...
Are we ready to bump Jenkins agents to latest Maven 3.8.6 ? (Tom)
(Tom)Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JPAR-197 (Phil & Henri) oidc-commons branch merging, testing, and eventual release
Attendees:
Brent
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key OSJ-360 Done, after figuring out some pesky policy OID stuff.
Users list question about Veracode, EC named curves implies: Should we consider a security policy layer that blocks “weak” keys from being used (as opposed to weak signing/encryption/other algorithms)?
Daniel
Henri
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-127 The sid claim is required for the logout feature
Fairly simple to implement, but API-module changes cannot be avoided
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-128 Currently the authorize flow hardcoded to decode OIDC authentication requests
Prototyping with a decision-state before decoding request:
if the scope-parameter contains openid, it’s OIDC authentication request
OAuth authorization request otherwise
Refactor SWF actions / functions into using OIDC only when really OIDC-specific
Ian
Repository pruning continues.
Spring Framework 6.0.0-M6 (and 5.3.23) are out.
6.0.0-RC1 due 2022-10-12.
6.0.0-RC2 due 2022-10-20.
John
cpp-linbuild
Jira Legacy server System JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key SSPCPP-954 Minor updates to Docker images
Marvin
Phil
WikiDocs - OIDCRelyingPartyAuthnConfiguration
Lots of little cleanups to the RP and some code TODOs.
commons merging, on the agenda.
...
Nothing to report
Apologies, I won’t be able to make the call
Scott
Refactoring…
Bean created that will rewrite class and parent declarations based on a map, and the bean is now installed on main branch for global and all service contexts. Should be able to add it to the flows too.
All of spring-extensions has been migrated to net.shibboleth.shared.spring.* package names with rules added to the rewrite map in global-system.xml. One stub left behind for web.xml compatibility.
Moved on to work on test refactoring. OpenSAML now has a -testing module for test APIs, and many of its impl modules now depend on it, but -api cannot to prevent loops. This necessitated breaking apart -core (which we should have done anyway) and also migrating a few other tests down into -impl modules.
Any tests of a package defined in -api but implemented in -impl tend to have “.tests” on the end of the package name to avoid package sealing violations.
Will be moving on to remaining layers to eliminate test-jar dependencies.