Shibboleth Developer's Meeting, 2021-02-05
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-02-19. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- AWS permissions
- New Duo plugin release for testing?
- 4.1 schedule
- when do we need all the JDKs and AMIs in CI ? (Tom)
- when do we freeze Jetty ? (Tom)
Attendees:
Brent
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-75 - This turned out to be very easy
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-118 - Done, although still chewing over whether should by default support ~30 legacy curves that SunEC currently supports, but which are deprecated and require a system prop in Java 15+. Leaning towards yes.
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-82 - Not quite done on this yet, sidetracked on other things. All that remains is EncryptionParametersResolver.
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-328 - Pretty sure Scott is right about race condition. Actually more worried about the related conditions in LazyList, etc.
...
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-17 - All done: Java, XML-namespaces and profile identifiers
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-22 - oauth2-oidc-sdk from 7.1.1 to 8.33 to 9.0
- nimbus-jose-jwt from 8.8 to 9.4.1
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-19 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-11 - Do we want to support OAuth2 flows not involving end-users?
- Had a meeting with a member using Shibboleth as IdP and OP, together with an OAuth2 AS
- Testing plan
- Make pre-releases of oidc-common and OP
- Install them via plugin installer (via remote endpoint)
- Start running OIDC certification tests against the instance
Ian
John
- Took another pass at producing a Docker image for SLES. Got further than the first try, but mainly succeeded in discovering subsequent problems to solve.
- Began adding support for Amazon Linux.
Marvin
Phil
- Various oidc-common and Duo plugin changes
- surfaced oidc-common as a plugin and single module. Created a BOM for import.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JCOMOIDC-9
- bumped oidc-common to the very latest Nimbus libs. Henri completed that work on the OP.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JCOMOIDC-10
Move JWT claims validation to a new framework in oidc-commonJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-28
- delegated signature validation functions to oidc-commonJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-29
- Asked for help testing the Duo plugin on the Jisc-Shib list - no response yet.
...