idpv3-mfa issueshttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues2020-01-14T10:51:08+01:00https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/1-RM-3632-MR-Install development tools2020-01-14T10:51:08+01:00Etienne Dysli Metref-RM-3632-MR-Install development toolsInstall my development tools on xenos:
- Jenkins on Tomcat 8
- HTTPS config (cert + Apache)
- SP to protect Jenkins
*(from redmine: issue id 3632, created on 2016-04-07, closed on 2016-04-20)*
* Relations:
* child #3633
* ...Install my development tools on xenos:
- Jenkins on Tomcat 8
- HTTPS config (cert + Apache)
- SP to protect Jenkins
*(from redmine: issue id 3632, created on 2016-04-07, closed on 2016-04-20)*
* Relations:
* child #3633
* child #3635
* child #3637
* child #3638
* child #3639
* child #3640
* child #3642
* child #3659w16Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/2-RM-3633-MR-Shib SP on xenos2020-01-14T10:51:10+01:00Etienne Dysli Metref-RM-3633-MR-Shib SP on xenosto protect Jenkins
*(from redmine: issue id 3633, created on 2016-04-11, closed on 2016-04-20)*
* Relations:
* parent #3632to protect Jenkins
*(from redmine: issue id 3633, created on 2016-04-11, closed on 2016-04-20)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/3-RM-3634-MR-cert mfa-dev.ed.switch.ch2020-01-14T10:51:11+01:00Etienne Dysli Metref-RM-3634-MR-cert mfa-dev.ed.switch.ch
*(from redmine: issue id 3634, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3654
*(from redmine: issue id 3634, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3654Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/4-RM-3635-MR-cert ci.ed.switch.ch2020-01-14T10:51:12+01:00Etienne Dysli Metref-RM-3635-MR-cert ci.ed.switch.ch
*(from redmine: issue id 3635, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3632
*(from redmine: issue id 3635, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/5-RM-3636-MR-Apache config mfa-dev.ed.switch.ch2020-01-14T10:51:14+01:00Etienne Dysli Metref-RM-3636-MR-Apache config mfa-dev.ed.switch.ch
*(from redmine: issue id 3636, created on 2016-04-11, closed on 2016-05-04)*
* Relations:
* parent #3654
*(from redmine: issue id 3636, created on 2016-04-11, closed on 2016-05-04)*
* Relations:
* parent #3654Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/6-RM-3637-MR-Apache config ci.ed.switch.ch2020-01-14T10:51:15+01:00Etienne Dysli Metref-RM-3637-MR-Apache config ci.ed.switch.chcert + AJP to Jenkins
with Puppet
*(from redmine: issue id 3637, created on 2016-04-11, closed on 2016-04-18)*
* Relations:
* parent #3632cert + AJP to Jenkins
with Puppet
*(from redmine: issue id 3637, created on 2016-04-11, closed on 2016-04-18)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/7-RM-3638-MR-Try Jenkins 2.02020-01-14T10:51:16+01:00Etienne Dysli Metref-RM-3638-MR-Try Jenkins 2.0
*(from redmine: issue id 3638, created on 2016-04-11, closed on 2016-04-13)*
* Relations:
* parent #3632
*(from redmine: issue id 3638, created on 2016-04-11, closed on 2016-04-13)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/8-RM-3639-MR-Tomcat 8 on xenos2020-01-14T10:51:17+01:00Etienne Dysli Metref-RM-3639-MR-Tomcat 8 on xenos
*(from redmine: issue id 3639, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3632
*(from redmine: issue id 3639, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/9-RM-3640-MR-systemd unit for Tomcat 8 with Jenkins2020-01-14T10:51:18+01:00Etienne Dysli Metref-RM-3640-MR-systemd unit for Tomcat 8 with Jenkins
*(from redmine: issue id 3640, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3632
*(from redmine: issue id 3640, created on 2016-04-11, closed on 2016-04-11)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/10-RM-3642-MR-Puppet modules for Jenkins on Tomcat 82020-01-14T10:51:20+01:00Etienne Dysli Metref-RM-3642-MR-Puppet modules for Jenkins on Tomcat 8- ceso\_jenkins
- ceso\_profile::jenkins
*(from redmine: issue id 3642, created on 2016-04-13, closed on 2016-04-15)*
* Relations:
* parent #3632- ceso\_jenkins
- ceso\_profile::jenkins
*(from redmine: issue id 3642, created on 2016-04-13, closed on 2016-04-15)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/11-RM-3643-MR-Google Authenticator support2020-01-14T10:51:20+01:00Etienne Dysli Metref-RM-3643-MR-Google Authenticator supportAs a university staff with a smart phone,
I want to use the Google Authenticator mobile application when
authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3643, created on 2016-04-13)*As a university staff with a smart phone,
I want to use the Google Authenticator mobile application when
authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3643, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/12-RM-3644-MR-SMS OTP support2020-01-14T10:51:20+01:00Etienne Dysli Metref-RM-3644-MR-SMS OTP supportAs a university staff with only a mobile phone (no smart phone),
I want to receive an OTP via SMS when authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3644, created on 2016-04-13)*As a university staff with only a mobile phone (no smart phone),
I want to receive an OTP via SMS when authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3644, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/13-RM-3645-MR-Choose second factor on IdP2020-01-14T10:51:21+01:00Etienne Dysli Metref-RM-3645-MR-Choose second factor on IdPAs a user authenticating on the IdP,
I want to be able to choose the second authentication factor,
so that I can use the most convenient method for me.
