...
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JSSH-16 Plan on pushing all the updated projects early next week.
All IdP stack + metadata aggregator (just a runtime dep). Missing anything?
Likely some minor odd/ends left, but get the major bits of the refactor into main branches.
Anyone else planning any big commits in that timeframe? We should coordinate to avoid stepping on one another.
Hit a couple of unknown (to me) aspects of HttpClient, interesting to note for the future.
Unconditional retries of failed connections over all resolved DNS entries for hostname, where “failed” includes a TLS handshake failure.
We effectively disable connection pooling reuse in our HttpClientBuilder by default via use of RequestConnectionClose interceptor.
Our TrustEngine-based TLS fails on second and subsequent requests unless this is enabled. Need to see if there is a way to address this.
Were we ever expecting to need or want HTTP/2 support? The HC classic client does not support and “
most likely never will
” per the HC developer.
Daniel
Conflict today, cannot attend.
Henri
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-41 Global exclusion now works and tested for signature validation
Decryption configuration seems to work, but request object logic needs to be improved (see below)
Working on signature signing tests (id_token, JWT access token, userinfo) - spotted one bug with EC keys
Encryption tests with varying configurations still totally missing
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-142 So far OP has only supported the use of RP metadata for security configuration
OP should also exploit the new predicates used by RP (force use of request objects, signing and encryption)
We should also support forcing specific attributes to be included in the request object
...