...
Jetty 10 (Rod/Scott)
https://spring.io/blog/2022/01/05/spring-framework-cve-2021-22060-has-been-published
Ian Young Can Jenkins use parallel builds for
-multi
jobs? Only one executor per worker, of course.Jira Legacy server System JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-1793
Attendees:
Brent
Out for last 2.5 weeks, nothing to report
Will look at OSJ-346. Perhaps there isn’t normative guidance in spec on IssueInstant in Assertions.
Daniel
Nothing to report
Henri
...
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-65 The main reason for the 3.0.3 patch
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-28 Implemented metadata policy merging, as specified by OIDCfed draft - in our case, we need it for merging policies defined in the profile configuration (dyn.reg.) and access token
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-61 Pushed the initial (still a bit incomplete) implementation
Ian
...
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JPAR-186 java-support
,spring-extensions
,java-opensaml
relatively easyIdP harder, requires Spring Web Flow, leading to:
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-1892 We have a ticket https://jira.spring.io/browse/SWF-1750 upstream asking whether this will be ported (no response yet, assuming this isn’t going to happen).
I have a fork at https://github.com/iay/spring-webflow/tree/dev/IDP-1892 which is 90% of the way (remains: POM generation) to building the current SWF under Java 17 and (required for that) Gradle 7.0. This is (probably) the hard part, just using the EE9 APIs should be straightforward at that point… unless there are other dependencies I don’t know about yet.
Aim here is not to build a production stack, but to find out what would block us from doing so. I’d hope most of the actual code I’m writing would be useable long term, but it’s not the primary goal.
Random asides:
This is the first thing I’ve had to do with Gradle. I find myself hating it less than Maven just now. This may just be the optimism of unfamiliarity, but its basic model is better in several ways.
SWF was very out of touch with its build system. If they do update it themselves, they might well not go the same way I did to fix the issues.
...
Mostly maintenance chores: spinning up a new Rocky 8 test instance and dealing with Docker/Podman silliness, SELinux silliness, AWS silliness, etc to re-test cpp-linbuild; updated Amazon Linux 2 image. Still need to re-constitute my rudimentary Jenkins instance on which to hack, and then recall where I was with Fargate-based builders before the holidays.
Marvin
Phil
...
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-30 Message encoders to support query string serialization (GET) and form serialization (POST) for authentication requests.
A factory that returns an encoder based on which type is configured in the profile configuration.
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-35 Mutable objects to help build an OIDC authn (OAuth authz) request.
Improvements to the RP flow up to making authn/authz requests via the controller.
...
Enforcer
Now (using the 3.1-SNAPSHOT) running with up to date and XMLSec friendly data
This includes the
~/.m2/respository
thing for the idp Nightlight (but see https://shibboleth.atlassian.net/browse/
for why this is fragile)Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JMVN-13 Need to do a release of 3.1 for the enforcer and 1.0 of the data soon (preferably before the next release of a distributable)
Logback - prepared the windows jetty-base to ship logback latest logback.
...
Worked on Jetty 10 set up in late Decemberhttps://shibboleth.atlassian.net/browse/
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-65 Ported up to main branch
and dependent workJira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-11 Extending client authentication done, working through token flow changes
Will need additional changes to introspection/revocation flows to add access control (use existing AccessControl layer I hope?)
Leaning to relying on Attribute Resolver somehow to produce scope and audience claims for tokens
...