- Idpy-discuss - lists3.sunet.se

Notes: idpy Developers call, 14 March 2023

by Heather Flanagan

Attendees: Ivan, Heather, Matthew With so few people, meeting was an informal chat about the FedCM / R&E Hackathon, the pyFF release schedule, and SLO (https://github.com/IdentityPython/SATOSA/pull/431) Ivan is working on a new Satosa release; looking at several MRs (unlikely all will go in) • https://github.com/IdentityPython/SATOSA/issues/404 • https://github.com/IdentityPython/SATOSA/pull/429 • https://github.com/IdentityPython/SATOSA/pull/419 • https://github.com/IdentityPython/SATOSA/pull/427 pyFF - Ivan can create a release, but would be better to talk to Leif to see if he has plans. In the meantime, Matthew will continue to work on packaging 2.0. Thanks! Heather

1 year, 9 months

1
0
0 0

Reminder: idpy developers call, 14 March 2023

by Heather Flanagan

Oh no! It’s that horrible, horrible time of here Daylight Saving Time happens in some places and not in others! Starting this Sunday, 12 March, clocks will shift forward in the US. For those of you in Europe, the clocks do not change until 26 March 2023. Since the call is currently pinned to the US Pacific timezone, that means our call on Tuesday will happen at: 06:00 US Pacific 14:00 CET 15:00 EET If people would like to keep the call at the usual European time, please chime in on the Slack channel before CoB on Monday, 13 March. Tuesday, 14 March 2023, 13:00 UTC Zoom: https://us06web.zoom.us/j/83378219417?pwd=dWFLdjRHK3BnRkZMa3VSd2lNaElpdz09 Agenda: 0 - Agenda bash 1 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) c. Satosa - https://github.com/IdentityPython/SATOSA d. pySAML2 - https://github.com/IdentityPython/pysaml2 e. Any other project (pyFF, djangosaml2, etc) 2 - AOB Thanks! Heather

1 year, 10 months

1
0
0 0

idpy dev call CANCELED for 28 February 2023

by Heather Flanagan

Hi all! We don’t have a lot of new things to cover and several folks are going to be attending the R&E/FedCM meeting this week in California, so I’m canceling the idpy call. Our next call is scheduled for 14 March 2023. See you then! Thanks! Heather

1 year, 10 months

1
0
0 0

Setup of Many to One instance

by Little, Cody (Education)

UNOFFICIAL Hey All, We're looking at setting up SATOSA as a SAML proxy for a handful (300+) SAML apps (very basic onelogin php-saml apps) to a single Okta SAML2 app. From reading through the documentation a number of times, I'm a bit confused. Few questions: Do I need to create a front-end config for each SP or just append additional metadata URLs to the metadata array? How are the SPs differentiated from one another if not by entity IDs is this where the client-side cookie comes in? If anyone has some insight around the configuration, any help is much appreciated. Regards, Cody

1 year, 10 months

2
2
0 0

Notes: idpy dev call, 14 February 2023

by Heather Flanagan

Attendees Roland, Heather, Scott, Ivan, Matthew Notes: 0 - Agenda bash 1 - Project review a. General [not for public consumption] Security issues - haven't resolved this yet; will be creating a patch and eventually entirely deprecating the affected package. Regarding the recent security issue reported by Shibboleth, we use the same XML parser but it is restricted to a specific set of rules. We do not appear to be affected by the issue. Ivan is still investigating. b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-CryptoJWT, idpy-oidc, fedservice, etc.) Roland has a fork named fedservice that has a number of updates (this is separate from the fedservice package). Roland has tried to condense it, but that hasn't worked well. It is a massive set of changes. Will want people to try to use the package and see if it breaks. If it does, reach out to Roland for assistance. Fedservice the package is almost update to the latest version of the OIDC federation spec. SUNET will run an OIDC federation POC which will provide us with some useful feedback. [not for public consumption] The Swedish government agency dealing with immigration/emigration want to migrate from a SAML federation to an OIDC federation. They are running a Microsoft proxy and Roland has pointed them to Satosa. They are a java shop, but Roland will suggest they donate money to idpy for Satosa support and support it that way. Note that SUNET is starting work on a digital wallet as part of the EU initiative. This may result in additional packages or libraries, and will primarily support OIDC c. Satosa - https://github.com/IdentityPython/SATOSA No update. d. pySAML2 - https://github.com/IdentityPython/pysaml2 New release has been posted (https://github.com/IdentityPython/pysaml2/releases/tag/v7.3.0) Big items include: • used poetry to clean things up, refactored code style • attribute requirements for subject-id Next release will start using mypy, bump the supported python version to 3.9, and support typing. See https://github.com/IdentityPython/pysaml2/pull/896 After that, will start looking at the use of pyOpenSSL for certificates and temporary file management for Window. e. Any other project (pyFF, djangosaml2, etc) Note that Matthew is going to package up pyFF and the thiss.io service. If anyone would like to work with him on that, please reach out! 2 - AOB What are the benefits of poetry? • https://www.geeksforgeeks.org/using-poetry-dependency-management-tool-in-py… • https://towardsdatascience.com/lets-jump-on-the-poetry-bandwagon-d0b650de17… Thanks! Heather