*(from redmine: issue id 3645, created on 2016-04-13)*As a user authenticating on the IdP,
I want to be able to choose the second authentication factor,
so that I can use the most convenient method for me.
*(from redmine: issue id 3645, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/14-RM-3646-MR-Backup access2020-01-14T10:51:21+01:00Etienne Dysli Metref-RM-3646-MR-Backup accessAs a regular 2FA user temporarily unable to use my second factor,
I want to be granted a fallback access for a limited period of time,
so that I can access SPs requiring 2FA.
→ process independent of Shibboleth (helpdesk-provided OT...As a regular 2FA user temporarily unable to use my second factor,
I want to be granted a fallback access for a limited period of time,
so that I can access SPs requiring 2FA.
→ process independent of Shibboleth (helpdesk-provided OTP)
*(from redmine: issue id 3646, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/15-RM-3647-MR-Won't use personal device2020-01-14T10:51:22+01:00Etienne Dysli Metref-RM-3647-MR-Won't use personal deviceAs a reluctant university staff,
I want the University to give me the means to access protected
resources,
so that I can access SPs requiring 2FA without using my own personal
device.
→ process independent of Shibboleth (physical to...As a reluctant university staff,
I want the University to give me the means to access protected
resources,
so that I can access SPs requiring 2FA without using my own personal
device.
→ process independent of Shibboleth (physical token?)
*(from redmine: issue id 3647, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/16-RM-3648-MR-Password recovery2020-01-14T10:51:22+01:00Etienne Dysli Metref-RM-3648-MR-Password recoveryAs a university student,
I want to be able to reset my password using a 2FA-protected online
self-service,
so that my password cannot be changed by others.
→ process independent of Shibboleth
*(from redmine: issue id 3648, created...As a university student,
I want to be able to reset my password using a 2FA-protected online
self-service,
so that my password cannot be changed by others.
→ process independent of Shibboleth
*(from redmine: issue id 3648, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/17-RM-3649-MR-MFA for whole SP2020-01-14T10:51:23+01:00Etienne Dysli Metref-RM-3649-MR-MFA for whole SPAs a SP-protected web application operator,
I want to force users to authenticate with two factors,
so that their account and the personal information it contains are
better protected.
*(from redmine: issue id 3649, created on 2016...As a SP-protected web application operator,
I want to force users to authenticate with two factors,
so that their account and the personal information it contains are
better protected.
*(from redmine: issue id 3649, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/18-RM-3650-MR-MFA only to validate sensitive actions2020-01-14T10:51:23+01:00Etienne Dysli Metref-RM-3650-MR-MFA only to validate sensitive actionsAs a SP-protected web application operator,
I want to be able to use 2FA only to validate sensitive user actions,
so that sensitive actions are strongly protected and users are not
required to use 2FA all the time.
→ handled by the ...As a SP-protected web application operator,
I want to be able to use 2FA only to validate sensitive user actions,
so that sensitive actions are strongly protected and users are not
required to use 2FA all the time.
→ handled by the application which must request stronger authentication
to Shibboleth when it needs it
*(from redmine: issue id 3650, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/19-RM-3651-MR-IdP configuration for MFA2020-01-14T10:51:24+01:00Etienne Dysli Metref-RM-3651-MR-IdP configuration for MFAAs an IdP operator,
I want to provide a 2FA login flow,
so that SPs can get stronger authentication.
*(from redmine: issue id 3651, created on 2016-04-13)*As an IdP operator,
I want to provide a 2FA login flow,
so that SPs can get stronger authentication.
*(from redmine: issue id 3651, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/20-RM-3652-MR-MFA over RADIUS2020-01-14T10:51:24+01:00Etienne Dysli Metref-RM-3652-MR-MFA over RADIUSAs a VPN gateway operator,
I want to authenticate 2FA users over RADIUS,
so that both users with or without 2FA are authenticated over the same
protocol.
→ RADIUS authentication is independent of Shibboleth
*(from redmine: issue i...As a VPN gateway operator,
I want to authenticate 2FA users over RADIUS,
so that both users with or without 2FA are authenticated over the same
protocol.
→ RADIUS authentication is independent of Shibboleth
*(from redmine: issue id 3652, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/21-RM-3653-MR-Verify user identity on enrollment2020-01-14T10:51:24+01:00Etienne Dysli Metref-RM-3653-MR-Verify user identity on enrollmentAs a university account administrator,
I want to verify user's identities before they can use 2FA,
so that I can provide a stronger verification level to applications
using 2FA.
