Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

Shibboleth Developer's Meeting, 2023-06-02

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-06-16. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU, see announcement for access info.

AGENDA

  • Rod: Installler / IDP-2073 - Getting issue details... STATUS Some questions about downloading the next IdP version as enumerated here

  • Rod: Installer / IDP-2107 - Getting issue details... STATUS

    • Do we want to generate metadata in the installer or point people at the plugin?

    • How much do we want to do for backchannel and for SAML1 (bearing in mind that the driver for this is still The windows installer and some federations with significant SAML1 presence)

  • IdP V5 schedule

    • “Most” remaining work seems to be plugin porting, installer, and testing

      • Null cleanup is a nice to have but probably not critical path esp. since we can update plugins again after

    • Maybe September for a beta and October release?

Attendees:

Brent

  • On holiday this meeting and next, if it remains 2023-06-16

  • OSJ-362 - Getting issue details... STATUS

    • Have implemented most of what is outlined in the issue.

    • Still pending is 1) new/updated unit tests 2) sorting where/how the IdP function for the recipients is defined and will get injected into this new design.

Daniel

Henri

Out.

Ian

John

Marvin

Phil

  • On holiday

  • JOIDCRP-29 - Getting issue details... STATUS

  • Had some good feedback from Timo (Aalto University) on the RP plugin. A few improvements are expected (I will file some issues for the RP next week).

Rod

  • Very deep in installer space IDP-2105 - Getting issue details... STATUS

    • The Installer, plugin & module code is in a state of flux

  • Refactoring Plugin Installer bugs fixed

    • for IDP-2073 - Getting issue details... STATUS

    • multiple bugs found and fixed

  • Much of the discussion in JIRA, so go there for more details.

    • Some open questions in the agenda.

  • IDP-2121 - Getting issue details... STATUS

  • Played with moving a plugin up to Java17.

    • Should I write up a how to? (frequent pitfalls and so on)

  • And not losing sight of module/plugin metrics

Scott

  • Testing and cleanup from module changes

  • IDP-2082 - Getting issue details... STATUS

    • Added a timer around batch metadata refresh (tried to limit to actual “new” fetches)

    • Adjusted how we name the metadata metrics to avoid class name leakage, but added control of names to config schema

    • Added per-profile counters using a bean at the top of every flow

    • Added a map of counters for every relying party configuration (emulating Brent’s approach to avoid race conditions around service reload)

    • TBD work on exposing “effective” config settings for a request from a given SP

  • Other backlog

Tom

  • OIDC OP tests

    • made some progress

      • looking into running both the RP / conformance suite and the IdP via Docker + Docker Compose

        • mostly because of the networking between the RP and OP

        • also set up an RP using the Rocky Linux Docker image + mod_auth_openidc

        • not sure at the moment how to start / stop the Docker containers via Java in the tests (probably using a Java Process just like the Servlet containers)

  • V5 integration tests

    • need to update tests for installer changes (command line options instead of system properties)

      • Ian - iay/shibboleth-idp-docker will need changes too I think

  • idp-jetty-base

    • for the 10, 11, and 10-windows branches the dta-ssl JAR is always loaded (via the ext directory / module)

      • probably should change the idp-backchannel.mod Jetty module to not use ext/ to load the JAR

        • meaning the backchannel will be fully disabled by default

  • as a deployer : starting to look into Loop Detection

    • while monitoring graphs derived from metrics, noticed some usage spikes / chunks
      (appears to be loading the Azure login page as part of SAML proxy)
      with URLs like “…e547s1…”

Other

  • No labels