idpv3-mfa issueshttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues2020-01-14T10:51:08+01:00https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/1-RM-3632-MR-Install development tools2020-01-14T10:51:08+01:00Etienne Dysli Metref-RM-3632-MR-Install development toolsInstall my development tools on xenos:
- Jenkins on Tomcat 8
- HTTPS config (cert + Apache)
- SP to protect Jenkins
*(from redmine: issue id 3632, created on 2016-04-07, closed on 2016-04-20)*
* Relations:
* child #3633
* ...Install my development tools on xenos:
- Jenkins on Tomcat 8
- HTTPS config (cert + Apache)
- SP to protect Jenkins
*(from redmine: issue id 3632, created on 2016-04-07, closed on 2016-04-20)*
* Relations:
* child #3633
* child #3635
* child #3637
* child #3638
* child #3639
* child #3640
* child #3642
* child #3659w16Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/25-RM-3658-MR-Setup build & test tools2020-01-14T10:51:29+01:00Etienne Dysli Metref-RM-3658-MR-Setup build & test tools- Maven POM
- Robot Framework + Selenium
- Deployment on demo IdP machine
*(from redmine: issue id 3658, created on 2016-04-19, closed on 2016-05-04)*
* Relations:
* child #3660
* child #3662
* child #3666- Maven POM
- Robot Framework + Selenium
- Deployment on demo IdP machine
*(from redmine: issue id 3658, created on 2016-04-19, closed on 2016-05-04)*
* Relations:
* child #3660
* child #3662
* child #3666w18Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/22-RM-3654-MR-Install demo IdP2020-01-14T10:51:26+01:00Etienne Dysli Metref-RM-3654-MR-Install demo IdPDeployment target
*(from redmine: issue id 3654, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* child #3634
* child #3636
* child #3655
* child #3656Deployment target
*(from redmine: issue id 3654, created on 2016-04-13, closed on 2016-05-04)*
* Relations:
* child #3634
* child #3636
* child #3655
* child #3656w18Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/45-RM-3686-MR-Review state of IdP 3.32020-01-14T10:51:50+01:00Etienne Dysli Metref-RM-3686-MR-Review state of IdP 3.3
*(from redmine: issue id 3686, created on 2016-05-04, closed on 2016-05-31)*
*(from redmine: issue id 3686, created on 2016-05-04, closed on 2016-05-31)*w22Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/33-RM-3674-MR-Login flow with one form2020-01-14T10:51:39+01:00Etienne Dysli Metref-RM-3674-MR-Login flow with one formTo do
=====
Write one independent login flow with a single form (screen) with one
input field.
- fake authN, input is not actually checked
- configure IdP to run this flow with a new authN context class
How to test?
============
...To do
=====
Write one independent login flow with a single form (screen) with one
input field.
- fake authN, input is not actually checked
- configure IdP to run this flow with a new authN context class
How to test?
============
1. Send SAML AuthNRequest asking for the new authN context class to the
IdP
2. IdP should display the form
3. Submit form
4. IdP should produce a SAML AuthN assertion with the new authN context
class
Actual result
=============
IdP produces an error assertion because there is no subject defined by
the flow.
*(from redmine: issue id 3674, created on 2016-05-04, closed on 2016-05-31)*
* Relations:
* relates #3680
* child #3675
* child #3676
* child #3677
* child #3678
* child #3679w22Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/46-RM-3690-MR-Provide IdP installation instructions2020-01-14T10:51:52+01:00Etienne Dysli Metref-RM-3690-MR-Provide IdP installation instructionsTo install this project on an existing IdP, list of changes from our
"default" guide installation.
evt. difftar
*(from redmine: issue id 3690, created on 2016-06-01, closed on 2016-06-13)*To install this project on an existing IdP, list of changes from our
"default" guide installation.
evt. difftar
*(from redmine: issue id 3690, created on 2016-06-01, closed on 2016-06-13)*w24Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/28-RM-3661-MR-Install demo SP2020-01-14T10:51:33+01:00Etienne Dysli Metref-RM-3661-MR-Install demo SP
*(from redmine: issue id 3661, created on 2016-04-20, closed on 2016-06-28)*
* Relations:
* child #3681
* child #3682
* child #3683
* child #3684
* child #3697
*(from redmine: issue id 3661, created on 2016-04-20, closed on 2016-06-28)*
* Relations:
* child #3681
* child #3682
* child #3683
* child #3684
* child #3697w26Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/61-RM-3712-MR-Document Apache directives around authNContextClass2020-01-14T10:52:10+01:00Etienne Dysli Metref-RM-3712-MR-Document Apache directives around authNContextClassDocument Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*Document Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*w28Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/47-RM-3694-MR-Remove errors in simple flow2020-01-14T10:51:54+01:00Etienne Dysli Metref-RM-3694-MR-Remove errors in simple flowFix the "simple" login flow so that processing at the IdP can
successfully complete and return to the SP.
