''Responsible for this page: [wiki:People/andmor André Moreira].'' \\ ''Last content check: 08-06-2017''
{{{
#!html
Purpose
}}}
This page describes how to request changes to the IdP blacklist of the CLARIN SPF AAI, while providing an overview of the current status of the blacklist and ongoing blacklist requests.
== People ==
[wiki:People/andmor André Moreira] - SPF AAI operator and blacklist maintainer \\ [wiki:People/dietuyt Dieter Van Uytvanck] - SPF AAI general manager \\
----
== General workflow ==
Changes to the IdP blacklist can be requested if an SP operator objects, or has doubts about the inclusion of certain IdP(s) in the CLARIN SPF AAI. Either because this IdP looks suspicious or by any other technical or organizational reason. By default, all available !IdPs are included in the CLARIN SPF AAI when the respective national federation joins CLARIN, so in other for an IdP to be removed, a request must be made to the central office by means of a trac ticket. The process is the same when an SP operator intends to to re-add a previously blacklisted IdP.
1. Someone finds a suspicious IdP.
1. Someone (with a CLARIN "developer" account) creates a TRAC ticket targeting the ''AAI IdP Blacklist'' component, to request the removal of this IdP. (The central office will take on this ticket.)
1. TTF-AAI will review the requirements and comments whether any violations have been found.
1. The central office closes the ticket and if there is a violation, CLARIN's pyFF configuration is updated to blacklist the IdP in question.
----
== Creating a blacklist request ==
Changes to the CLARIN IdP blacklist must be requested via TRAC according to the following guidelines:
0. Make sure there isn't a previous ticket regarding the same issue in the ''AAI IdP Blacklist'' [#Tickets ticket list].
0. [https://trac.clarin.eu/newticket Create a new ticket] in trac.clarin.eu with the following header details:
* Type: '''task'''.
* Component: '''AAI IdP Blacklist'''.
* Owner: '''< default >'''.
* Fill in the summary field including the target IdP name and briefly describing the issue.
* Select the ticket's desired priority.
* (optional) Insert any relevant email address in the CC field.
* (optional) Add some appropriate keywords e.g. ''idp blacklist aai spf''.
2. On the ticket ''description'' make sure to include:
* The '''entityID''' of the IdP in question.
* The motivation for the request
* Date and time of any previous login attempt via the IdP in question (if known).
As an example, you can use as guidance any [ticket:1008 previously issued ticket] of the ''AAI IdP Blacklist'' component.
----
== Open tickets (ongoing blacklist requests) ==
[[TicketQuery(status=accepted|assigned|new|reopened,component=AAI IdP Blacklist,order=priority,format=table,col=summary|priority|owner|reporter)]]
----
== Status ==
=== Current blacklist ===
||= entityID =||= Federation =||= Date Blacklisted =||= Reason =||= Notes =||
|| https://login-idp.libraries.ch/idp/shibboleth || SWITCHaai || 06/02/2023 || Allows creation of accounts to anyone. [https://www.libraries.ch/faq?locale=en ref] || ||
|| https://idp.protectnetwork.org/protectnetwork-idp || eduGAIN || || || - ||
|| https://idp.painless-security.com/idp/shibboleth || eduGAIN || || || - ||
|| https://idp1.proofidcloud.co.uk/idp/shibboleth || eduGAIN || || || - ||
|| https://umbrellaid.org/idp/shibboleth || eduGAIN || 03/01/2019 || Allows creation of free, unverified accounts || - ||
|| https://sso-demo.proofidcloud.co.uk/idp/pingfederate || eduGAIN || || || - ||
|| https://idp.umons.ac.be/idp/shibbolethe || Belnet || || || - ||
|| https://openidp.aco.net/saml || ACOnet || || || - ||