- Idpy-discuss - lists3.sunet.se

idpy Developers call CANCELED for 11 April 2023

by Heather Flanagan

Hi all! We have some conflicts with the GÉANT Core AAI meeting this week, so our call is cancelled. See you again in two weeks’ time! Thanks! Heather

2 years, 7 months

1
0
0 0

Notes: idpy Developers call, 28 March 2023

by Heather Flanagan

Attendees: Alex Perez, Giuseppe, Heather, Ivan, Matthew Regrets: Roland, Scott Notes 0 - Agenda bash Introductions: Alexandro Perez-Mendez (JISC), working with Alex Stuart and Phil Smith 1 - Project review a. General Big things Ivan is looking at: making a plan to convert Satosa to use a framework (flask, fastAPI, etc); figuring out better logging and introducing parts of OpenTelemetry (https://opentelemetry.io/) into the code to help add traces and possibly switching to structured logging. Hannah has a draft PR about logout support on Satosa. For that, we need to keep some state, and this PR offers an opportunity to consider that again. • Do we have documentation on the schema for session storage? Session storage is a python dictionary that is not validated. A basic schema would help organize this and our migration to a new framework. Different pieces (microservices) need to have access to the same part of the state, which makes the keys and cleaning up the state more complicated. This would have to be resolved on the plugins. • Can we rename "microservice" to "plugin"? Any move towards supporting the wallet framework as per eIDAS 2 and the European Digital Identity Wallet Architecture and Reference Framework (https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-… The ARF specifies two flows - the remote flow using OIDC and the proximate flow where RFIDs will be used. Can Satosa work with those things? The plan is to support the OIDC flows and look later at the other flows. The relevant OIDC specifications are still in draft. The Verifiable Credentials are part of what make this complicated; we need to pick a credential profile and make sure we can support that, then consider how they are signed, whether they can support selective disclosure, etc. There will be dedicated calls for this, organized by Ivan. b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) No updates c. Satosa - https://github.com/IdentityPython/SATOSA Looking at the following: • https://github.com/IdentityPython/SATOSA/pull/429 • https://github.com/IdentityPython/SATOSA/pull/433 • https://github.com/IdentityPython/SATOSA/pull/427 • https://github.com/IdentityPython/SATOSA/pull/405 Expect a new release in the next week or so. d. pySAML2 - https://github.com/IdentityPython/pysaml2 Ivan working on a fix for a Windows issue (see https://github.com/IdentityPython/pysaml2/pull/665 for a description; that PR isn't going in, but it does describe the problem). When this is ready, he will cut a new release. Also working on https://github.com/IdentityPython/pysaml2/pull/898 ; this will also go into the new release. e. Any other project (pyFF, djangosaml2, etc) pyFF - Leif is preparing a new release. There have been fixes and merges, so a new release is due. Matthew is working on a docker image (as well as a thiss.js container that would use a simple HTML template to implement a centralized discovery service). Alex and JISC is interested in this work. They have a small docker compose script available that is close to working. • https://github.com/IdentityPython/pyFF/issues/243 Note there is a thiss.io slack channel. Can continue discussion there. Can also create a pyFF channel if that would be more helpful. 2 - AOB Note: Admin task - Pavel, one of the contributors to the independent OIDC front end to Satosa, and his team have been invited to join the OIDC channel in Slack. Need to approve their participation. Thanks! Heather

2 years, 7 months

1
0
0 0

Reminder: idpy developers call, 28 March 2023

by Heather Flanagan

Tuesday, 28 March 2023, 13:00 UTC Zoom: https://us06web.zoom.us/j/83378219417?pwd=dWFLdjRHK3BnRkZMa3VSd2lNaElpdz09 Agenda: 0 - Agenda bash 1 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) c. Satosa - https://github.com/IdentityPython/SATOSA d. pySAML2 - https://github.com/IdentityPython/pysaml2 e. Any other project (pyFF, djangosaml2, etc) 2 - AOB Thanks! Heather

2 years, 7 months

1
0
0 0

Notes: idpy Developers call, 14 March 2023

by Heather Flanagan

Attendees: Ivan, Heather, Matthew With so few people, meeting was an informal chat about the FedCM / R&E Hackathon, the pyFF release schedule, and SLO (https://github.com/IdentityPython/SATOSA/pull/431) Ivan is working on a new Satosa release; looking at several MRs (unlikely all will go in) • https://github.com/IdentityPython/SATOSA/issues/404 • https://github.com/IdentityPython/SATOSA/pull/429 • https://github.com/IdentityPython/SATOSA/pull/419 • https://github.com/IdentityPython/SATOSA/pull/427 pyFF - Ivan can create a release, but would be better to talk to Leif to see if he has plans. In the meantime, Matthew will continue to work on packaging 2.0. Thanks! Heather

