Versions Compared

Old Version 11

changes.mady.by.user Philip Smart

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This week's call will use the Zoom system at OSU, see announcement for access info.

AGENDA

  1. RH7 EOL implications:

    1. SP packages don’t currently build because we used the decomm’d CentOS 7 repos to build them

    2. John will spend limited time investigating that, and/or look at making a RH7 build possible to allow continued unsupported builds of the packages there.

Attendees:

...

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-200

    • Currently no known issues, initial profile documentation at OPPushedAuthorization

    • Jira Legacy
      serverSystem Jira
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-212

    • Jira Legacy
      serverSystem Jira
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-214

    • Jira Legacy
      serverSystem Jira
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-217

      • In short: with OAuth2 authorization requests, only use request object parameters. In OIDC, request object + query parameters can be merged.

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-201

    • Fine-tuning the refresh token sequence (differs a bit between confidential and public clients)

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-115

    • Breaking change in Nimbus API makes old oidc-common (with Nimbus v10) incompatible

    • Jira Legacy
      serverSystem Jira
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-210

    • Should we make the upcoming idp.oidc.common.6 -module incompatible with the previous ones? IMHO it’d need patching for RP and Duo too in order to support new commons too? Or is it satisfactory to document that if a deployer updates the commons-module, also OP needs to be updated?

Ian

  • RHEL 7, CentOS 7 and Debian 10 are now EOL.

John

  • Fixed centos7 build on ARM

  • Updated all Docker images to latest available

    • centos7: N/A

    • centos8: N/A

    • amazonlinux2: 2.0.20240620.0

    • amazonlinux2023: 2023.5.20240624.0

    • rockylinux8: 8.10.20240528

    • rockylinux9: 9.4.20240523

    • rhel7: 7.9-1445

    • rhel8: 8.10-901.1717584420

    • rhel9: 9.4-1123

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keySSPCPP-987

    • Drafted patch. Passed smoke test. Still need to check on other platforms.

Marvin

Phil

  • WebAuthn Beta announced.

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-13
    - turn off signature counter updates if you wanted to limit storage service writes.

  • Jira Legacy
    serverSystem Jira
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJWEBAUTHN-16
    - I completely forgot auditing of any kind. Easy to add to the authentication flow, more work to add to the admin flows. Almost there.

...