2014-04-04

Owned by Tom Zeller
Last updated: Apr 04, 2014 by Scott Cantor
2 min read

Shibboleth Developer's Meeting, April 04, 2014

Call Details

Toll / Intl #: +1 (201) 479-4595
Toll-Free #: N/A
Meeting Number: N/A

Attendees: 

 

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Dial-in attendee identification.

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.

 

Brent

 

Daniel

 

Ian

Java 8 support (for V3): suggested by SIDP-605 but we need a plan

dependencies again: svnkit in particular

 

Rod

I may not be able to make this and certainly not beyond 12:00 EST.  

All the work these last two weeks has been on metadata resolver parsers which are now complete and I have started work on the filters.

Input towards the open issues discussion:

  • "Move the source attribute ID ..."  Can we postpone until I am present
  • "Improve the relational database connector's connection pooling..." Do not feel I can make any input, but am interested in the result.  See also IDP-318
  • "The ID attribute will be required for all policies".  I think we should drop this. It creates needless impedance for update. IDP-277 was the work item for this.  We do not require identification but if we do not have one we log (at warn) a generate identifier.  This is then used in all logging.  Reopen IDP-277 if we change our minds.
  • "HTTP and File-backed HTTP provider will be merged into one implementation".  Interested in the outcome.
  • "The signature validation filter will have options".  Can we postpone until I have looked at the code.  My instinct is that this should be done if easy.
  • All other items I have no input to make but am interested in the outcome.

 

 

Scott

  • NameID code mostly complete, remaining open issue is config and reloading
  • Completed initial versions of Populate*Parameter actions for security settings, one open issue is whether we have a global IdP configuration to feed in. Brent indicates he assumed we would, but forgot the current RP schema doesn't allow for this.
  • Started work on defining attribute query flows, looking very much a subset of SSO flows, should be simple to get working modulo SOAP issues
  • Started thinking about ECP a bit, not sure how it will drop in. Some initial ideas:
    • Use of existing action to do endpoint checking and create outbound binding contexts may require treating PAOS as the outbound binding, but linking it to the SOAP encoder. Maybe that's too much of a trick.
    • Keeping authentication flows from triggering unwanted interaction: is ECP essentially pseudo-passive?

 

Tom

  • OSJ-69 Change encoder even though it does not encode the same as the old encoder ?
  • Properties :  Spring, Logback, and Jetty 9 support configuration via a properties file, but only Spring and Logback support nested properties. Spring and Logback do not use the same syntax for a default value. A workaround is to configure Jetty via Spring. The only property replacement supported for contextConfigLocation in web.xml seems to be system properties and environment variables, point being that 'idp.home' or maybe 'IDP_HOME' should be a system property and/or env variable.
  • Very basic Selenium tests for IdP v2 and v3 in github.
  • https://jira.spring.io/browse/SWF-1617  'Support relative flow locations for flow registry base paths prefixed with "file:"' Complete. 2.4.0.RC1


Other

IdP v3 functionality open issues and JIRA housekeeping (30m)