wiki:ServiceProviderFederation/OldDistributionMatrix

Version 17 (modified by Dieter Van Uytvanck, 8 years ago) (diff)

--

1. SAML metadata about SPF SPs: distribution to identity federations by ERIC

Submission round closing dateIncluded SVN revision(s)AT?BE?CZ?FI?NL?
September[7049], [7048]submitted: not yetsubmitted: not yetsubmitted: not yetsubmitted: not yetsubmitted: not yet
2016-08-25[7046]submitted: 2016-09-12submitted: 2016-08-29
updated: 2016-08-31
submitted: 2016-09-12submitted: 2016-09-12submitted: 2016-09-12
updated: 2016-09-12

Please note: for the other countries we use the eduGAIN metadata distribution?. Therefore they are not listed in the distribution matrix.

For an explanation about why this dual distribution mechanism is in use, please see the opt-in page.

2. Procedure for changing/adding and distributing new SAML metadata about SPF SPs

Adding a new SP or changing SAML metadata about an existing one and distributing it is a complicated procedure.

  1. Check new e-mails to spf@clarin.eu with subjects of the form Commit (7047) by martynas.savickis@bpti.lt to SAML metadata about SPF SPs.
  2. Check the single SAML metadata batch in the SVN at all revisions recorded in the previous e-mails. Criteria are correctness and security (partly covered by the guidelines).
  3. Make an edit similar to this one on ems04.mpi.nl:/srv/Python/venvs/2014-11-20_SPF/etc/pyff_config/control.sh. See the host page ems04.mpi.nl for info on ems04.mpi.nl. Also be sure to push the same change as a commit to the relevant Git repo.
  4. Cron job 11 running under the superuser on ems04.mpi.nl will update the SAML metadata batch at https://infra.clarin.eu/aai/md_about_spf_sps.xml. The CLARIN IdP will use this preproduction batch.
  5. Check this Google Sheets spreadsheet, sheet md_about_spf_sps. This sheet details the results of validation of this SAML metadata batch. Follow up with the committers (i.e., SP operators) on whether their submissions meet the guidelines based on e.g. this sheet.
  6. Once any validation issues have been resolved, organize login tests for every new SP using the CLARIN IdP.
  7. Next, mark every new SP entity as production SP. You can do this by adding the SP's entity ID to the list in ems04.mpi.nl:/srv/Python/venvs/2014-11-20_SPF/etc/pyff_config/job_b.fd. Again, also make that change over at the relevant Git repo.
  8. Cron job 11 running under the superuser on ems04.mpi.nl will update the SAML metadata batches under https://infra.clarin.eu/aai/ (this time, including prod_md_about_spf_sps.xml).
  9. To help everyone track new SPs and their registration statuses across identity federations, add the SPs to the Centre Registry.
  10. Cronjob 17 running under user www-data on ems04.mpi.nl will use the information in the Centre Registry to analyze the SAML metadata batches under https://infra.clarin.eu/aai/ into useful pieces under https://infra.clarin.eu/aai/sps_at_identity_federations/.
  11. DFN-AAI (GE?) will pick up the mutations to SAML metadata batch. This will ensure that it is distributed throughout eduGAIN, and reviewed additionally by DFN-AAI.
  12. Once DFN-AAI has picked up the new SP (and thus the SP is in eduGAIN), which you can determine via the Centre Registry, add the SP to further identity federations. Click on the country code columns in the above table for details on the identity federation-specific procedure.
  13. Finally, check whether any new SP has been registered for multiple identity federations using this eduGAIN webapp (i.e., a clash). In case a clash is found, request the SP operator to remove the registration with any federation other than the CLARIN SPF.