...
Rod Widdowson Philip Smart Site builds (which generate java doc and run weekly) x Nightly builds (which consume javadoc) x version revision == broken nightlys
Maven Central Repository - see my (Tom) section below for details - do we want to :
(a) publish our repo URL in the POM and maintain long-term / forever-ish ? in a profile not activated by default ?
or (b) remove from POM and publish our repo URL in the wiki as documentation for developers to add to ~/.m2/settings.xml ? (that’s my suggestion)
Quick q: did/do we intend to remove the jvmTrust option for LDAP authentication?
Quick item I will be taking to the Board
Add items for discussion here
Attendees:
Brent
https://shibboleth.atlassian.net/browse/IDP-1874
Working on putting together the lower-level bits for the attribute query, based on work we did for artifact resolution
Daniel
Henri
https://shibboleth.atlassian.net/browse/JOIDC-21
Quite a few iteration rounds of metadata policy resolution with the new resolver structure in oidc-commons
Finally an initial version of the extended dynamic registration profile configuration with metadata policy resolved from a file (wired together via postconfig.xml)
Will create new (sub)tickets to oidc-commons and OP regarding this metadata policy concept
Ian
John
Slowly getting back into the Fargate/Jenkins work
Looking into possible yum-related improvements to avoid repeated contacts to upstream repos
Marvin
Phil
Still https://shibboleth.atlassian.net/browse/JCOMOIDC-23
Implemented a number of changes thanks to feedback from Henri Mikkonen .
He has some very early success using it for Metadata Policies.
Is messy to XML-wire given all the strategies and how general it is, but parent bean config helps.
Made small steps with OIDC-RP.
Will have lots more time w/c 15th Nov. for the foreseeable.
Rod
Busy elsewhere
OpenSSL3 https://shibboleth.atlassian.net/browse/SSPCPP-946 & testing
Next stage sig checking- work mostly understood. Pending https://shibboleth.atlassian.net/browse/JPAR-195
Questions about https://shibboleth.atlassian.net/browse/IDP-1874 & https://shibboleth.atlassian.net/browse/IDP-1877
...
Scott
Santuario release done (and done again)
Bumped log4shib to fix some modern compiler issues
Most of SP work is done unless I can think of something else to actually deprecate (vs. all the stuff I really want to deprecate)
Tested cpp-linbuild process successfully
IdP odds and ends
Tom
Maven Central :
Looks like we will not publish artifacts to Central due to indemnity clause in ToS :
My priority Priority is to firewall our Nexus instance and host our repo via Apache at :
https://build.shibboleth.net/maven
for backwards compat with our POMs will need to redirect
https://build.shibboleth.net/nexus/content/groups/public
to
https://build.shibboleth.net/maven/releaseshttps://build.shibboleth.net/nexus/content/repositories/snapshots
to
https://build.shibboleth.net/maven/snapshotshttps://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots
to
https://build.shibboleth.net/maven/thirdparty-snapshotsand remove thirdparty/ when “Rod’s Rules” are in place
As to whether someone else publishes to Central (for us), I think they would need to indemnify us but we do not really exist (as a legal entity).
Looking for confirmation - technical details in the agenda above.Making some progress running Nexus/Jenkins in ECS/Fargate using Docker Compose (which wraps CloudFormation) - is that ok ?
Plan is to use docker-compose.yml as infrastructure-as-code, open to alternatives (awscli, AWS console, Terraform) but this seems simplest / easiest.
Working through IdP browser tests in Jenkins with Jetty 9.4 versions (a) up to 9.4.43 as well as (b) 9.4.44 and up (conditional build step to inject idp-jetty-base version)
...