Participants
| Name | Organisation |
|---|---|
| Hannah Short | CERN |
| Name | Organisation | Role |
|---|---|---|
| Alan | GÉANT | Core team member |
| Andrej | KU | Core team member |
| Martin | SURF | Core team member |
| Uros | KIT | Core team member |
| Name | Organisation | Role |
|---|---|---|
| Hannah Short | CERN | REFEDS Representative |
| Nicole Harris | GÉANT | Head of T&I Operations |
| Alex Stuart | JISC | Community Representative |
Activity overview
This activity seeks to provide an easy-to-use, user-configurable test Identity Provider.
The aim of this activity is design and implement a fully functional SAML IdP that can be used to perform individual integration test by community members.
Activity Details
This activity creates a freely available, realistic test IdP for the GÉANT community. Based on the needs of the GÉANT community, the solution may offer SAML, OIDC and supports all the latest best practices.
In the past, there were similar offers like UnitedID or samltest.id. However, the UnitedID solution does no longer exist and samltest does not support required features like the release of R&S.
To achieve this task, the Incubator has to define the use cases which are needed by the community. The requirements and use cases for such a service will be defined in collaboration with a group of community representatives. Potential features of such a tool are:
- Test for a specific set of attributes
- Create an account to save a test profile
- An open (REST) API to configure the IdP using a (web) client
There are different potential business cases for deployment: as part of the eduGAIN support tools, by GÉANT operations or NREN hosted.
Operators need a reliable way to test their providers. This enables the early detection of errors in the configuration and increases the quality of the entities in eduGAIN in the long term.
- It yields some difficulties to ensure the sustainability of such a service
- The activity itself does not handle any sensitive data
- The service is supposed to be used only for testing using test data
- The design of any centrally must consider security and privacy principles
- Community requirements and use cases are documented
- A solution is designed, implemented and tested
- A test deployment is made available and tested by some operators
- A sustainability model is defined
- The software and supporting resources are provided to the future maintainer
- Design, source code and documentation is published publicly
- A responsible party to host and manage the service will be defined
Activity Results
- Test IdP based on SimpleSAMLphp software including the following test categories:
- R&S Entity category tests
- Behavioural tests
- Generic attribute profile tests
- Refeds Assurance Framework tests
- Error scenario tests
- Experimental profile tests
- Test IdP proposed Architecture
- Deployment as module for SimpleSAMLphp (available via GÉANT Gitlab): https://gitlab.geant.org/TI_Incubator/test_idp
- Test IdP Service User Guide
- Demo movie
- Test IdP and eduGAIN: Feedback indicated Test IdP should not be part of eduGAIN. Any decision left for eduGAIN steering committee
Meetings
Date | Activity | Owner | Minutes |
|---|---|---|---|
Stakeholder kickoff meeting | |||
Documents