Shibboleth Developer's Meeting, 2019-08-02
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 16th. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
(Rod)Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1472 - Do we have a definitive list (of characters to bar)
- What to do about Transcoders (is their work to map bad characters)?
(Rod)Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1181 - See my summary
- Where do we want fast fail to end up?
- Jetty version. This is still pinned to 9.2
- Empirically the CAS tests run ok with 9.3
- The testbed documentation Explicitly says 9.3 Does 9.4 work? Can this page be made formal?
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1304
...
- 10 days off, no progress.
- Will continue or start
: Deeper investigation and testing of the flow execution listener CSRF protectionJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1191
: add a SameSite servlet filter to add SameSite=none cookie attribute to the IdP session cookie.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1476 - Add a test that checks the/a container does not allow session id’s in URLs when configured not to - as is the case in Jetty < 9.4.12.v20180830.
...