Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Merged repo: reactions and timescales (Ian Young)

  • Thoughts on opensaml-spring

Add items for discussion here

Attendees:

Brent

Daniel

  • Merging ldaptive v2 into IDP v5

    • waiting until v5 main branch work settles down

Henri

The current non-resolved issues for OP 3.2:

  • Regarding refresh tokens:

    • Jira Legacy
      serverSystem JIRA
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-90

    • Jira Legacy
      serverSystem JIRA
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJOIDC-92

    • Almost there, some final polishings / documentation to do

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-6

    • Helper-function for scripts and example via attribute resolver service now exists

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-112

    • Technically not complicated, will probably use PROTOCOL_MESSAGE.OAUTH2

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-7

    • No known issues, I’ve run some tests for both OAUTH2.Token and OAUTH2.TokenAudience profiles

The plan is to release OP 3.2 and common 2.1 during the last week of June.

Ian

John

  • Rocky Linux 9 forecast: “ready for general release in the June - July 2022 timeframe”

  • Vanishingly little progress on cpp-linbuild for Fargate since last time due to competing demands on my time

Marvin

Phil

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-41
    RP updated to support Brent’s JOSE Header JWK resolver

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-45
    Added JWT decryption and signature validation support to UserInfo JWT (which could just be a plain JSON object)

    • Test certain modes against the OIDC certification OP

  • Improved the response_mode and response_type lookup from RP config

  • Added scopes to RP config, default obviously openid.

  • Added OIDC ACR proxy pass-through function from upstream SAML request (similar to SAML proxy)

  • Flow XML cleanups

  • More tests

Rod

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJSPT-98

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyOSJ-342

  • Windows Server recommendations.

Scott

  • Working on IdP refactor

    • Cloned IdP into java-shib-metadata

      • shib-metadata-api/impl

        • Unfortunately depends on some shib-attribute modules due to EntityAttributes node processor, including an impl module

      • shib-metadata-spring (maybe it’s time to split these into -api/-impl?)

      • This is at least all building and passing tests

    • Cloned IdP into java-shib-attribute

      • shib-attribute-api/impl

        • Probably need to deprecate and move in various Attribute-related predicates and such out of other packages

      • shib-attribute-resolver-api/impl/spring

        • Some connectors and definitions will probably stay in the IdP somewhere (e.g. anything to do with Subject)

      • shib-attribute-filter-api/impl/spring

        • Filter impl relies on shib-metadata-api due to Scope extension

    • Considered Spring classes open to package rename/reorg, but not the rest for now

    • Fair bit of work left to get this building

Tom

  • need to patch server

  • worked on Windows Server 2022 image

Other