→ process independent of Shibboleth
*(from redmine: ...As a university account administrator,
I want to verify user's identities before they can use 2FA,
so that I can provide a stronger verification level to applications
using 2FA.
→ process independent of Shibboleth
*(from redmine: issue id 3653, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/22-RM-3654-MR-Install demo IdP2020-01-14T10:51:26+01:00Etienne Dysli Metref-RM-3654-MR-Install demo IdPDeployment target
*(from redmine: issue id 3654, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* child #3634
* child #3636
* child #3655
* child #3656Deployment target
*(from redmine: issue id 3654, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* child #3634
* child #3636
* child #3655
* child #3656w18Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/23-RM-3655-MR-Prepare IdP config in Puppet2020-01-14T10:51:27+01:00Etienne Dysli Metref-RM-3655-MR-Prepare IdP config in Puppet
*(from redmine: issue id 3655, created on 2016-04-13, closed on 2016-04-26)*
* Relations:
* parent #3654
*(from redmine: issue id 3655, created on 2016-04-13, closed on 2016-04-26)*
* Relations:
* parent #3654Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/24-RM-3656-MR-Register IdP in AAI Test federation2020-01-14T10:51:28+01:00Etienne Dysli Metref-RM-3656-MR-Register IdP in AAI Test federation
*(from redmine: issue id 3656, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* parent #3654
*(from redmine: issue id 3656, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* parent #3654Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/25-RM-3658-MR-Setup build & test tools2020-01-14T10:51:29+01:00Etienne Dysli Metref-RM-3658-MR-Setup build & test tools- Maven POM
- Robot Framework + Selenium
- Deployment on demo IdP machine
*(from redmine: issue id 3658, created on 2016-04-19, closed on 2016-05-04)*
* Relations:
* child #3660
* child #3662
* child #3666- Maven POM
- Robot Framework + Selenium
- Deployment on demo IdP machine
*(from redmine: issue id 3658, created on 2016-04-19, closed on 2016-05-04)*
* Relations:
* child #3660
* child #3662
* child #3666w18Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/26-RM-3659-MR-Obtain Git read access for Jenkins2020-01-14T10:51:30+01:00Etienne Dysli Metref-RM-3659-MR-Obtain Git read access for Jenkins
*(from redmine: issue id 3659, created on 2016-04-19, closed on 2016-04-19)*
* Relations:
* parent #3632
*(from redmine: issue id 3659, created on 2016-04-19, closed on 2016-04-19)*
* Relations:
* parent #3632Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/27-RM-3660-MR-Configure Jenkins jobs2020-01-14T10:51:32+01:00Etienne Dysli Metref-RM-3660-MR-Configure Jenkins jobs
*(from redmine: issue id 3660, created on 2016-04-19, closed on 2016-04-28)*
* Relations:
* parent #3658
*(from redmine: issue id 3660, created on 2016-04-19, closed on 2016-04-28)*
* Relations:
* parent #3658Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/28-RM-3661-MR-Install demo SP2020-01-14T10:51:33+01:00Etienne Dysli Metref-RM-3661-MR-Install demo SP
*(from redmine: issue id 3661, created on 2016-04-20, closed on 2016-06-28)*
* Relations:
* child #3681
* child #3682
* child #3683
* child #3684
* child #3697
*(from redmine: issue id 3661, created on 2016-04-20, closed on 2016-06-28)*
* Relations:
* child #3681
* child #3682
* child #3683
* child #3684
* child #3697w26Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/29-RM-3662-MR-Create Maven POM2020-01-14T10:51:34+01:00Etienne Dysli Metref-RM-3662-MR-Create Maven POM- shibboleth.net repositories
- IdP 3.2.1 dependencies
- test dependencies (junit, spring-test)
*(from redmine: issue id 3662, created on 2016-04-20, closed on 2016-04-28)*
* Relations:
* parent #3658- shibboleth.net repositories
- IdP 3.2.1 dependencies
- test dependencies (junit, spring-test)
*(from redmine: issue id 3662, created on 2016-04-20, closed on 2016-04-28)*
* Relations:
* parent #3658Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/30-RM-3663-MR-Add Robot Framework & Selenium to the build pipeline2020-01-14T10:51:34+01:00Etienne Dysli Metref-RM-3663-MR-Add Robot Framework & Selenium to the build pipelineEither in Maven verify phase or separately
*(from redmine: issue id 3663, created on 2016-04-20)*
* Relations:
* blocks #3680
* parent #3685Either in Maven verify phase or separately
*(from redmine: issue id 3663, created on 2016-04-20)*
* Relations:
* blocks #3680
* parent #3685Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/31-RM-3664-MR-Automatic deployment on demo IdP2020-01-14T10:51:35+01:00Etienne Dysli Metref-RM-3664-MR-Automatic deployment on demo IdPBuild pipeline step to deploy the newly-built IdP on the demo machine.
*(from redmine: issue id 3664, created on 2016-04-20)*Build pipeline step to deploy the newly-built IdP on the demo machine.
