Shibboleth Developer's Meeting, 2019-11-01

Brent

• Looking at Scott's SAML proxy flow stuff.  Will probably have detailed questions soon.
  
  • Testbed
    • Jetty 9.3 vs 9.4 - prefer or recommend one or the other?
    • Eclipse requirements? The Jetty 9.4 wiki page mentions Eclipse 2019-06 - is this a hard requirement?

Daniel

• LDAPDataConnector updates for ldaptive

Henri

• The OIDC plugin certification finally completed, see https://openid.net/certification/#OPs
• Worked on the ways to configure RP's public keys into SAML metadata, currently three ways:
  • via RoleDescriptor/KeyDescriptor (using OpenSAML's InlineX509Provider and RSAKeyValueProvider)
  • via (custom) RoleDescriptor/JwkSet -element: contents expected to be base64-encoded JWK
  • via (custom) RoleDescriptor/JwkSetUri -element: URI to the endpoint where JWK can be fetched
• Next release (v1.1.0) targeted before TechEx
  • The GÉANT BSD license will be switched into Apache 2.0

...

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1511

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1494

  • Work progressing on production of authentication result, implications on subject c14n, additions needed to support obvious use cases
    • Considering generic extension point to turn Assertions into arbitrary IdPAttribute data to include
  • Inbound filtering seems to hold up (issuer is proxied IdP, requester is proxying IdP)
  • Starting to hit the interesting questions, e.g. when did authentication take place re: lifetime for SSO in IdP

Tom

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1481

Other