Commit 56c858ad authored by Marco Malavolti's avatar Marco Malavolti
Browse files

Update README.md

parent 2a696fe5
......@@ -44,9 +44,9 @@ The check follows the steps:
1. It retrieves the eduGAIN IdPs from eduGAIN Operator Team database via a JSON interface
2. For each IdP, that hasn't been disabled manually by the eduGAIN Operations Team or dynamically by "robots.txt" (explained below) and that has a valid SSL certificate on its HTTP-Redirect Location, it performs an IdP-initiated SSO with SAML Authentication Request for two SP belonging two different NREN, members of eduGAIN interfederation, and for one fake SP. It expects to find the HTML form with username and password fields on the "good" SPs and an error or other on the "bad" SP. If an IdP uses frames on its Login page, the check follows only the first one on each redirected pages. If an IdP uses HTTP Basic Authentication, the check searches '401 Unauthorized' string into the web page content presented and establish the correct behaviour of the IdP. Therefore, no complete login will happen at the Identity Provider because the check stops at the login page or at SSL Certificate validation.
2. For each IdP, that hasn't been disabled manually by the eduGAIN Operations Team or dynamically by `robots.txt` (explained below) and that has a valid SSL certificate on its HTTP-Redirect Location, it performs an IdP-initiated SSO with SAML Authentication Request for two SP belonging two different NREN, members of eduGAIN interfederation, and for one fake SP. It expects to find the HTML form with username and password fields on the "good" SPs and an error or other on the "bad" SP. If an IdP uses frames on its Login page, the check follows only the first one on each redirected pages. If an IdP uses HTTP Basic Authentication, the check searches '401 Unauthorized' string into the web page content presented and establish the correct behaviour of the IdP. Therefore, no complete login will happen at the Identity Provider because the check stops at the login page or at SSL Certificate validation.
The SAML authentication request is not signed. Therefore, an authentication request for any eduGAIN SP could be created because the SP's private key is not needed.
The SPs HTTP-Post Assertion Consumer Service URLs used by the check are retrieved by "sps-metadata.xml" into the "input" directory. The 'validation' method used to validate the "sps-metadata.xml" is a deployer decision, but a solution is provided on the "README-SPS-METADATA.md" file.
The SPs HTTP-Post Assertion Consumer Service URLs used by the check are retrieved by `sps-metadata.xml` into the "input" directory. The 'validation' method used to validate the "sps-metadata.xml" is a deployer decision, but a solution is provided on the `README-SPS-METADATA.md` file.
3. If the check fails for an IdP the first time, it will be checked again at the end of the execution for a second time before exit.
......@@ -71,7 +71,7 @@ Disallow: /
If an IdP is not able to create its own `robots.txt`, it can be disabled by an eduGAIN Operation Team member by setting the dictionary `IDPS_DISABLED_DICT` into `eccs_properties.py` with a line in the form:
'<idp-entity-id>':'<eccs-check-disabling-reason>'
`<idp-entity-id>':'<eccs-check-disabling-reason>`
## On-line interface
......@@ -314,7 +314,7 @@ After the initial download, it is recommended that you occasionally go through t
2. Configure Apache for ECCS web side:
* Debian:
* `sudo cp $HOME/eccs/eccs-debian.conf /etc/apache2/conf-available/eccs.conf
* `sudo cp $HOME/eccs/eccs-debian.conf /etc/apache2/conf-available/eccs.conf`
* `sudo vim /etc/apache2/conf-available/eccs.conf` (and change the file opportunely)
* `sudo a2enconf eccs.conf`
* `sudo a2enmod proxy_uwsgi`
......@@ -366,7 +366,7 @@ To perform a restart after an API change use the following command:
## User interface
The eduGAIN Connectivity Check Service web page is available at https://technical-test.edugain.org/eccs
The eduGAIN Connectivity Check Service web page is available at https://technical.edugain.org/eccs
### User interface parameters
......@@ -380,7 +380,7 @@ The eduGAIN Connectivity Check Service web page is available at https://technica
**Example:**
`https://technical-test.edugain.org/eccs?reg_auth=http://www.idem.garr.it/&check_result=SSL-Error`
`https://technical.edugain.org/eccs?reg_auth=http://www.idem.garr.it/&check_result=SSL-Error`
## Utility for web interface
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment