idpv3-mfa issueshttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues2020-01-14T10:51:52+01:00https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/46-RM-3690-MR-Provide IdP installation instructions2020-01-14T10:51:52+01:00Etienne Dysli Metref-RM-3690-MR-Provide IdP installation instructionsTo install this project on an existing IdP, list of changes from our
"default" guide installation.
evt. difftar
*(from redmine: issue id 3690, created on 2016-06-01, closed on 2016-06-13)*To install this project on an existing IdP, list of changes from our
"default" guide installation.
evt. difftar
*(from redmine: issue id 3690, created on 2016-06-01, closed on 2016-06-13)*w24Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/45-RM-3686-MR-Review state of IdP 3.32020-01-14T10:51:50+01:00Etienne Dysli Metref-RM-3686-MR-Review state of IdP 3.3
*(from redmine: issue id 3686, created on 2016-05-04, closed on 2016-05-31)*
*(from redmine: issue id 3686, created on 2016-05-04, closed on 2016-05-31)*w22Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/33-RM-3674-MR-Login flow with one form2020-01-14T10:51:39+01:00Etienne Dysli Metref-RM-3674-MR-Login flow with one formTo do
=====
Write one independent login flow with a single form (screen) with one
input field.
- fake authN, input is not actually checked
- configure IdP to run this flow with a new authN context class
How to test?
============
...To do
=====
Write one independent login flow with a single form (screen) with one
input field.
- fake authN, input is not actually checked
- configure IdP to run this flow with a new authN context class
How to test?
============
1. Send SAML AuthNRequest asking for the new authN context class to the
IdP
2. IdP should display the form
3. Submit form
4. IdP should produce a SAML AuthN assertion with the new authN context
class
Actual result
=============
IdP produces an error assertion because there is no subject defined by
the flow.
*(from redmine: issue id 3674, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* relates #3680
* child #3675
* child #3676
* child #3677
* child #3678
* child #3679w22Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/25-RM-3658-MR-Setup build & test tools2020-01-14T10:51:29+01:00Etienne Dysli Metref-RM-3658-MR-Setup build & test tools- Maven POM
- Robot Framework + Selenium
- Deployment on demo IdP machine
*(from redmine: issue id 3658, created on 2016-04-19, closed on 2016-05-04)*
* Relations:
* child #3660
* child #3662
* child #3666- Maven POM
- Robot Framework + Selenium
- Deployment on demo IdP machine
*(from redmine: issue id 3658, created on 2016-04-19, closed on 2016-05-04)*
* Relations:
* child #3660
* child #3662
* child #3666w18Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/22-RM-3654-MR-Install demo IdP2020-01-14T10:51:26+01:00Etienne Dysli Metref-RM-3654-MR-Install demo IdPDeployment target
*(from redmine: issue id 3654, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* child #3634
* child #3636
* child #3655
* child #3656Deployment target
*(from redmine: issue id 3654, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* child #3634
* child #3636
* child #3655
* child #3656w18Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/1-RM-3632-MR-Install development tools2020-01-14T10:51:08+01:00Etienne Dysli Metref-RM-3632-MR-Install development toolsInstall my development tools on xenos:
- Jenkins on Tomcat 8
- HTTPS config (cert + Apache)
- SP to protect Jenkins
*(from redmine: issue id 3632, created on 2016-04-07, closed on 2016-04-20)*
* Relations:
* child #3633
* ...Install my development tools on xenos:
- Jenkins on Tomcat 8
- HTTPS config (cert + Apache)
- SP to protect Jenkins
*(from redmine: issue id 3632, created on 2016-04-07, closed on 2016-04-20)*
* Relations:
* child #3633
* child #3635
* child #3637
* child #3638
* child #3639
* child #3640
* child #3642
* child #3659w16Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/89-RM-3786-MR-Test code on IdP 3.32020-01-14T10:52:30+01:00Etienne Dysli Metref-RM-3786-MR-Test code on IdP 3.3Test deployment on IdP 3.3.0 without changes.
*(from redmine: issue id 3786, created on 2016-11-30)*Test deployment on IdP 3.3.0 without changes.
