github]. A detailed description of the new workflow can be found in the [../../ServiceProviderFederation#ChangingtheSAMLmetadataaboutSPFSPs service provider federation page].

== Service Providers in the production SPF ==
This means the SP entityID is whitelisted. Only the SPs that are whitelisted, will be filtered and passed on to the [https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml production SAML metadata]. In order to be whitelisted an SP needs to have signed the SPF agreement.

All Service Providers in the production SPF will be registered directly in DFN-AAI (DE), Belnet (BE), Haka (FI), eduID.cz, SURFconext (NL) and via eduGAIN in the [wiki:./eduGAIN various other national federations].

=== Accepted ===
See the [https://centres.clarin.eu/spf centre registry SPF page], all the SPs with a checked "Prod?" column.

== Current distribution to national federations ==
|| '''Center ''' || '''Service Provider''' || '''Latest metadata version''' || '''DFN (DE) version''' || '''eduGAIN version''' || '''[./BE ./BE] version''' || '''[./CZ ./CZ] version''' || '''[./NL ./NL] version''' || '''[./NL ./PT] version''' ||
|| [https://centres.clarin.eu/centre/45 ACDH-ARCHE (Vienna)] || https://acdh.oeaw.ac.at/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d72e40f73376ec2ab69228412585ac42cc30183f d72e40f] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/45 ACDH-ARCHE (Vienna)] || https://arche.acdh.oeaw.ac.at/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d72e40f73376ec2ab69228412585ac42cc30183f d72e40f] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/45 ACDH-ARCHE (Vienna)] || https://clarin.oeaw.ac.at/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d72e40f73376ec2ab69228412585ac42cc30183f d72e40f] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/45 ACDH-ARCHE (Vienna)] || https://redmine.acdh.oeaw.ac.at/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d72e40f73376ec2ab69228412585ac42cc30183f d72e40f] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/45 ACDH-ARCHE (Vienna)] || https://registries.clarin-dariah.eu/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d72e40f73376ec2ab69228412585ac42cc30183f d72e40f] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/45 ACDH-ARCHE (Vienna)] || https://teach.dariah.eu/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d72e40f73376ec2ab69228412585ac42cc30183f d72e40f] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/5 BAS (München)] || https://clarin.phonetik.uni-muenchen.de || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/6 BBAW (Berlin)] || https://shibboleth.bbaw.de/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/15 CELR-EKK (Tartu)] || https://ekrksso.keeleressursid.ee/simplesaml/module.php/saml/sp/metadata.php/ekrk-sp || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/14 CLARIN-DK-UCPH (København)] || https://infra.clarin.dk/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/57bab02e925568b83e3c0b4d812bf729b0586f6f 57bab02] || latest || latest || ?? || ?? || ?? || latest ||
|| [https://centres.clarin.eu/centre/36 CLARIN-LT (Kaunas)] || https://sp.clarin.vdu.lt || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/25 CLARIN-PL1 (Wrocław)] || http://www.clarin-pl.eu/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/29 CLARINO Bergen (Bergen)] || https://clarino.uib.no/ || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/29 CLARINO Bergen (Bergen)] || https://repo.clarino.uib.no/shibboleth/sp || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/30 CLARINSI (Ljubljana)] || https://sp.clarin.si/ || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/18 CMU (Pittsburgh)] || https://childes.talkbank.org/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/18 CMU (Pittsburgh)] || https://talkbank.talkbank.org/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/1 EKUT (Tübingen)] || https://webanno.sfs.uni-tuebingen.de || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/1 EKUT (Tübingen)] || https://weblicht.sfs.uni-tuebingen.de || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/49 ERCC (Bolzano / Bozen)] || https://clarin.eurac.edu/Shibboleth.sso/Metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/ece41ce48c352907e96bc94047ab98057a56b924 ece41ce] || latest || latest || latest || not yet || ?? || not yet ||
|| [https://centres.clarin.eu/centre/17 FIN-CLARIN (Helsinki)] || http://sp.lat.csc.fi || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/17 FIN-CLARIN (Helsinki)] || https://lbr.csc.fi/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/15196c3932c12169b116c131b65fc1fc21e71bdf 15196c3] || latest || latest || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] ||
