Page tree
Skip to end of metadata
Go to start of metadata

Shibboleth Developer's Meeting, April 11, 2014

Call Details

Meeting Number: 24048131
Toll / Intl #: N/A
Toll-Free #: N/A



Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.







Heartbleed: do we want to generate two keys in IdP v3 (for message-level and SOAP TLS) to reduce the severity of cases like this?


  • Mostly away.
  • Some heartbleed testing
  • Working on parsing <security:Credential> parsing as a precursor to parsing <security:TrustEngine> and thus add the Signing Filter.



  • Heartbleed of course
    • Patch seems fine, installer also updated for future installs

  • Completed working SAML 1/2 attribute query flows
  • Added 9443 port with our trust plugin to testbed Jetty (and disabled that weird name checking option)
  • Finished porting over policy rules into message handlers to get profile authentication working as in V2
    • refactored flows to invoke varied rule sets by profile after resolving RP/Profile configs
    • open issue: do we port the parsing code to support the old rule sets in relying-party.xml


  • Started working on error handling, very challenging
    • Starting with SOAP, a bit complex because we need an outbound message/binding context even if we can't establish RP context
    • Needed an action and context to preserve PreviousEvent as ErrorEvent so we don't lose it in error flow
    • Need to decide how to invoke error behavior: global webflow transition or per-action explicit transitions
    • We should not use exceptions routinely, web flow is pretty clear on that
    • Need ways to decide when to generate SAML response and when to generate error pages on front channel






  • No labels