*(from redmine: issue id 3786, created on 2016-11-30)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/84-RM-3770-MR-Resolve username attribute after password step2020-01-14T10:52:25+01:00Etienne Dysli Metref-RM-3770-MR-Resolve username attribute after password stepin order to always use the same kind of user identifier for the OTP step
*(from redmine: issue id 3770, created on 2016-10-19)*in order to always use the same kind of user identifier for the OTP step
*(from redmine: issue id 3770, created on 2016-10-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/83-RM-3769-MR-Modify RadiusClient to handle multiple redundant RADIUS servers2020-01-14T10:52:25+01:00Etienne Dysli Metref-RM-3769-MR-Modify RadiusClient to handle multiple redundant RADIUS serversneed to define fail-over behaviour
*(from redmine: issue id 3769, created on 2016-10-19)*need to define fail-over behaviour
*(from redmine: issue id 3769, created on 2016-10-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/77-RM-3748-MR-Rewrite RadiusClient to handle multiple requests2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3748-MR-Rewrite RadiusClient to handle multiple requestsRewrite RadiusClient to be able to handle multiple requests at the same
time. Currently, it uses only one socket (source port) to send and
receive requests and access to the socket is synchronised (serial).
*(from redmine: issue id 374...Rewrite RadiusClient to be able to handle multiple requests at the same
time. Currently, it uses only one socket (source port) to send and
receive requests and access to the socket is synchronised (serial).
*(from redmine: issue id 3748, created on 2016-09-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/69-RM-3734-MR-Refactor TinyRadius2020-01-14T10:52:15+01:00Etienne Dysli Metref-RM-3734-MR-Refactor TinyRadiusThe code is old (Java 1.4 or earlier) and could benefit from modern Java
features like type safety (generics) and enums. Moreover, it has no
tests.
*(from redmine: issue id 3734, created on 2016-08-23)*The code is old (Java 1.4 or earlier) and could benefit from modern Java
features like type safety (generics) and enums. Moreover, it has no
tests.
*(from redmine: issue id 3734, created on 2016-08-23)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/63-RM-3721-MR-Login flow with one screen?2020-01-14T10:52:12+01:00Etienne Dysli Metref-RM-3721-MR-Login flow with one screen?If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, c...If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, created on 2016-07-13, closed on 2016-11-28)*nexthttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/44-RM-3685-MR-Automated web tests for new login flows2020-01-14T10:51:48+01:00Etienne Dysli Metref-RM-3685-MR-Automated web tests for new login flowsAutomated web browser-based tests
*(from redmine: issue id 3685, created on 2016-05-04)*
* Relations:
* child #3663
* child #3680Automated web browser-based tests
*(from redmine: issue id 3685, created on 2016-05-04)*
* Relations:
* child #3663
* child #3680nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/31-RM-3664-MR-Automatic deployment on demo IdP2020-01-14T10:51:35+01:00Etienne Dysli Metref-RM-3664-MR-Automatic deployment on demo IdPBuild pipeline step to deploy the newly-built IdP on the demo machine.
*(from redmine: issue id 3664, created on 2016-04-20)*Build pipeline step to deploy the newly-built IdP on the demo machine.
*(from redmine: issue id 3664, created on 2016-04-20)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/82-RM-3757-MR-Submitting an empty OTP should loop back to the OTP form2020-01-14T10:52:25+01:00Etienne Dysli Metref-RM-3757-MR-Submitting an empty OTP should loop back to the OTP formadd transition on NoCredentials
*(from redmine: issue id 3757, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747add transition on NoCredentials
*(from redmine: issue id 3757, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/80-RM-3755-MR-Submitting a wrong OTP should loop back to the OTP form2020-01-14T10:52:23+01:00Etienne Dysli Metref-RM-3755-MR-Submitting a wrong OTP should loop back to the OTP formadd a transition on InvalidCredentials
*(from redmine: issue id 3755, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747add a transition on InvalidCredentials
*(from redmine: issue id 3755, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/75-RM-3742-MR-Implement OTP validator service using TinyRadius2020-01-14T10:52:20+01:00Etienne Dysli Metref-RM-3742-MR-Implement OTP validator service using TinyRadiusUse `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Use `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/74-RM-3741-MR-New bean: OTP validator service2020-01-14T10:52:19+01:00Etienne Dysli Metref-RM-3741-MR-New bean: OTP validator serviceinterface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737interface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/72-RM-3739-MR-New action bean to extract OTP from HTTP request2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3739-MR-New action bean to extract OTP from HTTP requestJust like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
fo...Just like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
form.
*(from redmine: issue id 3739, created on 2016-09-06, closed on 2016-09-07)*
* Relations:
* parent #3740Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/70-RM-3735-MR-Add TinyRadius to the Maven build2020-01-14T10:52:16+01:00Etienne Dysli Metref-RM-3735-MR-Add TinyRadius to the Maven buildprobably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737probably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metref