Shibboleth Developer's Meeting, April 11, 2014

Call Details

Meeting URL: http://fuze.me/24048131

Meeting Number: 24048131

Toll / Intl #: N/A

Toll-Free #: N/A

Attendees: 

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.

Brent

Daniel

Ian

Heartbleed: do we want to generate two keys in IdP v3 (for message-level and SOAP TLS) to reduce the severity of cases like this?

Rod

• Mostly away.

• Some heartbleed testing

• Working on parsing <security:Credential> parsing as a precursor to parsing <security:TrustEngine> and thus add the Signing Filter.

Scott

• Heartbleed of course

  • Patch seems fine, installer also updated for future installs

• Completed working SAML 1/2 attribute query flows

• Added 9443 port with our trust plugin to testbed Jetty (and disabled that weird name checking option)

• Finished porting over policy rules into message handlers to get profile authentication working as in V2

  • refactored flows to invoke varied rule sets by profile after resolving RP/Profile configs

  • open issue: do we port the parsing code to support the old rule sets in relying-party.xml

• Started working on error handling, very challenging

  • Starting with SOAP, a bit complex because we need an outbound message/binding context even if we can't establish RP context

  • Needed an action and context to preserve PreviousEvent as ErrorEvent so we don't lose it in error flow

  • Need to decide how to invoke error behavior: global webflow transition or per-action explicit transitions

  • We should not use exceptions routinely, web flow is pretty clear on that

  • Need ways to decide when to generate SAML response and when to generate error pages on front channel

Tom

Other