Versions Compared

Old Version 29

changes.mady.by.user Justin Knight

Saved on

compared with

New Version 30

changes.mady.by.user Stefan Winter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

eduroam Managed IdP  service should transition from its pilot under the JRA3, into the SA2 production operations. The exit pilot gate was approved by the PLM on 25th of June , officially marking the start of transition.What is the relations to pilot - something to move or install from scratch

Relation to pilot

The pilot is running on testing-level virtual machines (Okeanos). A continuation on those VMs is not foreseen. The production system is an installation "from scratch".

Accounts created in the pilot installation remain valid until their expiry, or 01 Dec 2018 (whichever comes FIRST; expiry date of intermediate CA).

For the RADIUS authentication of these pilot-phase accounts, there are two options:

  • keep the Okeanos-based RADIUS servers running until 01 Dec 2018 (preferred option)
  • add the pilot-phase Client Root CA and Client Intermediate CA as trusted on the production servers, so they can authenticate the pilot users.

We have to keep the management UI and the OCSP responder online until 01 Dec 2018 so that activities such as revocation are still possible.

However, pilot-phase IdP administrators should not create new accounts on the pilot system when the production one is available.


The transition generally consist of the following areas of work:

...