Versions Compared

Old Version 18

changes.mady.by.user Philip Smart

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-12

    • Add a guard to check a user who has already registered a webauthn credential can not bypass webauthn authentication when registering a new one (under certain MFA configurations that allow some kind of alternate authentication to be used to bootstrap credentials).

      • In other flows, this is covered by requesting the correct authentication method/class principal etc

      • Is hard to think of all the options for trying to bootstrap the initial key, but I’ve tried to improve the documentation around this.

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-11

    • Pull user.id, user.name, and user.displayName from the attribute context for use when registering a new credential

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-8

    • Added an admin flow for admins to manage other users credentials. Only supports searching and removal for now.

  • Finishing the docs

  • 3rd Alpha was released. Will get a beta out before the end of the month. Hopefully not long after that for a v1.

  • Will produce a few videos so it is easy for others to review

Rod

  • Nothing

Scott

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyIDP-2288

  • Example script to report on project status based on a CSV file

  • SP design and prototyping

  • Conceptual model is visable in https://git.shibboleth.net/view/?p=java-plugin-shibd.git;a=blob;f=sp-conf-impl/src/main/resources/net/shibboleth/idp/module/conf/sp/agents.xml;h=6f5f1171a2ca15130f8cd009a0eee2e7e678428d;hb=HEAD

    • Agents have a unique ID and contain Applications.

      • Agents will be associated with some form of identity/credential to secure requests.

      • Applications have an ID that is unique within a given agent and expose a RelyingPartyConfigurationResolver to resolve the correct RPC and PC for a request.

    • Every layer allows override of the agent’s entityID, client_id, etc. The protocol identity is thus maintained solely in shibd and is no longer a concern of the agent. The shibd deployer is the one that associates Applications with protocol settings and ensures metadata given to IdPs, if it’s needed, is correct.

    • Pluggable rules control the virtual hosts associated with an agent/application, similar to what supporting unregistered OIDC clients might look like.

...