This newsletter will bring you information regarding new developments, plans for the future, tips and tricks and will appear on an irregular basis.
Who receives this newsletter?
All technical and administrative contacts of a service connected to SURFconext will receive this newsletter. Subscribe here and unsubscribe here.
For an overview of all mailings by the SURFconext team, see the following page.
In this edition:
- Hackathon: connect your SP to SURFconext
- Webinar: best identifier for your job!
- SURFconext will migrate to SHA-265 in 2018
- Personal data in your metadata?
- SP-Dashboard live
Hackathon: connect your SP to SURFconext
June 25th we organize a hackathon/workshop for everyone needing some help connecting their service to SURFconext, either using SAML or Open ID Connect, SURFsecureID (formerly known as Strong Authentication), groups/teams/VOOT etc. Members of our team will be at hand to solve any hurdles on the spot. At the end of the hackathon, your SP should be (nearly) connected. Register here! Any questions? Mail raoul.teeuwen@surfnet.nl.
Webinar: best identifier for your job!
What identifiers are available when connecting to SURFconext? What are the pros and cons of them all? In the 25 minute webinar on identifiers, June 26th, we'll tell you all about it. We'll record it so you can also watch it later.
Keep an eye on the SURF agenda. More information and watch link will be available soon.
SURFconext will migrate to SHA-256 in 2018
The SHA-1 hashing algorithm used by SURFconext to cryptographically certify assertions it sends to Service Providers, is considered deprecated. In order to be able to keep guaranteeing the security of our
service, SURFconext will migrate to the more secure SHA-256 hashing algorithm.
The switchover is planned for the fourth quarter of 2018. When the concrete deadline is known, it will be announced to the Service Provider's listed technical contact.
Any reasonably recent SAML 2.0 Service Provider implementation should already support SHA-256. If you are using a very old version of an implementation or library you may need to upgrade. The SURFconext "test"
and "staging" environments will be configured so you can verify that your Service Provider is indeed compatible with the SHA-256 algorithm.
The concrete timeline will be announced soon. For more information, please refer to our documentation.
Personal data in your metadata?
Service providers and Identity providers provide contact details in metadata to help manage technical support, administrative support and security management. eduGAIN strongly recommends that these contacts should be a role-based name and email address and NOT personal data wherever practical. A Best Current Practice document will be issued by eduGAIN to all federation operators.
So you might want to check your metadata. Check the following page for more GDPR related tips.
SP-Dashboard live
We’re happy to announce that the Service Provider Dashboard is live. This dashboard enables you to independently manage your service(s) on the SURFconext platform. It allows to create, test and edit entities before promoting them to production.
New functionalities
-Your own dashboard behind SURFconext login.
-Create unlimited entities per SP.
-Manage multiple SP’s.
-Answer GDPR questions within the dashboard.
-Request production connection.
Future functionalities
-Compatible with OpenID Connect (at this moment SP-Dashboard is SAML-only).
-What institutions will use your service?
-Single-/multi-tenant.
SP-Dashboard vs SP-Form
At this moment the SP-Form will be available alongside the SP-Dashboard. In the coming months we will say goodbye to the SP-Form and the SP’s and IdP’s that exist there. If you want to migrate please let us know.
Refer to the documentation for more information.