Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Introduction
  2. Check performed on the IdPs
  3. Statuses and results
  4. Common reasons for check failure
  5. Limits
  6. Disable Checks
  7. User interface
    1. User interface parameters
  8. API interface
  9. GIT repository
  10. Presentations
  11. FAQ - Frequently Ask Questions
  12. Usage statistics

Introduction

The purpose of the eduGAIN Connectivity Check is to identify eduGAIN Identity Providers (IdP) that are not properly configured. In particular, it checks if an IdP properly loads and consumes SAML2 metadata which contains the eduGAIN Service Providers (SP). The check results are published on the public eduGAIN Connectivity Check web page (https://technical.edugain.org/eccs/). The main purpose is to increase the service overall quality and user experience of the eduGAIN interfederation service by making federation and Identity Provider operators aware of configuration problems.

...

StatusUI ColorDescription and results
ERRORRed
  • The IdP's response contains an error or the web page is not returned due to a Timeout, Connection or IdP Generic error.
    • Timeout: considers those IdPs that do not load a standard username/password login page within 60 seconds.
    • Connection-Error: considers those IdPs that are not reachable due to a connection problem. View the Page Source content to discover which problem has the IdP.
    • IdP-Generic-Error: considers those IdPs that the returned web page does not contain a Login Form, but an unspecified error such as "An error occurred". This kind of error has been seen on Microsoft ADFS based IdPs.
    • 403-Forbidden: considers those IdPs that return 403 Forbidden status code while opening their login page through a testing SP.
  • The IdP most likely does not consume the eduGAIN metadata correctly.
    • No-SP-Metadata-Error: considers those IdPs that return a message like "No return endpoint available for relying party" or "No metadata found for relying party" instead of the Login Page.
  • The HTTP SSL certificate used by the IdP is invalid (see below for further explanation):
    • SSL-Error
OKGreen

The IdP most likely correctly consumes eduGAIN metadata and returns a valid login page. This is no guarantee that login on this IdP works for all eduGAIN services but if the check is passed for an IdP, this is probable.

  • OK
UNKNOWNYellow

The IdP can't be checked because the returned Login Page content is not recognized or the Login Page is always returned, also for the fake SP.

  • Unable-To-Check: considers those IdPs that do not load a standard username/password login page and do not return messages like "No return endpoint available for relying party" or "No metadata found for relying party".
DISABLEDWhite

The IdP is excluded because it cannot be checked reliably. The Page Source column, when an entity is disabled, is populated with the reason for the disabling.

  • DISABLED: considers those IdPs that are disabled from the check by an eduGAIN Operation Team member or "robots.txt" file.

...

Parameter nameParameter descriptionExample
date
Show all the service results for a specific date
date=2020-02-20
reg_auth
Show all the service results for a specific Registration Authority
reg_auth=https://reg.auth.example.org
idp
Show all the service results for a specific Identity Provider
idp=https://idp.example.org/idp/shibboleth
status
Show all the service results for a specific Status:
  • OK
  • ERROR
  • DISABLED
  • UNKNOWN
status=ERROR
check_result
Show all the service results for a specific result of check:
  • OK
  • Timeout
  • Connection-Error
  • IdP-Generic-Error
  • No-SP-Metadata-Error
  • SSL-Error
  • Unable-To-Check
  • 403-Forbidden
  • DISABLED
check_result=SSL-Error

...

Action Name (JSON)Parameter Name (JSON)Parameter DescriptionExample
  • eccsresults
  • fedstats
date
Returns all the service results for a specific date.
date=2020-02-20
  • eccsresults
  • fedstats
reg_auth
Returns all the service results for a specific Registration Authority.
reg_auth=https://reg.auth.example.org
  • eccsresults
idp
Returns the service results for a specific IdP by its entityID.
idp=https://idp.example.org/idp/shibboleth
  • eccsresults
status

Returns all the service results for a specific Status:

  • OK
  • ERROR
  • DISABLED
  • UNKNOWN
status=ERROR
  • eccsresults
check_result

Returns all the service results for a specific result of check:

  • OK
  • Timeout
  • Connection-Error
  • IdP-Generic-Error
  • No-SP-Metadata-Error
  • SSL-Error
  • Unable-To-Check
  • 403-Forbidden
  • DISABLED
check_result=SSL-Error
  • eccsresults
format
Formats the service results in a simple way
format=simple

...

[Index]

GIT repository

https://gitlab.software.geant.org/edugain/eccs

[Index]

Presentations

[Index]

FAQ - Frequently Ask Questions


  1. What does mean the color assigned to my my IdP?
    See the Status and Results table
  2. Why my IdP gets UNKNOWN(yellow) status with 3 OK?
    The problem seems to be that the IdP accepting the metadata of SP-s not included in eduGAIN.
  3. Where I can raise an issue or a request on the ECCS service's code?
    Directly on the GitLab Repository.

Usage statistics

2022-2023

  1. eccs_gui_api_stats.csv: Statistics regarding the ECCS User Interface API
  2. eccs_new_api_stats.csv: Statistics regarding the ECCS WEB API
  3. eccs_old_api_stats.csv: Statistics regarding the previous version of ECCS WEB API
  4. eccs_wrong_api_stats.csv: Statistics regarding the wrong requests to the ECCS WEB API
  5. eccs_usage_stats.tar.gz: All usage statistics files

[Index]