2019-10-18
- Ian Young
- Scott Cantor
- Rod Widdowson
Owned by Ian Young
Shibboleth Developer's Meeting, 2019-10-18
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2019-11-01. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- (Rod) Do we want to make a bunch of "not expected to be extended" classes final in V4 - its out last chance. Examples are IdPAttribute and AttributeResolver
- Status/completeness of SAML SSO profile validation logic in OpenSAML
- Looks like it's used in the delegation work
Attendees:
Tom, Henri absent
Brent
- Just back from vacation, nothing significant to report
Daniel
Ian
- Quick update on Oracle Java 8 change
Phil
- Close (hopefully) to understanding CSRF mitigation across 'all' view-states
- Overview here (CSRF FlowExeuctionListener testing, all views overview)
- CAS views (CSRF FlowExecutionListener testing for CAS)
- Is fine with small modification to logout propagation view (although probably best excluded)
- Aim to finish ASAP.
- Next tidy up some of the code
- Then let people decide if this is something they want.
- If so, need to look at automated integration tests - existing ones, to check any breakage
- Any new tests to exercise the CSRF listener (unit and integration)
Rod
-
IDP-1499
-
Getting issue details...
STATUS
- Code freeze soon, then loads of testing.
- Any other customizations?
Scott
- OSJ-287 - Getting issue details... STATUS
-
IDP-1494
-
Getting issue details...
STATUS
- MVC discovery / changes
- Nested PRC design is convoluted but working (PRC → AC → PRC)
- AuthnRequest being issued and response decoded by controller
- POST only at the moment
- Remaining work is on validation/attribute extraction half of flow, and polishing/extending request capabiilities
Other