Page tree
Skip to end of metadata
Go to start of metadata

Shibboleth Developer's Meeting, August 2, 2013

Attendees: Brent, Ian, Rod, Tom, Scott, Nate, Marvin, Daniel

Call Administrivia

Next call is next Friday.

60 to 90 minute call window.


Just back from OSCON, so not a lot to report on recent work.

Released IdP v2 custom security config extension on Friday 7/19.

Will next work on refactoring metadata resolver implementations.



  • added Velocity template support to the LDAP configuration
  • resolutionContext and recipientContext are currently injected for v3
  • V2SAMLProfileRequestContext is injected for v2
  • VelocityEngine class in java-support should be moved to test



Parent POM: Checkstyle now works.

Jenkins TLC: Checkstyle trend charts and other Checkstyle reports, more or less.  Also reduced space requirements by 6GB.

Next up: stabilise nightly Jenkins builds.  We may need to discuss exactly what the nightly builds are for.  I've documented what I think the current intent of each class of job is, along with some guidelines describing how various things are achieved, partly for this discussion and partly as guidelines for use when creating new jobs.





  • Attribute Mapper configuration, done the Spring config. More to do (auto-sensing)
  • Watching and appreciating the authn work
  • Starting to look at next up.
  • Question:
    1. Schema validation in Spring parsers
      • Was always on in V2
      • I believe that it needs to be on in V3 to make users' lives easier
      • It has always been off in V3 (a single code line in idp-core:net.shibboleth.idp.spring.SchemaTypeAwareXMLBeanDefinitionReader)
      • Changing this breaks a few gazillion tests, but they are easy to fix.  Should we?
    2. CheckStyleRules.  
      • Many of us hate checking in non check style clean code
      • Others (particularly much less recently less so).
      • There are cases where the rule is just plane silly in that instance, there are cases where it makes the code less readable in that instance.  Three options, each have their proponents, we need to discuss
        1. Relax the rule
        2. Leave the checkin with a warning
        3. Some middle ground.  


Spent last couple of weeks working on authentication design, APIs, and individual actions, updating the code already written and adding unit tests. Code for IP Address and REMOTE_USER authentication is done, one last bit left on JAAS password validation.

Daniel probably should take on the LDAP authentication action, and we should do a Kerberos action just so we have one that supports service ticket validation.

Will be building web flow files for these cases and then testing them with Brent's web testbed, probably next week.


Taking a week off was good, I was aiming for off-line but read-only was great.

Developer calls :

  1. Skip last Friday of the month. I really do appreciate everyone's time, and I like meeting weekly, but meeting every Friday can be a drag. How about we skip the last meeting of each month ? Another option is bi-weekly calls, which would be okay with me.
  2. Notes. I take notes for my own purposes, mostly to remember the major areas that people are working on and details that are important to me, but they may not be important to any one else, and I feel a little uncomfortable posting them under someone else's name. So I don't. I suggest that people post notes on the wiki for themselves, and if we need to change the format of the wiki page we can obviously do that.

Infrastructure : 

  1. Jenkins. Should we run Jenkins on a different box than ? Disk and cpu de-hogging.
  2. Nexus and Java version upgrades.
  3. Git. Totally open to discussion, but I propose we do not change our source code repository before the v3 release.

IdPv3 :

  1. Attribute Filter. How done is it ? RuleReference.
  2. Velocity as a configuration filter.
  3. Timeline to AACLI with resolver and filter. Would like to do some performance comparison with v2.
  4. Formatter. Apologies, but is everyone using the same Eclipse formatter before committing ?

java-support :

  1. Port ResourceFilter from v2 to v3.
  2. Rewrite HttpResource and FileBackedHttpResource, and port SVNResource or use Spring's ?

Next F2F : November Identity Week ? Columbus ? Just curious.


Discussed possibility of dropping SP support for EOL Apache versions. Scott will ask about this on one of the lists to get feedback, but the main issue is the lack of testing on those releases, so we might just formalize that. Actual code time savings is minimal unless we dropped 2.2, which we won't.

  • No labels