Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Rod: Installler /

    Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyIDP-2073
    Some questions about downloading the next IdP version as enumerated here

  • Rod: Installer /

    Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyIDP-2107

    • Do we want to generate metadata in the installer or point people at the plugin?

    • How much do we want to do for backchannel and for SAML1 (bearing in mind that the driver for this is still The windows installer and some federations with significant SAML1 presence)

  • IdP V5 schedule

    • “Most” remaining work seems to be plugin porting, installer, and testing

    • Maybe September for a beta and October release?

Attendees:

Brent

  • On holiday this meeting and next, if it remains 2023-06-16

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyOSJ-362

    • Have implemented most of what is outlined in the issue.

    • Still pending is 1) new/updated unit tests 2) sorting where/how the IdP function for the recipients is defined and will get injected into this new design.

Daniel

Henri

Out.

Ian

  • New Guava release: https://github.com/google/guava/releases/tag/v32.0.0

    • Jira Legacy
      serverSystem JIRA
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJPAR-219

    • New keys!

  • New plugin dependency keys, too.

  • Java 21 enters Rampdown Phase 1 2023-06-08.

  • Debian 12 releases 2023-06-10.

...

  • Very deep in installer space

    Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyIDP-2105

    • The Installer, plugin & module code is in a state of flux

  • Refactoring Plugin Installer bugs fixed

    • for

      Jira Legacy
      serverSystem JIRA
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyIDP-2073

    • multiple bugs found and fixed

  • Much of the discussion in JIRA, so go there for more details.

    • Some open questions in the agenda.

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyIDP-2121

  • Played with moving a plugin up to Java17.

    • Should I write up a how to? (frequent pitfalls and so on)

  • And not losing sight of module/plugin metrics

Scott

  • Testing and cleanup from module changes

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyIDP-2082

    • Added a timer around batch metadata refresh (tried to limit to actual “new” fetches)

    • Adjusted how we name the metadata metrics to avoid class name leakage, but added control of names to config schema

    • Added per-profile counters using a bean at the top of every flow

    • Added a map of counters for every relying party configuration (emulating Brent’s approach to avoid race conditions around service reload)

    • TBD work on exposing “effective” config settings for a request from a given SP

  • Other backlog

Tom

  • OIDC OP tests

    • made some progress

      • looking into running both the RP / conformance suite and the IdP via Docker + Docker Compose

        • mostly because of the networking between the RP and OP

        • also set up an RP using the Rocky Linux Docker image + mod_auth_openidc

        • not sure at the moment how to start / stop the Docker containers via Java in the tests (probably using a Java Process just like the Servlet containers)

  • V5 integration tests

    • need to update tests for installer changes (command line options instead of system properties)

      • Ian - iay/shibboleth-idp-docker will need changes too I think

  • idp-jetty-base

    • for the 10, 11, and 10-windows branches the dta-ssl JAR is always loaded (via the ext directory / module)

      • probably should change the idp-backchannel.mod Jetty module to not use ext/ to load the JAR

        • meaning the backchannel will be fully disabled by default

  • as a deployer : starting to look into Loop Detection

    • while monitoring graphs derived from metrics, noticed some usage spikes / chunks
      (appears to be loading the Azure login page as part of SAML proxy)
      with URLs like “…e547s1…”

...