...
Are we ready to bump Jenkins agents to latest Maven 3.8.6 ? (Tom)
(Tom)Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JPAR-197 (Phil & Henri) oidc-commons branch merging, testing, and eventual release
Attendees:
Brent
Jira Legacy server System JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key OSJ-360 Done, after figuring out some pesky policy OID stuff.
Users list question about Veracode, EC named curves implies: Should we consider a security policy layer that blocks “weak” keys from being used (as opposed to weak signing/encryption/other algorithms)?
Daniel
Henri
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-127 The sid claim is required for the logout feature
Fairly simple to implement, but API-module changes cannot be avoided
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-128 Currently the authorize flow hardcoded to decode OIDC authentication requests
Prototyping with a decision-state before decoding request:
if the scope-parameter contains openid, it’s OIDC authentication request
OAuth authorization request otherwise
Refactor SWF actions / functions into using OIDC only when really OIDC-specific
...