On December 2023 SURFconext (the Ducth NREN) sent the following email to all operators of SPs registered at their federation:
Dear Service Provider,
You receive this message because you are listed as a contact for the following
Service Provider connected to SURFconext:
<Service Provider Entity ID>
Please read this carefully if you use the XML _metadata signing certificate_ of
SURFconext. Starting January 18, 2024, support for metadata signing at the
default location will stop.
Action is only needed if you are using the XML metadata signing certificate to
verify the downloaded metadata XML from "metadata.surfconext.nl". It is not
related to rollover of the assertion signing key which most service providers
have already successfully implemented.
Unsure if you use this? See https://edu.nl/keyrollover-sp-meta-help
For detailed instructions on changing the metadata signing certificate, visit:
https://edu.nl/keyrollover-sp-meta
The deadline to do so is 18 January 2024. If you keep using the old XML
metadata signing certificate after this date, there is a risk of metadata
refresh issues. As a result, this could potentially result in login disruptions
at any time thereafter.
SURFconext support is available for questions or assistance at support@surfconext.nl.
Kind regards,
SURFconext
In the scope of the CLARIN SPF, this email is only relevant for Service Providers who:
- Implement their own WAYF/Discovery service
- AND fetch their ‘Identity Providers’ metadata directly from SURFconext via: https://metadata.surfconext.nl/sp/
i.e. If you use CLARIN central Discovery service OR you fetch the Dutch institutions metadata from eduGAIN, you can safely ignore this message.
If this message applies to you and you would like support from our side, please reach out via spf@clarin.eu or comment on this thread.