Shibboleth Developer's Meeting, August 2, 2013
Attendees: Brent, Ian, Rod, Tom, Scott, Nate, Marvin, Daniel
Call Administrivia
Next call is next Friday.
60 to 90 minute call window.
Brent
Just back from OSCON, so not a lot to report on recent work.
Released IdP v2 custom security config extension on Friday 7/19.
Will next work on refactoring metadata resolver implementations.
Daniel
- added Velocity template support to the LDAP configuration
- resolutionContext and recipientContext are currently injected for v3
- V2SAMLProfileRequestContext is injected for v2
- VelocityEngine class in java-support should be moved to test
Ian
Parent POM: Checkstyle now works.
...
Next up: stabilise nightly Jenkins builds. We may need to discuss exactly what the nightly builds are for. I've documented what I think the current intent of each class of job is, along with some guidelines describing how various things are achieved, partly for this discussion and partly as guidelines for use when creating new jobs.
Marvin
Rod
...
- Attribute Mapper configuration, done the Spring config. More to do (auto-sensing)
- Watching and appreciating the authn work
- Starting to look at next up.
- Question:
- Schema validation in Spring parsers
- Was always on in V2
- I believe that it needs to be on in V3 to make users' lives easier
- It has always been off in V3 (a single code line in
idp-core:net.shibboleth.idp.spring.SchemaTypeAwareXMLBeanDefinitionReader)
- Schema validation in Spring parsers
Scott
- Changing this breaks a few gazillion tests, but they are easy to fix. Should we?
- CheckStyleRules.
- Many of us hate checking in non check style clean code
- Others (particularly much less recently less so).
- There are cases where the rule is just plane silly in that instance, there are cases where it makes the code less readable in that instance. Three options, each have their proponents, we need to discuss
- Relax the rule
- Leave the checkin with a warning
- Some middle ground.
Scott
Spent last couple of weeks working on authentication design, APIs, and individual actions, updating the code already written and adding unit tests. Code for IP Address and REMOTE_USER authentication is done, one last bit left on JAAS password validation.
Daniel probably should take on the LDAP authentication action, and we should do a Kerberos action just so we have one that supports service ticket validation.
Will be building web flow files for these cases and then testing them with Brent's web testbed, probably next week.
Tom
Taking a week off was good, I was aiming for off-line but read-only was great.
...
Next F2F : November Identity Week ? Columbus ? Just curious.
Other
Discussed possibility of dropping SP support for EOL Apache versions. Scott will ask about this on one of the lists to get feedback, but the main issue is the lack of testing on those releases, so we might just formalize that. Actual code time savings is minimal unless we dropped 2.2, which we won't.