UNINETT releases public beta of SAML tracer

Today, UNINETT is proud to announce the first public beta release of SAML tracer.

SAML tracer is a Firefox plugin that allows you to trace and review all front-channel SAML messages sent as you browse web pages. The tool is intended for SAML developers or deployers for educational, research or debugging purposes.

SAML tracer is released as part of the Federation Lab, a tool suite from the GÉANT Identity Federations. SAML tracer is implemented by Olav Morken at UNINETT, also known from the SimpleSAMLphp project.

To test the beta release go here with Firefox:

Issues may be reported here:

Sneak preview: Foodle Contacts

In GÉANT Identity Federations, we’re working on designing a very simple and flexible cross-domain group exchange protocol; and Foodle will as usual be a place to showcase how this stuff work in real life.

To prepare Foodle for group interactions with other services, I’ve implemented Foodle Contacts – a simple interface for managing groups in Foodle,

Here is a sneak preview:

Identity Federation Year 2 Results

The GÉANT Identity Federations working group has a significant list of achievements from Year 2 of the project. A yearly deliverable summarizes these results nicely in a document. The yearly deliverable was recently accepted, and are now publicly available on the link below.

The main focus areas throughout year 2 have been:

  • Federation Lab
  • Federation Harmonization
  • Virtual Organizations
  • Metadata Distribution and Cross-Federation Scalability
  • Moonshot

Identity Federations Year 2 Report

Thanks to all Identity Federations participants for a productive year; and I look forward to the challenges we have up for year 3.

Launching Federation Lab

I’m happy to make an early announcement of the availability of the Federation Lab toolkit.

We would probably make a broader announcement after receiving feedback from the early testers.

The initial set of tools and content available on Federation Lab is somewhat limited. There is plans for improving and extending the set of useful tool during the rest of the Identity Federation project period. If you have ideas for tools that would be useful, please tell us…

What can you do with Federation Lab today?

  • A Service Provider Registry using SAMLmetaJS (javascript editor) for registering your test entities
  • Automated SAML Service Provider Tester: automated testing tool.
  • OpenIdP: Feide OpenIdP will automatically trust all test entities that are registered. A dedicated FedLab OpenIdP and TestShib are beeing configured soon… We will be contacting commercial vendors and offer them the opportunity to connect test IdPs to the FedLab.
  • Web-based SAML debugger. Encode and decode messages captured in the SAML flow.


Video demonstrating how Federation Lab Works

I’ve made a short screencast demonstration of how Federation Lab works.

Agenda for Identity Federations Meeting i Vienna.

Agenda for Identity Federations Meeting i Vienna.

  • Introduction, Andreas (5 min)
  • Virtual Organisations (50 min):
    • SWITCH: VO Platform, SAML-based (20 minutes)
    • SRCE: VO Platform, OAuth-based (20 minutes)
    • Discussion: SP-SAML, SP not-SAML or IdP-centric a la Corto. (10 min)
  • Best practice Documents (30 min):
    • NorduNet-Leif: De-Provisioning (15 minutes)
    • NIIF: Single Logout (15 minutes)
  • New focus area – The Login Experience – Discovery usability (15 min)
    • Andreas presents a new proposal for work item for year 3.
    • Some keywords: Kantara ULX, Embedded Discovery, SAML bridges, Browser add-ons, XAuth, etc.
  • New Deliverable – How to present our results (10 min)
  • Federated Provisioning Engine (10 minutes)
    • Proposal for Y3 activity.

Foodle API

Foodle will most likely be equipped with a easy to use API for third party sites before the end of this year. It will probably be REST-ish using JSON. The API methods will probably be split into two categories; those calls that may be done unauthenticated, and those that needs authentication. For authentication of users we will use OAuth.

There may also be an implementation of OpenSocial interface ontop of the Foodle API. Details not available at this time.

If you have a service that would like to integrate with Foodle, I would like to get in contact with you 🙂 Send me an e-mail, or comment on this blog post. Examples may be:

  • you have some portal and would like a Foodle widget on the front page, showing a list of events on the active Foodles of that user.
  • you want to implement a Desktop client, or may be a mobile client, such as an iPhone or Android app.
  • you want to integrate Foodle to an external meeting planning system.
  • anything…!?!

I think the Identity space will see a new paradigm, where the separation distinction between SPs and IdPs will be less clear. User data and attributes will be shared across services, not only from the IdP to the SP. OAuth plays an important role here. Foodle may be a playground giving you experience with service-to-service integration, that you may benefit from in other projects. If you need more reasons to play with the Foodle API (when beeing available), contact me.

Foodle API will probably indirectly cause these effects:

  • Other improvements to Foodle
  • More JS intensive Foodle, using the same API offered to third parties.
  • Improvements to SimpleSAMLphp OAuth module
  • Other similar APIs, such as HTML+JS widgets listing participants registered for a meeting/conference or similar. Really simple integration: paste this code on your web site to include a list of participants to this meeting.