Shibboleth Developer's Meeting, 2020-08-21
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-09-04. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.
AGENDA
Add items for discussion here
Attendees:
Brent
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1657 - Fun with TLS! We see different behavior when connecting to newer vs older target Linux systems with different versions of openssl. Trying to confirm.
Daniel
Henri
- Polishing
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-5 - Testing client secret value resolution on test deployment
- Polishing the configuration XMLs (also help documentation)
- Premilinary studying
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JOIDC-13
Ian
- Mostly complete:
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key GEN-264 gitolite-config
and personal repositories still unconverted. Probably declaring victory, assuming people don't think it's worth fixinggitolite-config
(would require changes to Gitolite itself).- Meanwhile, I observe that the
main
branch injava-idp-jetty-base
andjava-idp-tomcat-base
is surplus to requirements.- Proposal: remove the
main
branch in these two repositories and set HEAD to the most recent numbered branch (e.g.,9.4
forjava-idp-jetty-base
).
ok with me --Tom
- Progress on
(forJira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JPAR-132
)Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key MDA-65 - Have this working on one module (the important one) in
java-metadata-aggregator
. You can see it as part of the site for the product here: - Changes seem minimal:
- Needs a build plugin instance and a reporting plugin instance.
- Need to add
test
to the command line used to build the site, or it doesn't include it (probably fixable, if we care).
- We could probably add these to the parent POM if we wanted this everywhere. I don't know if it would work everywhere, of course.
- There's a Jenkins plugin to allow you to graph a summary from job results, perhaps the nightlies? Not using that yet.
- Example output from
mvn clean verify
(with<haltOnFailure>false</haltOnFailure>
):
[WARNING] Rule violated for bundle aggregator-pipeline: classes missed count is 4, but expected maximum is 0
[WARNING] Rule violated for package net.shibboleth.metadata.pipeline: instructions covered ratio is 0.69, but expected minimum is 0.80
[WARNING] Rule violated for package net.shibboleth.metadata.pipeline: classes missed count is 3, but expected maximum is 0
[WARNING] Rule violated for package net.shibboleth.metadata.dom: instructions covered ratio is 0.78, but expected minimum is 0.80
[WARNING] Rule violated for package net.shibboleth.metadata: classes missed count is 1, but expected maximum is 0
[WARNING] Rule violated for package net.shibboleth.metadata.dom.impl: instructions covered ratio is 0.67, but expected minimum is 0.80
[WARNING] Rule violated for package net.shibboleth.metadata.pipeline.impl: instructions covered ratio is 0.75, but expected minimum is 0.80
- Have this working on one module (the important one) in
John
Marvin
Phil
- Some leave, plus one more day tomorrow so will not be able to attend.
- Closed
thanks to Scott's work onJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-10 Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1652
- Spent some time understanding where the supported principals were set, overridden, and used in order to (I think) add a strategy sensibly to the Duo validation action e.g.
(leaving open for now).Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-5 - Updated to the latest Duo SDK (
). Adds more validation including id_token authentication.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-4 - Plugin POM now has the java-parent as the parent, works well. Updated to make explicit SL4FJ in the plugin.
- Still, cleanups and tickets left.
Rod
- Plugin management. Installation now works (as does listing).
- Update is all that left
- Plus bugs
- Plus tweaks:
- UI work sucks. The plugin interface will need extensive feedback. Right now my approach is "The Perfect Is The Enemy Of The Good"
- Thinking about optional config files - I'd like to discuss briefly.
Scott
- More support stuff than usual
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JPAR-171 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1652 Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1642 - Work all over the map on configuration, auto-wiring collections of configuration objects
- Eliminated two existing files for the majority of deployers (some properties added or reworked to get at settings, so property file added)
- Working on more property-driven settings for authentication flows
- Will need to revamp more internals to autowire more objects like Principal serializers, Transcoder naming registry, all the lists that cause problems for plugins
- Going from basic to advanced cases probably will need to rely on some way to document or produce XML snippets
Tom
- Still need to patch ec2.s.n
- Slack #infra channel to communicate server downtime ? Invite or add everyone ?
- Any advice re EC2 backups ?
- Tests :
- troubleshooting test failures
- working on improving logging to make troubleshooting easier
- revisiting multi-configuration integ tests
- FWIW dependency PGP / checksum pinning :
- "central" map :
https://github.com/s4u/pgp-keys-map/blob/master/resources/pgp-keys-map.list - issue from which map was created :
https://github.com/s4u/pgpverify-maven-plugin/issues/48 - overview :
https://medium.com/@vladimirsitniko/dependency-verification-checksum-vs-pgp-582e76207019 - example request to associate PGP keys with project :
https://github.com/spring-projects/spring-framework/issues/23434 - Bazel
https://en.wikipedia.org/wiki/Bazel_(software)
https://github.com/bazelbuild/rules_jvm_external#pinning-artifacts-and-integration-with-bazels-downloader
- "central" map :
Other