Shibboleth Developers

Here's my (slightly) cleaned up notes from the last agenda item on 
today's call... comments and suggestions welcome.

3) Origin Install Fest Checklist -- (see attached)   are there ways 
to insert additional "self-test" steps?

1) Walter -- during the first install fest, there were really only 
three problems that festers encountered:

a) Apache/Tomcat/JK2
b) Client re-negotiation bug (apache 2 bug)
c) Endorsement Issues

Recommendation: after they've installed the platform, tell folks to 
retrieve https://origin/shibboleth/ This should list the directory. 
People could use either a browser or use curl. Note: lack of trailing 
slash causes unpredictable results. This will test that apache, the 
connector, and tomcat are all configured, and working together (to 
some extent).

2) Provide a command line tool that checks origin.xml syntax. Simpler 
than running Tomcat, and doing something to trigger loading the HS 
servlet.

3) If using apache 2, then check for the infamous apace 2 error -- 
walter - use openssl sclient to connect to web server (trigger the 
problem) ; or perhaps java based tool

4) Provide a built in servlet (similar to the one in twiki  -- 
http://cooke.services.brown.edu/twiki/bin/testenv ) that checks a 
variety of things and provides a report in the browser window -- it 
doesn't run Shib; rather it just tests a bunch of things and reports 
the results. Maybe it only works if the hostname in the url is 
localhost?

problem with tomcat endorsement.....  walter -- use a ps command.... 
or a simple builtin servlet check and say whether it can find right 
version

verify that origin announcing right providerId.... this problem 
didn't occur during fest

5) are there origin side PKI problems? or are they solved by having 
everyone use bossie....?