> On 11 Aug 2017, at 11:40, Andy Swiffin (Staff) <[log in to unmask]> wrote:
> Ten years ago I had to change the IP address of our IdP and despite setting a short TTL on the DNS entry there were a few SPs who were still going to the wrong address for up to a month later. This was only a particular problem for SAML 1 SPs who went to the wrong place asking for attributes and were sent away with a flea in their ear.
> Of course things are better now as most SPs are SAML2, but there are still some diehards, (Why in particular is JISCMail still SAML 1?),
Yes, and we've been working to eliminate SAML 1 from the UK federation for a while now. The latest action is that we've deprecated the WAYF (SAML 1-only) protocol from the UK federation Central Discovery Service and I'm in the process of contacting all the SPs which use the WAYF protocol to assist them to transition to the DS protocol (supports both SAML 1 and SAML 2).
The specific issue about the JiscMail SP is in hand. We're developing plans to migrate to the DS protocol. One speedbump is that certain IdPs release only the legacy, scoped version of eduPersonTargetedID in SAML 2 and that breaks things. It's a slow process having to move the community of IdPs and SPs together.
> I notice one of them is one of the culprits from the olden days.
You can name-and-shame here, or drop me a line at [log in to unmask] letting me know which SP it is.
> So – We will be changing our IdP address again at the end of this month. Has anyone changed theirs recently? Had any particular problems?
> Andy Swiffin
> The University of Dundee is a registered Scottish Charity, No: SC015096
UK federation support team
[log in to unmask]