[Idpy-discuss] Notes: idpy Developers Call, 12 March 2019

Paul Caskey pcaskey at internet2.edu
Tue Mar 12 14:37:43 UTC 2019

> Project updates
> Not much on the public repos.

FWIW, I submitted 2 PRs for Satosa (206, 207).  Sorry I missed the call, just didn’t have it on my calendar…

From: Idpy-discuss <idpy-discuss-bounces at lists.sunet.se> On Behalf Of Heather Flanagan
Sent: Tuesday, March 12, 2019 8:23 AM
To: idpy-discuss at lists.sunet.se
Subject: [Idpy-discuss] Notes: idpy Developers Call, 12 March 2019

Johan, Heather, Ivan, Rainer

Project updates
Not much on the public repos. There has been quite a bit of work on eduTEAMS, which has a lot to do with microservices and how they use Satosa. Also has impact on the OIDC libraries.

Did do a fix for an issue Scott had with regards to how XMLsec errors were handled. First fix sent the code into an endless loop (oops) but latest patches should be fine. This patch will generate a new release, based on the new way we have agreed to generate releases.

Release process
We will cut a new release and it will be tagged with a branch. Community maintainers will work in the branch space, and core developers will work on the master branch. Latest release for pySAML is 4.6.5. Ivan will cut a new release (4.6.6) and then that branch will be incremented by the community maintainers ( for first change).

Alternatively, Ivan could cut a 4.7 release, and community maintainers would maintain the minor release numbers only. This seems to make more sense; Ivan will do this.

Description of the release process text is copied in each repo. Heather to update it and pull that back into one location so that we only have to change it in one place.

Next on the list for Ivan: Satosa and pySAML2
Fixing redirect binding and some options set in Satosa but which are configured in pySAML2 (how we handle sign_assertion, sign_response, sign_alg, digest_alg). This is the same issue we’ve been talking to Martin about; this impacts eduTEAMS, SURF, and others.

Ivan will cut another release later this week with the fixes for above included. (This will be edition to the release today that fixes xmlsec)

Another issue: https://github.com/IdentityPython/pysaml2/issues/592 do not properly check the certificate as a result of some of the configuration options. Will be changing the default values to require this checking; that may break some existing implementations. Ivan will be investigating further. This more a misconfiguration than a security issue.

Reminder: we’ll have another call in a week; Daylight Saving Time skew will still be a problem so check your calendars!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sunet.se/pipermail/idpy-discuss/attachments/20190312/59d7931c/attachment-0001.html>

More information about the Idpy-discuss mailing list