Shibboleth Developer's Meeting, 2020-06-19
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would will be Friday 2020-07-04. Any reason to deviate from this?17 due to the US vacation around the 4th.
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.
AGENDA
CVE-2017-17485 - don't think V3 is strictly vulnerable but we need to verify - should review for any other Jackson vulns since
- IBM DID demo/presentation at their request at 11am EDT
Attendees:
Brent
- Coded up most of the bits, just need to decide on the default strategy, and whether we need strategy plugability vs just on/off.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-304
Daniel
- Nothing for today
Henri
Ian
- Java 15 is now in "rampdown phase one", i.e., mostly feature frozen.
- Nashorn removal: Rod has most of this covered already, but a couple of test dependencies required:
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JSE-37 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-320 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-10
- Sun EC provider partially disabled:
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-319
- Haven't tried integration tests yet.
- Honestly, not as much as I expected (for which all credit to Rod for the work he's done already).
- Nashorn removal: Rod has most of this covered already, but a couple of test dependencies required:
...
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1588 - How to add a plugin to the testbed for 'real' integration testing. Documented (not a lot) here PluginTestbedGuidance so far.
- One obvious thing; is there a better way to 'mixin' plugin POMs to test rather than directly in the testbed POM.
- Does work end-to-end, but nowhere near finished.
- Where/how to register an MVC controller for a plugin which a) uses annotations and b) requires beans from the spring application context (which it shares with SWF beans). The answer to make it work is in the mvc-beans.xml file, but that is not something a plugin can do.
- Rod has pointed me to the postconfig stuff, will look at that.
- Probably gone beyond their SDK JavaDocs and README file in terms of understanding their 'protocol' or at least their model objects. If possibly to kindly ask for any additional formal docs they have.
- POM cleanup advice from Rod.
- How to add a plugin to the testbed for 'real' integration testing. Documented (not a lot) here PluginTestbedGuidance so far.
...
- Renaming questionable settings - mostly done I think except docs
- Added a new bean that can monitor an application context for bean definitions to deprecate
- Various 4.1 features and bugs
- Ongoing documentation fixing
- Working on "Hello World" admin flow for out of the box testing of authentication and attribute settings, and debugging error handling
- Enhanced conditional resource class to support alternative "default content", allowing "conditional" scriptlets
- We could use this to scatter around ScriptedAction exits in many places if we wanted
- Access to PrivacyIdea code from SWITCH
Tom
- busy with other stuff
- will swap in consent
Other