1 year, 10 months

1
0
0 0

Reminder: idpy developers call, 14 February 2023

by Heather Flanagan

Tuesday, 14 February 2023, 14:00 UTC Zoom: https://us06web.zoom.us/j/83378219417?pwd=dWFLdjRHK3BnRkZMa3VSd2lNaElpdz09 Agenda: 0 - Agenda bash 1 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) c. Satosa - https://github.com/IdentityPython/SATOSA d. pySAML2 - https://github.com/IdentityPython/pysaml2 e. Any other project (pyFF, djangosaml2, etc) 2 - AOB Thanks! Heather

1 year, 10 months

1
0
0 0

Help: How to set up saTosa

by Malathi Deenadayalan

Hi, I am new to this saTOsa set up. Please can you help me to setup saTosa for my idp. Regards, Malathi

1 year, 11 months

3
5
0 0

Notes: idpy dev call, 31 January 2023

by Heather Flanagan

Attendees: Roland, Johan, Heather, Scott, Ivan, Matthew Notes: 0 - Agenda bash 1 - Administrivia • Board will have their annual meeting next week. Same board slate. • Johan will be off for parental leave until August 2023 2 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) Roland has been working on documentation aimed towards software developers. Working on the PRs in the OIDC libraries and have merged all but one. Also started rebasing the fedservice fork so we can issue a PR soon for the work done to support federation. This will be a major PR but mostly in the lower level code. This will bring eduTEAMS in sync with this library; at that point there will be no reason to keep separate software running for eduTEAMS. OIDC federation spec is getting closer to being finalized. There have been discussion from people running OIDC federations in the same way that SAML federations are run (one authority collecting the info). There is a difficulty in that one model (OIDC federation spec) assumes end-to-end encryption where the other assumes that encryption stops at the edge and the organization can inspect the payload (required by regulation for banking). Finding a compromise by allowing metadata collection from well-known endpoints. This involves separating the path from the trust model. c. Satosa - https://github.com/IdentityPython/SATOSA Ivan is preparing a new release, but nothing major. Is considering accepting one more PR (https://github.com/IdentityPython/SATOSA/pull/429) and then will cut the new release. See also • https://github.com/IdentityPython/SATOSA/issues/428 • https://github.com/IdentityPython/SATOSA/pull/430 After this release, will move Satosa to using poetry and require Python 3.9. d. pySAML2 - https://github.com/IdentityPython/pysaml2 Next release will see minimum Python requirement to 3.9 (see email to list). Other major updates: • https://github.com/IdentityPython/pysaml2/pull/888 (may need further discussion) • https://github.com/IdentityPython/pysaml2/pull/895 (compatibility changes) A user came back to an issue (submitted as a PR: https://github.com/IdentityPython/pysaml2/pull/665) about how operations are done with xmlsec1. May need to revisit this. By default, pySAML2 uses the xmlsec1 binary. xmlsec1 works with files, so pySAML2 is always writing files to the file system, but Windows cannot automatically clean up those files; they have to have an external process cleaning up the files. This is not fixable. for the *nix systems, there are automatic cleanups, but they are buggy. Person who submitted the issue offered a suggestion (code) but another option is to handle xmlsec1 differently and offer a different back end. If interested, please review and comment on the PR. e. Any other project (pyFF, djangosaml2, etc) 3 - Documentation See OIDC update 4 - AOB Thanks! Heather

1 year, 11 months

1
0
0 0

Reminder: idpy developers call, 31 January 2023

by Heather Flanagan

Tuesday, 31 January 2023, 14:00 UTC Zoom: https://us06web.zoom.us/j/83378219417?pwd=dWFLdjRHK3BnRkZMa3VSd2lNaElpdz09 Agenda: 0 - Agenda bash 1 - Administrivia 2 - Project review a. General b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc) c. Satosa - https://github.com/IdentityPython/SATOSA d. pySAML2 - https://github.com/IdentityPython/pysaml2 e. Any other project (pyFF, djangosaml2, etc) 3 - Documentation 4 - AOB Thanks! Heather

1 year, 11 months

1
0
0 0

Bumping the minimum supported Python version

by Ivan Kanakarakis

Hello everyone, Within IdentityPython we have agreed to support the Python version that comes with the stable version of Debian. The current stable distribution of Debian is version 11, codenamed bullseye. It was initially released as version 11.0 on August 14th, 2021 and its latest update, version 11.6, was released on December 17th, 2022. Debian stable supports Python 3.9, so I am looking towards bumping the minimum supported Python version to 3.9, for PySAML2 and then for SaToSa. Once this is done, we will be adding typing information to the codebases to ease contributions from other developers and start separating the public APIs from internal code. This will aid in documenting what is there, refactoring the code and cleaning up old and unused code. The plan is to create a new release with the currently merged changes. Then, have a separate release just bumping the minimum Python version required by the package. Expect these new releases to happen within the next week. Cheers, -- Ivan Kanakarakis - sunet.se

1 year, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Idpy-discuss