Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

Information about Project Access

All public Shibboleth project services (website, download site, wiki, svn, git, issue tracking, and maven repository at the time of this writing) may be accessed anonymously in a read-only capacity.

Contributions and Write Access

We have configured the new sites to allow anyone using an email address from a non-public domain to request access via Atlassian's standard workflow. Any routine request for access will generally be approved, and access to the site includes the ability to comment or add/edit pages, create issues, etc. Any contributor posting to the wiki or creating an issue agrees to license their provided content under the same license noted above.

If you would like to contribute to the documentation or file an issue via an account using a public email domain, you can contact us for now to get access, but we may do additional follow up to ensure the request is legitimate.

As we go forward we will adjust based on demand and the capabilities of the product, which are more limited and not geared toward the way we did things in the past.

The services are now cloud-hosted and, due to the limitations of Atlassian's SAML support, no longer relies on federated access generally. As such, we no longer control the information collected, nor how it may be used. Refer to Atlassian's policies for information on these matters. Anyone with attributed content that wishes to be removed from the list of known past users is welcome to contact us.

Wiki Service Information

The wiki (https://shibboleth.atlassian.net/wiki) provides the currently available documentation for all the Shibboleth projects as well as information about the project plans and management.

All information within the Wiki is licensed under the Creative Commons Attribute-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

Per the terms of the CC BY-SA 3.0 license, the content of this wiki may be used by others, without seeking permission of the author, as long as this wiki is attributed as the source of the material and any resulting work is licensed under the CC BY-SA 3.0 license or a similar license. Attribution is best performed by providing a URL to the wiki page(s) containing the source material.

Issue Tracking Service Information

The issue tracking service provides a place to view and track bugs, tasks, and feature/improvement requests for the Shibboleth software. We are in the midst of a transition from the old hosted instance (https://issues.shibboleth.net) to the cloud instance (https://shibboleth.atlassian.net/jira). We are currently migrating projects to the cloud in small batches while testing features. See below for conversion status.

All issue descriptions and comments within the issue tracking service are licensed under the Creative Commons Attribute-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

All code/patches submitted to the issue tracking service must be licensed under the Apache License, version 2 or otherwise contributed to the Shibboleth Project per the terms set out by the project’s Contribution Policy.

Migrated Projects

The following projects have been migrated to the cloud platform and are no longer officially available via the old site. Some older URLs may continue to function until the conversion is closer to complete across the board.

All other projects not listed, including the member support services, remain at their original locations for a few more days.

Unsupported Projects

Unsupported projects are in a read-only state and are not meant to intake new issues. All unsupported projects have been migrated.

  • JOS – OpenSAML-Java V1

  • SIDPO - Shibboleth IdP V1

  • CPPOS – OpenSAML-C++ V1

  • JXT/JOWS/JOST - OpenSAML-Java V2

  • SC/SIDP - Shibboleth IdP V2

  • CDSJ - Centralized Discovery Service

Supported Projects

  • WEB – Website and other online services

  • JCONN – Legacy Tomcat/Jetty back-channel connectors

  • JCOMOIDC – IdP OIDC Commons Plugin

  • JOIDC – IdP OIDC OP Plugin

  • JTOTP – IdP TOTP Plugin

  • JSCRIPTING – IdP Scripting Engine Plugin

  • JDUO – IdP Duo OIDC Plugin

  • XSTJ – XML Security Tool

  • EDS – Embedded Discovery Service

  • CPPXT/CPPOST/SSPCPP – Service Provider / OpenSAML / XMLTooling

In-Development Projects

In-development projects are used infrequently outside of the development team but are accessible to ordinary users with Jira access.

  • JOIDCRP – OIDC RP Plugin

  • MDA – Metadata Aggregator

Federated Access

The older hosted platform is SAML-enabled, and users wishing to post, comment on, or be informed of changes to data will need to log in via an acceptable IdP. The IdP must release:

  • a required unique identifier for the user (see below)

  • displayName if the user wishes to have a human-readable name suitable for display or search

  • mail if the user wishes to receive notifications (e.g., changes in issue status or updates to wiki pages) via email

Note that users may modify their profile name or email address, but it will be reset to an IdP-supplied value each time they login.

The preferred identifiers supported include the legacy eduPersonPrincipalName attribute and the newly-proposed SAML subject-id attribute. The latter is ideal if a name and email address are included, while EPPN is best if provided by itself because of the strong need to publically identify contributors in these collaborative tools.

If use of a public identifier is a problem due to privacy restrictions, we tolerate use of the newly-proposed SAML pairwise-id attribute, but we do not encourage it. For historical reasons, we do support the legacy pairwise identifiers that fall under the eduPersonTargetedID and SAML persistent NameID headings, but they are strongly discouraged.

The precise set of SAML 1.1 attributes supported is:

  • urn:mace:dir:attribute-def:eduPersonPrincipalName (preferred)

  • urn:oasis:names:tc:SAML:attribute:subject-id (SAML Subject ID, new proposed standard, preferred)

  • urn:oasis:names:tc:SAML:attribute:pairwise-id (SAML Pairwise ID, new proposed standard, discouraged)

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (targetedID as SAML attribute, strongly discouraged)

  • urn:mace:dir:attribute-def:displayName (preferred)

  • urn:mace:dir:attribute-def:cn

  • urn:mace:dir:attribute-def:mail

For SAML 2.0:

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (EPPN, preferred)

  • urn:oasis:names:tc:SAML:attribute:subject-id (SAML Subject ID, new proposed standard, preferred)

  • urn:oasis:names:tc:SAML:attribute:pairwise-id (SAML Pairwise ID, new proposed standard, discouraged)

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent (targetedID as NameID, strongly discouraged)

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (targetedID as SAML attribute, strongly discouraged)

  • urn:oid:2.16.840.1.113730.3.1.241 (displayName, preferred)

  • urn:oid:2.5.4.3 (cn)

  • urn:oid:0.9.2342.19200300.100.1.3 (mail)

  • No labels