Shibboleth Developer's Meeting, 2020-10-02
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-10-16. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.
AGENDA
Add items for discussion here
Attendees:
Brent
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-324
Daniel
Henri
- Drafted the java-oidc-common project with Phil last week
- See wiki page /wiki/spaces/DEV/pages/1200783544 for the current plan
- Participated to an OIDCfed interoperability event this week
- Some successful smoke-testing via PoC exploiting a fed-library from NIK-HEF
- Musing ways to enable (OIDC/OAuth2) feature extensions fluently
- Some have new endpoints (e.g. Device-flow, PAR), some extend the existing endpoints (e.g. PKCE), ...
- Keep these in mind while refactoring/repackaging into the new plugin/module
...
- Plugins:
- Further development on hold pending other others playing with it.
- Working with Scott on implementaion details.
andJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1683 Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1652 - Still an open question around logging vs System.ot out vs i18N - but this need not be fixed for 4.1
- Talked to Ian about nashorn Nashorn and licensing
- Made minor changes to the license documents we ship but we are happy that we can ship this under Apache
- There is an open question about distributing the GraalVM bits
- We can just bundle them The GraalVM license appears to say this is OK
We decided to follow this modulo anyone telling that our understanding is wrong.
We will prefer rhino in our documentation when Java >=15 become important. We can prompt and download during install (which we once thought was a good idea)- We can make downloading them into edit-webapp a pre requisitite and blame OrackeOracle's Lawyers
This will be a fallback
- We can just bundle them The GraalVM license appears to say this is OK
- I have given up caring. Lets pick one and close this sorry chapter
- Hitting low and slightly less low hanging JIRA cases
- Notable I18N and the IdP
...
- SP
- Fixed (I hope) a 15+ year old SP bug
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key SSPCPP-906
- Fixed another open redirector bug, I'm done treating any of this as a security issue, not rushing out a patch
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key SSPCPP-907
- Waiting on a possible segfault issue report (not the config related one that came in 10/1) and then probably will be thinking about a release
- Fixed (I hope) a 15+ year old SP bug
- Finished? modularizing core, most conf subfolders emptied out
- Would like to move e.g. all the attribute related service files to streamline root folder but we'd have to special case the upgrader, not sure if worth it
- Additional conversion of "dumb" XML configuration usage into properties
- Started reviewing and suggesting adjustments to plugin design
- Finishing up initial workk on a property-driven plugin class
- Set up wiki space for docs, will shortly propose a standard layout for hosting plugins and update info files
Tom
- glacial progress
Other