Shibboleth Developer's Meeting, 2021-11-05
Call Administrivia
09:00 Central US / 10:00 Eastern US / 14:00 UK / 16:00 FI Note unusual time this week due to DST changes
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-11-19. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Rod Widdowson Philip Smart Site builds (which generate java doc and run weekly) x Nightly builds (which consume javadoc) x version revision == broken nightlys
Maven Central Repository - see my (Tom) section below for details - do we want to :
(a) publish our repo URL in the POM and maintain long-term / forever-ish ? in a profile not activated by default ?
or (b) remove from POM and publish our repo URL in the wiki as documentation for developers to add to ~/.m2/settings.xml ? (that’s my suggestion)
Quick q: did/do we intend to remove the jvmTrust option for LDAP authentication?
Quick item I will be taking to the Board
Add items for discussion here
Attendees:
Brent
- IDP-1874Getting issue details... STATUS
Working on putting together the lower-level bits for the attribute query, based on work we did for artifact resolution
Daniel
Henri
https://shibboleth.atlassian.net/browse/JOIDC-21
Quite a few iteration rounds of metadata policy resolution with the new resolver structure in oidc-commons
Finally an initial version of the extended dynamic registration profile configuration with metadata policy resolved from a file (wired together via postconfig.xml)
Will create new (sub)tickets to oidc-commons and OP regarding this metadata policy concept
Ian
John
Marvin
Phil
Still https://shibboleth.atlassian.net/browse/JCOMOIDC-23
Implemented a number of changes thanks to feedback from Henri Mikkonen .
He has some very early success using it for Metadata Policies.
Is messy to XML-wire given all the strategies and how general it is, but parent bean config helps.
Made small steps with OIDC-RP.
Will have lots more time w/c 15th Nov. for the foreseeable.
Rod
Busy elsewhere
OpenSSL3 https://shibboleth.atlassian.net/browse/SSPCPP-946 & testing
Next stage sig checking- work mostly understood. Pending https://shibboleth.atlassian.net/browse/JPAR-195
Questions about https://shibboleth.atlassian.net/browse/IDP-1874 & https://shibboleth.atlassian.net/browse/IDP-1877
Scott
Santuario release done (and done again)
Bumped log4shib to fix some modern compiler issues
Most of SP work is done unless I can think of something else to actually deprecate (vs. all the stuff I really want to deprecate)
Tested cpp-linbuild process successfully
IdP odds and ends
Tom
Maven Central :
Looks like we will not publish artifacts to Central due to indemnity clause in ToS :
Priority is to firewall our Nexus instance and host our repo via Apache at :
https://build.shibboleth.net/maven
for backwards compat with our POMs will need to redirect
https://build.shibboleth.net/nexus/content/groups/public
to
https://build.shibboleth.net/maven/releaseshttps://build.shibboleth.net/nexus/content/repositories/snapshots
to
https://build.shibboleth.net/maven/snapshotshttps://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots
to
https://build.shibboleth.net/maven/thirdparty-snapshotsand remove thirdparty/ when “Rod’s Rules” are in place
As to whether someone else publishes to Central (for us), I think they would need to indemnify us but we do not really exist (as a legal entity).
Looking for confirmation - technical details in the agenda above.Making some progress running Nexus/Jenkins in ECS/Fargate using Docker Compose (which wraps CloudFormation) - is that ok ?
Plan is to use docker-compose.yml as infrastructure-as-code, open to alternatives (awscli, AWS console, Terraform) but this seems simplest / easiest.
Working through IdP browser tests in Jenkins with Jetty 9.4 versions (a) up to 9.4.43 as well as (b) 9.4.44 and up (conditional build step to inject idp-jetty-base version)