January Update

Created by Scott Cantor
Last updated: Jan 07, 2020
3 min read

Welcome to the third decade of the Shibboleth Project.

Various cancelled meetings, holidays, travel, and just generally getting work done have led to a lack of updates, but as of the new year we have started the process of wrapping up V4 IdP development so we can get a beta released as soon as possible. Much of the smaller items left to do are now done, and most substantive remaining issues have been pushed out to future versions, so what's left is primarily testing, finishing up work on the SAML proxy feature, and beginning to update the OIDC extension.

The installer is essentially complete at this stage, and is substantively the same as before though has been rewritten to make more extensive use of Java code in pace of ant so we can make future enhancements to it more easily by "just" writing code.

The SAML proxy feature is missing most of the necessary security code. This will hopefully start getting committed in the next week or two. It is however functionally  done and documented (SAMLAuthnConfiguration) and I don't anticipate significant changes being made for this first iteration.

The biggest remaining task is prepping an upgrade of the OIDC extension for use with V4 so that it can be made available at or near the initial release. As recently announced, we have officially assumed ongoing responsibility for the code base as of last month, and have taken the first step by importing the code into our official repository. Our plan is for any required maintenance on the original V1 branch of the extension for use with IdP V3 will be carried out in the original github repository, while work on a V2 extension for use with IdP V4 has begun on the master branch in our repository.

After some consideration, our intent is to maintain most of the current configuration, XML namespaces and types, and Java packages of the original extension, with the understanding that the implementation released with IdP V5 next year would introduce a number of breaking changes to make a number of final adjustments for the long term sustainability of the code. This version is therefore a transitional release, and deployers of the OIDC extension now and with V4 should expect some additional work to upgrade to V5 later.

As part of this transition, the documentation will likely continue to be maintained in the GitHub project wiki since it will be largely the same for this release, with the updated/integrated documentation moving into our wiki for V5.

It is however, a discussion point as to whether the code will be moved into the IdP core or maintained as a separate extension for organizational purposes. If that is the decision made, we will out of necessity also take on the delivery of some kind of formalized "module" system for the automated install and update of extensions to the core software to minimize the impact of that decision. It will, in other words, not matter all that much to a deployer whether the code is separate or not, but a separation will help us design such a module feature, and potentially reduce the impact of security issues in the relatively less mature OIDC code from the rest of the code base.

Long story short, lots of work was completed over the holidays, there's still a fair bit left to do, and we're working hard to get a beta out the door as soon as possible.