IRC Logs for #circuits Saturday, 2017-02-11

GitHub86[circuits] spaceone closed pull request #224: Add HTTP 308 moved permanently (RFC 7538) (master...patch-3) https://git.io/vD2SQ22:15
GitHub65[circuits] spaceone pushed 1 new commit to master: https://git.io/vDwlq22:15
GitHub65circuits/master 351410d Jim Scarborough: Add HTTP 308 moved permanently (RFC 7538) (#224)22:15
spaceoneprologic: apollo13: I implemented a SAML service provider library in circuits.http22:37
spaceonehttps://github.com/spaceone/circuits.http/commit/7730f9eb16a87d2975ca93323fe575e7bd27dd9f22:37
apollo13holy shit, that is all saml needs?22:38
apollo13I thought it would be a more complex beast22:38
spaceonewell, the identity provider is more complex22:38
spaceoneof course this uses the library pysaml222:38
spaceonehttps://github.com/spaceone/circuits.http/blob/master/circuits/http/server/saml/service_provider.py22:39
spaceonemaybe one day i have enough time to also implement a identity provider22:40
apollo13Imo there are already plenty of tools out there for that22:40
apollo13unless you are bored :D22:40
spaceonei don't recommend to use it currently because pysaml2 uses xmldsig which is currently culnerable to XEE attacks22:41
apollo13I wanna try http://keycloak.jboss.org/22:41
spaceonei want to implement oAuth as well22:42
apollo13ah it uses libxmlsec, then defusedxml will obviously not help either :D22:42
spaceoneSAML needs cookies, and i hate cookies22:42
apollo13?!22:42
apollo13how are you going to track login status if not with cookies22:42
spaceonei personally always use http authentication22:43
apollo13a well, UX sucks there22:43
spaceoneUI?22:43
spaceonethats what i hate at the W3C22:43
apollo13well I can keep around the UI, but UX is horrible (user experience)22:43
spaceonethey care about how buttons look but not that you can add a simple login dialog in your website22:43
apollo13if you do oauth: oauthlib is quite good22:44
spaceoneokay22:44

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!