*(from redmine: issue id 3664, created on 2016-04-20)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/32-RM-3666-MR-Add post-receive hook on Git repo to trigger builds2020-01-14T10:51:37+01:00Etienne Dysli Metref-RM-3666-MR-Add post-receive hook on Git repo to trigger builds
*(from redmine: issue id 3666, created on 2016-04-26, closed on 2016-05-04)*
* Relations:
* parent #3658
*(from redmine: issue id 3666, created on 2016-04-26, closed on 2016-05-04)*
* Relations:
* parent #3658Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/33-RM-3674-MR-Login flow with one form2020-01-14T10:51:39+01:00Etienne Dysli Metref-RM-3674-MR-Login flow with one formTo do
=====
Write one independent login flow with a single form (screen) with one
input field.
- fake authN, input is not actually checked
- configure IdP to run this flow with a new authN context class
How to test?
============
...To do
=====
Write one independent login flow with a single form (screen) with one
input field.
- fake authN, input is not actually checked
- configure IdP to run this flow with a new authN context class
How to test?
============
1. Send SAML AuthNRequest asking for the new authN context class to the
IdP
2. IdP should display the form
3. Submit form
4. IdP should produce a SAML AuthN assertion with the new authN context
class
Actual result
=============
IdP produces an error assertion because there is no subject defined by
the flow.
*(from redmine: issue id 3674, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* relates #3680
* child #3675
* child #3676
* child #3677
* child #3678
* child #3679w22Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/34-RM-3675-MR-SWF integration test2020-01-14T10:51:40+01:00Etienne Dysli Metref-RM-3675-MR-SWF integration test
*(from redmine: issue id 3675, created on 2016-05-04, closed on 2016-05-13)*
* Relations:
* parent #3674
*(from redmine: issue id 3675, created on 2016-05-04, closed on 2016-05-13)*
* Relations:
* parent #3674Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/35-RM-3676-MR-decide new authN context class URL2020-01-14T10:51:41+01:00Etienne Dysli Metref-RM-3676-MR-decide new authN context class URL
*(from redmine: issue id 3676, created on 2016-05-04, closed on 2016-05-13)*
* Relations:
* blocks #3677
* parent #3674
*(from redmine: issue id 3676, created on 2016-05-04, closed on 2016-05-13)*
* Relations:
* blocks #3677
* parent #3674Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/36-RM-3677-MR-configure IdP with flow + authN context class2020-01-14T10:51:41+01:00Etienne Dysli Metref-RM-3677-MR-configure IdP with flow + authN context class
*(from redmine: issue id 3677, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* blocks #3676
* parent #3674
*(from redmine: issue id 3677, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* blocks #3676
* parent #3674Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/37-RM-3678-MR-write SWF flow description2020-01-14T10:51:42+01:00Etienne Dysli Metref-RM-3678-MR-write SWF flow description
*(from redmine: issue id 3678, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* parent #3674
*(from redmine: issue id 3678, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* parent #3674Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/38-RM-3679-MR-write form view2020-01-14T10:51:43+01:00Etienne Dysli Metref-RM-3679-MR-write form view
*(from redmine: issue id 3679, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* parent #3674
*(from redmine: issue id 3679, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* parent #3674Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/39-RM-3680-MR-acceptance test for first flow2020-01-14T10:51:43+01:00Etienne Dysli Metref-RM-3680-MR-acceptance test for first flowWith a web browser:
1. Send SAML AuthNRequest asking for the new authN context class to the
IdP
2. IdP should display the form
3. Submit form
4. IdP should produce a SAML AuthN assertion with the new authN context
class
Req...With a web browser:
1. Send SAML AuthNRequest asking for the new authN context class to the
IdP
2. IdP should display the form
3. Submit form
4. IdP should produce a SAML AuthN assertion with the new authN context
class
Requires web testing framework
*(from redmine: issue id 3680, created on 2016-05-04)*
* Relations:
* relates #3674
* blocks #3663
* parent #3685Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/40-RM-3681-MR-install SP package2020-01-14T10:51:44+01:00Etienne Dysli Metref-RM-3681-MR-install SP package
*(from redmine: issue id 3681, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661
*(from redmine: issue id 3681, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/41-RM-3682-MR-Apache config with Puppet2020-01-14T10:51:46+01:00Etienne Dysli Metref-RM-3682-MR-Apache config with Puppet
*(from redmine: issue id 3682, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661
*(from redmine: issue id 3682, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/42-RM-3683-MR-configure SP login endpoint with IdP and authN context class2020-01-14T10:51:47+01:00Etienne Dysli Metref-RM-3683-MR-configure SP login endpoint with IdP and authN context class
*(from redmine: issue id 3683, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661
*(from redmine: issue id 3683, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/43-RM-3684-MR-register SP in test federation2020-01-14T10:51:48+01:00Etienne Dysli Metref-RM-3684-MR-register SP in test federation
*(from redmine: issue id 3684, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661
*(from redmine: issue id 3684, created on 2016-05-04, closed on 2016-06-28)*
* Relations:
* parent #3661Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/44-RM-3685-MR-Automated web tests for new login flows2020-01-14T10:51:48+01:00Etienne Dysli Metref-RM-3685-MR-Automated web tests for new login flowsAutomated web browser-based tests
*(from redmine: issue id 3685, created on 2016-05-04)*
* Relations:
* child #3663
* child #3680Automated web browser-based tests
*(from redmine: issue id 3685, created on 2016-05-04)*
* Relations:
* child #3663
* child #3680nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/45-RM-3686-MR-Review state of IdP 3.32020-01-14T10:51:50+01:00Etienne Dysli Metref-RM-3686-MR-Review state of IdP 3.3
*(from redmine: issue id 3686, created on 2016-05-04, closed on 2016-05-31)*
*(from redmine: issue id 3686, created on 2016-05-04, closed on 2016-05-31)*w22Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/46-RM-3690-MR-Provide IdP installation instructions2020-01-14T10:51:52+01:00Etienne Dysli Metref-RM-3690-MR-Provide IdP installation instructionsTo install this project on an existing IdP, list of changes from our
"default" guide installation.
