Shibboleth Developer's Meeting, 2019-08-02
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 16th. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.
AGENDA
(Rod)Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1472 - Do we have a definitive list (of characters to bar)
- What to do about Transcoders (is their work to map bad characters)?
(Rod)Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1181 - See my summary /wiki/spaces/DEV/pages/1172340769
- Where do we want fast fail to end up?
- Jetty version. This is still pinned to 9.2
- Empirically the CAS tests run ok with 9.3
- The testbed documentation Explicitly says 9.3 Does 9.4 work? Can this page be made formal?
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1304
Brent
- Were there any additional requirements for this?Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-187
- Just a little left to doJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1461
Daniel
Henri
- Offline for July, now getting back into business
- Plan is to continue with the SAML metadata for OIDC RPs (Wiki page)
Ian
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-279 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JSPT-91 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key INFRA-223 - FYI: CentOS 8 team now report that they are "working" on RC.
...
- 10 days off, no progress.
- Will continue or start
: Deeper investigation and testing of the flow execution listener CSRF protectionJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1191
: add a SameSite servlet filter to add SameSite=none cookie attribute to the IdP session cookie.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1476 - Add a test that checks the/a container does not allow session id’s in URLs when configured not to - as is the case in Jetty < 9.4.12.v20180830.
...
- Do we care about reloading metadata providers at depth > 1 (this thread)
- Installation
- Technologies? Our requirements are fixed, but there must be a better least worst technology
- Greater user control.
Scott
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-280 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1391
Tom
- AWS work continues
- worked through : Java updates, resizing storage, OS updates
- working on integration-tests multi-config jobs (Jetty 9.3/9.4 for IdPV3/V4)
- leaning towards one-Java-per-OS in AWS
- just easier to update on Linux
- i.e. run Amazon Linux rather than install Coretto on RedHat/CentOS
- Windows ?
- just easier to update on Linux
- rationalize Jenkins with Java Distributions
- AWS TODO :
- IAM setup
- scripting
...