Shibboleth Developer's Meeting, 2023-01-20
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-02-03. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Release post-mortem
Removal of Nexus endpoints from public network interface
( - GEN-299Getting issue details... STATUS )Null remediation - appetite for wrappers?
Attendees:
Brent
Daniel
Cannot attend today, meeting conflict.
Henri
Apologies, offline today
Will continue finishing and testing the new security configuration next week together with Phil
Ian
John
Marvin
Phil
Commons 2.2.0 seems to work fine in a running IdP 4.2.0. So maybe we can leave the versions on that.
- JCOMOIDC-60Getting issue details... STATUS - Possibly done. Probably still a bit more on the OP side to check.
- JCOMOIDC-62Getting issue details... STATUS - I wanted to make this change before the RP was built.
- JCOMOIDC-61Getting issue details... STATUS - I think these just need changing.
Tracking down a bug. Which I believe is in the Nimbus code. Issue raised. https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/412/truncation-issue-in-secretkeyderivation
Bugs in the certification suite (not really that important):
Rod
- JMVN-47Getting issue details... STATUS
Litmus test for the failure that provoked this is now the java-versions-set-nightly (currently failing)
- JMVN-45Getting issue details... STATUS
This is hideous and requires us to track the parent pom for ever. But its still less hideous than the alternative
Can we do more pruning?
Other release in support of 4.3.0
Started afresh on then @Nonnull battle.
Scott
SP (xmltooling) patch to block CipherReference, and close a few small issues
Back to IdP cleanup
Made some revisions to the Action API and some deferred changes to BaseContext in OpenSAML
Started adding some methods to address null issues
Tom
per last call need to create JIRAs for the IdP installer to :
“warn” about updating plugins first before the IdP
“warn” about plugin collisions
“update” page for the IdP displaying whether the IdP and/or plugins have updates available
will add our Maven snapshot repo to <pluginRepositories> in Jenkins agent settings.xml
might should use a git repo to store settings.xml and authorized_keys, etc.
consider using a script to check out the repo at instance launch
link to creating Javadoc w/o using site, would probably need to script scp
https://maven.apache.org/plugins/maven-javadoc-plugin/usage.html