evt. difftar
*(from redmine: issue id 3690, created on 2016-06-01, closed on 2016-06-13)*To install this project on an existing IdP, list of changes from our
"default" guide installation.
evt. difftar
*(from redmine: issue id 3690, created on 2016-06-01, closed on 2016-06-13)*w24Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/47-RM-3694-MR-Remove errors in simple flow2020-01-14T10:51:54+01:00Etienne Dysli Metref-RM-3694-MR-Remove errors in simple flowFix the "simple" login flow so that processing at the IdP can
successfully complete and return to the SP.
- must create session objects
- fixed username
*(from redmine: issue id 3694, created on 2016-06-15, closed on 2016-07-26)*...Fix the "simple" login flow so that processing at the IdP can
successfully complete and return to the SP.
- must create session objects
- fixed username
*(from redmine: issue id 3694, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* child #3698
* child #3699
* child #3700
* child #3731
* Uploads:
* [mfa-flows-1.0-SNAPSHOT.jar](/uploads/a1faae9d8e2bcbc0be80ebd770eed08b/mfa-flows-1.0-SNAPSHOT.jar) build 15w30Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/48-RM-3695-MR-Use initial authentication together with simple flow2020-01-14T10:51:55+01:00Etienne Dysli Metref-RM-3695-MR-Use initial authentication together with simple flowActivate initial authentication on IdP with the "Password" flow.
- "simple" flow form should display username entered during initial
authn
- OTP still not verified
*(from redmine: issue id 3695, created on 2016-06-15, closed ...Activate initial authentication on IdP with the "Password" flow.
- "simple" flow form should display username entered during initial
authn
- OTP still not verified
*(from redmine: issue id 3695, created on 2016-06-15, closed on 2016-08-04)*
* Relations:
* child #3701
* child #3702
* child #3703w32Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/49-RM-3696-MR-Use a Java RADIUS library2020-01-14T10:51:56+01:00Etienne Dysli Metref-RM-3696-MR-Use a Java RADIUS libraryOld description moved to \#3737
*(from redmine: issue id 3696, created on 2016-06-15, closed on 2016-08-24)*
* Relations:
* child #3704
* child #3719Old description moved to \#3737
*(from redmine: issue id 3696, created on 2016-06-15, closed on 2016-08-24)*
* Relations:
* child #3704
* child #3719w34Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/50-RM-3697-MR-Write web page with login links2020-01-14T10:51:57+01:00Etienne Dysli Metref-RM-3697-MR-Write web page with login linksWeb page on the SP with demo login links:
- don't request any authn method
- request simple
*(from redmine: issue id 3697, created on 2016-06-15, closed on 2016-06-28)*
* Relations:
* parent #3661Web page on the SP with demo login links:
- don't request any authn method
- request simple
*(from redmine: issue id 3697, created on 2016-06-15, closed on 2016-06-28)*
* Relations:
* parent #3661Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/51-RM-3698-MR-figure out what session objects to create2020-01-14T10:51:59+01:00Etienne Dysli Metref-RM-3698-MR-figure out what session objects to create
*(from redmine: issue id 3698, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* parent #3694
*(from redmine: issue id 3698, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* parent #3694Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/52-RM-3699-MR-define flow beans2020-01-14T10:52:00+01:00Etienne Dysli Metref-RM-3699-MR-define flow beans
*(from redmine: issue id 3699, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* parent #3694
*(from redmine: issue id 3699, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* parent #3694Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/53-RM-3700-MR-add flow actions to create session2020-01-14T10:52:02+01:00Etienne Dysli Metref-RM-3700-MR-add flow actions to create session
*(from redmine: issue id 3700, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* parent #3694
*(from redmine: issue id 3700, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* parent #3694Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/54-RM-3701-MR-configure IdP for initial authn with Password2020-01-14T10:52:03+01:00Etienne Dysli Metref-RM-3701-MR-configure IdP for initial authn with Password
*(from redmine: issue id 3701, created on 2016-06-15, closed on 2016-07-29)*
* Relations:
* parent #3695
*(from redmine: issue id 3701, created on 2016-06-15, closed on 2016-07-29)*
* Relations:
* parent #3695Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/55-RM-3702-MR-modify simple flow to fetch username from session2020-01-14T10:52:04+01:00Etienne Dysli Metref-RM-3702-MR-modify simple flow to fetch username from session
*(from redmine: issue id 3702, created on 2016-06-15, closed on 2016-07-29)*
* Relations:
* parent #3695
*(from redmine: issue id 3702, created on 2016-06-15, closed on 2016-07-29)*
* Relations:
* parent #3695Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/56-RM-3703-MR-modify simple flow view to display username2020-01-14T10:52:05+01:00Etienne Dysli Metref-RM-3703-MR-modify simple flow view to display username
