Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Shibboleth Developer's Meeting, August 16, 2013

Attendees: 

Call Administrivia

Dial-in attendee identification.

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.


Brent

 

Daniel

 

Ian

 

Rod


Scott

Reimplemented SubjectCanonicalizer code as a context-driven webflow. Redesigned the later stages of authentication to bridge to a SubjectCanonicalizer subflow and back to complete the process. Updated the authentication design page with new summary of the steps involved.

Rest of time spent designing a new approach to handling requested authn methods that addresses a lot of constraints with current code and some problems with my early design. All of it is general to any protocol, not just SAML.

Work done:

  • designed a predicate factory and registry approach to plugging in rules for evaluating whether a "thing" supports a requested authentication context class or declaration
  • the "things" we need to examine for support are called PrincipalSupportingComponents, and include flow descriptors, results, and validation actions (the things that actually do credential checking for login)
  • implemented predicate factories for exact matching (all that V2 does) and inexact matching (handles SAML "minimum", "maximum", and "better" operators)
  • built a new context subtype for capturing requested authentication details from the AuthnRequest
  • reworked validation action base class to do a preExecute check for whether the action supports one of the requested authentication types (if the SP requests any)

Work left:

  • redo SelectAuthenticationFlow properly to use Predicates to evaluate flow descriptors and results before using them
  • unit tests
  • Spring examples and testbed testing
  • JSP-based login form support
Tom

This week started off with IP-307 "Move attribute mapper from idp-attribute-filter to new module", which is done in my local workspace. Two distractions : the first is idp-metadata and the second is testng. Also, was out for a couple of days with appointments, and it looks like the month long infrastructure outage is resolved, there was like 80% packet loss at the upstream node.

I was wondering where to move RequestedAttribute, and decided I should make the class Javadoc more verbose so I remember that it is metadata, since the class is not in a package nor module with the word "metadata" in it. That led me to IDP-302 "Verify and document proposed metadata provider work", because all I know is what was posted to the dev list those three years ago.

My suggestion is to move the CompositeMetadataResolver to OpenSAML, IDP-299,  and then delete idp-metadata-api, unless there is some reason why we need a metadata module in IdPv3 and I do not see one at this time. I think Resource based MetadataProviders are okay, especially for extensibility.

Oh, I did update the Configuring Eclipse wiki page with tips on how to install Subversion 1.7 via MacPorts, the instructions there are not totally correct but close enough.

Finally, I got my local workspace mostly correct with regards to idp-attribute-mapper, but there was no one- or two-click way to run unit tests within Eclipse and without using mvn from the command line. So I spent a little time looking at testng xml suite definitions, and I think I can get it working so we can run tests inside Eclipse, sheesh.

Rod : could you update the description for the new Attribute Mapper Component in JIRA, please ? Otherwise I will read the Javadoc and figure it out.

TL;DR Mostly about metadata, attribute-mapper, testng.

Anyone : what is the largest metadata we support ?

Other

 

 


  • No labels