Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:checklist [2021/07/20 09:44] – partly translated Silke Meyer | en:checklist [2021/07/20 11:58] – replaces en:metadata_admin_tool:checklist, correctly recognized translation page Silke Meyer | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)// | + | ====== |
- | + | ||
- | ====== | + | |
<callout color="# | <callout color="# | ||
Line 18: | Line 16: | ||
* The metadata administration tool can fetch your IdP' | * The metadata administration tool can fetch your IdP' | ||
- | * Fill in all fields | + | * Fill in all fields. If you see **red warnings** correct them before submitting the IdP/SP to production. |
* Use host name resp. URLs that can be resolved from outside your network. Systems with internal top level domains cannot be saved. | * Use host name resp. URLs that can be resolved from outside your network. Systems with internal top level domains cannot be saved. | ||
- | * Display name: the name of your institution, | + | |
- | * Description: | + | |
- | * Information URL: Website of the institution, | + | |
- | * **Privacy Statement URL**: Add the link to your privacy statement. **For Service Providers the field is mandatory.** If you only have a privacy statement in either English or German you can leave the second field blank. | + | * **Privacy Statement URL:** Add the link to your privacy statement. **For Service Providers the field is mandatory.** If you only have a privacy statement in either English or German you can leave the second field blank. |
- | * The **logos** are displayed during Discovery (IdP favicons) resp. on login screens. That is why they have **maximum sizes**. Scale your logos down to fit this size. Logos (big) can have a width of 64 to 240 px and a maximum height of 180 px. Favicons (logo small) have a size of 16 x 16 px. Service Providers do not need a small logo/ | + | * The **logos** are displayed during Discovery (IdP favicons) resp. on login screens. That is why they have **maximum sizes**. Scale your logos down to fit this size. Logos (big) can have a width of 64 to 240 px and a maximum height of 180 px. Favicons (logo small) have a size of 16 x 16 px. Service Providers do not need a small logo/ |
- | + | * Please submit at least four **contacts** per system: An administrative contact, a technical one, a support contact and a security contact. We recommend to use non-personalized email addresses, especially for the security contact which could be your Computer Emergency Response Team. If you do not have anything like that, put in the contact that responds in case of security incidents. Please make sure to keep those email addresses up to date! | |
- | * Für jedes System werden mindestens 4 **Kontaktadressen** hinterlegt: Administrativer Kontakt, technischer Kontakt, Supportkontakt und Sicherheitskontakt. Grundsätzlich sollten hier Funktionsadressen angegeben werden, insbesondere beim Sicherheitskontakt (z.B. die Ihres CERTs). Wenn Ihre Einrichtung bzw. Firma nicht über eine solche Stelle verfügt, verwenden Sie die Adresse derjenigen, die bei Sicherheitsvorfällen ansprechbar sind. Achten Sie bitte darauf, dass die in der Metadatenverwaltung hinterlegten E-Mail-Adressen aktuell gehalten werden! | + | * Have your X.509 **certificate** for SAML-based communication ready. We have an [[en: |
- | * Halten Sie Ihr X.509-Zertifikat für die SAML-basierte Kommunikation bereit. Die vollständigen Informationen zu diesen Zertifikaten finden Sie hier: [[https:// | + | * IdPs use DFN-PKI |
- | * IdPs verwenden Zertifikate der DFN-PKI. | + | * SPs can use DFN-PKI |
- | * SPs dürfen | + | * SSL certificates must not exceed a **validity of 39 months**. |
- | * Die SSL-Zertifikate dürfen eine **Gültigkeit von 39 Monaten** nicht überschreiten. | + | * For security reasons, we do no longer accept certificates that were created with a sha1 **signature algorithm**. Here is how you can check this, e.g. with openssl: |
- | * CA-Zertifikate, die mit dem **Signaturalgorithmus** sha1 erstellt wurden, akzeptieren wir aus Sicherheitsgründen nicht mehr (gilt nicht für selbst-signierte Zertifikate). So können Sie dies am Beispiel von openssl | + | |
< | < | ||
openssl x509 -in example.org.crt.pem -noout -text | grep " | openssl x509 -in example.org.crt.pem -noout -text | grep " | ||
</ | </ | ||
- | * Für Service | + | * For Service |
< | < | ||
openssl x509 -in example.org.crt.pem -noout -text | grep -A 1 " | openssl x509 -in example.org.crt.pem -noout -text | grep -A 1 " | ||
Line 45: | Line 40: | ||
</ | </ | ||
- | * Nehmen Sie Ihr System in die **Testföderation** DFN-AAI-Test | + | * Put your new system into our **test federation** DFN-AAI-Test. |
- | {{:de: | + | {{:en: |
- | + | * If it does, submit a request to join DFN-AAI. A ticket is then opened on our side and you will hear from us. | |
- | * Wenn das klappt, beantragen Sie die Aufnahme in die Produktivföderation. | + | |
- | {{:de: | + | {{:en: |