*(from redmine: issue id 3703, created on 2016-06-15, closed on 2016-08-04)*
* Relations:
* parent #3695
*(from redmine: issue id 3703, created on 2016-06-15, closed on 2016-08-04)*
* Relations:
* parent #3695Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/57-RM-3704-MR-find a good Java library for RADIUS2020-01-14T10:52:07+01:00Etienne Dysli Metref-RM-3704-MR-find a good Java library for RADIUSfallback to executing radclient as first step
*(from redmine: issue id 3704, created on 2016-06-15, closed on 2016-08-23)*
* Relations:
* parent #3696fallback to executing radclient as first step
*(from redmine: issue id 3704, created on 2016-06-15, closed on 2016-08-23)*
* Relations:
* parent #3696Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/58-RM-3705-MR-Wire OTP extraction bean in simple flow2020-01-14T10:52:08+01:00Etienne Dysli Metref-RM-3705-MR-Wire OTP extraction bean in simple flowbetween view state and validation action state
need to mock the HTTP request in tests
*(from redmine: issue id 3705, created on 2016-06-15, closed on 2016-09-08)*
* Relations:
* parent #3740between view state and validation action state
need to mock the HTTP request in tests
*(from redmine: issue id 3705, created on 2016-06-15, closed on 2016-09-08)*
* Relations:
* parent #3740Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/59-RM-3706-MR-Modify validation action to validate OTPs against fake RADIUS val...2020-01-14T10:52:09+01:00Etienne Dysli Metref-RM-3706-MR-Modify validation action to validate OTPs against fake RADIUS validator serviceneeds an "OTP verifier" interface to hide RADIUS
*(from redmine: issue id 3706, created on 2016-06-15, closed on 2016-09-09)*
* Relations:
* parent #3737needs an "OTP verifier" interface to hide RADIUS
*(from redmine: issue id 3706, created on 2016-06-15, closed on 2016-09-09)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/60-RM-3711-MR-Force re-authentication2020-01-14T10:52:09+01:00Etienne Dysli Metref-RM-3711-MR-Force re-authenticationSupport forcing re-authentication in the MFA/OTP flow.
*(from redmine: issue id 3711, created on 2016-06-29)*Support forcing re-authentication in the MFA/OTP flow.
*(from redmine: issue id 3711, created on 2016-06-29)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/61-RM-3712-MR-Document Apache directives around authNContextClass2020-01-14T10:52:10+01:00Etienne Dysli Metref-RM-3712-MR-Document Apache directives around authNContextClassDocument Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*Document Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*w28Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/62-RM-3719-MR-Document RADIUS conversation2020-01-14T10:52:11+01:00Etienne Dysli Metref-RM-3719-MR-Document RADIUS conversationWrite down which RADIUS messages are used/expected in the conversation
to verify one OTP.
*(from redmine: issue id 3719, created on 2016-07-13, closed on 2016-08-23)*
* Relations:
* parent #3696Write down which RADIUS messages are used/expected in the conversation
to verify one OTP.
*(from redmine: issue id 3719, created on 2016-07-13, closed on 2016-08-23)*
* Relations:
* parent #3696https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/63-RM-3721-MR-Login flow with one screen?2020-01-14T10:52:12+01:00Etienne Dysli Metref-RM-3721-MR-Login flow with one screen?If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, c...If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, created on 2016-07-13, closed on 2016-11-28)*nexthttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/64-RM-3722-MR-Button to send SMS OTP2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3722-MR-Button to send SMS OTPButton on the login form that triggers sending a SMS OTP.
Send "sms" as password in Access-Request packet.
*(from redmine: issue id 3722, created on 2016-07-13, closed on 2016-11-25)*Button on the login form that triggers sending a SMS OTP.
Send "sms" as password in Access-Request packet.
*(from redmine: issue id 3722, created on 2016-07-13, closed on 2016-11-25)*w48https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/65-RM-3723-MR-Token enrollment procedure2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3723-MR-Token enrollment procedureDescribe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*Describe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/66-RM-3724-MR-Token replacement procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3724-MR-Token replacement procedureDescribe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*Describe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/67-RM-3725-MR-Token revocation procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3725-MR-Token revocation procedureDescribe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*Describe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/68-RM-3731-MR-Update installation instructions2020-01-14T10:52:15+01:00Etienne Dysli Metref-RM-3731-MR-Update installation instructionsNew: project must be built to get a JAR to install.
