Skip to end of metadata
Go to start of metadata

Work has continued on IdP 4.1 and all of the planned extensions with an eye on freezing the code around the end of February so we can hit a March release of all of these components. A few small issues remain but for the most part we're close to feature complete and are working this week on getting alpha versions of everything released and posted so we can begin to test in earnest, particularly all of the new plugin and module installation functionality.

A lot of refactoring has been done on the OIDC Duo and OP plugins, with much of the code now shared (and eventually will be shared with a general RP module later). A significant amount of plugin documentation has been completed, but there's a lot left to do for the OP extension in particular. There are enough new features and differences that will require a lot of careful updates to the original documentation at GitHub.

Once the alpha builds are done, we will be soliciting help publically with testing, particularly on the new Duo integration that we know people are waiting for. We want to hit the ground running with that. The OP extension will also be re-tested for OIDC conformance before it's final.

In less obvious news, we've identified a long-standing race condition in the code that's been causing occasional exceptions and will be able to fix that for the next release. We also expect to be able to add ECDH XML Encryption support. That is not in high demand, and probably has never been implemented by any other SAML products (much like AES-GCM wasn't), but the main advantage to having it is as a hedge; if something bad happens to the RSA key transport algorithm, we would have a fallback that we don't currently have (and that noone else has of course). I don't expect we will ever attempt to implement that in the SP as it stands now, as it would be a large amount of complex work, but in addition to proxying between Shibboleth IdPs, we should be able to eventually support it if and when we migrate portions of a future SP redesign into Java.

On the subject of the SP, there's nothing much to report there, but the next steps in advancing that planning process is going to be for me to try and document a lot of the current high level design to allow for wider input into future architectural decisions about what to do with it. At this stage, it's not obvious there's likely to be much if any outside contributions to that work, but there's clear demand from the membership to produce a viable future SP.

  • No labels