In this edition:
- New release SP Dashboard
- SURFconext staging environment: end of life
- Blogs: Attribute Aggregation
- Keep your software up to date!
- Complete your key rollover before 1 May
New release SP Dashboard
Two weeks ago the new version of the SP Dashboard has been released. The SP Dashboard allows vendors or institutions to independently manage services on the SURFconext platform. The most important new features:
- It is now possible to configure entities based on OpenID Connect.
- Insight into both entities located on the test environment and the production environment of SURFconext
- The connection process is clearly displayed with the help of donuts
In addition, the background components have also been modified, making support for the SURFconext team more efficient. An example of this is the link between SP Dashboard and our ticketing system.
For an overview of all new features see the following page.
SURFconext staging environment: end of life
SURFconext currently has three environments: (1) test, (2) staging (also called pre-production or acceptance) and (3) production. From 1 May 2019 the staging environment will disappear. This means that only the test and production environment remain. All institutions already have been notified.
For more information, read the following wiki page including frequently asked questions. Please let us know via support@surfconext if certain scenarios your service depends on are no longer supported. We're happy to help to find a solution.
Blog: Attribute Aggregation
Attribute Aggregation is a powerful tool that enables a user’s identity to be enriched with information from sources other than the institution itself. Group information or a researcher ID can, for example, be made available to a service when logging in.
In her blogs, Femke Morsch explains in detail how Attribute Aggregation works, and how SURFconext helps to provide safe and fast access to the eStudybooks portal.
Keep your software up to date!
SURFconext keeps evolving and we upgrade our platform continuously. Last year we enforced SHA256 as a signing algorithm and as of May 2019 we will update our keys. Service Providers and Identity Providers have been informed about this.
Safety, tools and upgrades
During transitions like these we answer all kinds of questions and we assist in testing services as well as identity providers. With all the interaction we have, we notice that everyone works hard to stay compatible with SURFconext. This doesn't necessarily mean the software running services or identity providers is up to scratch. Have you checked the software recently? Now is a good time as any to do some checks. To start, SURFconext policy mandates the use HTTPS URL's on all protocol endpoints. This means the use of TLS for protecting the communication between clients (a user's browser) and your server. Our wiki contains a checklist for the TLS-configuration of your service. SURF offers tools to automate such checks with SURFopzichter. Another thing you can and probably must do is keep the installation of your SAML or OIDC based software up-to-date. A problem you might run into is that browser support for TLS v1.0 and v1.1 will be dropped in 2020. How such an upgrade should be performed depends on your installation.
More information
Visit our wiki for the basics of SimpleSAMLphp, Shibboleth, Wordpress, etc. Happy upgrading!
Complete your key rollover before 1 May
The SURFconext metadata migration and key rollover is well underway. We have sent several emails about this process to SPs already and are glad to see that a large percentage has already migrated. Still, there remains a significant number that still has to complete the migration before 1 May. Service providers that have not migrated will cease to function after this date. If you encounter any trouble or blockages in this process, do not hesitate to contact us! We are here to help.