Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2019-08-02

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 16th. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1472
     (Rod)
    • Do we have a definitive list (of characters to bar)
    • What to do about Transcoders (is their work to map bad characters)?
  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1181
     (Rod)
    • See my summary 
    • Where do we want fast fail to end up?
  • Jetty version.  This is still pinned to 9.2
    • Empirically the CAS tests run ok with 9.3
    •  The testbed documentation Explicitly says 9.3  Does 9.4 work?  Can this page be made formal?
    • Jira Legacy
      serverShibboleth JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId180d847f-bce4-36b2-9964-771bff586829
      keyIDP-1304

...

  • 10 days off, no progress.
  • Will continue or start
    • https://issues.shibboleth.net/jira/projects/IDP/issues/IDP-1191
      Jira Legacy
      serverShibboleth JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId180d847f-bce4-36b2-9964-771bff586829
      keyIDP-1191
       : Deeper investigation and testing of the flow execution listener CSRF protection
    • Jira Legacy
      serverShibboleth JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId180d847f-bce4-36b2-9964-771bff586829
      keyIDP-1476
       : add a SameSite servlet filter to add SameSite=none cookie attribute to the IdP session cookie.
    • Add a test that checks the/a container does not allow session id’s in URLs when configured not to - as is the case in Jetty < 9.4.12.v20180830.

...