Shibboleth Developer's Meeting, 2020-06-05
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-06-19. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- PKIX root behavior
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1583 - Opening up master branches
- Ian Young's thread safety thing, see below
Attendees:
Brent
Daniel
Henri
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-5 - MDDriven profile configurations working as expected
- Will check with
next weekJira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1608
- Will check with
- Added ClientSecretReferenceKey -element to the schema
- Simple resolver interface extending Resolver<String, CriteriaSet>
- Initial implementation for Properties resource
- How to make it refreshing whenever metadata provider is refreshed?
- Other implementations? Perhaps HTTP (using the approach from HTTP data connector)?
- MDDriven profile configurations working as expected
...
- IdP release using two docker images worked well. The second image was used for building site under JDK14 to fix the search apidocs bug.
- Modified Javadoc plugin seemed to do it's its job - drawing a line under that for now, and I did not need to swear.
- It can be a bit slow when generating site (Javadoc), just make sure to build inside the container.
- Detailed instructions on Ian's Github page for all these things.
- Duo 2FA OIDC plugin
- I have not provided too much input to Rod's plugin work the past few weeks as just trying to get the flow together.
- Would hope to reengage later on when I actually need it to work as a plugin.
- Using a Spring Controller to handle the external call and callback - a bit like the SAML proxy controller.
- Was debating whether to actually encode the webflow execution key in the State parameter alongside a CSRF type nonce?
- Otherwise stored outside the webflow conversation and inside the HttpSession - assuming the redirect_uri does not become an option i.e. Duo not being strict on dynamic query params.
- Was debating whether to actually encode the webflow execution key in the State parameter alongside a CSRF type nonce?
- I have not provided too much input to Rod's plugin work the past few weeks as just trying to get the flow together.
...