Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
en:production [2022/05/24 13:13] – [1. Metadata Administration Tool] Added screenshots Silke Meyer | en:production [2023/01/09 14:21] – [1. Metadata Administration Tool] updated for new metadata admin tool Silke Meyer |
---|
Using the Metadata Admin Tool (entity edit view, section "Federations"), the respective entity has to be added to the federation / metadata set that is considered to fit best the needs for productive operations (cf. [[en:degrees_of_reliance|Degrees of Reliance]]). The system will check whether the metadata of this entity meet all requirements of the production environment (especially the registered certificate[s]) - and whether the account is linked with a contract. If the checks are positive, the button will be unlocked. The metadata entry in question is then reviewed by the DFN-AAI team. | Using the Metadata Admin Tool (entity edit view, section "Federations"), the respective entity has to be added to the federation / metadata set that is considered to fit best the needs for productive operations (cf. [[en:degrees_of_reliance|Degrees of Reliance]]). The system will check whether the metadata of this entity meet all requirements of the production environment (especially the registered certificate[s]) - and whether the account is linked with a contract. If the checks are positive, the button will be unlocked. The metadata entry in question is then reviewed by the DFN-AAI team. |
| |
**current/old metadata administration tool:**\\ | |
{{:en:metadata_admin_tool:in-progress.png?600|}} | |
| |
**upcoming/new metadata administration tool:**\\ | |
{{:en:metadata_admin_tool:mdv-produktiv-pending-neuemdv-en.png?600|}} | {{:en:metadata_admin_tool:mdv-produktiv-pending-neuemdv-en.png?600|}} |
===== 2. Configuration Changes ===== | ===== 2. Configuration Changes ===== |
| |
==== SP Example ==== | ==== SP Example ==== |
| |
| <callout type="danger" title="Important note: Make sure that redirectLimit is set to the value 'host' or 'exact'!"> |
| Please make sure that in **''shibboleth2.xml''** in all **''<Sessions>''** elements the XML attribute **''redirectLimit''** |
| - is set and |
| - has the value **''host''** or **''exact''**! (if necessary in combination with ''allow'') |
| This measure prevents the possible open redirect misuse of the SP e.g. in the context of a phishing attack, cf. https://shibboleth.atlassian.net/browse/SSPCPP-714. |
| For more information on the configuration parameters of the ''<Sessions>'' element see the [[https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334342/Sessions|Shibboleth Wiki]]. |
| </callout> |
| |
**For metadata URLs and the certificate for signature validation please refer to [[en:metadata|the Metadata documentation]].** | **For metadata URLs and the certificate for signature validation please refer to [[en:metadata|the Metadata documentation]].** |
| |