...

1. Verify that you have a valid SSL certificate matching your IdP hostname and with a valid chain. You can test it yourself with the SSL Labs checker: https://www.ssllabs.com/ssltest/
   An "SSL-Error" may be related to a missing update of the CAs used by ECCS. If you suspect that this is the case, please contact the eduGAIN support at support@edugaing.org.
2. Verify that the IP used by the client that is performing the checks, is permitted to reach your IdP: any firewall in-between must be configured to let pass TCP packets with:
   1. source IP X.X.X.X, source port 1024-65535
   2. destination YOUR-IDP-IP destination port 443
3. Verify that your IdP Login page contains a text that matches with both the following regular expressionsexpression:

   1. pattern_username = '<input[\s]+[^>]*((type=\s*[\'"](text|email)[\'"]|user)|(name=\s*[\'"](name)[\'"]))[^>]*>';pattern_password = '<input[\s]+[^>]*(type=\s*[\'"]password[\'"]|password)[^>]*>';

4. Verify that your robots.txt is not unintentionally disabling ECCS.

...

• IdP does not support HTTP or HTTPS with at least SSLv3 or TLS1 or newer (these IdPs are insecure anyway)
• IdP is part of a Hub & Spoke federation (some of them manually have to first approve eduGAIN SPs)
• IdP does not use web-based login form (e.g. HTTP Basic Authentication or X.509 login)
• IdP does not allow requests coming from the ECCS2 servers: technical-test.edugain.org / technical.edugain.org
• IdP that use more than one <iframe> inside their login page

Disable Checks

In cases where an IdP cannot be reliably checked, it is necessary to create or enrich the robots.txt file on the IdP's web root with:

...