Shibboleth Developer's Meeting, 2020-06-05
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-06-19. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- PKIX root behavior
- - IDP-1583Getting issue details... STATUS
- Opening up master branches
- Ian Young's thread safety thing, see below
Attendees:
Brent
Daniel
Henri
-
-
JOIDC-5Getting issue details...
STATUS
- MDDriven profile configurations working as expected
- Added ClientSecretReferenceKey -element to the schema
- Simple resolver interface extending Resolver<String, CriteriaSet>
- Initial implementation for Properties resource
- How to make it refreshing whenever metadata provider is refreshed?
- Other implementations? Perhaps HTTP (using the approach from HTTP data connector)?
Ian
- (Maybe an agenda item) Thread safety is hard:
- Arises through - MDA-242Getting issue details... STATUS ; full discussion there.
- A lot of things we say are
@ThreadSafe
really aren't, although they are mostly@ThreadSafeAfterInit
and other things probably conspire to mean we're probably OK in practice. This makes me uncomfortable. - It's not possible even in principle to make most things truly
@ThreadSafe
because of - JSPT-97Getting issue details... STATUS . - We could fix that (and I think we should, see this commit) but that wouldn't address all the issues, just make it possible to do so for cases we care most about.
- Beyond that, I don't think really nailing this down is going to be felt to be worthwhile, but we might want to document some assumptions and change some annotations anyway.
- Building from Docker containers:
iay/shibboleth-build-docker
seems to work
Marvin
Phil
- IdP release using two docker images worked well. The second image was used for building site under JDK14 to fix the search apidocs bug.
- Modified Javadoc plugin seemed to do its job - drawing a line under that for now, and I did not need to swear.
- It can be a bit slow when generating site (Javadoc), just make sure to build inside the container.
- Detailed instructions on Ian's Github page for all these things.
- Duo 2FA OIDC plugin
- I have not provided too much input to Rod's plugin work the past few weeks as just trying to get the flow together.
- Would hope to reengage later on when I actually need it to work as a plugin.
- Using a Spring Controller to handle the external call and callback - a bit like the SAML proxy controller.
- Was debating whether to actually encode the webflow execution key in the State parameter alongside a CSRF type nonce?
- Otherwise stored outside the webflow conversation and inside the HttpSession - assuming the redirect_uri does not become an option i.e. Duo not being strict on dynamic query params.
- Was debating whether to actually encode the webflow execution key in the State parameter alongside a CSRF type nonce?
- I have not provided too much input to Rod's plugin work the past few weeks as just trying to get the flow together.
Rod
- Mdolue instalation stalled for want of hours in a day
- Built VM soley to do windows installer builds
- What to do about Java7/8 on Windows and the multi tests?
- Am about to have to install Visual Studio 2019. Do we want to think about this for SP 3.2 (given we that it may impact on our dependencies)
Scott
- Documentation
- Minor 4.1 work
- Web site, moving community content into WEB wiki space
- EC2 instance running PrivacyIdea
- Would like to start steering "roadmap" content into Jira
Tom
Other