Skip to end of banner Go to start of banner

2023-02-17

Skip to end of metadata

Created by Ian Young , last modified by Tom Zeller on Feb 17, 2023

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Shibboleth Developer's Meeting, 2023-02-17

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-03-02. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Add items for discussion here

Attendees:

Brent

JSSH-16 - Getting issue details... STATUS
- Plan on pushing all the updated projects early next week.
  - All IdP stack + metadata aggregator (just a runtime dep). Missing anything?
  - Likely some minor odd/ends left, but get the major bits of the refactor into main branches.
  - Anyone else planning any big commits in that timeframe? We should coordinate to avoid stepping on one another.
- Hit a couple of unknown (to me) aspects of HttpClient, interesting to note for the future.
  - Unconditional retries of failed connections over all resolved DNS entries for hostname, where “failed” includes a TLS handshake failure.
  - We effectively disable connection pooling in our HttpClientBuilder by default via use of RequestConnectionClose interceptor.
    - Our TrustEngine-based TLS fails on second and subsequent requests unless this is enabled. Need to see if there is a way to address this.
- Were we ever expecting to need or want HTTP/2 support? The HC classic client does not support and “most likely never will” per the HC developer.

Daniel

Henri

Ian

John

Marvin

Phil

Rod

Unable to attend
Primarily IDP-2069 - Getting issue details... STATUS
Use the recommended setting from https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/1122271670/Configuring+Eclipse#Recommended-Configuration and on a sub project by sub project basis remove all the red (errors) and take a preliminary pass at the yellow (warning)
Not spending much/any time on test code right now
Making notes in the case of any oddities I encounter or leitmotifs (Instant.now() is an example of ‘I know it’s non null but eclipse doesn’t’
Currently up to cas-impl

Scott

JSPROF-1 - Getting issue details... STATUS
- RelyingPartyResolverService reimplemented to be CriteriaSet-based and is outside IdP
- Removed “hide the ServiceableComponent API” abstraction, may revisit same issue for metadata, access control
- Working on ProfileConfiguration cleanup, moving “most” API usage to interfaces, may move all the concrete classes back out of API
  - SP and IdP overlap is not that extensive here but will share what little there is
  - Tentatively not planning to produce shareable SAML 1 interfaces at this time

Tom

Jenkins
- Created jobs for :
  - GEN-319 - Getting issue details... STATUS
  - GEN-321 - Getting issue details... STATUS
  - but no -multi jobs - do we need those too ?
- Updated Linux and Windows AMIs
  - When should we start using Maven 3.9.0 ?
  - spent most time scripting installers, which we have for :
    - all the necessary versions of Oracle Java and Amazon Coretto
    - Maven
    - webdrivers : geckodriver and chromedriver*
      * no signature
      why is TLS trust not sufficient, remind me ?
    - on Linux and Windows
    - private repo tzeller/java-parent-project
  - Suggestion : PGP KEYS files should be prefixed with the project, e.g.
    SHIBBOLETH-KEYS
    MAVEN-KEYS
    GECKODRIVER-KEYS
    etc. or some other naming convention
- I know Rod’s out but it might be nice if the IdP (or I guess SP) installer could download and validate updates :
  e.g. bin/install.sh --download-latest-version-and-validate-signature

Other

No labels