2019-08-16

Owned by Rod Widdowson
Last updated: Jul 29, 2021 by Ian Young
2 min read

Shibboleth Developer's Meeting, 2019-08-16

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 06-Sep. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  • SWITCH will attend (Etienne, Lukas and Res), to present the use cases behind the structured (jumbo) attribute. Key messages:
    • Today we have (only) 2 SPs (registration services) that would require this information. They are currently being built.
    • Both are needing this information for the provisioning towards a couple of further services (like e.g. Adobe Creative Cloud etc.)
    • These 2 registration service SPs are user-centric on their own authentication side, while they have to pick a role of the person on the provisioning side, for each of those further services.
    • We could do without a proper attribute filter step. The registration service SPs would just require everything.
    • Still, packing all of this onto the IdP might bee too much. We have therefore a plan B which looks like this:
      • Send all affiliation related information (UniqueID, Mail, ScopedAffiliation, ...) in separate flat multivalued attributes to the registration service SPs (and get the consent of the user)
      • Let the registration service SP call the SCIM API ( https://www.switch.ch/edu-id/organisations/tech/scim-api/ ) for each of those obtained ScopedAffiliation values, and get the proper set of attributes for that specific affiliation .
      • With this, the registration service SP can then build up an own user database, and use that one for further provisioning towards the services behind.
    • We don't expect a quick solution.
  • IDP-1181 - Getting issue details... STATUS - carried forward
  • PS IDP-1476 - Getting issue details... STATUS - Update on some SameSite cookie attribute testing.
  • Splitting workload on SAML proxying


Attendees:


Brent

  • OSJ-188 - Getting issue details... STATUS - Finished
  • OSJ-272 - Getting issue details... STATUS - Circling back to work-in-progress
  • IDP-1461 - Getting issue details... STATUS - a few final details to sort out, do "real" testing with IdP


Daniel

  • https://bugs.openjdk.java.net/browse/JDK-8217606 : JNDI bug has been fixed, looks like it's slated for Java 14?
  • Adding support binary attributes in IDPv3 for use with UnboundID is in-flight
  • Ldaptive v2 (built on netty, no provider dependencies) is about to hit RC1; question as to whether it will be appropriate for IDP v4
  • Will probably be late to the call....


Henri


Ian

  • Nothing to report.


Marvin


Phil


Rod

  • Installer:
    • Poking at the technologies to do the install grunt work imperatively (in Java).  Files.walkFileTree  rocks!
    • Paradoxically it might be easiest to let ant do some things (like jar creation).
    • Does the AuthN change require installer changes ?
    • Can we start thinking about property name changes?


Scott

  • IDP-1391 - Getting issue details... STATUS
    • Do we want to auto-configure a local name/password at install time?
  • V4 doc work
  • Audit additions
  • Did a bit with Eclipse warnings, updated parent project and applied to spring-exts
  • Support issue - OIDC plugin causing wacked out Spring reloading anomaly

Tom

  • AWS status
    • 4 slave nodes 
      • Windows Server 2016
      • RHEL8
      • CentOS7
      • Ubuntu18 (for "grins")
    • considering Amazon Linux 2 (rather than installing Coretto on the linux slaves)
    • experimentation > proof of concept > (we are here) scripting of OS and tool updates > "success"
  • Jetty 9.4 testbed

Other