Responsible for this page: André Moreira.
Last content check: 08-06-2017


This page describes how to request changes to the IdP blacklist of the CLARIN SPF AAI, while providing an overview of the current status of the blacklist and ongoing blacklist requests.


André Moreira - SPF AAI operator and blacklist maintainer
Dieter Van Uytvanck - SPF AAI general manager

General workflow

Changes to the IdP blacklist can be requested if an SP operator objects, or has doubts about the inclusion of certain IdP(s) in the CLARIN SPF AAI. Either because this IdP looks suspicious or by any other technical or organizational reason. By default, all available IdPs are included in the CLARIN SPF AAI when the respective national federation joins CLARIN, so in other for an IdP to be removed, a request must be made to the central office by means of a trac ticket. The process is the same when an SP operator intends to to re-add a previously blacklisted IdP.

  1. Someone finds a suspicious IdP.
  2. Someone (with a CLARIN "developer" account) creates a TRAC ticket targeting the AAI IdP Blacklist component, to request the removal of this IdP. (The central office will take on this ticket.)
  3. TTF-AAI will review the requirements and comments whether any violations have been found.
  4. The central office closes the ticket and if there is a violation, CLARIN's pyFF configuration is updated to blacklist the IdP in question.

Creating a blacklist request

Changes to the CLARIN IdP blacklist must be requested via TRAC according to the following guidelines:

  1. Make sure there isn't a previous ticket regarding the same issue in the AAI IdP Blacklist ticket list.
  2. Create a new ticket in with the following header details:
    • Type: task.
    • Component: AAI IdP Blacklist.
    • Owner: < default >.
    • Fill in the summary field including the target IdP name and briefly describing the issue.
    • Select the ticket's desired priority.
    • (optional) Insert any relevant email address in the CC field.
    • (optional) Add some appropriate keywords e.g. idp blacklist aai spf.
  1. On the ticket description make sure to include:
    • The entityID of the IdP in question.
    • The motivation for the request
    • Date and time of any previous login attempt via the IdP in question (if known).

As an example, you can use as guidance any previously issued ticket of the AAI IdP Blacklist component.

Open tickets (ongoing blacklist requests)

Ticket Summary Priority Owner Reporter
#1008 Suspicious IdP UNICON critical André Moreira Jozef Mišutka
#1081 TU-Dresden not releasing attributes minor André Moreira


Current blacklist

entityID Federation Date Blacklisted Reason Notes SWITCHaai 06/02/2023 Allows creation of accounts to anyone. ref eduGAIN <unknown> <unknown> - eduGAIN <unknown> <unknown> - eduGAIN <unknown> <unknown> - eduGAIN 03/01/2019 Allows creation of free, unverified accounts - eduGAIN <unknown> <unknown> - Belnet <unknown> <unknown> - ACOnet <unknown> <unknown> -
Last modified 15 months ago Last modified on 02/06/23 15:49:38