Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Shibboleth Developer's Meeting, 2022-03-18

Call Administrivia

09:00 Central US / 10:00 Eastern US / 14:00 UK / 16:00 FI

The US is on Daylight savings time, whilst Europe is not. Meeting times in Europe are therefore one hour ‘earlier’ than usual.

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-04-01. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. Freeze schedule

Attendees:

Brent

Daniel

Henri

Done:

Almost there:

  • JOIDC-82 - Getting issue details... STATUS

    • It feels that we should simply disable the wiring of the secret expiration configuration and note it in the documentation

  • JOIDC-76 - Getting issue details... STATUS

    • I didn’t find a better way for “configuring” the ServletContextInitializer than via system properties

      • Flag for disabling the class:

        • -Dnet.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer=disabled

      • Space-separated list for the url-mappings of the filter:

        • "-Dnet.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer.mappings=/profile/oauth2/* /profile/oidc/*"

  • JOIDC-21 - Getting issue details... STATUS

    • CLI can handle HTTP-Basic auth - needed if the authenticated-flag is enabled in the admin flow config

    • The flow now uses FetchThroughMetadataCache

  • JOIDC-61 - Getting issue details... STATUS

    • Configuration of additional server-side policies now simplified

Ian

  • Working on a dependency pass for 4.2.

  • Had held this until the enforcer was up and running.

    • Ran into some holes in my dependency qualification workflow from that, now reorganised.

    • May move this into the build containers at some point.

  • Lost more than a week on a medical issue (I’m fine for now, but it’s time-consuming).

  • As Tom points out, Maven 5.8.5 is out:

    • https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922&version=12351105

    • Doesn’t seem to have anything we actually need.

    • Adopting by bumping minimum version would require all dev machines, CI machines and build containers to be updated.

    • If we do want to make it the minimum for 4.2, we need to start on that stuff NOW. Inclined to make it optional (by ignoring it).

    • It has some plugin dependency requirements that I may pick up anyway, depending on whether their keys are known.

  • Dependencies with new keys (deferred until resolved, working on these with Rod):

    • rhino, jcommander, janino, hibernate

  • Big bumps (suggest ignoring these):

    • Mockito (new APIs in major version)

    • Checkstyle (may do an 8.x update, but both 9.x and 10.x exist now… also, interaction with Eclipse)

  • Little bumps (still to be pulled in):

    • Some Maven plugins.

    • The ones Rod is key hunting for.

    • Maybe Checkstyle.

  • Coming back to the 5.x conversion now that Spring Framework 6.0.0-M3 is out. Spring Webflow still the sticking point.

John

Marvin

Phil

Rod

  • m2 checking on by default

    • Is this the correct default?

    • -P central-disabled is no more

  • java-mvn-enforcer releases

    • -data 1.0.2

  • Did the releases from docker with an ssh tunnel.

    • Are we good to turn off external access?

  • The bug in maven which required us to turn off checksum checking on our repos has been fixed.

Scott

  • Finished initial round of OP doc updates

  • Re-did view changes after last meeting to eliminate some bloat and get more insight into accessibility. Boy, the new HTML tags are interesting (and completely under-spec’d).

    • Mac’s screen reader is at least usable to get some insight.

    • No idea why SauceLabs doesn’t like our HTML, I don’t think there’s anything wrong with it and the checkers I tried agree.

  • Made a lot of additions and alterations to the new OIDC registration access token process

  • Hit a bunch of consent-related issues this week, some long dormant bugs. Hopefully didn’t break CAS but added a number of fixes there to handle consent better (e.g. it embeds consented IDs like OIDC does so per-session and client-side consent can work).

    • Don’t see a lot of point trying to do this for SAML and it would only be possible in a subset of configs anyway.

Tom

  • FYI Maven 3.8.5 is available

  • Integration tests are now using the installer

Other

  • No labels