Shibboleth Developer's Meeting, April 11, 2014
...
Attendees:
Call Administrivia
10:00 Central US / 11:00 Eastern US / 16:00 UK
Next call is next Friday. Any reason not to meet ?
...
Heartbleed: do we want to generate two keys in IdP v3 (for message-level and SOAP TLS) to reduce the severity of cases like this?
Rod
- Mostly away.
- Some heartbleed testing
- Working on parsing <security:Credential> parsing as a precursor to parsing <security:TrustEngine> and thus add the Signing Filter.
Scott
- Heartbleed of course
- Patch seems fine, installer also updated for future installs
- Patch seems fine, installer also updated for future installs
- Completed working SAML 1/2 attribute query flows
- Added 9443 port with our trust plugin to testbed Jetty (and disabled that weird name checking option)
- Finished porting over policy rules into message handlers to get profile authentication working as in V2
- refactored flows to invoke varied rule sets by profile after resolving RP/Profile configs
- open issue: do we port the parsing code to support the old rule sets in relying-party.xml
- Started working on error handling, very challenging
- Starting with SOAP, a bit complex because we need an outbound message/binding context even if we can't establish RP context
- Needed an action and context to preserve PreviousEvent as ErrorEvent so we don't lose it in error flow
- Need to decide how to invoke error behavior: global webflow transition or per-action explicit transitions
- We should not use exceptions routinely, web flow is pretty clear on that
- Need ways to decide when to generate SAML response and when to generate error pages on front channel
Tom
Other