Overview
Federation Manager Sequence_7OC - Entity Attribute Handling Overhaul (SA self-service, RA assert any RA-controlled value without asking SA to resubmit metadata)
Technical Debt Targeted
- Update Rails to v5.x and resolve any resulting dependency issues.
Notes
Note: THIS FEATURE REQUIRES that we have automated metadata approval and hard edits for baseline expectations in place.
Note: JG / Would like more information / Refactoring the state-machine needed for some of these requirements
Notes on current state:
Have done quite a bit of work across these sets of deliverables
Have CI, but not CD. Reason: Issues with Shibboleth SP in containers. Most expedient thing would be to go with a vanilla approach - vanilla Ruby on Rails app. There were enough integration issues with the app that focusing on that helped us do CI. Now we need to integrate Shibboleth or something - some kind of SP. Nothing really right fit out there. So Shibboleth is as good a foundation as anything else. MDQ makes this a lot easier - then we don't have to worry about the memory footprint and startup time for the SP. Need prod MDQ. Enhancements in SP 3 also gives us more options that will likely help.
Guesstimate: 2 solid weeks of uninterrupted time for test. Production move would be less. Two weeks for prod. One complication with production is moving the signing process along with the prod FM, or decoupling those things and transporting metadata back to on-prem to sign, as well as all the subsidiary process such as production of the JSON feed that feeds the all-entities / all-orgs beta pages, and the eduGAIN export.
Next step: We will want to change the hostname for the Federation Manager as part of the production move: fm.incommon.org, no /siteadmin. Could make that change any time and point it at the current on-premises service. Can ask TSG to put a long-lived redirect on service1.internet2.edu as well.