|| [https://centres.clarin.eu/centre/17 FIN-CLARIN (Helsinki)] || https://sp.korp.csc.fi/ || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/21 Huygens (Den Haag)] || https://engine.proxy.clariah.nl/authentication/sp/metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/21 Huygens (Den Haag)] || https://secure.huygens.knaw.nl || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/9 HZSK (Hamburg)] || http://sp.vs1.corpora.uni-hamburg.de || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/11 IDS (Mannheim)] || https://clarin.ids-mannheim.de/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/11 IDS (Mannheim)] || https://repos.ids-mannheim.de/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/34 ILC4CLARIN (Pisa)] || https://dspace-clarin-it.ilc.cnr.it/Shibboleth.sso/Metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || not yet || latest || latest ||
|| [https://centres.clarin.eu/centre/22 IVDNT (Leiden)] || https://portal.clarin.inl.nl/ || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/2b8282f3c1c941e9a9ef21f3c592fb8029e4b318 2b8282f] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/3 LINDAT (Praha)] || https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/16b7b0b8b8b9e4b2b1e189546119e9c7497d8f9d 16b7b0b] || latest || latest || ?? || ?? || ?? || ?? ||
|| [https://centres.clarin.eu/centre/23 MI (Amsterdam)] || https://openskos.meertens.knaw.nl/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/23 MI (Amsterdam)] || https://www.meertens.knaw.nl/Shibboleth.sso/Metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/23 MI (Amsterdam)] || https://www.nederlab.nl/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/24 MPI-PL (Nijmegen)] || https://archive.mpi.nl || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/a0c767a2e036685ec03b3e2cab083c5e71eec3bc a0c767a] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/24 MPI-PL (Nijmegen)] || https://sp.catalog.clarin.eu || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cf7fea0668bb3e74392928280dbe55f16aaf814a cf7fea0] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/24 MPI-PL (Nijmegen)] || https://sp.corpus1.mpi.nl || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/24 MPI-PL (Nijmegen)] || https://sp.mpi.nl || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/a0c767a2e036685ec03b3e2cab083c5e71eec3bc a0c767a] || latest || latest || latest || not yet || latest || not yet ||
|| [https://centres.clarin.eu/centre/31 NB.NO (Oslo)] || https://lap.clarino.uio.no/simplesaml/module.php/saml/sp/metadata.php/default-sp || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/f6c3ca98ecb91226e998dfe4526a8776b7aea890 f6c3ca9] || latest || latest || latest || latest || latest || latest ||
|| [https://centres.clarin.eu/centre/37 Sprakbanken (Göteborg)] || https://sp.spraakbanken.gu.se/shibboleth/clarin || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/e5939f7e80e55819fcba57baa9b458fd0ab99bc5 e5939f7] || latest || latest || latest || not yet || not yet || not yet ||
|| [https://centres.clarin.eu/centre/43 TextLab (Oslo)] || https://tekstlab.uio.no/glossa2/saml/metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/d738063964bb292749433a5d5c7d462764d47595 d738063] || latest || latest || ?? || ?? || ?? || ?? ||
|| [https://centres.clarin.eu/centre/27 UIL-OTS (Utrecht)] || https://dev.clarin.nl/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/cee4eb9d8f514bb305906ce6160b5304ee5810d6 cee4eb9] || latest || latest || latest || latest || latest || latest ||
|| '''DEV SPs''' || || || || || || || || ||
|| [https://centres.clarin.eu/centre/7 FZJ (Jülich)] || https://b2access.eudat.eu:8443/unitygw/saml-sp-metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/5e7526770b6ba00a64c541e1e28766b9ad5dd16c 5e75267] || No || No || No || No || latest || latest ||
|| ?? || https://auth.dariah.eu/shibboleth || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/52c2637698778a298dd261a58350b86b26f71716 52c2637] || No || No || No || No || No || No ||
|| Future portuguese centre ? || https://clarinportulan.net || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/150694f7cee65c3a1fb655058ca33ce96a734306 150694f] || No || No || No || No || No || ?? ||
|| [https://centres.clarin.eu/centre/49 ERCC (Bolzano / Bozen)] || https://clarin-dev.eurac.edu/Shibboleth.sso/Metadata || [https://github.com/clarin-eric/SPF-SPs-metadata/commit/ff0b669914bab1385c4f63682ba815ca4e17281f ff0b669] || No || No || No || No || No || No ||

Please note: for [wiki:./eduGAIN the other countries we use the eduGAIN metadata distribution]. Therefore they are not listed in the distribution matrix.

