Shibboleth Developer's Meeting, Nov 7, 2014
Call Administrivia
10:00 Central US / 11:00 Eastern US / 16:00 UK
Next call is next Friday. Any reason not to meet ?
OR
Normal schedule is to skip next Friday as it's the last Friday of the month. Any reason to vary that ?
60 to 90 minute call window.
This week's call will use the Lync system at OSU. To participate, call:
- +1 (614) 688-1800 (please use if possible)
- +1 (800) 678-6114 (use only if you're charged for the 614 number)
The Conference ID is: 738127#
International participants should be able to access the 800 number without charge through Skype.
Attendees:
Brent
Daniel
Ian
Marvin
Rod
Scott
Tom
CAS RP profile-driven configuration completed. Working on unit tests for CAS flows, should finish early next week. Plan to do in-situ CAS protocol testing with our IdPv3 in dev env late next week. Need to tackle documentation at some point – suggestions welcome.
Rod
Installation redux.
- Should LDAP config default to TLS = on?
- Any missing configurations?
- Try to make QI upgrade more seamless.
Scott
Released 2.4.3 and advisory, updated advisory once with more material on removing the old jars
- Noted while releasing this that we're basically not supporting non-Oracle-derived Java
"Fixed" an issue with the AttributeInMetadata filter to allow releasing one attribute based on requesting another
Finished adding 2.4-equiv logout support with a SOAP endpoint
Added scripted function from ProfileRequestContext to Object
- we should review any places we have pluggable functions or predicates and make sure we have scripted variants
Sync'd AttributeInMetadata change to V3 version, renamed the "mapped" version of that function
Finished a straw man predicate for enforcing attribute/value checks during SSO (the "block unprovisioned user" use case) and finished intercept refactor (see list)
- the gist is you'd enable the intercept flow via relying-party.xml for the SPs to intercept but create a "global" predicate in the profile-intercept.xml for "if SP is foo and attributes look like bar OR SP is foo2 and attributes look like bar2 etc."
- writing simple scripts for those checks is probably the 90% case
Added support for multiple audit log formats (mostly federation use cases like aggregating stats)
Discussed idea for making config more pluggable at install-time with several in Indy...
Tom
Mostly read-only this week with unrelated outside work. Some work on the secondary consent index.
Other