| 3 | | ||'''Submission round closing date'''||'''Included SVN revision(s)'''||'''[[./AT]]'''||'''[[./BE]]'''||'''[[./CZ]]'''||'''[[./DK]]'''||'''[[./CZ]]'''||'''[[./ES]]'''||'''[[./FI]]'''||'''[[./GE]]'''||'''[[./GR]]'''||'''[[./IT]]'''||'''[[./LA]]'''||'''[[./LI]]'''||'''[[./NL]]'''||'''[[./NO]]'''||'''[[./PL]]'''||'''[[./PT]]'''||'''[[./SL]]'''||'''[[./SW]]'''||'''[[./UK]]'''|| |
| 4 | | ||September||[7049]||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet|| |
| 5 | | ||2016-08-25||[7046]||submitted: not yet||submitted: 2016-08-29 \\ updated: 2016-08-31||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet|| |
| | 3 | ||'''Submission round closing date'''||'''Included SVN revision(s)'''||'''[[./AT]]'''||'''[[./BE]]'''||'''[[./CZ]]'''||'''[[./eduGAIN]]'''||'''[[./FI]]'''||'''[[./GE]]'''||'''[[./IT]]'''||'''[[./NL]]'''||'''[./FI NO]'''|| |
| | 4 | ||September||[7049]||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet|| |
| | 5 | ||2016-08-25||[7046]||submitted: not yet||submitted: 2016-08-29 \\ updated: 2016-08-31||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet||submitted: not yet|| |
| | 10 | |
| | 11 | ## Procedure for changing/adding and distributing new SAML metadata about SPF SPs ## |
| | 12 | |
| | 13 | Adding a new SP or changing SAML metadata about an existing one and distributing it is a complicated procedure. |
| | 14 | |
| | 15 | 1. Check new e-mails to `spf@clarin.eu` with subjects of the form `Commit (7047) by martynas.savickis@bpti.lt to SAML metadata about SPF SPs`. |
| | 16 | 2. Check [https://svn.clarin.eu/aai/sp-metadata.xml the single SAML metadata batch in the SVN] at all revisions recorded in the previous e-mails. Criteria are correctness and security (partly covered by the [https://www.clarin.eu/content/guidelines-saml-metadata-about-your-sp guidelines]). |
| | 17 | 3. Make an edit similar to [https://github.com/clarin-eric/pyFF_config/commit/3e676446c74e4f8262637392ff4fb881df37e274 this one] on `ems04.mpi.nl:/srv/Python/venvs/2014-11-20_SPF/etc/pyff_config/control.sh`. See the host page [/SystemAdministration/Hosts/ems04.mpi.nl ems04.mpi.nl] for info on `ems04.mpi.nl`. Also be sure to push the same change as a commit to the [https://github.com/clarin-eric/pyFF_config relevant Git repo]. |
| | 18 | 4. Cron job 11 running under the superuser on `ems04.mpi.nl` will update the SAML metadata batch at https://infra.clarin.eu/aai/md_about_spf_sps.xml. The CLARIN IdP will use this preproduction batch. |
| | 19 | 5. Check [https://docs.google.com/spreadsheets/d/1cwg2kiPL2ubzmtw7Ffe0rbQuJpuOoklFHJ10nR3Bn_M/edit?usp=sharing this Google Sheets spreadsheet], sheet `md_about_spf_sps`. This sheet details the results of validation of this SAML metadata batch. Follow up with the committers (i.e., SP operators) on whether their submissions meet the [https://www.clarin.eu/content/guidelines-saml-metadata-about-your-sp guidelines] based on e.g. this sheet. |
| | 20 | 6. Once any validation issues have been resolved, organize [/ServiceProviderFederation/LoginTest login tests] for every new SP using the CLARIN IdP. |
| | 21 | 7. Next, mark every new SP entity as production SP. You can do this by adding the SP's entity ID to the list in `ems04.mpi.nl:/srv/Python/venvs/2014-11-20_SPF/etc/pyff_config/job_b.fd`. Again, also make that change over at the [https://github.com/clarin-eric/pyFF_config relevant Git repo]. |
| | 22 | 8. Cron job 11 running under the superuser on `ems04.mpi.nl` will update the SAML metadata batches under https://infra.clarin.eu/aai/ (this time, including `prod_md_about_spf_sps.xml`). |
| | 23 | 9. To help everyone track new SPs and their registration statuses across identity federations, add the SPs to the [https://centres.clarin.eu Centre Registry]. |
| | 24 | 10. Cronjob 17 running under user `www-data` on `ems04.mpi.nl` will use the information in the Centre Registry to analyze the SAML metadata batches under https://infra.clarin.eu/aai/ into useful pieces under [https://infra.clarin.eu/aai/sps_at_identity_federations/]. |
| | 25 | 12. DFN-AAI ([[./GE]]) will pick up the mutations to [https://infra.clarin.eu/aai/prod_md_about_spf_sps.xml SAML metadata batch]. This will ensure that it is distributed throughout eduGAIN, and reviewed additionally by DFN-AAI. |
| | 26 | 13. Once DFN-AAI has picked up the new SP (and thus the SP is in eduGAIN), which you can determine via the [https://centres.clarin.eu/spf Centre Registry]), add the SP to further identity federations. Click on the country code columns in the above table for details on the identity federation-specific procedure. |
| | 27 | 14. Finally, check whether any new SP has been registered for multiple identity federations using [https://technical.edugain.org/entities this eduGAIN webapp] (i.e., a clash). In case a clash is found, request the SP operator to remove the registration with any federation other than the CLARIN SPF. |
