Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2020-06-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-06-19. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.


AGENDA

  1. PKIX root behavior
  2. Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1583
  3. Opening up master branches
  4. Ian Young's thread safety thing, see below

Attendees:


Brent


Daniel


Henri

  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJOIDC-5

    • MDDriven profile configurations working as expected
      • Will check with 
        Jira Legacy
        serverShibboleth JIRA
        serverId180d847f-bce4-36b2-9964-771bff586829
        keyIDP-1608
         next week
    • Added ClientSecretReferenceKey -element to the schema
      • Simple resolver interface extending Resolver<String, CriteriaSet>
      • Initial implementation for Properties resource
        • How to make it refreshing whenever metadata provider is refreshed?
      • Other implementations? Perhaps HTTP (using the approach from HTTP data connector)?

...

  • (Maybe an agenda item) Thread safety is hard:
    • Arises through 
      Jira Legacy
      serverShibboleth JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId180d847f-bce4-36b2-9964-771bff586829
      keyMDA-242
      ; full discussion there.
    • A lot of things we say are @ThreadSafe really aren't, although they are mostly @ThreadSafeAfterInit and other things probably conspire to mean we're probably OK in practice. This makes me uncomfortable.
    • It's not possible even in principle to make most things truly @ThreadSafe because of 
      Jira Legacy
      serverShibboleth JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId180d847f-bce4-36b2-9964-771bff586829
      keyJSPT-97
      .
    • We could fix that (and I think we should, see this commit) but that wouldn't address all the issues, just make it possible to do so for cases we care most about.
    • Beyond that, I don't think really nailing this down is going to be felt to be worthwhile, but we might want to document some assumptions and change some annotations anyway.
  • Building from Docker containers: iay/shibboleth-build-docker seems to work

Marvin


Phil

  • IdP release using two docker images worked well. The second image was used for building site under JDK14 to fix the search apidocs bug.
    • Modified Javadoc plugin seemed to do its job - drawing a line under that for now, and I did not need to swear. 
    • It can be a bit slow when generating site (Javadoc), just make sure to build inside the container.
    • Detailed instructions on Ian's Github page for all these things.
  • Duo 2FA OIDC plugin
    • I have not provided too much input to Rod's plugin work the past few weeks as just trying to get the flow together.
      • Would hope to reengage later on when I actually need it to work as a plugin.
    • Using a Spring Controller to handle the external call and callback - a bit like the SAML proxy controller. 
      • Was debating whether to actually encode the webflow execution key in the State parameter alongside a CSRF type nonce? 
        • Otherwise stored outside the webflow conversation and inside the HttpSession - assuming the redirect_uri does not become an option i.e. Duo not being strict on dynamic query params.


Rod

  • Mdolue instalation stalled for want of hours in a day
  • Built VM soley to do windows installer builds
  • What to do about Java7/8 on Windows and the multi tests?
  • Am about to have to install Visual Studio 2019.  Do we want to think about this for SP 3.2 (givn given we that it may impact on our dependencies)

...