- must create session objects
- fixed username
*(from redmine: issue id 3694, created on 2016-06-15, closed on 2016-07-26)*...Fix the "simple" login flow so that processing at the IdP can
successfully complete and return to the SP.
- must create session objects
- fixed username
*(from redmine: issue id 3694, created on 2016-06-15, closed on 2016-07-26)*
* Relations:
* child #3698
* child #3699
* child #3700
* child #3731
* Uploads:
* [mfa-flows-1.0-SNAPSHOT.jar](/uploads/a1faae9d8e2bcbc0be80ebd770eed08b/mfa-flows-1.0-SNAPSHOT.jar) build 15w30Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/48-RM-3695-MR-Use initial authentication together with simple flow2020-01-14T10:51:55+01:00Etienne Dysli Metref-RM-3695-MR-Use initial authentication together with simple flowActivate initial authentication on IdP with the "Password" flow.
- "simple" flow form should display username entered during initial
authn
- OTP still not verified
*(from redmine: issue id 3695, created on 2016-06-15, closed ...Activate initial authentication on IdP with the "Password" flow.
- "simple" flow form should display username entered during initial
authn
- OTP still not verified
*(from redmine: issue id 3695, created on 2016-06-15, closed on 2016-08-04)*
* Relations:
* child #3701
* child #3702
* child #3703w32Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/49-RM-3696-MR-Use a Java RADIUS library2020-01-14T10:51:56+01:00Etienne Dysli Metref-RM-3696-MR-Use a Java RADIUS libraryOld description moved to \#3737
*(from redmine: issue id 3696, created on 2016-06-15, closed on 2016-08-24)*
* Relations:
* child #3704
* child #3719Old description moved to \#3737
*(from redmine: issue id 3696, created on 2016-06-15, closed on 2016-08-24)*
* Relations:
* child #3704
* child #3719w34Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/73-RM-3740-MR-Read OTP from simple flow form2020-01-14T10:52:18+01:00Etienne Dysli Metref-RM-3740-MR-Read OTP from simple flow formThe simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739The simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739w36Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/71-RM-3737-MR-Verify OTPs over RADIUS2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3737-MR-Verify OTPs over RADIUSCopied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, ...Copied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, created on 2016-08-24, closed on 2016-09-19)*
* Relations:
* child #3706
* child #3735
* child #3741
* child #3742w38Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/67-RM-3725-MR-Token revocation procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3725-MR-Token revocation procedureDescribe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*Describe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/66-RM-3724-MR-Token replacement procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3724-MR-Token replacement procedureDescribe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*Describe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/65-RM-3723-MR-Token enrollment procedure2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3723-MR-Token enrollment procedureDescribe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*Describe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/76-RM-3747-MR-Improve error handling in simple flow2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3747-MR-Improve error handling in simple flowwrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757wrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757w42Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/86-RM-3776-MR-Add all missing Velocity variables2020-01-14T10:52:28+01:00Etienne Dysli Metref-RM-3776-MR-Add all missing Velocity variablesProvide variables listed in
[VelocityVariables](https://wiki.shibboleth.net/confluence/display/IDP30/VelocityVariables)
in the form view.
Variables available in all templates
====================================
- <s>encoder</s>
- ...Provide variables listed in
[VelocityVariables](https://wiki.shibboleth.net/confluence/display/IDP30/VelocityVariables)
in the form view.
Variables available in all templates
====================================
- <s>encoder</s>
- <s>profileRequestContext</s>
- <s>environment</s>
- <s>custom</s>
- <s>request</s>
- <s>response</s>
- <s>flowRequestContext</s>
- <s>springMacroRequestContext</s>
Variables available to password login view
==========================================
- <s>rpUIContext</s>
- <s>authenticationContext</s>
- <s>authenticationErrorContext</s>
- <s>authenticationWarningContext</s>
- <s>ldapResponseContext</s>
- <s>extendedAuthenticationFlows</s>
*(from redmine: issue id 3776, created on 2016-11-02, closed on 2016-11-14)*w46Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/85-RM-3771-MR-Demo SP application2020-01-14T10:52:27+01:00Etienne Dysli Metref-RM-3771-MR-Demo SP applicationTry different authentication levels and switching between them on the
same SP.
*(from redmine: issue id 3771, created on 2016-10-19, closed on 2016-11-15)*Try different authentication levels and switching between them on the
same SP.
*(from redmine: issue id 3771, created on 2016-10-19, closed on 2016-11-15)*w46Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/81-RM-3756-MR-Add error message on OTP form2020-01-14T10:52:24+01:00Etienne Dysli Metref-RM-3756-MR-Add error message on OTP formShould display something on invalid OTP like the password form does.
- invalid credentials
- RADIUS server unreachable
- SMS sending error
*(from redmine: issue id 3756, created on 2016-09-22, closed on 2016-11-14)*Should display something on invalid OTP like the password form does.
- invalid credentials
- RADIUS server unreachable
- SMS sending error
*(from redmine: issue id 3756, created on 2016-09-22, closed on 2016-11-14)*w46Etienne Dysli MetrefEtienne Dysli Metref