Hi all,
How appropriate that we are back in Austria, which is where we last had serious conversations about Satosa governance! Because we had a few actions out of that earlier meeting that we need to follow up on.
Governance questions for Satosa:
* IPR needs to be sorted out (who will hold it?)
* CLAs need to be in place
* Re-license if required
Since many of the folks from the last meeting are here, how about finding a few minutes to meet on the above? Prioritization to the IPR question (since it is top of the list, and the other things fall from it).
What time(s) do people have available tomorrow (Wednesday)?
-Heather
Sent from my iPad
Sent from my iPad
I need to build a SAML2SAML proxy and would like to adopt SaToSa for this project, which happens to be the Austrian K12 federation. With most IDPs a NREN-like mesh federation would be a straightforward solution, but there are a few requirements that need a proxy:
(1) The IDP for federal employees needs to see all K12 applications appear as a single SP. (The use case is commercial, because the IDP is charging per application and per user.)
(2) For some IDPs: Create/update an LDAP user object for a subset of attributes
(3) Add a profile completion flow for first-time users to confirm/modify email addresses
(4) Allow embedded discovery (SHOULD)
(5) Staying compatible with the SaToSa upstream project.
The attached picture shows the options with 1:1 and 1:n mapping of IDPs. Are both approaches supported by SaToSa? Is it possible to add an interactive flow to the proxy to update profile data?
- Rainer
Works for me too.
/hans
> 30 maj 2017 kl. 13:39 skrev satosa-dev-request at lists.sunet.se:
>
> Send Satosa-dev mailing list submissions to
> satosa-dev at lists.sunet.se
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sunet.se/listinfo/satosa-dev
> or, via email, send a message with subject or body 'help' to
> satosa-dev-request at lists.sunet.se
>
> You can reach the person managing the list at
> satosa-dev-owner at lists.sunet.se
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Satosa-dev digest..."
>
>
> Today's Topics:
>
> 1. Satosa governance meeting at TNC? (heather flanagan)
> 2. Re: Satosa governance meeting at TNC? (Ioannis Kakavas)
> 3. Re: Satosa governance meeting at TNC? (Leif Johansson)
> 4. Re: Satosa governance meeting at TNC? (heather flanagan)
> 5. Re: Satosa governance meeting at TNC? (Niels van Dijk)
> 6. Re: Satosa governance meeting at TNC? (Roland Hedberg)
> 7. Re: Satosa governance meeting at TNC? (Nick Roy)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 30 May 2017 12:00:20 +0200
> From: heather flanagan <hlflanagan at gmail.com>
> To: satosa-dev at lists.sunet.se
> Subject: [Satosa-dev] Satosa governance meeting at TNC?
> Message-ID: <8F7CD832-1FD8-4E19-A883-323298C2D789 at gmail.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi all,
>
> How appropriate that we are back in Austria, which is where we last had serious conversations about Satosa governance! Because we had a few actions out of that earlier meeting that we need to follow up on.
>
> Governance questions for Satosa:
> * IPR needs to be sorted out (who will hold it?)
> * CLAs need to be in place
> * Re-license if required
>
> Since many of the folks from the last meeting are here, how about finding a few minutes to meet on the above? Prioritization to the IPR question (since it is top of the list, and the other things fall from it).
>
> What time(s) do people have available tomorrow (Wednesday)?
>
> -Heather
> Sent from my iPad
>
>
> Sent from my iPad
>
> ------------------------------
>
> Message: 2
> Date: Tue, 30 May 2017 12:07:14 +0200
> From: Ioannis Kakavas <ikakavas at noc.grnet.gr>
> To: heather flanagan <hlflanagan at gmail.com>
> Cc: satosa-dev at lists.sunet.se
> Subject: Re: [Satosa-dev] Satosa governance meeting at TNC?
> Message-ID: <7de486aa-6f82-442f-91da-450a3b6de324 at noc.grnet.gr>
> Content-Type: text/plain; charset=UTF-8
>
> Hi Heather,
>
> Great idea. I would prefer sometime in the 9.00-10.30 session but I don't really mind if any other time is more appropriate.
>
> Ioannis
>
>
> -------- Original Message --------
> From: heather flanagan <hlflanagan at gmail.com>
> Sent: Tue May 30 12:00:20 GMT+02:00 2017
> To: satosa-dev at lists.sunet.se
> Subject: [Satosa-dev] Satosa governance meeting at TNC?
>
> Hi all,
>
> How appropriate that we are back in Austria, which is where we last had serious conversations about Satosa governance! Because we had a few actions out of that earlier meeting that we need to follow up on.
>
> Governance questions for Satosa:
> * IPR needs to be sorted out (who will hold it?)
> * CLAs need to be in place
> * Re-license if required
>
> Since many of the folks from the last meeting are here, how about finding a few minutes to meet on the above? Prioritization to the IPR question (since it is top of the list, and the other things fall from it).
>
> What time(s) do people have available tomorrow (Wednesday)?
>
> -Heather
> Sent from my iPad
>
>
> Sent from my iPad
> _______________________________________________
> Satosa-dev mailing list
> Satosa-dev at lists.sunet.se
> https://lists.sunet.se/listinfo/satosa-dev
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 30 May 2017 12:12:39 +0200
> From: Leif Johansson <leifj at sunet.se>
> To: satosa-dev at lists.sunet.se
> Subject: Re: [Satosa-dev] Satosa governance meeting at TNC?
