clojure-europe

For people in Europe... or elsewhere... UGT https://indieweb.org/Universal_Greeting_Time
djm 2021-01-08T07:58:50.405600Z

đź‘‹

synthomat 2021-01-08T08:12:42.405800Z

Good morning!

thomas 2021-01-08T08:22:30.406Z

mogge

dharrigan 2021-01-08T08:32:54.406300Z

Hello!

plexus 2021-01-08T08:38:48.406500Z

good morning!

borkdude 2021-01-08T09:25:35.406700Z

morning!

ordnungswidrig 2021-01-08T09:38:25.406900Z

Good morning!

jasonbell 2021-01-08T10:16:45.407100Z

Morning

2021-01-08T10:41:31.407300Z

Morning

simongray 2021-01-08T10:45:44.407600Z

morning

borkdude 2021-01-08T10:49:28.408100Z

Fun babashka script to print API breakage warnings: https://gist.github.com/borkdude/ba372c8cee311e31020b04063d88e1be

❤️ 4
pez 2021-01-08T11:21:52.408500Z

That is pure beauty, @borkdude.

orestis 2021-01-08T14:02:35.409700Z

Morning. I spent the whole day learning about Azure Active Directory, SAML and SCIM provisioning. The corporate world is so complex at times, but if you have 10000 employees to manage I guess it’s a hard problem to solve.

slipset 2021-01-08T14:55:29.410400Z

@orestis I really want to get going on SCIM, it looks like it would solve some use cases for us.

slipset 2021-01-08T14:55:50.410900Z

SAML, in my experience has been quite ok to work with.

slipset 2021-01-08T14:57:05.411800Z

If I were to do our saml stuff now, I would very much considered using one of the java libs, like the stuff from one-login or whatever4j, eh pac4j

simongray 2021-01-08T15:25:18.419800Z

I looked into SAML recently too and ended up making a mini-library for Pedestal to spawn SAML-authenticed web services. It just uses the metabase saml20-clj lib (which uses whatever library shibboleth-sp uses). I initially looked at Shibboleth-sp, but my brain starts taking an unplanned vacation whenever I start reading the documentation of a big Java project. Also, personally, whenever I have to start making lots of XML files and replicate certain folder structures to get basic functionality, I feel like I’m erasing important connections that would otherwise exist in my code. I tried integrating my prototypical SAML service with a Danish IdP just before Christmas and everything worked great! Hadn’t heard about SCIM - will need to check it out. My SAML studies did make me aware of OpenID connect which is apparently some standard that is equivalent to SAML, but more recent and more friendly towards API login flows or something.

orestis 2021-01-08T15:31:44.421800Z

I’ve used the metabase saml library for a proof of concept. I will need to do a full review and perhaps an internal security review first though. The moment we pull the trigger on re-doing our SSO work we’ll probably do a more thorough review of things like pac4j too — but I share @simongray’s vacation brain when I’m looking at big Java projects.

orestis 2021-01-08T15:34:33.423Z

SCIM is not equivalent to SAML; it’s a protocol for a directory to synchronise users and groups to another. For example Active Directory would periodically call various rest-like HTTP endpoints on our server to add/update/remove users and groups.

đź‘Ť 1
orestis 2021-01-08T15:35:39.424100Z

@slipset there’s a clojure library that implements the SCIM patch semantics. I only care to implement Azure AD compatibility for now so I might release a tiny library that just cares for that, probably a set of ring handlers or perhaps even lower level.

slipset 2021-01-08T15:36:10.424400Z

ohhhh, that would be very interesting.

slipset 2021-01-08T15:37:15.425300Z

@orestis we’re using the metabase saml lib, which is a lot better in v2 than in v1 (or whatever the previous was)

simongray 2021-01-08T15:37:36.425500Z

Also using v2 here.

orestis 2021-01-08T15:38:33.426600Z

Yeah clj-saml v2 seems small enough to actually read through entirely. The heavy lifting is done via some java lib anyway.

slipset 2021-01-08T15:38:34.426700Z

FYI, I added a PR to onelogins java SAML stuff, so it should in theory be possible to use that relatively simply from JAVA.

slipset 2021-01-08T15:39:22.426900Z

https://github.com/onelogin/java-saml/pull/285

slipset 2021-01-08T15:40:16.427600Z

I haven’t followed clj-saml closely the last couple of months, but there are still some “problems” with it.

slipset 2021-01-08T15:40:32.428Z

Not that serious, but still things that should be fixed for it to be rock solid.

orestis 2021-01-08T15:41:15.428400Z

We should put some TLC on those libraries.

orestis 2021-01-08T15:41:38.429Z

We’re committed to do SCIM in first half of 2021 so probably someone from Nosco is going to be working in that space.

slipset 2021-01-08T15:41:55.429700Z

https://github.com/metabase/saml20-clj/issues/48 comes to mind.

simongray 2021-01-08T15:42:17.430200Z

This bug is really annoying too: https://github.com/metabase/saml20-clj/issues/27

slipset 2021-01-08T15:43:14.431200Z

Cam was very responsive and quick when I first approached him with the problems in the version 1, then it seems as if he got other priorities.

slipset 2021-01-08T15:43:31.431600Z

he basically rewrote the lib over a weekend.

simongray 2021-01-08T15:43:55.432100Z

Looking at his github profile, seems like he’s doing all of the Clojure development at the company…

slipset 2021-01-08T15:44:13.432500Z

Not really, there are others, like Simon Belak, and some others.

simongray 2021-01-08T15:44:46.433200Z

Still, seems like he’s got his hands full 🙂

slipset 2021-01-08T15:44:55.433500Z

That I believe.

slipset 2021-01-08T15:45:08.433900Z

Anyways, dinner time, have a great weekend!

simongray 2021-01-08T15:45:21.434100Z

you too

orestis 2021-01-08T15:50:37.434400Z

Same here. God weekend!

simongray 2021-01-08T15:52:37.434600Z

God weekend 🙂

thomas 2021-01-08T20:32:00.434800Z

good night...