Page tree
Skip to end of metadata
Go to start of metadata

Shibboleth Developer's Meeting, May 3, 2013


Call Administrivia

Next call is next Friday.

60 to 90 minute call window.


Refactoring message handlers. Porting v2 messaging layer components, decoders and encoders, security policy rules, to v3.

Harmonizing security policy rules, probably will turn into message handlers. Lower them in the stack.


RDBMSParser committed last night. RDBMS/LDAPDC Parsers are probably 80% done. Next, look at StoredId database.

AI : Tom should send note regarding next steps for security configuration.

Scott : support for multiple symmetric keys in data sealer ?

Summing up LDAP and DB stuff, they are about in the same place. Still need Velocity templates and caching. 


Anyone aware of a deployment using xmlsectool or aware of a federation doing metadata signing, wondering if they have plans to move to SHA256.

  1. Wrap up documentation regarding scope extension, semi-formalize as a specification.
  2. Triage aggregator issues.

Working on converting CAS protocol actions to Scott's new opensaml AbstractProfileAction.

Will probably be busy with upcoming CAS release.


  • Retrofitting Coding guidlines (ongoing)
  • Attribute Encoders
  • Next : attribute filters
  • Then: ???

Rod : Signed attribute filters ?

Scott : Not in the IdP, not high priority.

EntityAttributeFilters will probably take up some time.


  1. ECP GSSAPI spec finished for NCSA, needs another round.
  2. Storage. Fully implemented changed API, including pulling out Optional. Added custom serialization of data capability. Unit tests, refactoring. Background cleanup thread now in base case, as generic to storage impls.
  3. Redid ReplayCache abstraction on top of StorageService API. Changed ReplayCache API to match SP. TTL was hardcoded and global, now TTL is passed in on entry creation. 

Next : Artifact map ?

Confluence upgrade, some issues. Reached out to Gary Weaver.



Committed a first pass at idp-distribution. Our Maven release profile is not exactly compatible with what I did, AI. Also, want to give a go at Marvin's monolithic Jetty XML configuration file style, since the default jetty-ssl.xml is somewhat incompatible with absolute paths. And I would like to see if it is possible to replace the need for jetty9-dta-ssl using the Jetty DSL.

Anyway, in idp-distribution run 'mvn package', then 'java -jar start.jar' in target/idp-distribution/jetty, and browse to the IdP StatusServlet URL.

Next, I would like to include the attribute-cli in idp-distribution, as well as toy with idp-shell to generate metadata and credentials after unpacking.

For some reason, I wrote a script to checkout our source via svn, and then committed it to :-/ I have a rule to not write shell scripts, but I did.




Coding convention : getLdapUrl or getLDAPURL

Decide ?


  • No labels