For an explanation about why this dual distribution mechanism is in use, please see the [https://www.clarin.eu/node/3869 opt-in page].

== Procedure for changing/adding and distributing new SAML metadata about SPF SPs ==
Adding a new SP or changing SAML metadata about an existing one and distributing it is a complicated procedure.

 1. Check for [https://github.com/clarin-eric/SPF-SPs-metadata/pulls pull requests] in the CLARIN SPF metadata repository on GitHub. Emails are automatically sent by GitHub when a new pull request is created.
 1. Make sure the pull request is as marked XSD valid by Travis CI. This is visible on the pull request page a couple of minutes after it is created.
 1. Merge the pull request into the ''master'' branch and wait for Travis CI to generate the QA report visible in [https://clarin-eric.github.io/SPF-SPs-metadata/page/master_qa_report.html this table].
 1. Make sure the [https://clarin-eric.github.io/SPF-SPs-metadata/page/master_qa_report.html QA report] does not present any issue marked in red concerning the SP in question. Follow up with the committers (i.e., SP operators) on whether their submissions meet the [https://www.clarin.eu/content/guidelines-saml-metadata-about-your-sp guidelines] based on e.g. this sheet.
 1. Create a pull request from the ''master'' to the ''production'' branch and merge it.
 1. Cron job 1 running under the ''spf-cron'' user on the docker [https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines clarin_spf_pipelines_1] image deployed at clarin-vps5, will update the SAML metadata batch at ​https://infra.clarin.eu/aai/md_about_spf_sps.xml. The CLARIN IdP will use this preproduction batch.
 1. Organize login tests for every new SP using the CLARIN IdP.
 1. Mark every new SP entity as production SP. Do this by adding the SP's entity ID to the list in the relevant [https://github.com/clarin-eric/pyFF_config/blob/master/job_b.fd job definition file] on GitHub.
 1. Cron job 1 running under the ''spf-cron'' user on the docker [https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines clarin_spf_pipelines_1] image deployed at clarin-vps5, will update the SAML metadata batches under ​https://infra.clarin.eu/aai/ (this time, including prod_md_about_spf_sps.xml).
 1. To help everyone track new SPs and their registration statuses across identity federations, add the SPs to the [https://centres.clarin.eu/ ​Centre Registry].
 1. Cronjob 2 running under ''spf-cron'' user on the docker [https://gitlab.com/CLARIN-ERIC/docker-spf-md-pipelines clarin_spf_pipelines_1] image deployed at clarin-vps5, will use the information in the Centre Registry to analyze the SAML metadata batches under ​https://infra.clarin.eu/aai/ into useful pieces under ​https://infra.clarin.eu/aai/sps_at_identity_federations/.
 1. DFN-AAI will pick up the mutations to ​[https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml SAML metadata batch]. This will ensure that it is distributed throughout eduGAIN, and reviewed additionally by DFN-AAI.
 1. Once DFN-AAI has picked up the new SP (and thus the SP is in eduGAIN) which you can determine via the ​[https://centres.clarin.eu/ ​Centre Registry], add the SP to further identity federations. Click on the country code columns in the above table for details on the identity federation-specific procedure.
 1. Finally, check whether any new SP has been registered for multiple identity federations using ​[https://technical.edugain.org/entities this eduGAIN webapp] (i.e., a clash). In case a clash is found, request the SP operator to remove the registration with any federation other than the CLARIN SPF.

== Issues with production SPs ==
Please avoid expiring SAML signing certificates by doing a [https://www.switch.ch/aai/guides/sp/certificate-rollover/ certificate roll-over] on time.

Current SPs with expired certificates:

 * http://www.clarin-pl.eu/shibboleth
 * https://clarino.uib.no/
 * http://sp.lat.csc.fi
 * https://clarin.fz-juelich.de/shibboleth
 * https://asvsp.informatik.uni-leipzig.de/
 * https://beta-catalog.clarin.eu/sp/shibboleth

Remedy: create new SAML metadata, sign with a valid certificate (could be self-signed)