November Update

Created by Scott Cantor
Last updated: Nov 10, 2020
3 min read

Over the last month we have been working towards wrapping up work on IdP V4.1. There's still a lot left to do, but the end is at least visible and we are still targeting a Q1 2021 release. As I have said before, any notion of a V5.0 has been deferred more or less indefinitely until there are technical/platform/Java motivations for doing one.

The module and plugin systems are still undergoing some evolutionary changes as we start implementing them in real-world extensions and discover what other management and control points we need to manage installation and updates.

Simplifying changes to the existing configuration are mostly done at this point, and a substantial amount of new documentation as been written. The new documentation sections are generally in tabbed sections that separate V4.0 from V4.1+ (the latter really being targeted at new installs of V4.1 with some material included that explains how to adapt a pre-existing system to some of the new property-driven mechanisms). In the Reference sections, it should be evident that the changes typically involve reducing the number of Spring bean definitions and increasing the number of properties used.

I expect a certain amount of confusion over these changes but for existing deployers things should still just work as is. New installs should be simpler to configure and hopefully with some time to assess the changes people may be able to take advantage of the changes to reduce the complexity of existing deployments, more for people that might have to take them over than anything else.

Work continues on the more low-level configuration to address all of the many places that complex plugins (i.e., the OIDC OP extension) have to be able to add material to the configuration.

V3.0 of the OIDC OP extension will be made available with the V4.1 release of the IdP, and the code packages and configuration will be in their final "official" form for long term support by the project. With maybe about 30% of the work done, a lot of the OIDC configuration has already been reduced, eliminated, or moved to internal resources so that the extension can be more automatically installed and enabled without as many manual adjustments to files. Most of these approaches were simply impossible prior to V4.1. There will be substantial "mechanical" changes needed for those already using this extension but the final product should be much cleaner, and the package renaming made many changes inevitable anyway. Work is also largely complete on a SAML metadata implementation for management of OIDC RPs which will extend many of the more advanced IdP management techniques to the OIDC support.

In addition to getting the documentation in order, I did some significant testing of the latest IdP snapshot on Ohio State's V4 configuration and apart from some bug fixing, everything seemed to work compatibly. I was also able to retrofit my configuration to take advantage of properties without too much effort, but it is a little confusing to get from point A to point B just because of all the XML one is wading through. It's really a function of knowing what one has changed to make sure every change is captured in a property.

As I mentioned last month, there should be a new release of xmlsectool designed to work with Java 11 coming shortly.

Nothing to report on the SP front, but there are still plans for a (very) small bug/feature release before end of year.

Next Monday afternoon (my time) I will be providing a 2020 review and project roadmap at Internet2's virtual CAMP conference that is taking the place of TechExchange, and those slides will be posted as soon as the slides actually exist. We probably will arrange a separate presentation for Consortium Members that aren't attending CAMP.