Page Comparison

...

Move to Amazon Corretto 17 to build Site? Have been using OpenJDK 15 to overcome the search.js bug in 11, but as that is EOL it makes sense to move to a supported version.
- Tested it with Ian using his Docker image, works well.
- Ian: The amazoncorretto-17 image is new and intended for IdP v5 et al; moving to it for this would allow us to zap the openjdk-site image.
Any reason not to move our minimum of maven to 3.8.4 (
Jira Legacy
server System JIRA
columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key GEN-308
)?
Thread-local storage risk on new containers? https://github.com/eclipse/jetty.project/issues/6973#issuecomment-940017697

Attendees:

Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JCOMOIDC-41
- pushed some draft code up to dev branch, comments in the ticket
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key OSJ-347
- Unit tests in OpenSAML and IdP are updated to use InCommon MDQ server and MDQ server on http://test.shibboleth.net is shutdown.
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key OSJ-334
- Done.

Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDC-72
- Initial version done: the claims that are included in the metadata policies (via profile config or access token) are stored
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDC-21
- Initial version of the issue-registration-token admin-flow and CLI pushed
  - Opaque access token only for now - security configuration wiring for JWT access tokens was not trivial
- TODO:
  - Try different AdminFlow authentication approaches in practise
  - Wire authentication metadata (acr, principal) to the registration access token
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDC-76
- In principle it seems to be possible to add filter-mappings dynamically via ServletContextInitializer

Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JCOMOIDC-40
- Have something for decoding unscoped strings. Will review and push next week. Other info in the ticket.
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDCRP-10
- Switching the arbitrary client metadata method of registering RP->OP config, to RP profile config.
Other
- UserInfo claims lookup, validation, and merge with id_token claims done.
  - Should support Plain JSON UserInfo response objects along with signed and or encrypted JWTs - when I plugin the TrustEngine.
- Added attribute filtering after transcoding to the validation stage before claims are exposed as Attribute Principals to the wider IdP.
- I will work with Tom soon to add RP to Jenkins.
- Might need a new Git repo for the SWF test classes that are now shared between the Duo plugin and the RP plugin. Something like java-spring-webflow-tests
  - Although it might not be useful to other plugins

Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDC-11
- I think functionally complete at this point, including encryption
- Cleaned up some bad design choices, think this will extend naturally to the code grant
- Settled on client as requester, token audience as proxied requester for consistency with OIDC
Added support for authenticated, unverified use of introspection/revocation
Long term think we should continue pushing toward authenticated, unverified clients for OIDC as well