Versions Compared

Version Old Version 11 New Version 12
Changes made by

Tom Zeller

Brent Putman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2019-11-15

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 6 dec (3 week delay). Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  • Ldaptive - V1 vs V2
  • Sanity check:  Spring wiring for data connectors is still a "thing" in V4? (
    Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1179
  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1457
    • But also note this link
      • "This function is all deprecated and should have been removed in V4, however the change was not warned sufficiently. This will be removed in V5"
    • ... and the open question about what to do when people worry about the Nashorn warning.

Attendees:


Brent

  • Proxied SAML authentication - Eclipse upgrade, got IdP + Jetty 9.4 java-idp-testbed working.  Now starting on the fun stuff.


Daniel


Henri


Ian


Marvin


Phil

  • Refactored more of the CSRF Listener than I said I would (git@git.shibboleth.net:philsmart/java-identity-provider branch feature/anti-csrf-flowlistener) .
    • Add an includes list alongside the excludes list.  
    • Cleaned up default predicates and config.
    • Added full set of unit tests. 
    • Updated the implementation details Anti-CSRF FlowExecutionListener Implementation
    • Think the implementation is done...until somebody decides it needs more work etc.
  • If included in the IdP, I think the approach would be:
    • Import the implementation
    • Add the config - as by default it is disabled.
    • **Maybe update the important views to include the velocity logic to add the token (or not if no token present).  Hence a clean install will be ready to enable.
    • Document how to enabled it and what needs adding to views if you upgraded etc. (taken from the implementation doc above)

...