2015-07-17

Owned by Ian Young
Last updated: Jul 17, 2015 by Scott Cantor
2 min read

Shibboleth Developer's Meeting, 2015-07-17

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2015-08-07. Any reason to deviate from this?

60 to 90 minute call window.

 

Call Details

This week's call will use the Lync system at OSU. To participate, call:

  • +1 (614) 688-1800 (please use if possible)
  • +1 (800) 678-6114 (use only if you're charged for the 614 number)

The Conference ID is: 738127#

International participants should be able to access the 800 number without charge through Skype.

AGENDA

Add items for discussion here

Best way to fix:

  • IDP-768 Allow shibboleth.Conditions.RelyingPartyId to take a simple string
  • IDP-771 Property replacement in ComputedID connectors.
  • As time allows IDP-627 Support HTTP Strict Transport Security (HSTS)

Turn off PKIX by default? Just in SP? Ignore it because all the KeyAuthorities are mostly gone?

  • Scott will draft a note to REFEDS proposing that we do this in future releases and make this a formal, community consensus call to make this happen. For now, we'll release the patch unchanged apart from me having changed the example config file (not the default config).

Attendees:

 

Brent

 

Daniel

 

Ian

 

Marvin

  • Been a busy few weeks for IdP development. Recently resolved issues: IDP-762, IDP-763, IDP-660, IDP-742. Mostly done with IDP-769.
  • Not sure I can complete  IDP-701 - Getting issue details... STATUS  in a reasonable way without the indexing discussed on the issue. I'm unclear whether iterating over metadata includes all loaded metadata sources or whether I can scope the iteration to just a single source. If the latter I should be ok.
  • Hopeful I'll get to the logout propagation part of IDP-224 to support IDP-645, which we need for an internal project here at VT.

Rod

Nothing

 

Scott

SP patch about ready

  • Library fixes
  • ODBC bug
  • systemd / packaging changes
  • Switch to same-version upgrades on Windows for patching

Hopefully will get back to IdP work / review shortly

OpenID Connect work starting up based on MITRE code, they're hoping to demo by October

Tom

Worked on testing against multiple browsers via Sauce Labs in order to test local storage. I believe we will be able to use Selenium's "desired capabilities" to test browsers which do not support local storage falling back to cookies.

The Sauce plugin to Jenkins plus a helper test class can act as a TestNG data provider, meaning that test methods can be run against each configured browser. We might want to organize Jenkins test jobs by platform, Windows, iPhone, etc.

Each test class in java-idp-integration-tests will use a separate copy of idp.home which is deleted only if all tests pass to facilitate troubleshooting. Ports are selected at runtime. Unfortunately, testing against multiple browsers in parallel would involve some re-working of the integration tests so that an IdP instance is started @BeforeClass rather than in each test method, probably future work if we so desire.

Used this as an opportunity to start using git. Work was done in a brach of a personal repository.

Next steps are to connect the client side storage service to the local storage flows.


 

Other