Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2020-08-21

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-09-04. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.


AGENDA

Add items for discussion here

Attendees:


Brent

  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1657

    • Fun with TLS!  We see different behavior when connecting to newer vs older target Linux systems with different versions of openssl.  Trying to confirm.


Daniel


Henri

  • Polishing 
    Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJOIDC-5
    • Testing client secret value resolution on test deployment
    • Polishing the configuration XMLs (also help documentation)
  • Premilinary studying 
    Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJOIDC-13

Ian

  • Mostly complete: 
    Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyGEN-264
    • gitolite-config and personal repositories still unconverted. Probably declaring victory, assuming people don't think it's worth fixing gitolite-config (would require changes to Gitolite itself).
    • Meanwhile, I observe that the main branch in java-idp-jetty-base and java-idp-tomcat-base is surplus to requirements.
      •  
      • Proposal: remove the main branch in these two repositories and set HEAD to the most recent numbered branch (e.g., 9.4 for java-idp-jetty-base).
        ok with me --Tom
  • Progress on 
    Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJPAR-132
     (for 
    Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyMDA-65
    )
    • Have this working on one module (the important one) in java-metadata-aggregator. You can see it as part of the site for the product here:
    • Changes seem minimal:
      • Needs a build plugin instance and a reporting plugin instance.
      • Need to add test to the command line used to build the site, or it doesn't include it (probably fixable, if we care).
    • We could probably add these to the parent POM if we wanted this everywhere. I don't know if it would work everywhere, of course.
    • There's a Jenkins plugin to allow you to graph a summary from job results, perhaps the nightlies? Not using that yet.
    • Example output from mvn clean verify (with <haltOnFailure>false</haltOnFailure>):
      [WARNING] Rule violated for bundle aggregator-pipeline: classes missed count is 4, but expected maximum is 0
      [WARNING] Rule violated for package net.shibboleth.metadata.pipeline: instructions covered ratio is 0.69, but expected minimum is 0.80
      [WARNING] Rule violated for package net.shibboleth.metadata.pipeline: classes missed count is 3, but expected maximum is 0
      [WARNING] Rule violated for package net.shibboleth.metadata.dom: instructions covered ratio is 0.78, but expected minimum is 0.80
      [WARNING] Rule violated for package net.shibboleth.metadata: classes missed count is 1, but expected maximum is 0
      [WARNING] Rule violated for package net.shibboleth.metadata.dom.impl: instructions covered ratio is 0.67, but expected minimum is 0.80
      [WARNING] Rule violated for package net.shibboleth.metadata.pipeline.impl: instructions covered ratio is 0.75, but expected minimum is 0.80


John


Marvin


Phil

  • Some leave, plus one more day tomorrow so will not be able to attend.
  • Closed 
    Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJDUO-10
     thanks to Scott's work on 
    Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1652
  • Spent some time understanding where the supported principals were set, overridden, and used in order to (I think) add a strategy sensibly to the Duo validation action e.g. 
    Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJDUO-5
     (leaving open for now).
  • Updated to the latest Duo SDK (
    Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJDUO-4
    ). Adds more validation including id_token authentication.
  • Plugin POM now has the java-parent as the parent, works well. Updated to make explicit SL4FJ in the plugin.
  • Still, cleanups and tickets left.


Rod

  • Plugin management.  Installation now works (as does listing).
  • Update is all that left
  • Plus bugs
  • Plus tweaks:
    • UI work sucks.  The plugin interface will need extensive feedback.  Right now my approach is "The Perfect Is The Enemy Of The Good" 
  • Thinking about optional config files - I'd like to discuss briefly.

...

  • More support stuff than usual
  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJPAR-171
  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1652
  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1642
  • Work all over the map on configuration, auto-wiring collections of configuration objects
  • Eliminated two existing files for the majority of deployers (some properties added or reworked to get at settings, so property file added)
  • Working on more property-driven settings for authentication flows
  • Will need to revamp more internals to autowire more objects like Principal serializers, Transcoder naming registry, all the lists that cause problems for plugins
  • Going from basic to advanced cases probably will need to rely on some way to document or produce XML snippets


Tom

Other