SRCE operates a tool that regularly browses through the eduGAIN metadata and
- checks that the elements asserting compliance to the Data protection Code of Conduct conform to the SAML2 metadata profile for the Data protection Code of Conduct
- the ip address of the CoCo monitoring tool is 184.108.40.206
- value of the User-Agent request header sent by CoCo monitoring tool is "eduGAIN CoCo Monitor v1.0"
The tool has an on-line interface in http://monitor.edugain.org/coco/
The tool uses following colours for SPs
|White||1||The SP does not assert compliance to the Data Protection Code of Conduct|
|Green||2||The SP conforms to the REQUIRED and RECOMMENDED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct|
|Yellow||3||The SP conforms to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct|
|Red||4||<> -1||The SP does not conform to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct|
For description of the columns, see below.
The monitoring tool provides also a JSON feed on the monitoring results in http://monitor.edugain.org/coco/json.php
If called without parameters feed shows only "green" and "yellow" entities (entities with id_status=2 or id_status=3).
All entities can be fetched using query string parameter all_sps=true. Example: http://monitor.edugain.org/coco/json.php?all_sps=true
Specific entity can be fetched using query string parameter entityid=<URLENCODED_ENTITYID>. Example: http://monitor.edugain.org/coco/json.php?entityid=https%3A%2F%2Fwiki.edugain.org%2Fshibboleth
The table below describes the JSON feed. You can request particular attributes by enumerating their names in the query string. Example: http://monitor.edugain.org/coco/json.php?attributes=DisplayName;entityID
|Attribute name (JSON)||Attribute description|
|entityID||SP's SAML2 entityID|
mdrpi:RegistrationInfo element’s registrationAuthority attribute
|DisplayName||mdui:displayName element. If multivalued, only the value with xml:lang="en" is present|
|first_seen||Timestamp when the monitoring tool has first encountered this SP|
|last_seen||Timestamp when the monitoring tool has last encountered this SP|
|id_status||Observed colour of the SP; see the table above|
|status||Textual representation of the id_status attribute|
|PrivacyStatementURL||mdui:PrivacyStatementURL element. If multivalued, only the value with xml:lang="en" is present|
|code||(HTTP) status code when fetching the page to which mdui:PrivacyStatementURL resolves; |
codes less then 0 represent errors in page access
|code_txt||HTTP status code description / error code description|
|content_type||The content type of the page to which mdui:PrivacyStatementURL resolves|
|headers||Headers of the page to which mdui:PrivacyStatementURL resolves|
|cookies||Cookies of the page to which mdui:PrivacyStatementURL resolves|
|source_b64||A copy of the last archived page to which mdui:PrivacyStatementURL resolves (BASE64 encoded)|
Custom SAML2 metadata file validation
You can also validate a custom SAML2 metadata file's compliance to the Data Protection Code of Conduct
- you provide the URL of the metadata file to validate
- you receive the results by e-mail
The custom metadata validator: http://monitor.edugain.org/coco/?show=cod
I'm developing a client consuming the API. Who could I contact to provide feedbacks?
For example, the API Conte-Type response header is not set to "application/json", which is quite annoying for consumers
I added Content-Type response header "application/json" in API. Try it and let me know if it doesn't work as expected.
It works thanks