*(from redmine: issue id 3731, created on 2016-07-26, closed on 2016-07-26)*
* Relations:
* parent #3694New: project must be built to get a JAR to install.
*(from redmine: issue id 3731, created on 2016-07-26, closed on 2016-07-26)*
* Relations:
* parent #3694Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/69-RM-3734-MR-Refactor TinyRadius2020-01-14T10:52:15+01:00Etienne Dysli Metref-RM-3734-MR-Refactor TinyRadiusThe code is old (Java 1.4 or earlier) and could benefit from modern Java
features like type safety (generics) and enums. Moreover, it has no
tests.
*(from redmine: issue id 3734, created on 2016-08-23)*The code is old (Java 1.4 or earlier) and could benefit from modern Java
features like type safety (generics) and enums. Moreover, it has no
tests.
*(from redmine: issue id 3734, created on 2016-08-23)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/70-RM-3735-MR-Add TinyRadius to the Maven build2020-01-14T10:52:16+01:00Etienne Dysli Metref-RM-3735-MR-Add TinyRadius to the Maven buildprobably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737probably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/71-RM-3737-MR-Verify OTPs over RADIUS2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3737-MR-Verify OTPs over RADIUSCopied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, ...Copied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, created on 2016-08-24, closed on 2016-09-19)*
* Relations:
* child #3706
* child #3735
* child #3741
* child #3742w38Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/72-RM-3739-MR-New action bean to extract OTP from HTTP request2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3739-MR-New action bean to extract OTP from HTTP requestJust like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
fo...Just like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
form.
*(from redmine: issue id 3739, created on 2016-09-06, closed on 2016-09-07)*
* Relations:
* parent #3740Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/73-RM-3740-MR-Read OTP from simple flow form2020-01-14T10:52:18+01:00Etienne Dysli Metref-RM-3740-MR-Read OTP from simple flow formThe simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739The simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739w36Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/74-RM-3741-MR-New bean: OTP validator service2020-01-14T10:52:19+01:00Etienne Dysli Metref-RM-3741-MR-New bean: OTP validator serviceinterface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737interface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/75-RM-3742-MR-Implement OTP validator service using TinyRadius2020-01-14T10:52:20+01:00Etienne Dysli Metref-RM-3742-MR-Implement OTP validator service using TinyRadiusUse `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Use `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/76-RM-3747-MR-Improve error handling in simple flow2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3747-MR-Improve error handling in simple flowwrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757wrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757w42Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/77-RM-3748-MR-Rewrite RadiusClient to handle multiple requests2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3748-MR-Rewrite RadiusClient to handle multiple requestsRewrite RadiusClient to be able to handle multiple requests at the same
time. Currently, it uses only one socket (source port) to send and
receive requests and access to the socket is synchronised (serial).
*(from redmine: issue id 374...Rewrite RadiusClient to be able to handle multiple requests at the same
time. Currently, it uses only one socket (source port) to send and
receive requests and access to the socket is synchronised (serial).
*(from redmine: issue id 3748, created on 2016-09-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/78-RM-3749-MR-Rename simple flow2020-01-14T10:52:22+01:00Etienne Dysli Metref-RM-3749-MR-Rename simple flowThe "simple" flow is no longer simple. Find a better name and rename
every reference.
*(from redmine: issue id 3749, created on 2016-09-19, closed on 2016-11-28)*The "simple" flow is no longer simple. Find a better name and rename
every reference.
*(from redmine: issue id 3749, created on 2016-09-19, closed on 2016-11-28)*w48Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/79-RM-3751-MR-Use the InCommon MFA Profile2020-01-14T10:52:22+01:00Etienne Dysli Metref-RM-3751-MR-Use the InCommon MFA ProfileReplace the development authentication context class
`https://mfa-dev.ed.switch.ch/idp/mfa/simple` with the InCommon MFA
Profile `http://id.incommon.org/assurance/mfa`. This offers better
interoperability when moving to production.
Repl...Replace the development authentication context class
`https://mfa-dev.ed.switch.ch/idp/mfa/simple` with the InCommon MFA
Profile `http://id.incommon.org/assurance/mfa`. This offers better
interoperability when moving to production.
Replace in:
- <s>`conf/authn/general-authn.xml` (Puppet config)</s>
- <s>`README.md`</s>
- <s>`index.html` (on mfa-dev)</s>
- <s>Apache config (Hiera)</s>
*(from redmine: issue id 3751, created on 2016-09-20, closed on 2016-11-28)*w48Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/80-RM-3755-MR-Submitting a wrong OTP should loop back to the OTP form2020-01-14T10:52:23+01:00Etienne Dysli Metref-RM-3755-MR-Submitting a wrong OTP should loop back to the OTP formadd a transition on InvalidCredentials
*(from redmine: issue id 3755, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747add a transition on InvalidCredentials
*(from redmine: issue id 3755, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/81-RM-3756-MR-Add error message on OTP form2020-01-14T10:52:24+01:00Etienne Dysli Metref-RM-3756-MR-Add error message on OTP formShould display something on invalid OTP like the password form does.
