I still see 3.4.8 as the latest release (from September). Will there be a new Satosa release soon? I really don’t want to run unmerged code in production, but we’re running out of time… From: Idpy-discuss <idpy-discuss-bounces at lists.sunet.se> On Behalf Of Nick Roy Sent: Wednesday, November 14, 2018 12:53 PM To: Heather Flanagan <hlflanagan at sphericalcowgroup.com> Cc: discuss at idpy.org Subject: Re: [Idpy-discuss] Notes: idpy developers call, 13 November 2018 Hi all, Internet2 is waiting to deploy a new version of Satosa to allow us to integrate with any IdPs in SURFconext, and that is dependent upon PR 485 getting merged and a new release cut. Will that still be happening today? Thank you, Nick On 13 Nov 2018, at 7:46, Heather Flanagan wrote: Notes: Attending: Heather, Ivan, Roland, Jonas L., Davide Regrets: Scott, Martin, Christos 0. Agenda bash 1. Governance update Board has the kick off call today. 2. idpy developers meeting @ TIIME - agenda building Handling of micro services (Satosa) Handling logging, esp. with plugins (Satosa) Handling of XML (pySAML) Action: Heather to ask Rainer about having a side meeting 3. PR review - Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA) Ivan has been working on changing the internal hashing mechanisms; it is all backward compatible but you will get deprecation warnings (PR 196). Now have a new micro service called “hasher”. Also worked on OIDC frontend/backend and using self-signed certificates. (PR 197) eduTEAMS now only has one commit difference from main branch. (PR 182) Ivan will be working on that soon so that eduTEAMS can be using the main Satosa repository. A new Satosa version will be released tomorrow; big change log. - pySAML2 (https://github.com/IdentityPython/pysaml2) Johan had two PRs regarding Unicode attribute values that needed to be either encrypted or signed. There may be some refactoring of this in the future. Ivan is now working on PR 396, related to having the ability to specify which signature or digest method you want to use (right now you can only do that via the configuration file). Martin has a new PR (556) around the internal attribute conversion between names and friendly names. Ivan agrees with those changes and will be merging soon. Scott has added tests to PR 485. Ivan will be merging this soon and cutting a release. Some new issues have been reported. 555 suggests that we put every name in the root name space, but that doesn’t quite work in real life. XML and XML operations - Ivan had proposed we use a separate module to handle XML operations, which would also allow us to switch XML back ends. - pyFF (https://github.com/IdentityPython/pyFF) Leif will be working on separating this code into more discrete components (e.g., discovery will become separate). - Governance docs (https://github.com/IdentityPython/Governance) 4. AOB OIDC federations - would like to run pilots soon. There is a python implementation, but that’s it. Would like to have Satosa be able to handle OIDC federations. If there is a priority list of what will be done soon, Roland would like to see OIDC federations high up on that list. Roland has running flask instances for the RP and OP; it should be fairly straightforward to do something. Not sure about the interface between the front end and Satosa itself. Ivan would like to see this too, though it hasn’t been prioritized yet. Note that Davide is also interested in this effort. Suggest Roland and Ivan have a separate call next week to discuss further. Another project is underway within AARC that will depend on Satosa: Evaluating assurance. Expect additional PRs related to this effort. _______________________________________________ Idpy-discuss mailing list Idpy-discuss at lists.sunet.se<mailto:Idpy-discuss at lists.sunet.se> https://lists.sunet.se/listinfo/idpy-discuss

Thanks, Ivan and you are correct - it is pysaml2 that we need.

FYI, pysaml v4.6.4 is now out and includes the want_assertions_or_response_signed configuration option. -- Ivan c00kiemon5ter Kanakarakis >:3