Page Comparison

...

• Jira Legacy
  server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-12

  • Add a guard to check a user who has already registered a webauthn credential can not bypass webauthn authentication when registering a new one.

    • In other flows, this is covered by

    to register a new webauthn credential is

    • requesting the correct authentication method principal etc

    • Is hard to think of all the options for trying to bootstrap the initial key, but I’ve tried to improve the documentation around this.

• Jira Legacy
  server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-11

  • Pull user.id, user.name, and user.displayName from the attribute context for use when registering a new credential

• Jira Legacy
  server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-8

  • Added an admin flow for admins to manage other users credentials. Only supports searching and removal for now.

• Finishing the docs

• 3rd Alpha released. Will get a beta out before the end of the month. Hopefully not long after that for a v1.

Rod

• Nothing

Scott

• Example script to report on project status based on a CSV file

  • http://shibboleth.net/cgi-bin/projstatus.cgi

• SP design and prototyping

• Conceptual model is visable in https://git.shibboleth.net/view/?p=java-plugin-shibd.git;a=blob;f=sp-conf-impl/src/main/resources/net/shibboleth/idp/module/conf/sp/agents.xml;h=6f5f1171a2ca15130f8cd009a0eee2e7e678428d;hb=HEAD

  • Agents have a unique ID and contain Applications.

    • Agents will be associated with some form of identity/credential to secure requests.

    • Applications have an ID that is unique within a given agent and expose a RelyingPartyConfigurationResolver to resolve the correct RPC and PC for a request.

  • Every layer allows override of the agent’s entityID, client_id, etc. The protocol identity is thus maintained solely in shibd and is no longer a concern of the agent. The shibd deployer is the one that associates Applications with protocol settings and ensures metadata given to IdPs, if it’s needed, is correct.

  • Pluggable rules control the virtual hosts associated with an agent/application, similar to what supporting unregistered OIDC clients might look like.

...