- invalid credentials
- RADIUS server unreachable
- SMS sending error
*(from redmine: issue id 3756, created on 2016-09-22, closed on 2016-11-14)*Should display something on invalid OTP like the password form does.
- invalid credentials
- RADIUS server unreachable
- SMS sending error
*(from redmine: issue id 3756, created on 2016-09-22, closed on 2016-11-14)*w46Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/82-RM-3757-MR-Submitting an empty OTP should loop back to the OTP form2020-01-14T10:52:25+01:00Etienne Dysli Metref-RM-3757-MR-Submitting an empty OTP should loop back to the OTP formadd transition on NoCredentials
*(from redmine: issue id 3757, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747add transition on NoCredentials
*(from redmine: issue id 3757, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/83-RM-3769-MR-Modify RadiusClient to handle multiple redundant RADIUS servers2020-01-14T10:52:25+01:00Etienne Dysli Metref-RM-3769-MR-Modify RadiusClient to handle multiple redundant RADIUS serversneed to define fail-over behaviour
*(from redmine: issue id 3769, created on 2016-10-19)*need to define fail-over behaviour
*(from redmine: issue id 3769, created on 2016-10-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/84-RM-3770-MR-Resolve username attribute after password step2020-01-14T10:52:25+01:00Etienne Dysli Metref-RM-3770-MR-Resolve username attribute after password stepin order to always use the same kind of user identifier for the OTP step
*(from redmine: issue id 3770, created on 2016-10-19)*in order to always use the same kind of user identifier for the OTP step
*(from redmine: issue id 3770, created on 2016-10-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/85-RM-3771-MR-Demo SP application2020-01-14T10:52:27+01:00Etienne Dysli Metref-RM-3771-MR-Demo SP applicationTry different authentication levels and switching between them on the
same SP.
*(from redmine: issue id 3771, created on 2016-10-19, closed on 2016-11-15)*Try different authentication levels and switching between them on the
same SP.
*(from redmine: issue id 3771, created on 2016-10-19, closed on 2016-11-15)*w46Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/86-RM-3776-MR-Add all missing Velocity variables2020-01-14T10:52:28+01:00Etienne Dysli Metref-RM-3776-MR-Add all missing Velocity variablesProvide variables listed in
[VelocityVariables](https://wiki.shibboleth.net/confluence/display/IDP30/VelocityVariables)
in the form view.
Variables available in all templates
====================================
- <s>encoder</s>
- ...Provide variables listed in
[VelocityVariables](https://wiki.shibboleth.net/confluence/display/IDP30/VelocityVariables)
in the form view.
Variables available in all templates
====================================
- <s>encoder</s>
- <s>profileRequestContext</s>
- <s>environment</s>
- <s>custom</s>
- <s>request</s>
- <s>response</s>
- <s>flowRequestContext</s>
- <s>springMacroRequestContext</s>
Variables available to password login view
==========================================
- <s>rpUIContext</s>
- <s>authenticationContext</s>
- <s>authenticationErrorContext</s>
- <s>authenticationWarningContext</s>
- <s>ldapResponseContext</s>
- <s>extendedAuthenticationFlows</s>
*(from redmine: issue id 3776, created on 2016-11-02, closed on 2016-11-14)*w46Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/87-RM-3784-MR-Display message after SMS sent2020-01-14T10:52:29+01:00Etienne Dysli Metref-RM-3784-MR-Display message after SMS sentDisplay a confirmation message that the SMS OTP has been sent on the
login form, after the "Send SMS" button has been clicked.
*(from redmine: issue id 3784, created on 2016-11-28, closed on 2016-11-29)*Display a confirmation message that the SMS OTP has been sent on the
login form, after the "Send SMS" button has been clicked.
*(from redmine: issue id 3784, created on 2016-11-28, closed on 2016-11-29)*w48Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/88-RM-3785-MR-Customise send SMS button text2020-01-14T10:52:30+01:00Etienne Dysli Metref-RM-3785-MR-Customise send SMS button text
*(from redmine: issue id 3785, created on 2016-11-30, closed on 2016-12-01)*
*(from redmine: issue id 3785, created on 2016-11-30, closed on 2016-12-01)*w50Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/89-RM-3786-MR-Test code on IdP 3.32020-01-14T10:52:30+01:00Etienne Dysli Metref-RM-3786-MR-Test code on IdP 3.3Test deployment on IdP 3.3.0 without changes.
*(from redmine: issue id 3786, created on 2016-11-30)*Test deployment on IdP 3.3.0 without changes.
*(from redmine: issue id 3786, created on 2016-11-30)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/90-RM-3787-MR-Release version 1.0.02020-01-14T10:52:31+01:00Etienne Dysli Metref-RM-3787-MR-Release version 1.0.0
*(from redmine: issue id 3787, created on 2016-12-01, closed on 2016-12-01)*
*(from redmine: issue id 3787, created on 2016-12-01, closed on 2016-12-01)*w50Etienne Dysli MetrefEtienne Dysli Metref