Shibboleth Developer's Meeting, 2021-05-07

Brent

Daniel

Henri

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-44

  • Deep dive into the attribute registry & transcoders

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JCOMOIDC-19

  • In practise the Nimbus release-cycle means that if we need a bug-fix, it's always a minor update for us 

• Jira Legacy
  server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-42

  • About half is done with the latest Nimbus dependencies, I don't foresee issues

...

• cpp-linbuild
  
  • Can generate manifests of RPM/SRPM products
  • Working on signaling first-level dependencies from Makefile to build script
  • Planning to use local repos to resolve second+ level dependencies
  • Overarching goal is to shift from per-component/per-platform build script to generic build script
  • Updated Amazon Linux 2 Docker image to latest (20210326)

Marvin

Phil

• Minor plugin changes.
  • Jar sealing
  • DuoOIDC plugin updates to support the latest Duo WebSDKv4
  • Removed retrofit and okhttp from the IdP (java-parent) and added them to the DuoOIDC plugin package. Looking at releasing this as 1.1.0, but only after the next version of the IdP is released.
    • Any security issues for v 1.0.0 can go into a 1.0.x release. 
• Some plugin download location and version testing
• Started looking at PrivacyIdea
  • Pretty cool, most auth token mechanisms sit behind a three 'mode' API facade (as Scott previously mentioned). 
  • Have it set up and enrolling various security keys. Interested in the webauthn function - but there are plenty of auth token options.
    • Even with the facade, there are still some differences (client-side) for some of the methods.

...