-------- Forwarded Message --------
Subject: [AAI-Operations] Small changes to interfederation metadata
Date: Wed, 27 Nov 2019 11:07:26 +0100
From: SWITCHaai - Etienne Dysli-Metref aai@switch.ch
Reply-To: SWITCHaai - Etienne Dysli-Metref aai@switch.ch
Organization: SWITCH
To: aai-operations@switch.ch
Dear SP and IdP operators,
Following some changes at eduGAIN -- who provides the worldwide
interfederation metadata that we sign and republish for your consumption
-- we implemented a few changes in our metadata processing and therefore
its output will change slightly. We do not expect this change to cause
problems, however should you notice anything, please notify
aai@switch.ch immediately.
This change will go live today 2019-11-27 at 11:00 UTC (12:00 Swiss time).
Who is affected?
Service Providers and Identity Providers using interfederationmetadata are affected, regardless of their implementation (Shibboleth
or not). If your SP or IdP is configured for interfederation operation
according to our guides [1,2] or downloads metadata from either:
If you have users accessing typically-international services like
European projects or content publishers, or are operating such a service
yourself, then please check your configuration. You may be using one of
these interfederation metadata files.
The actual change is that we are now filtering the metadata we download
from eduGAIN with additional XSL transformations from [3]. In
particular, this filter removes some X509-related XML elements and
normalises white space around base64-encoded X509 certificates carried
by metadata. This filter has been in use in the UKf (UK) and InCommon
(USA) federations without problems for years.
Hlavně jde o https://github.com/ukf/ukf-meta/blob/master/mdx/clean-import.xsl
Michal P.
-------- Forwarded Message -------- Subject: [AAI-Operations] Small changes to interfederation metadata Date: Wed, 27 Nov 2019 11:07:26 +0100 From: SWITCHaai - Etienne Dysli-Metref aai@switch.ch Reply-To: SWITCHaai - Etienne Dysli-Metref aai@switch.ch Organization: SWITCH To: aai-operations@switch.ch
Dear SP and IdP operators,
Following some changes at eduGAIN -- who provides the worldwide interfederation metadata that we sign and republish for your consumption -- we implemented a few changes in our metadata processing and therefore its output will change slightly. We do not expect this change to cause problems, however should you notice anything, please notify aai@switch.ch immediately.
This change will go live today 2019-11-27 at 11:00 UTC (12:00 Swiss time).
Who is affected?
Service Providers and Identity Providers using interfederation metadata are affected, regardless of their implementation (Shibboleth or not). If your SP or IdP is configured for interfederation operation according to our guides [1,2] or downloads metadata from either:
then you are affected.
If you have users accessing typically-international services like European projects or content publishers, or are operating such a service yourself, then please check your configuration. You may be using one of these interfederation metadata files.
[1] https://www.switch.ch/aai/guides/sp/interfed/ [2] https://www.switch.ch/aai/guides/idp/interfed/
Technical details
The actual change is that we are now filtering the metadata we download from eduGAIN with additional XSL transformations from [3]. In particular, this filter removes some X509-related XML elements and normalises white space around base64-encoded X509 certificates carried by metadata. This filter has been in use in the UKf (UK) and InCommon (USA) federations without problems for years.
[3] https://github.com/ukf/ukf-meta/blob/master/mdx/clean-import.xsl