Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJSSH-16

    • Plan on pushing all the updated projects early next week.

      • All IdP stack + metadata aggregator (just a runtime dep). Missing anything?

      • Likely some minor odd/ends left, but get the major bits of the refactor into main branches.

      • Anyone else planning any big commits in that timeframe? We should coordinate to avoid stepping on one another.

    • Hit a couple of unknown (to me) aspects of HttpClient, interesting to note for the future.

      • Unconditional retries of failed connections over all resolved DNS entries for hostname, where “failed” includes a TLS handshake failure.

      • We effectively disable connection pooling reuse in our HttpClientBuilder by default via use of RequestConnectionClose interceptor.

        • Our TrustEngine-based TLS fails on second and subsequent requests unless this is enabled. Need to see if there is a way to address this.

    • Were we ever expecting to need or want HTTP/2 support? The HC classic client does not support and “most likely never will” per the HC developer.

Daniel

  • Conflict today, cannot attend.

Henri

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-41

    • Global exclusion now works and tested for signature validation

    • Decryption configuration seems to work, but request object logic needs to be improved (see below)

    • Working on signature signing tests (id_token, JWT access token, userinfo) - spotted one bug with EC keys

    • Encryption tests with varying configurations still totally missing

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-142

    • So far OP has only supported the use of RP metadata for security configuration

    • OP should also exploit the new predicates used by RP (force use of request objects, signing and encryption)

    • We should also support forcing specific attributes to be included in the request object

...

  • Extra tests and cleanup for the RP

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-65

    • The config module is now fully operational as a plugin —I needed to add sub-modules so the assembly of the tar.gz made sense

    • Basic wiki page up

    Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-62

    • Tested

  • Added include and exclude algorithm checks to the trust engine. The others had it and I forgot.

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-48

    • This is working out of the config module.

    • I’ve installed all three plugins (commons, config, and RP) into my running IdP and it is working fine.

      • I will install the OP snapshot as well to check.

  • Will release RP 0.10.0 today or Monday, and will host snapshots of oidc-commons and oidc-config on the downloads site (as before, but now with the config).

  • Nimbus fixed their truncation bug, so I’ve updated commons to the latest version

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJDUO-65

...