Page Comparison

...

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-41

  • pushed some draft code up to dev branch, comments in the ticket

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key OSJ-347

  • Unit tests in OpenSAML and IdP are updated to use InCommon MDQ server and MDQ server on http://test.shibboleth.net is shutdown.

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key OSJ-334

  • Done.

Daniel

Henri

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-72

  • Initial version done: the claims that are included in the metadata policies (via profile config or access token) are stored

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-21

  • Initial version of the issue-registration-token admin-flow and CLI pushed

    • Opaque access token only for now - security configuration wiring for JWT access tokens was not trivial

  • TODO:

    • Try different AdminFlow authentication approaches in practise

    • Wire authentication metadata (acr, principal) to the registration access token

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-76

  • In principle it seems to be possible to add filter-mappings dynamically via ServletContextInitializer

Ian

• Java 18 now RC1.

• Spring Framework 5.3.16 addresses SpEL issue (

  Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-1901

  ).

John

• Minor maintenance on cpp-linbuild images

• Trying to find my place again on the Jenkins/Fargate stuff

Marvin

Phil

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-40

  • Have something for decoding unscoped strings. Will review and push next week. Other info in the ticket.

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDCRP-10

  • Switching the arbitrary client metadata method of registering RP->OP config, to RP profile config.

• Other

  • UserInfo claims lookup, validation, and merge with id_token claims done.

    • Should support Plain JSON UserInfo response objects along with signed and or encrypted JWTs - when I plugin the TrustEngine.

  • Added attribute filtering after transcoding to the validation stage before claims are exposed as Attribute Principals to the wider IdP.

  • I will work with Tom soon to add RP to Jenkins.

  • Might need a new Git repo for the SWF test classes that are now shared between the Duo plugin and the RP plugin. Something like java-spring-webflow-tests

    • Although it might not be useful to other plugins

Rod

• Supply chain defence:

  • All nightly builds now check all downloaded code jars against our keyrings

  • All distributions check the shipped jars against our keyrings

  • I believe that mvn versions:set is clean,

  • mvn site:site opens a whole new jar of worms

    Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key GEN-310

  • Are there other commands we need to worry about.

  • “Are we there yet?”

...

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-11

  • I think functionally complete at this point, including encryption

  • Cleaned up some bad design choices, think this will extend naturally to the code grant

  • Settled on client as requester, token audience as proxied requester for consistency with OIDC

• Added support for authenticated, unverified use of introspection/revocation

• Long term think we should continue pushing toward authenticated, unverified clients for OIDC as well

Tom

• Working on integration tests with Jetty 10

Other