Page tree
Skip to end of metadata
Go to start of metadata

SRCE operates a tool that regularly browses through the eduGAIN metadata and

  • checks that the elements asserting compliance to the Data protection Code of Conduct conform to the SAML2 metadata profile for the Data protection Code of Conduct
  • checks that the Privacy Policy referenced by mdui:PrivacyStatementURL resolves to a page which references the Data Protection Code of Conduct
  • archives the SP's Privacy Policy page for the audit trail

On-line interface

The tool has an on-line interface in http://monitor.edugain.org/coco/

The tool uses following colours for SPs

Colourid_statuscodeDescription
White1
The SP does not assert compliance to the Data Protection Code of Conduct
Green2
The SP conforms to the REQUIRED and RECOMMENDED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct
Yellow3
The SP conforms to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct
Red4<> -1The SP does not conform to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct
Gray4-1The SP can not be checked properly (Unable to access Privacy Policy URL)

For description of the columns, see below.

JSON interface

The monitoring tool provides also a JSON feed on the monitoring results in http://monitor.edugain.org/coco/json.php

If called without parameters feed shows only "green" and "yellow" entities (entities with id_status=2 or id_status=3).

All entities can be fetched using query string parameter all_sps=true. Example: http://monitor.edugain.org/coco/json.php?all_sps=true

Specific entity can be fetched using query string parameter entityid=<URLENCODED_ENTITYID>. Example: http://monitor.edugain.org/coco/json.php?entityid=https%3A%2F%2Fwiki.edugain.org%2Fshibboleth

The table below describes the JSON feed. You can request particular attributes by enumerating their names in the query string. Example: http://monitor.edugain.org/coco/json.php?attributes=DisplayName;entityID

Attribute name (JSON)Attribute description
entityIDSP's SAML2 entityID
registrationAuthority

mdrpi:RegistrationInfo element’s registrationAuthority attribute

DisplayNamemdui:displayName element. If multivalued, only the value with xml:lang="en" is present
first_seenTimestamp when the monitoring tool has first encountered this SP
last_seenTimestamp when the monitoring tool has last encountered this SP
id_statusObserved colour of the SP; see the table above
statusTextual representation of the id_status attribute
PrivacyStatementURLmdui:PrivacyStatementURL element. If multivalued, only the value with xml:lang="en" is present
code(HTTP) status code when fetching the page to which mdui:PrivacyStatementURL resolves;
codes less then 0 represent errors in page access
code_txtHTTP status code description / error code description
content_typeThe content type of the page to which mdui:PrivacyStatementURL resolves
headersHeaders of the page to which mdui:PrivacyStatementURL resolves
cookiesCookies of the page to which mdui:PrivacyStatementURL resolves
source_b64A copy of the last archived page to which mdui:PrivacyStatementURL resolves (BASE64 encoded)

Custom SAML2 metadata file validation

You can also validate a custom SAML2 metadata file's compliance to the Data Protection Code of Conduct

  • you provide the URL of the metadata file to validate
  • you receive the results by e-mail

The custom metadata validator: http://monitor.edugain.org/coco/?show=cod


  • No labels

3 Comments

  1. I'm developing a client consuming the API. Who could I contact to provide feedbacks?

    For example, the API Conte-Type response header is not set to "application/json", which is quite annoying for consumers

    1. I added Content-Type response header "application/json" in API. Try it and let me know if it doesn't work as expected.