Shibboleth v4
Cantor, Scott
cantor.2 at osu.edu
Thu May 7 16:03:07 UTC 2020
On 5/7/20, 11:20 AM, "users on behalf of Lohr, Donald" <users-bounces at shibboleth.net on behalf of lohrda at jmu.edu> wrote:
> 1) Do you have your production IdP service running on v4?
As of last evening.
> 2) Did you do an in place upgrade to v4 onto your v3 IdP server?
You can't "not upgrade in place" without deep knowledge of the internals and a willingness to do a ton of extra work, but upgrading the physical installation is orthogonal to how to transition a deployment from one version to another. You can build a copy of a V3 IdP deployment, upgrade it "in place" but deploy it on a separate system to do a different sort of migration than is generally needed.
> 3) Or did you freshly installed v4 on a new IdP server and in some
> fashion moved SPs over to it?
That's the orthogonal part and the simple answer is that if your deployment is absolutely garbage, that's the "reset" button, and it is tremendously difficult and painful at scale but has the advantage of allowing a clean do-over provided you're willing to spend the time and hassle herding cats. It should only be done once (I did it when moving from V1 to V2 because of the SAML 2 transition).
Changing anything that drastic is an opportunity to change other things like the signing key or the strategy used to protect it. Non-metadata capable SPs have no technical mechanism for effecting change of any kind, so most changes are equally difficult for them.
> 4) Does SP v3.1.0 have any compatibility issues with IdP v4?
No.
> 5) Is there a v4 roadmap for the SP product?
The roadmaps of all the products are only in practice deducible from reviewing the Jira backlogs attached to particular versions. If there's no version attached to something, it's not scheduled work.
There is no 4.0.0 in Jira, therefore none planned. There is in fact not even a 3.2 version in there at the moment and only one scheduled issue attached to 3.1.1.
That reflects its status as a piece of software in maintenance mode and not likely to see much else unless it radically changes its form factor or architecture.
-- Scott
More information about the users
mailing list