Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Shibboleth Developer's Meeting, March 29, 2013

Attendees: Tom, Scott, Rod, Ian, Brent, Daniel, Marvin

Call Administrivia

Next call is next Friday.

Suggest a 60 to 90 minute call window, so 10 to 15 minutes per person.

Brent

AI: Security advisory for HTTP client issue in V2.

Closed most of the misc bugs open. One more to review, may be nothing to do, will verify.

Scott: thinking maybe end of next week or beginning of next for release.

Daniel

Work : Spring wiring for LDAP data connector

Potential configuration options for LDAP configuration:

<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
   ldapURL="ldap://localhost:10389" 
   baseDN="ou=people,dc=shibboleth,dc=net" 
   principal="cn=Directory Manager"
   principalCredential="password">
   <dc:FilterTemplate>
     <![CDATA[
       (uid=$requestContext.principalName)
     ]]>
   </dc:FilterTemplate>
 </resolver:DataConnector>


<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory">
  <beans>
    <bean id="connectionConfig"
          class="org.ldaptive.ConnectionConfig"
          p:ldapUrl="ldap://localhost:10389">
      <property name="connectionInitializer">
        <bean id="bindConnectionInitializer"
              class="org.ldaptive.BindConnectionInitializer"
              p:bindDn="cn=Directory Manager"
              p:bindCredential="password"/>
      </property>
    </bean>
    <bean id="searchExecutor"
          class="org.ldaptive.SearchExecutor"
          p:baseDn="ou=people,dc=shibboleth,dc=net"/>
  </beans>
</resolver:DataConnector>

 

Ian

Work: Pending XmlSecTool 1.2.0 release.

 

Rod

Work : Attribute Scripting Environment

  • Scripting API adjusted as discussed in development mail list.  
  • Preliminary documentation written, then updated appropriately.  As usual, this took longer than anticipated.  
  • Legacy classes written, testing ongoing.  Checkin by Apr-1,
  • Still some issues with cobatura, but aiming to get code coverage and thus enhance testing

Next week: Look at Attribute Resolver configuration parsing.


 

Scott

AI : Further thoughts on setting up an Active Directory VM for integration/unit tests ?

Work : Pending IdP 2.4.0 release.

  • Another round of dependency updates, mostly logging, think I'm done.
  •  Issue: Remove scripting engines? Wait for 3.0?
  • Mike G finishing up login page changes and helping with some testing.
  • Release dry run next week?

Work : AACLI

  • Command line shell with jcommander, Spring loaded logging, Velocity, ParserPool, Webflow container
  • Issue: OpenSAML init / parser injection?
  • Remove dependence on Xerces/Xalan? Security manager changes based on parser used.
  • Working on refactorization of Actions:
    • Copied ProfileRequestContext into opensaml-messaging-api
    • Created EventContext, new type of context subclass to use as "output" of Profile Actions designed for flow action use
    • Created ProfileAction and AbstractProfileAction to operate on ProfileRequestContext (a la MessageHandler operating on MesageContext)
    • Suggest we create SpringContext to carry Spring/Webflow-specific objects, HttpServletContext to carry Servlet request/response, switch to context-based input/output contracts between components 
    • Will create a ProfileActionWebflowAdaptor (or some such) that wraps a ProfileAction, populates Spring/HttpServletContexts, executes action, checks for EventContext and wraps/returns Event
Tom

AI : Email list regarding Active Directory test instance ? Prefer our own.

AI : Figure out establishing a handful of alpha testers ?

AI : Read https://github.com/serac/shibboleth-idp-ext-cas, compare to https://github.com/tomzeller/java-identity-provider-app

AI : Documentation for getting started with writing actions for profile handlers ?

Work : Attribute Filter design and spring wiring.

TODO : Clean up Spring wiring pattern in idp-attribute-resolver-spring and idp-core.

TODO : Fix broken Jenkins project hierarchies. INFRA-75

TODO : Figure out how to purge local maven repository when building some jobs in Jenkins. 

Jenkins now displays links to Javadoc for the java-identity-provider and java-opensaml projects. INFRA-76

To what extent can we modify schemas ? Suggested to Daniel that we can add to a schema as long as we preserve backwards compatibility. Is this correct ?

Should -api modules have .api in package name ?

Should we refactor "filtering" to "filter" ? Would result in an AttributeFilterEngine in the net.shibboleth.idp.attribute.filter[.api] package in the idp-attribute-filter-api module. Right now it is a little inconsistent.

Decisions

Coding convention : getLdapUrl or getLDAPURL

With Brent favoring getLdapUrl and Scott seeming to agree for predictability, do we have consensus on getLdapUrl ?

Refactoring volunteers ?

 

  • No labels