...
Following Scott’s lead on CSP in the RP and commons. Both should be done in branches.
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDCRP-49 Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-90
Some follow-up to Scott’s null cleanup on oidc-commons
Thanks for all that work, plenty of null issues in commons sadly.
Work on WebAuthn authentication plugin
Basic structure in place for an admin flow for registration and an authentication flow for err. authenticating.
Operating inside the MFA flow.
Longer term can be the first and only factor, or 2nd-factor
Shorter term it allows authentication flow selection, useful for the admin flow when you first need to register a key — but ‘password’ fallback is pointless long term, so this is just for testing.
Battling with Yubico’s JavaScript libraries to convert JSON credential creation and authenticat/authentication requests that come from the server into something compatible with the webauthn apis.
Rod
Releases for jetty x.0.17 (IdP 4.3.1.4, JettyBase 11.0.18, plus supporting jetty-base jars)
Enforcer releases
Moving towards closure (one way or another) on
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key GEN-330
(installers are weird)Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key SSPCPP-982
...