Shibboleth Developer's Meeting, 2020-10-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-11-06. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- CVE-2020-13956
Attendees:
Brent
-
-
OSJ-304Getting issue details...
STATUS
- OpenSAML code done and 90% tested. IdP parser and schema support pending.
-
-
OSJ-82Getting issue details...
STATUS
- Next major item on my todo list.
Daniel
Henri
-
-
JCOMOIDC-2Getting issue details...
STATUS
- Added complete unit tests + improved Javadocs/style
- Starting hands-on with the plugin stuff
Ian
John
Marvin
Phil
-
-
JDUO-16Getting issue details...
STATUS
Duo are not changing their key length to meet the spec. Auth0 (lib they use) are not going to enforce the key length requirement either.
- Will look to do the MAC computation directly using the standard JCA Mac algorithm - to remove the dependency on Auth0.
- - JDUO-18Getting issue details... STATUS Added a PKIX trust engine to pin the set of trust anchors required in Duo API TLS connections. Is done, maybe I need to think about CRLs or OSCP.
-
-
JDUO-19Getting issue details...
STATUS
Update plugin to be inline with the new module and plugin changes
- Probably mostly there, but I need to be sure of that.
Rod
- Plugins almost done
- API / installation format firmed up. Maybe
- Documentation next. Then we can revisit the POM (its pretty cookie cutter now)
- License wording needs thoughts
- What guards do we put into place for IdP upgrades?
- Can we punt I18N to 4.2?
- With - IDP-1651Getting issue details... STATUS done (Unix only), are there any other module impacts on the installer
- Then back to JIRA
Scott
- Built out standard classes for plugins
- Created a git project for managing plugin update rules, auto publishes to http://shibboleth.net/downloads/identity-provider/plugins/plugins.properties
- Working on documentation updates for all the new material
- examples of tab extension in authentication topics
- Considering idea to add a classpath:* hook to import beans into all the reloadable services
Tom
Other