Shibboleth Developer's Meeting, 2020-10-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-11-06. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.
AGENDAAdd items for discussion here
- CVE-2020-13956
Attendees:
Brent
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-304 - OpenSAML code done and 90% tested. IdP parser and schema support pending.
Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key OSJ-82 - Next major item on my todo list.
Daniel
Henri
Jira Legacy server Shibboleth JIRA serverId 180d847f-bce4-36b2-9964-771bff586829 key JCOMOIDC-2 - Added complete unit tests + improved Javadocs/style
- java-oidc-common needs to be added to Jenkins
- Starting hands-on with the plugin stuff
Ian
John
Marvin
Phil
Duo are not changing their key length to meet the spec. Auth0 (lib they use) are not going to enforce the key length requirement either.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-16 - Will look to do the MAC computation directly using the standard JCA Mac algorithm - to remove the dependency on Auth0.
Added a PKIX trust engine to pin the set of trust anchors required in Duo API TLS connections. Is done, maybe I need to think about CRLs or OSCP.Jira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-18 - Added the X509 certs for those root CAs to the Nimbus client module of the Duo plugin also.
Update plugin to be inline with the new module and plugin changesJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key JDUO-19 - Probably mostly there, but I need to be sure of that.
Rod
- Plugins almost done
- API / installation format firmed up. Maybe
- Documentation next. Then we can revisit the POM (its pretty cookie cutter now)
- License wording needs thoughts
- What guards do we put into place for IdP upgrades?
- Can we punt I18N to 4.2?
- With
done (Unix only), are there any other module impacts on the installerJira Legacy server Shibboleth JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 180d847f-bce4-36b2-9964-771bff586829 key IDP-1651 - Then back to JIRA
Scott
- Built out standard classes for plugins
- Created a git project for managing plugin update rules, auto publishes to http://shibboleth.net/downloads/identity-provider/plugins/plugins.properties
- Working on documentation updates for all the new material
- examples of tab extension in authentication topics
- Considering idea to add a classpath:* hook to import beans into all the reloadable services
...