Hi,
I'd like to have your point of view about the following topics.
Il giorno lun 19 ago 2019 alle ore 18:15 Heather Flanagan <
hlflanagan at sphericalcowgroup.com> ha scritto:
1) sigver refactor to have a xmlsec wrapper or a python native library to:
a) disable weaks algorithms
https://github.com/IdentityPython/pysaml2/pull/628
b) stop making I/O disk, create new files or do system call to get
xmlsec works
https://github.com/IdentityPython/pysaml2/pull/634
c) implement/fix some other issues/features related to this
2) Encrypt Assertion if SP have encrytion keys into its metadata (as
Shibboleth already does). I'll have to dug into code to make a proposal, if
there come some suggestions: I'll appreciate.
b. Satosa -
https://github.com/IdentityPython/SATOSA
1) Handle inconsistent context.state. The following PR it's just a
proof-of-concept and needs more attention for a better rationale:
https://github.com/IdentityPython/SATOSA/pull/272. I think to prevent the
possibility to make authnRequest with invalid/inconsistent/corrupted
context, this PR also introduces the possibility to handle in a definitive
way Error or warning messages to end users:
https://github.com/IdentityPython/SATOSA/issues/228#issuecomment-520275196
2) These all are easy pull requests that can be easily merged after a fast
revision, b) d) and e) are pure bugfixes:
a) ldap_store refactor:
https://github.com/IdentityPython/SATOSA/pull/252
b) Cookie state exception fix/workaround:
https://github.com/IdentityPython/SATOSA/pull/250
c) multiple user_id:
https://github.com/IdentityPython/SATOSA/pull/222
d) sign_alg/digest_alg policy fix:
https://github.com/IdentityPython/SATOSA/pull/216
e) selectagle dig/sign algs in backends:
https://github.com/IdentityPython/SATOSA/pull/214
3) The possibility to select the backend to use in base of the entity Id
used for authentication. Proof of concept here:
https://github.com/IdentityPython/SATOSA/pull/220. I cannot do a separate
microservice because this implementation needs a little but easy
implementation into SATOSA core, I tried to code it as easy to read as
possible.
Thank you all