5:13 p.m.
Attendees:
Ivan, Heather, Giuseppe, Christos, Hannah, Roland, John P.
Regrets:
Rainer, Scott
Agenda:
0. Agenda bash
1. GitHub review
a. pySAML2 - https://github.com/IdentityPython/pysaml2
<https://github.com/IdentityPython/pysaml2>
1:38 p.m.
Hi guys, here my proposals and notes.
Il mar 20 ago 2019, 16:13 Heather Flanagan <hlflanagan at sphericalcowgroup.com ha scritto:
...
2. Hackathon planning -
https://wiki.refeds.org/pages/viewpage.action?pageId=44959235
<https://wiki.refeds.org/pages/viewpage.action?pageId=44959235
...
- What do people need to get started? Suggest setting up a VM for
Satosa so that people have a ready-made environment. Can set up a small
image with everything ready and packed in, with no other setup. Will put it
in the repository as an image. Will reuse this for other purposes
(including future Hackathon). In the past, we’ve talked about having images
that demonstrate different use cases; can use this for small demos.
- Action item for Ivan; will try to have that this week
For a custom deployment of uniAuth (pysaml2 idp) I can do a specialized app
for the Hackathon, with:
- custom logo of the event;
- custom authentication backend on top of a json file containing users
identities. We can also use a slapd setup [1] or users in rdbms;
- custom attr processor (if needed, optional);
- Easy instructions to have all ready in a vm (or whatever needed for a
transparent and ready to use setup).
This Will be a Django app that could be published as a python-identity
repository if needed. This will not imply any source code changements, It
will only be an app that overload default uniauth configuration.
- For the OIDC Federation table - they need to have
read the
specification and understood it. There will be at least three people at
this table, including two Java programmers. When they have something
running, will start doing interop testing; Roland will have entities
available for them to talk to to test their code. The SimpleSAMLphp
programmer will also be there, but he may be at another table. The
developers will have their own environment with them on their laptops.
- Need to ask for white boards.
- Would be good if the EIDAS people would be there.
On September I'll start the development of uniauth-oidc on top of pyop
(pyoidc) and other things related to oidc for the IDEM workgroup I'm
belonging to. I'll try to follow and integrate this task according to
hackathon goals for a better general reusability. I'll follow this table
with interest. My implementation will mainly be a Port of satosa's oidc
frontend into Django as an uniAuth optional application.
- Pepe: as SP I used this for my tests:
https://github.com/peppelinux/Django-Identity/tree/master/djangosaml2_sp/dj…
and pysaml2 idp I used uniAuth (
https://github.com/UniversitaDellaCalabria/uniAuth
For the SP I can do a hackaton template on top of djangosaml2 if usefull.
These are my questions:
Do we Need more then one SP and IdP? For example mixing: pysaml2,
shibboleth and simplesamlphp SP/idp for a wider pyff DS usage?
Do we need a hackathon template for pyff DS?
Regards
[1] https://github.com/peppelinux/ansible-slapd-eduperson2016
3:48 p.m.
Hi,
just an update related to a shared topic.
Il giorno mar 20 ago 2019 alle ore 16:13 Heather Flanagan <
hlflanagan at sphericalcowgroup.com> ha scritto:
2) Encrypt Assertion if SP have encrytion keys into its metadata (as
Shibboleth already does). I'll have to dug into code to make a proposal, if
there come some suggestions: I'll appreciate.
In uniauth I just implemented this behaviour:
if IDP.config.metadata.certs(self.sp['id'], "spsso",
use="encryption") ->
encrypt_assertion, encrypt_advice_attributes and
encrypt_assertion_self_contained = True
It works with pysaml2 SP but not with Shibboleth SP, this latter cannot
decrypt/parse the assertions. Is there any clue before opening an issue on
pysaml2 github?
I'm acqually disabling encryption with 'disable_encrypted_assertions'
parameter set to global (it acts over all the sp).
regards
7:39 p.m.
Hi Marco,
You might want to increase the logging severity for XML tooling in your test Shib instance
and study the log.
- Rainer
Von meinem iPad gesendet
Am 04.09.2019 um 14:48 schrieb Giuseppe De Marco
<giuseppe.demarco at unical.it>:
Hi,
just an update related to a shared topic.
Il giorno mar 20 ago 2019 alle ore 16:13 Heather
Flanagan <hlflanagan at sphericalcowgroup.com> ha scritto:
2) Encrypt Assertion if SP have encrytion keys into its metadata (as Shibboleth already
does). I'll have to dug into code to make a proposal, if there come some suggestions:
I'll appreciate.
In uniauth I just implemented this behaviour:
if IDP.config.metadata.certs(self.sp['id'], "spsso",
use="encryption") -> encrypt_assertion, encrypt_advice_attributes and
encrypt_assertion_self_contained = True
It works with pysaml2 SP but not with Shibboleth SP, this latter cannot decrypt/parse the
assertions. Is there any clue before opening an issue on pysaml2 github?
I'm acqually disabling encryption with 'disable_encrypted_assertions'
parameter set to global (it acts over all the sp).
regards
_______________________________________________
Idpy-discuss mailing list
Idpy-discuss at lists.sunet.se
https://lists.sunet.se/listinfo/idpy-discuss
1935
days inactive
1950
days old
3 comments
3 participants
participants (3)
-
giuseppe.demarco@unical.it -
hlflanagan@sphericalcowgroup.com -
rainer@hoerbe.at