Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, April 11, 2014

...

Attendees: 

 

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.

 

Brent

 

Daniel

 

Ian

 

Rod

 

Scott

 Heartbleed: do we want to generate two keys in IdP v3 (for message-level and SOAP TLS) to reduce the severity of cases like this?

Rod

  • Mostly away.
  • Some heartbleed testing
  • Working on parsing <security:Credential> parsing as a precursor to parsing <security:TrustEngine> and thus add the Signing Filter.

 

Scott

  • Heartbleed of course
    • Patch seems fine, installer also updated for future installs


  • Completed working SAML 1/2 attribute query flows
  • Added 9443 port with our trust plugin to testbed Jetty (and disabled that weird name checking option)
  • Finished porting over policy rules into message handlers to get profile authentication working as in V2
    • refactored flows to invoke varied rule sets by profile after resolving RP/Profile configs
    • open issue: do we port the parsing code to support the old rule sets in relying-party.xml

 

  • Started working on error handling, very challenging
    • Starting with SOAP, a bit complex because we need an outbound message/binding context even if we can't establish RP context
    • Needed an action and context to preserve PreviousEvent as ErrorEvent so we don't lose it in error flow
    • Need to decide how to invoke error behavior: global webflow transition or per-action explicit transitions
    • We should not use exceptions routinely, web flow is pretty clear on that
    • Need ways to decide when to generate SAML response and when to generate error pages on front channel

Tom

 

Other