Page History

...

1. It retrieves the eduGAIN IdPs from eduGAIN Operator Team database via access API.
2. For each IdP the ECCS2 scriptECCS script:
   
   1. doesn't check disabled IdP (added manually by an eduGAIN Operations Team via Python dictionary or dinamically by IdP administrator via "robots.txt");
   2. verifies the SSL certificate;
   3. creates a Wayfless URL for two selected SP;
   4. tries to reach the IdP login page for both SPs without performing any authentication.
      
      It expects to find the HTML form with username and password fields. Therefore, no complete login will happen at the Identity Provider because the check stops at the login page.
      The SPs used for the check are "SP Demo" (https://sp-demo.idem.garr.it/shibboleth) from IDEM GARR AAI and the "AAI Viewer Interfederation Test" (https://attribute-viewer.aai.switch.ch/interfederation-test/shibboleth) from SWITCHaai. These SPs might change in the future if it will be needed.
      The SAML authentication request sent is not signed. Therefore, authentication request for any eduGAIN SP could be created because the SP's private key is not needed.
3. At the end of the execution, the script is run again for those IdPs that have been failed the check due to a problem with the headless Webdriver(Google Chrome) used and writes each problem on the log file.
   

...

• IdP does not support HTTP or HTTPS with at least SSLv3 or TLS1 or newer (these IdPs are insecure anyway)
• IdP is part of a Hub & Spoke federation (some of them manually have to first approve eduGAIN SPs)
• IdP does not use web-based login form (e.g. HTTP Basic Authentication or X.509 login)
• IdP does not allow requests coming from the ECCS2 serversECCS servers: technical-test.edugain.org / technical.edugain.org
• IdP that use more than one <iframe> inside their login page

...

https://technical-test.edugain.org/eccs2eccs/api/##ACTION##

eccsresults

fedstats

...