Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Shibboleth Developer's Meeting, September 6, 2013

Attendees: 

Call Administrivia

Dial-in attendee identification.

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.


Brent

 

Daniel

 

Ian

  • eduGAIN and Shibboleth services 
  • Jenkins and nightly build plan
  • Metadata Aggregator

Rod

On vacation at present.

Scott

Completed first batch of authentication work:

  • Context design
  • Configuration and selection of flows
  • SSO via active results pulled from session (session itself is TBD)
  • Implemented and tested flows for IP authn, asserted RemoteUser or header, and form/basic-auth to JAAS
  • Successful integration of nested subflows for Authentication into MVC profile testbed
  • Explored error handling a bit
  • Handling of AuthnContext, including non-exact matching

Documented some identified issues with SWF (Spring and Web Flow Technical Issues), primarily the known issue of non-serializability.

Aside from polish, and those issues, an outstanding area of concern is how the SAML 2 SSO handler will figure out how to populate the AuthnContext in the response. Might need some adjusting of the design at that point.

Also defined a subflow integration point for subject canonicalization and tested "simple" implementation.

Planning to look at Session layer next, along with supporting client-side storage service, which led to DataSealer enhancement work.

DataSealer should be used anywhere the IdP needs to MAC and/or encrypt data for its own use. Produces base-64 blobs that are now GCM-encrypted, which builds in a MAC. Each blob encodes a cleartext key alias that's part of the MAC so we can add new keys but still recover old blobs if the original key is left in the keystore.

Thinking down the road we might be able to generate and store fresh keys on a scheduled basis and have it auto-rotate.

Tom

Jetty, java-shib-testbed, idp-distribution, idp-war, SWF, Velocity wiring, external flows and templates, idp-conf, Version.java (sigh), aacli.sh and version.sh, refactor idp-core, git.

 

Other

 

 


  • No labels