Shibboleth Developer's Meeting, 2016-08-05

• Flattening the IdP attribute resolver namespaces? ... Or redo dependenices? .. Or neither?... or both?

Brent

Daniel

I have a conflicting meeting today. Will try to join late.

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-975

   I've added the ability to reference an external (file or classpath) credential in ldaptive. Still haven't given up on a generalized solution.
• Preparing cryptacular release to address BC 1.54
• Fixed a couple LDAP resolver bugs

  • Jira Legacy
    server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1010

  • Jira Legacy
    server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1011

Ian

Marvin

Rod

Scott

Tom

• Some notes from the field :
  • Somewhere on the wiki regarding next steps after installation we probably should document configuration of conf/access-control.xml to enable scripts such as bin/reload-service.sh. My guess is that deployers will be adding the IP address that the IdP is listening on. Then they need to wait 5m for the automatic reload before being able to use the scripts. Makes me think that we could add an option to CLI.java to select the source address, for example localhost, since access from localhost is allowed by default.
  • I wonder if it is possible or worthwhile to be able to add a new metadata provider without reloading the existing providers, such as a large federation aggregate, for example. Maybe it could be done by nesting large metadata aggregates in their own Spring ApplicationContext as a child of some common context of the MetadataResolver. Or maybe the minute or two it takes to load large metadata aggregates is a non-issue for folks or merely a local issue.

Other