March Update

Created by Scott Cantor
Last updated: Mar 15, 2021
3 min read

We are running about two weeks behind the planned schedule for IdP V4.1, so the code freeze is expected at the end of this week and a release of the IdP and all associated plugins following about 10 days later around March 24th. The one hitch in this plan is that there is optional i18n functionality that depends on a Spring Framework bug fix so we're waiting on that release in mid-March and have to have enough time to test it in order to make our schedule.

The full list of initially planned extensions is shown in the table in the IDPPLUGINS wiki space, which contains the documentation for each extension. This is to avoid coupling plugin documentation to a specific IdP version's documentation. One of the plugins is really a support module containing OIDC library code common to 2 of the initial plugins (and probably more in the future).

Since there's a lot rolling out with this release, the Upgrading topic now includes an "Upgrading to V4.1 and Beyond" section that highlights some of the mechanics of this, and future, upgrades. Notably, we don't know of any reasons why an upgrade directly from a remediated V3.4 installation (i.e., one free of warnings) won't work, but this has been tested less than upgrading from V4.0 has.

As a point of clarification, we have virtually never in our history supported more than one minor release at a time, and definitely not since V3 was released and there are no plans to do so here. With the exception of the OIDC extension (more below), which we have been very up front about, this is a minor release expected to be fully compatible with V4.0 and the process of upgrading to it versus a patch to V4.0 would be exactly the same, which is why there isn't any point in maintaining both.

This is highlighted everywhere I can think of, but to re-emphasize:

  • V1/V2 of the OIDC extension is NOT compatible with this release and ideally should be removed from the system and configuration before upgrading to V4.1.
  • V3.0 of the OIDC OP extension will be available at the time of release as a plugin for V4.1 and will be officially supported and the configuration maintained going forward.
  • There is a page that discusses the "upgrade" process and the differences between the older extension and the new plugin at OIDC OP Upgrading. It isn't difficult to switch to the new version but there are XML changes needed.

All of the new OIDC documentation is drafted at least in initial form and has been dry-run tested a couple of times producing a working OP.

One of the other plugins of course is a replacement for the original Duo flow that supports their new full-frame strategy and eventually their replacement UI expected later this year. Both the Shibboleth and WebSDK4 integration "types" support this new extension. The existing Duo support is deprecated with this release but will not be formally removed until Duo's timeline for sunsetting the old integration support is clearer, and certainly not particularly soon.

On the SP front, work has progressed on a new build and packaging toolset for Linux that will be used with any future releases to produce packages for supported platforms. This will likely lead to the elimination of SUSE as a supported platform (there are official packages available on modern SUSE releases anyway), and we are considering dropping official macOS support as well due to lack of interest. We will however probably be adding Amazon Linux as an officially supported platform and package set, and will be more easily able to add other RPM platforms in the future.