> Message-ID: <9b5d535d-2451-a761-bdd6-29e8fc75a918 at sunet.se>
> Content-Type: text/plain; charset=utf-8
>
> On 2017-05-30 12:07, Ioannis Kakavas wrote:
>> Hi Heather,
>>
>> Great idea. I would prefer sometime in the 9.00-10.30 session but I don't really mind if any other time is more appropriate.
>>
>> Ioannis
>
> wfm
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 30 May 2017 12:17:07 +0200
> From: heather flanagan <hlflanagan at gmail.com>
> To: Ioannis Kakavas <ikakavas at noc.grnet.gr>
> Cc: satosa-dev at lists.sunet.se
> Subject: Re: [Satosa-dev] Satosa governance meeting at TNC?
> Message-ID: <2678B8F9-B7C2-4512-9E2D-FA6C3630D8A5 at gmail.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi Ioannis,
>
> I'd actually like to go to that session, and oddly enough the entire rest of the day is free for me. Do you all tend to go to Plenary?
>
> Sent from my iPad
>
>> On May 30, 2017, at 12:07, Ioannis Kakavas <ikakavas at noc.grnet.gr> wrote:
>>
>> Hi Heather,
>>
>> Great idea. I would prefer sometime in the 9.00-10.30 session but I don't really mind if any other time is more appropriate.
>>
>> Ioannis
>>
>>
>> -------- Original Message --------
>> From: heather flanagan <hlflanagan at gmail.com>
>> Sent: Tue May 30 12:00:20 GMT+02:00 2017
>> To: satosa-dev at lists.sunet.se
>> Subject: [Satosa-dev] Satosa governance meeting at TNC?
>>
>> Hi all,
>>
>> How appropriate that we are back in Austria, which is where we last had serious conversations about Satosa governance! Because we had a few actions out of that earlier meeting that we need to follow up on.
>>
>> Governance questions for Satosa:
>> * IPR needs to be sorted out (who will hold it?)
>> * CLAs need to be in place
>> * Re-license if required
>>
>> Since many of the folks from the last meeting are here, how about finding a few minutes to meet on the above? Prioritization to the IPR question (since it is top of the list, and the other things fall from it).
>>
>> What time(s) do people have available tomorrow (Wednesday)?
>>
>> -Heather
>> Sent from my iPad
>>
>>
>> Sent from my iPad
>> _______________________________________________
>> Satosa-dev mailing list
>> Satosa-dev at lists.sunet.se
>> https://lists.sunet.se/listinfo/satosa-dev
>>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 30 May 2017 12:52:49 +0200
> From: Niels van Dijk <niels.vandijk at surfnet.nl>
> To: <satosa-dev at lists.sunet.se>
> Subject: Re: [Satosa-dev] Satosa governance meeting at TNC?
> Message-ID: <42be73b1-ac90-8b32-476c-51f1672d3ce7 at surfnet.nl>
> Content-Type: text/plain; charset="utf-8"
>
> May I propose we meet during the wednesday plenary, which seems to be
> all about networking..
>
>
> On 30-05-17 12:17, heather flanagan wrote:
>> Hi Ioannis,
>>
>> I'd actually like to go to that session, and oddly enough the entire rest of the day is free for me. Do you all tend to go to Plenary?
>>
>> Sent from my iPad
>>
>>> On May 30, 2017, at 12:07, Ioannis Kakavas <ikakavas at noc.grnet.gr> wrote:
>>>
>>> Hi Heather,
>>>
>>> Great idea. I would prefer sometime in the 9.00-10.30 session but I don't really mind if any other time is more appropriate.
>>>
>>> Ioannis
>>>
>>>
>>> -------- Original Message --------
>>> From: heather flanagan <hlflanagan at gmail.com>
>>> Sent: Tue May 30 12:00:20 GMT+02:00 2017
>>> To: satosa-dev at lists.sunet.se
>>> Subject: [Satosa-dev] Satosa governance meeting at TNC?
>>>
>>> Hi all,
>>>
>>> How appropriate that we are back in Austria, which is where we last had serious conversations about Satosa governance! Because we had a few actions out of that earlier meeting that we need to follow up on.
>>>
>>> Governance questions for Satosa:
>>> * IPR needs to be sorted out (who will hold it?)
>>> * CLAs need to be in place
>>> * Re-license if required
>>>
>>> Since many of the folks from the last meeting are here, how about finding a few minutes to meet on the above? Prioritization to the IPR question (since it is top of the list, and the other things fall from it).
>>>
>>> What time(s) do people have available tomorrow (Wednesday)?
>>>
>>> -Heather
>>> Sent from my iPad
>>>
>>>
>>> Sent from my iPad
>>> _______________________________________________
>>> Satosa-dev mailing list
>>> Satosa-dev at lists.sunet.se
>>> https://lists.sunet.se/listinfo/satosa-dev
>>>
>> _______________________________________________
>> Satosa-dev mailing list
>> Satosa-dev at lists.sunet.se
>> https://lists.sunet.se/listinfo/satosa-dev
>
> --
> Niels van Dijk Technical Product Manager Trust & Security
> Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
> SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
> www.surfnet.nlwww.openconext.org
>
>
>
https://github.com/SUNET/SATOSA/pull/89
Sorry about the cryptic name...
This is a PR for attribute-based authorization, eg so you can say "must
have employee at .+ to access this service" etc.
I will push example config to the PR tomorrow...
Cheers Leif
Hi,
It appears that SATOSA and pysaml2 only support SHA1 signing, ie.
<ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
Is that correct?
Thanks,
Scott K