2014-11-07

Shibboleth Developer's Meeting, Nov 7, 2014

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.

Call Details

This week's call will use the Lync system at OSU. To participate, call:

  • +1 (614) 688-1800 (please use if possible)
  • +1 (800) 678-6114 (use only if you're charged for the 614 number)

The Conference ID is: 738127#

International participants should be able to access the 800 number without charge through Skype.

Attendees:

 

Brent

 

Daniel

 

Ian

 

Marvin

CAS RP profile-driven configuration completed. Working on unit tests for CAS flows, should finish early next week. Plan to do in-situ CAS protocol testing with our IdPv3 in dev env late next week. Need to tackle documentation at some point – suggestions welcome.

Rod

Installation redux.

  • Should LDAP config default to TLS = on?
  • Any missing configurations?
  • Try to make QI upgrade more seamless.

 

Scott

Released 2.4.3 and advisory, updated advisory once with more material on removing the old jars

  • Noted while releasing this that we're basically not supporting non-Oracle-derived Java
  • "Fixed" an issue with the AttributeInMetadata filter to allow releasing one attribute based on requesting another

Finished adding 2.4-equiv logout support with a SOAP endpoint

Added scripted function from ProfileRequestContext to Object

  • we should review any places we have pluggable functions or predicates and make sure we have scripted variants

Sync'd AttributeInMetadata change to V3 version, renamed the "mapped" version of that function

Finished a straw man predicate for enforcing attribute/value checks during SSO (the "block unprovisioned user" use case) and finished intercept refactor (see list)

  • the gist is you'd enable the intercept flow via relying-party.xml for the SPs to intercept but create a "global" predicate in the profile-intercept.xml for "if SP is foo and attributes look like bar OR SP is foo2 and attributes look like bar2 etc."
  • writing simple scripts for those checks is probably the 90% case

Added support for multiple audit log formats (mostly federation use cases like aggregating stats)

Discussed idea for making config more pluggable at install-time with several in Indy...

Tom

Mostly read-only this week with unrelated outside work. Some work on the secondary consent index.

Other