[Surfconext-sp-newsletter] SURFconext News SP-edition including; New release SP Dashboard | Attribute Aggregation | Key rollover

[SURFconext Nieuws]

SURFconext News SP-edition 2019 #1



		

This newsletter will bring you information about new developments 
regarding SURFconext, plans for the future, tips and tricks and will 
appear on an irregular basis.

Who receive this newsletter?
All technical and administrative contacts of a service connected to 
SURFconext will receive this newsletter. Subscribe here 
<https://list.surfnet.nl/mailman/listinfo/surfconext-sp-newsletter> and 
unsubscribe here 
<https://list.surfnet.nl/mailman/options/surfconext-sp-newsletter>.

For an overview of all mailings by the SURFconext team, see the 
following page. 
<https://wiki.surfnet.nl/pages/viewpage.action?pageId=60701393>

In this edition:

 1. New release SP Dashboard
 2. SURFconext staging environment: end of life
 3. Blogs: Attribute Aggregation
 4. Keep your software up to date!
 5. Complete your key rollover before 1 May


  New release SP Dashboard

Two weeks ago the new version of the SP Dashboard has been released. The 
SP Dashboard allows vendors or institutions to independently manage 
services on the SURFconext platform. The most important new features:

  * It is now possible to configure entities based on OpenID Connect.
  * Insight into both entities located on the test environment and the
    production environment of SURFconext
  * The connection process is clearly displayed with the help of donuts

In addition, the background components have also been modified, making 
support for the SURFconext team more efficient. An example of this is 
the link between SP Dashboard and our ticketing system.

For an overview of all new features see the following page. 
<https://wiki.surfnet.nl/display/surfconextdev/New+features>


  SURFconext staging environment: end of life

SURFconext currently has three environments: (1) test, (2) staging (also 
called pre-production or acceptance) and (3) production. From *1 May 
2019* the staging environment will disappear. SPs and IdPs connected to 
this environment will not be available after this date. All institutions 
already have been notified.

For more information, read the following wiki page including frequently 
asked questions. 
<https://wiki.surfnet.nl/display/surfconextdev/Uitfaseren+staging+omgeving>

Please let us know via support at surfconext if certain scenarios your 
service depends on are no longer supported. We're happy to help to find 
a solution.


  Blog: Attribute Aggregation

Attribute Aggregation is a powerful tool that enables a user’s identity 
to be enriched with information from sources other than the institution 
itself. Group information or a researcher ID can, for example, be made 
available to a service when logging in.

In her blogs, Femke Morsch explains in detail how Attribute Aggregation 
works 
<https://blog.surf.nl/en/enrich-your-identity-attribute-aggregation-in-surfconext/>, 
and how SURFconext helps to provide safe and fast access to the 
eStudybooks portal 
<https://blog.surf.nl/en/ordering-and-reading-with-estudybooks-is-easy-and-safe-with-surfconext/>.


  Keep your software up to date!

SURFconext keeps evolving and we upgrade our platform continuously. Last 
year we enforced SHA256 as a signing algorithm and as of May 2019 we 
will update our keys. Service Providers and Identity Providers have been 
informed about this.


*Safety, tools and upgrades*

During transitions like these we answer all kinds of questions and we 
assist in testing services as well as identity providers. With all the 
interaction we have, we notice that everyone works hard to stay 
compatible with SURFconext. This doesn't necessarily mean the software 
running services or identity providers is up to scratch. Have you 
checked the software recently? Now is a good time as any to do some 
checks. To start, SURFconext policy mandates the use HTTPS URL's on all 
protocol endpoints. This means the use of TLS for protecting the 
communication between clients (a user's browser) and your server. Our 
wiki contains a checklist for the TLS-configuration of your service 
<https://edu.nl/pmrw6>. <https://edu.nl/pmrw6> SURF offers tools to 
automate such checks with SURFopzichter 
<https://dashboard.surfnet.nl/details.php?id=15>. Another thing you can 
and probably must do is keep the installation of your SAML or OIDC based 
software up-to-date. A problem you might run into is that browser 
support for TLS v1.0 and v1.1 will be dropped in 2020. How such an 
upgrade should be performed depends on your installation.


*More information*
Visit our wiki for the basics of SimpleSAMLphp, Shibboleth, Wordpress, 
etc <https://edu.nl/ht88r>. <https://edu.nl/ht88r> Happy upgrading!


  Complete your key rollover before 1 May

The SURFconext metadata migration and key rollover 
<https://edu.nl/keyrollover>is well underway. We have sent several 
emails about this process to SPs already and are glad to see that a 
large percentage has already migrated. Still, there remains a 
significant number that still has to complete the migration before 1 
May. Service providers that have not migrated will cease to function 
after this date. If you encounter any trouble or blockages in this 
process, do not hesitate to contact us! We are here to help.

------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/surfconext-sp-newsletter/attachments/20190412/2a675cf5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: foamecjiegbjlegb.png
Type: image/png
Size: 196654 bytes
Desc: not available
URL: <https://list.surfnet.nl/pipermail/surfconext-sp-newsletter/attachments/20190412/2a675cf5/attachment-0001.png>