...
Add items for discussion here
Attendees:
Brent
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JSATTR-6 Making good progress. Have some questions for Scott (or others).
Daniel
Looking at better messaging for LDAP PKIX errors.
Henri
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-227 Very simple to fix but was time-consuming to find
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-200 Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-225 New lookup functions serve PAR and JAR (request-object logic) in a thread-safe fashion
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-229 Previously the invalid scopes have simply been filtered out
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-231 Switched the workaround for the Nimbus' resource parameter handling
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-230
Ian
John
Docker image minor maintenance: AL2/2023, RHEL8/9
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key SSPCPP-993 Distilling design notes into Confluence
Marvin
Phil
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-29 Any error when canonicalizing the username input into the registration flow is just ignored. It is only used as a way to indicate if the user has FIDO credentials for the MFA logic to use.
(Dev branch)Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-27 Added customisable policies to accept or reject authenticators that create credentials during registration e.g. authenticator provider allow list
Can not yet do this on the supported options (such as UserVerification) of an authenticator in metadata, the metadata spec is wrong and the Yubico libraries are out of synch with it.
Added customisable ‘Inspectors’ that can inspect the authenticator during registration and record capabilities/properties in the credential that gets stored. For example, this authenticator (software say) should only be allowed as a second factor and not a sole factor.
Adding a policy engine for rejecting authenticators/credentials being used during authentication e.g. this is a sole factor authentication, but this credential was created by an authenticator that can only be used as a second factor.
Rod
Its all about the Jetty plugin.
Bludgeoned (I used the verb advisedly) a bat file to configure jetty as a system service on windows
Much testing and fine tuning needed
Started the documentation /wiki/spaces/~53427082/pages/3910107152.
Now is not the time to publish it (I believe)
I need someone else to write the unix bits
And review always welcome
...