Shibboleth Developer's Meeting, April 11, 2014

Attendees: 

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.

Brent

Daniel

Ian

Heartbleed: do we want to generate two keys in IdP v3 (for message-level and SOAP TLS) to reduce the severity of cases like this?

Rod

• Mostly away.
• Some heartbleed testing
• Working on parsing <security:Credential> parsing as a precursor to parsing <security:TrustEngine> and thus add the Signing Filter.

Scott

• Heartbleed of course
  • Patch seems fine, installer also updated for future installs
    

• Completed working SAML 1/2 attribute query flows
• Added 9443 port with our trust plugin to testbed Jetty (and disabled that weird name checking option)
• Finished porting over policy rules into message handlers to get profile authentication working as in V2
  • refactored flows to invoke varied rule sets by profile after resolving RP/Profile configs
  • open issue: do we port the parsing code to support the old rule sets in relying-party.xml

• Started working on error handling, very challenging
  • Starting with SOAP, a bit complex because we need an outbound message/binding context even if we can't establish RP context
  • Needed an action and context to preserve PreviousEvent as ErrorEvent so we don't lose it in error flow
  • Need to decide how to invoke error behavior: global webflow transition or per-action explicit transitions
  • We should not use exceptions routinely, web flow is pretty clear on that
  • Need ways to decide when to generate SAML response and when to generate error pages on front channel

Tom

Other