February 2025 Update
- Scott Cantor
We continue to be “between” releases for the most part as we actively work across our software line. Work has been ongoing on:
A first set of bug fixes and some enhancements to the WebAuthn plugin, with the 1.1.0 release expected late this month.
OpenID Federation support, along with beginning to get the right team members engaged with wider efforts in this space in the R&E sector.
Continued development of the next-gen SP (more below).
Development of a SAML Attribute Query DataConnector for the IdP’s attribute resolver, which we will leverage to replicate some of the current functionality in the SP as we migrate those pieces into Java. This work is expected to show up as part of IdP V5.2.0.
I covered the SP at some length last month, but I’ll reiterate a couple of useful links, as both pages receive ongoing updates as things evolve.
The current status is “we’re making good progress”. The SP builds on both Mac (and probably Linux) and Windows right now, though there are some key components left to build for Windows due to how horrific its WinHTTP and TLS APIs are in comparison with Curl, which tends to spoil developers with how simple it is to use. Unfortunately keeping it current in packaged software is not so simple, so we have no plans to use it on Windows in the future. (Yes, Windows now includes it, but not as a library, only a command line tool.)
We have completely stripped out all third-party dependencies from it aside from Boost, which is only needed at build time. The code base is being modernized, using C++14 as the primary baseline, though it does build with C++11 with some feature gaps. This provides a lot of additional functionality in terms of standard APIs and code readability.
The new “agent” (the terminology I’m applying to the Apache/IIS component) now loads successfully in both those servers, and we are able to add code that we can readily test in those web servers again, adding back functionality to get back to somethng close to the current SP’s state, modulo the changes we expect to make. To this point, very little of that functionality is added back, with the exception of a new SessionInitiator handler, which has been tested end-to-end as of the day I’m writing this and is able to request the Java hub to produce SAML requests which are returned to the agent and on to the client. There is no SAML code or awareness of it in the agent; it’s just a conduit for the functionality in Java now, proving out the basics of the design I envisioned when I started the work.
With that milestone reached, I plan to shift back to working through some IdP (and misc. plugin) backlog so we can start planning for a V5.2.0 update there. Once that’s done, I would guess a priority will be to start adding some deprecation warnings to the legacy SP to get an update of that ready to release some time this year or next that provides some official notice about at risk features.
In addition, we are starting to look at moving towards a long-awaited 1.0.0 release of the Metadata Aggregator software, and once that’s in flight we’ll be releasing a new version of xmlsectool to allow us to fully shut down all our testing on Java 11, as that is the sole remaining project left on that Java version.
I hope to have some updates in the near future on our plans to work on improving the IdP documentation, but don’t have anything concrete to say on that yet.