CILogon Service Update 2020-08-04
13 views
Skip to first unread message
Terry Fleury
Jul 28, 2020, 11:33:44 AM7/28/20
to out...@cilogon.org
NO DOWNTIME IS EXPECTED!
On Tuesday, August 4, 2020, the CILogon Service will be updated. This is
a minor update, but please read below for potential issues for users of
the unofficial idplist.xml file. (Note that URLs listed below reference
the test instance at https://test.cilogon.org where this update is
currently available for testing. The production instance at
https://cilogon.org will be updated August 4, 2020.)
* The XML list of InCommon/eduGAIN Identity Providers (IdPs) at
https://test.cilogon.org/include/idplist.xml (as well as the JSON
version at https://test.cilogon.org/include/idplist.json) has been
modified to remove the <whitelisted> XML tag. In the early days of
CILogon, IdPs were approved after they asserted necessary user
attributes to CILogon. Eventually, all IdPs were allowed and necessary
user attributes were verified after user login. So the <whitelisted> tag
is cruft from an older version of the CILogon Service. Removal of this
tag results in a 5% smaller file. Note that the idplist.xml file is not
typically seen by end users. In fact, CILogon recommends using the
public endpoint https://test.cilogon.org/idplist which returns IdPs as
JSON, also contains the supported OAuth2 IdPs (Google, GitHub, and
ORCID), and respects the "?skin=..." query parameter to filter the IdPs.
* Internally, CILogon is transitioning away from the terms
whitelist/blacklist used by skins. Instead, CILogon will use the terms
greenlit/redlit for IdPs that are approved/unapproved for a skin. See
the example skin configuration file
https://test.cilogon.org/skin/config-example.xml for all available skin
options.
* A new query parameter "?initialidp=..." is available. This
configuration option was previously available only to skins. OIDC
clients can now pass a url-encoded IdP entityId to set the initially
selected IdP on the "Select an Identity Provider" page. Note that the
query parameter "?idphint=..."
(https://www.cilogon.org/oidc#h.p_IWGvXH0okDI_) takes precedence with
the first IdP in that list as the initially selected IdP. Also, once a
user has selected an IdP and logged on with CILogon, that selected IdP
will be shown to the user on future logins. So the "?initialidp=..."
parameter only affects new users.
* A new skin configuration option <footertext> is available. This
enables a skin to change the https://cilogon.org footer text to specify
a different help contact email address, for example.
This update is currently available on the CILogon Test server at
https://test.cilogon.org . If you have any questions about this update,
please contact he...@cilogon.org .
--
Terry Fleury
CILogon Administrator
On Tuesday, August 4, 2020, the CILogon Service will be updated. This is
a minor update, but please read below for potential issues for users of
the unofficial idplist.xml file. (Note that URLs listed below reference
the test instance at https://test.cilogon.org where this update is
currently available for testing. The production instance at
https://cilogon.org will be updated August 4, 2020.)
* The XML list of InCommon/eduGAIN Identity Providers (IdPs) at
https://test.cilogon.org/include/idplist.xml (as well as the JSON
version at https://test.cilogon.org/include/idplist.json) has been
modified to remove the <whitelisted> XML tag. In the early days of
CILogon, IdPs were approved after they asserted necessary user
attributes to CILogon. Eventually, all IdPs were allowed and necessary
user attributes were verified after user login. So the <whitelisted> tag
is cruft from an older version of the CILogon Service. Removal of this
tag results in a 5% smaller file. Note that the idplist.xml file is not
typically seen by end users. In fact, CILogon recommends using the
public endpoint https://test.cilogon.org/idplist which returns IdPs as
JSON, also contains the supported OAuth2 IdPs (Google, GitHub, and
ORCID), and respects the "?skin=..." query parameter to filter the IdPs.
* Internally, CILogon is transitioning away from the terms
whitelist/blacklist used by skins. Instead, CILogon will use the terms
greenlit/redlit for IdPs that are approved/unapproved for a skin. See
the example skin configuration file
https://test.cilogon.org/skin/config-example.xml for all available skin
options.
* A new query parameter "?initialidp=..." is available. This
configuration option was previously available only to skins. OIDC
clients can now pass a url-encoded IdP entityId to set the initially
selected IdP on the "Select an Identity Provider" page. Note that the
query parameter "?idphint=..."
(https://www.cilogon.org/oidc#h.p_IWGvXH0okDI_) takes precedence with
the first IdP in that list as the initially selected IdP. Also, once a
user has selected an IdP and logged on with CILogon, that selected IdP
will be shown to the user on future logins. So the "?initialidp=..."
parameter only affects new users.
* A new skin configuration option <footertext> is available. This
enables a skin to change the https://cilogon.org footer text to specify
a different help contact email address, for example.
This update is currently available on the CILogon Test server at
https://test.cilogon.org . If you have any questions about this update,
please contact he...@cilogon.org .
--
Terry Fleury
CILogon Administrator
Reply all
Reply to author
Forward
0 new messages