Shibboleth Developer's Meeting, 2024-02-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-03-01 Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Rod: IDP-2242 Can/Should we stop using “Unsupported” and rely instead on SECADV/OutOfDate/Current
5.1 freeze schedule
Santuario (C++) future
Attendees:
Brent
- OSJ-391Getting issue details... STATUS
Think this is done? Leave defaults as they are now?
- OSJ-392Getting issue details... STATUS
Think I have a workable solution for the role descriptor adapter issues (mutable collections, and setters which throw). Need to test, mindful of the freeze timing.
Daniel
Henri
- JOIDC-186Getting issue details... STATUS
The JWT refresh token seems to be working as expected in test deployments
- JCOMOIDC-96Getting issue details... STATUS and - JOIDC-196Getting issue details... STATUS
Working OK for both metadata policies (in registration) and unregistered client policies
Do we want to make a scriptable abstract bean for custom policy operator ?
- JCOMOIDC-99Getting issue details... STATUS
Found when integrating the custom operators (above) to the merging function
Automated logout testing scripts still need to be fine-tuned for minimal template changes
Polishing and minor changes before minor release - and NonNull-work..
Ian
John
Marvin
Phil
RP developments
WebAuthn developments:
- JWEBAUTHN-2Getting issue details... STATUS Missing 1 key for cose-java. It looks like Emil has eliminated that dependency from the Yubico libraries, and will be releasing a patch release (2.5.1) very soon. When we grab that, we will not need the key.
Lots of cleanups.
A decent amount of work on the registration process.
Username and password authentication to first register a WebAuthn credential, but WebAuthn flow is required once you have one.
Requires username collection as a first step in the registration flow.
Adding attestation support even if not used initially.
Rod
EDS: We have had three patches submitted. New release?
- IDP-2240Getting issue details... STATUS New helper class with 6 methods - any more needed?
- IDP-2236Getting issue details... STATUS - I plan to use this to write the documentation
Other IdP Bugs
Scott
Grant proposal was submitted by Jisc.
Met with Duo regarding Passwordless, follow up planned prior to finalizing
Thymeleaf plugin - think this is in a satisfactory place for the release
- IDP-2233Getting issue details... STATUS
Will consider whether there’s more worth doing but probably good enough for now.
- IDP-2245Getting issue details... STATUS
Noting this only because I did do the initializer refactor to use the new shared base class. I can’t see this causing problems but I’ll want to test that on my dev system before we freeze.
Tom
OIDC tests : looking for example / test flows (as discussed on Slack, thank you)
nit : maybe add link to source on wiki pages for IdP plugins