Determine SAML attributes needed, institutions allowed, and domain ownership

[simongray]

For attributes, see: https://wayf.dk/da/attributter

[simongray]

• only available for identities within WAYF - not persons outside of it
• name, email, organisation, role
• possible aggregated statistics about country/uni of origin? GDPR-compliant?

[simongray]

• domain transfer to KU-IT
  • save info from 007names
  • research domain transfer in 007names UI
  • talk to Henrik
  • talk to KU-IT,CC: Dorte and Anne

[simongray]

We decided on the attributes

• cn
• eduPersonAffiliation
• eduPersonPrimaryAffiliation
• (possibly) isMemberOf
• organizationName
• schacCountryOfCitizenship

[simongray]

Ongoing discussion with WAYF, new ticket created with KU-IT.

[simongray]

glossematics.dk is live and glossematics.org will shut down in two days. I'll switch to the new domain now for the HTTPS certficate, maybe by switching to caddy? Or maybe not.

[simongray]

Just reused the nginx setup that I already had in place. The canonical domain is now at glossematics.dk. This has been changed in the codebase as well as in the conf.edn file on the server.

Now I need to contact WAYF to update the login process.

Regarding the attributes, WAYF will mark our service as R&S which has some special implications: https://refeds.org/category/research-and-scholarship

[simongray]

I have deleted the content of the IdP field in WAYF for glossematics, so this should enable the service to be used by anyone in Denmark within a federated institution. I wanted to enable eduGAIN too, but ran into an issue with missing data in some fields. I have contacted Mikkel Hald from WAYF about this, since I couldn't quite grok where to add the missing data in the interface on https://phph.wayf.dk/.

[simongray]

Should probably update the SAML lib: https://github.com/metabase/saml20-clj/releases/tag/2.1.0