/
2019-08-16

2019-08-16

Jul 29, 2021

Shibboleth Developer's Meeting, 2019-08-16

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 06-Sep. Any reason to deviate from this?

60 to 90 minute call window.

 

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

 

AGENDA

  • SWITCH will attend (Etienne, Lukas and Res), to present the use cases behind the structured (jumbo) attribute. Key messages:

    • Today we have (only) 2 SPs (registration services) that would require this information. They are currently being built.

    • Both are needing this information for the provisioning towards a couple of further services (like e.g. Adobe Creative Cloud etc.)

    • These 2 registration service SPs are user-centric on their own authentication side, while they have to pick a role of the person on the provisioning side, for each of those further services.

    • We could do without a proper attribute filter step. The registration service SPs would just require everything.

    • Still, packing all of this onto the IdP might bee too much. We have therefore a plan B which looks like this:

      • Send all affiliation related information (UniqueID, Mail, ScopedAffiliation, ...) in separate flat multivalued attributes to the registration service SPs (and get the consent of the user)

      • Let the registration service SP call the SCIM API ( https://www.switch.ch/edu-id/organisations/tech/scim-api/ ) for each of those obtained ScopedAffiliation values, and get the proper set of attributes for that specific affiliation .

      • With this, the registration service SP can then build up an own user database, and use that one for further provisioning towards the services behind.

    • We don't expect a quick solution.

  • IDP-1181 - Getting issue details... STATUS
    - carried forward

  • PS

    IDP-1476 - Getting issue details... STATUS
    - Update on some SameSite cookie attribute testing.

  • Splitting workload on SAML proxying

 

Attendees:

 

Brent

  • OSJ-188 - Getting issue details... STATUS
    - Finished

  • OSJ-272 - Getting issue details... STATUS
    - Circling back to work-in-progress

  • IDP-1461 - Getting issue details... STATUS
    - a few final details to sort out, do "real" testing with IdP

 

Daniel

  • https://bugs.openjdk.java.net/browse/JDK-8217606 : JNDI bug has been fixed, looks like it's slated for Java 14?

  • Adding support binary attributes in IDPv3 for use with UnboundID is in-flight

  • Ldaptive v2 (built on netty, no provider dependencies) is about to hit RC1; question as to whether it will be appropriate for IDP v4

  • Will probably be late to the call....

 

Henri

 

Ian

  • Nothing to report.

 

Marvin

 

Phil

 

Rod

  • Installer:

    • Poking at the technologies to do the install grunt work imperatively (in Java).  Files.walkFileTree  rocks!

    • Paradoxically it might be easiest to let ant do some things (like jar creation).

    • Does the AuthN change require installer changes ?

    • Can we start thinking about property name changes?

 

Scott

  • IDP-1391 - Getting issue details... STATUS

    • Do we want to auto-configure a local name/password at install time?

  • V4 doc work

  • Audit additions

  • Did a bit with Eclipse warnings, updated parent project and applied to spring-exts

  • Support issue - OIDC plugin causing wacked out Spring reloading anomaly

Tom

  • AWS status

    • 4 slave nodes 

      • Windows Server 2016

      • RHEL8

      • CentOS7

      • Ubuntu18 (for "grins")

    • considering Amazon Linux 2 (rather than installing Coretto on the linux slaves)

    • experimentation > proof of concept > (we are here) scripting of OS and tool updates > "success"

  • Jetty 9.4 testbed