2 years, 8 months

1
0
0 0

Reminder: idpy developers call, 14 March 2023

by Heather Flanagan

Oh no! It’s that horrible, horrible time of here Daylight Saving Time happens in some places and not in others! Starting this Sunday, 12 March, clocks will shift forward in the US. For those of you in Europe, the clocks do not change until 26 March 2023. Since the call is currently pinned to the US Pacific timezone, that means our call on Tuesday will happen at: 06:00 US Pacific 14:00 CET 15:00 EET If people would like to keep the call at the usual European time, please chime in on the Slack channel before CoB on Monday, 13 March. Tuesday, 14 March 2023, 13:00 UTC Zoom: https://us06web.zoom.us/j/83378219417?pwd=dWFLdjRHK3BnRkZMa3VSd2lNaElpdz09 Agenda: 0 - Agenda bash 1 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) c. Satosa - https://github.com/IdentityPython/SATOSA d. pySAML2 - https://github.com/IdentityPython/pysaml2 e. Any other project (pyFF, djangosaml2, etc) 2 - AOB Thanks! Heather

2 years, 8 months

1
0
0 0

idpy dev call CANCELED for 28 February 2023

by Heather Flanagan

Hi all! We don’t have a lot of new things to cover and several folks are going to be attending the R&E/FedCM meeting this week in California, so I’m canceling the idpy call. Our next call is scheduled for 14 March 2023. See you then! Thanks! Heather

2 years, 8 months

1
0
0 0

Setup of Many to One instance

by Little, Cody (Education)

UNOFFICIAL Hey All, We're looking at setting up SATOSA as a SAML proxy for a handful (300+) SAML apps (very basic onelogin php-saml apps) to a single Okta SAML2 app. From reading through the documentation a number of times, I'm a bit confused. Few questions: Do I need to create a front-end config for each SP or just append additional metadata URLs to the metadata array? How are the SPs differentiated from one another if not by entity IDs is this where the client-side cookie comes in? If anyone has some insight around the configuration, any help is much appreciated. Regards, Cody

2 years, 9 months

2
2
0 0

Notes: idpy dev call, 14 February 2023

by Heather Flanagan

Attendees Roland, Heather, Scott, Ivan, Matthew Notes: 0 - Agenda bash 1 - Project review a. General [not for public consumption] Security issues - haven't resolved this yet; will be creating a patch and eventually entirely deprecating the affected package. Regarding the recent security issue reported by Shibboleth, we use the same XML parser but it is restricted to a specific set of rules. We do not appear to be affected by the issue. Ivan is still investigating. b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-CryptoJWT, idpy-oidc, fedservice, etc.) Roland has a fork named fedservice that has a number of updates (this is separate from the fedservice package). Roland has tried to condense it, but that hasn't worked well. It is a massive set of changes. Will want people to try to use the package and see if it breaks. If it does, reach out to Roland for assistance. Fedservice the package is almost update to the latest version of the OIDC federation spec. SUNET will run an OIDC federation POC which will provide us with some useful feedback. [not for public consumption] The Swedish government agency dealing with immigration/emigration want to migrate from a SAML federation to an OIDC federation. They are running a Microsoft proxy and Roland has pointed them to Satosa. They are a java shop, but Roland will suggest they donate money to idpy for Satosa support and support it that way. Note that SUNET is starting work on a digital wallet as part of the EU initiative. This may result in additional packages or libraries, and will primarily support OIDC c. Satosa - https://github.com/IdentityPython/SATOSA No update. d. pySAML2 - https://github.com/IdentityPython/pysaml2 New release has been posted (https://github.com/IdentityPython/pysaml2/releases/tag/v7.3.0) Big items include: • used poetry to clean things up, refactored code style • attribute requirements for subject-id Next release will start using mypy, bump the supported python version to 3.9, and support typing. See https://github.com/IdentityPython/pysaml2/pull/896 After that, will start looking at the use of pyOpenSSL for certificates and temporary file management for Window. e. Any other project (pyFF, djangosaml2, etc) Note that Matthew is going to package up pyFF and the thiss.io service. If anyone would like to work with him on that, please reach out! 2 - AOB What are the benefits of poetry? • https://www.geeksforgeeks.org/using-poetry-dependency-management-tool-in-py… • https://towardsdatascience.com/lets-jump-on-the-poetry-bandwagon-d0b650de17… Thanks! Heather

2 years, 9 months

1
0
0 0

Reminder: idpy developers call, 14 February 2023

by Heather Flanagan

Tuesday, 14 February 2023, 14:00 UTC Zoom: https://us06web.zoom.us/j/83378219417?pwd=dWFLdjRHK3BnRkZMa3VSd2lNaElpdz09 Agenda: 0 - Agenda bash 1 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) c. Satosa - https://github.com/IdentityPython/SATOSA d. pySAML2 - https://github.com/IdentityPython/pysaml2 e. Any other project (pyFF, djangosaml2, etc) 2 - AOB Thanks! Heather

2 years, 9 months

1
0
0 0

Help: How to set up saTosa

by Malathi Deenadayalan

Hi, I am new to this saTOsa set up. Please can you help me to setup saTosa for my idp. Regards, Malathi

2 years, 9 months

3
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Idpy-discuss