Shibboleth Developer's Meeting, 2019-08-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 06-Sep. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- SWITCH will attend (Etienne, Lukas and Res), to present the use cases behind the structured (jumbo) attribute. Key messages:
- Today we have (only) 2 SPs (registration services) that would require this information. They are currently being built.
- Both are needing this information for the provisioning towards a couple of further services (like e.g. Adobe Creative Cloud etc.)
- These 2 registration service SPs are user-centric on their own authentication side, while they have to pick a role of the person on the provisioning side, for each of those further services.
- We could do without a proper attribute filter step. The registration service SPs would just require everything.
- Still, packing all of this onto the IdP might bee too much. We have therefore a plan B which looks like this:
- Send all affiliation related information (UniqueID, Mail, ScopedAffiliation, ...) in separate flat multivalued attributes to the registration service SPs (and get the consent of the user)
- Let the registration service SP call the SCIM API ( https://www.switch.ch/edu-id/organisations/tech/scim-api/ ) for each of those obtained ScopedAffiliation values, and get the proper set of attributes for that specific affiliation .
- With this, the registration service SP can then build up an own user database, and use that one for further provisioning towards the services behind.
- We don't expect a quick solution.
- carried forwardJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1181 - PS
- Update on some SameSite cookie attribute testing.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1476 - Splitting workload on SAML proxying
Attendees:
Brent
- FinishedJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-188
- Circling back to work-in-progressJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-272
- a few final details to sort out, do "real" testing with IdPJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1461
Daniel
- https://bugs.openjdk.java.net/browse/JDK-8217606 : JNDI bug has been fixed, looks like it's slated for Java 14?
- Adding support binary attributes in IDPv3 for use with UnboundID is in-flight
- Ldaptive v2 (built on netty, no provider dependencies) is about to hit RC1; question as to whether it will be appropriate for IDP v4
- Will probably be late to the call....
...