...
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JSSH-16 Plan on pushing all the updated projects early next week.
All IdP stack + metadata aggregator (just a runtime dep). Missing anything?
Likely some minor odd/ends left, but get the major bits of the refactor into main branches.
Anyone else planning any big commits in that timeframe? We should coordinate to avoid stepping on one another.
Hit a couple of unknown (to me) aspects of HttpClient, interesting to note for the future.
Unconditional retries of failed connections over all resolved DNS entries for hostname, where “failed” includes a TLS handshake failure.
We effectively disable connection pooling reuse in our HttpClientBuilder by default via use of RequestConnectionClose interceptor.
Our TrustEngine-based TLS fails on second and subsequent requests unless this is enabled. Need to see if there is a way to address this.
Were we ever expecting to need or want HTTP/2 support? The HC classic client does not support and “
most likely never will
” per the HC developer.
Daniel
Conflict today, cannot attend.
Henri
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-41 Global exclusion now works and tested for signature validation
Decryption configuration seems to work, but request object logic needs to be improved (see below)
Working on signature signing tests (id_token, JWT access token, userinfo) - spotted one bug with EC keys
Encryption tests with varying configurations still totally missing
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-142 So far OP has only supported the use of RP metadata for security configuration
OP should also exploit the new predicates used by RP (force use of request objects, signing and encryption)
We should also support forcing specific attributes to be included in the request object
...
Extra tests and cleanup for the RP
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-65 The config module is now fully operational as a plugin —I needed to add sub-modules so the assembly of the tar.gz made sense
Basic wiki page up
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-62 Tested
Added include and exclude algorithm checks to the trust engine. The others had it and I forgot.
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-48 This is working out of the config module.
I’ve installed all three plugins (commons, config, and RP) into my running IdP and it is working fine.
I will install the OP snapshot as well to check.
Will release RP 0.10.0 today or Monday, and will host snapshots of oidc-commons and oidc-config on the downloads site (as before, but now with the config).
Nimbus fixed their truncation bug, so I’ve updated commons to the latest version
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JDUO-65
...