2024-11-15

Shibboleth Developer's Meeting, 2024-11-15

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-12-06. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. Update on contracting proposals

Attendees:

Brent

Daniel

 

Henri

  • Absent today

  • https://shibboleth.atlassian.net/browse/JOIDC-222

    • First more or less functional implementation for automatic registration in the authorize-flow

      • The RP metadata is fetched via oidfed trust chains and metadata gets stored via ClientInformationManager

        • Same method is used in the dynamic client registration flow - the RP records are stored server-side via configurable storage service

        • With automatic registration we should also provide means to avoid this server-side state (client secrets are never involved)

    • Test deployment plugged to the GEANT testbed - successful automatic registration of a test RP

    • Other upcoming work items:

      • Revisit our metadata policy implementation (in oidc-common)

        • It was done against much older oidfed-spec draft - the section in the spec has been reworked

      • Trust Marks

      • Explicit registration flow (i.e. oidfed-aware dynamic client registration flow)

Ian

  • RHEL 10 beta is out. I have set up an instance in the usual way (r10a via the jump host, accepts any iay.org.uk users) for investigation.

  • Spring Framework 6.1.15 and 6.2.0 are out. Just jump to the latter?

John

Marvin

 

Phil

  • https://shibboleth.atlassian.net/browse/IDP-2339

    • Added a per-flow session version to a dev branch dev/IDP-2339.

      • Old (per-view) or new (per-flow) configurable by a new property. Defaulting to per-flow for now.

  • Finished feature tweaking to the WebAuth plugin, RC3 will be announced next week. Version 1 the week after.

    • Hasn’t been a very stable RC so far. But more feedback which I wanted to address before version 1.

  • Was asked by Judith to help present the (now usual) FedCM update at TechEx.

 

Rod

  • Jetty 12.1.0 and 12.0.15

  • Windows build and test environment for new SP agents

Scott

  • Continued tear down on SP code base

  • Review of Boost unit testing framework

  • Work on some small unit tests for Boost property tree XML feature

    • UTF-8 appears to parse even on Windows where the default locale probably isn’t that.

  • Prepping slides for TechEx

Tom

  • FYI “Sonatype will officially sunset its Nexus Repository 2 product on June 30, 2025

    • Not really interested in upgrading to Nexus 3 because it is database-backed

    • Plan on looking at other file-based hopefully simple alternatives

  • Still working on Jetty Plugin support in the integration tests

  • TODO : Improve handling of invalid consent records

  • TODO : OP Conformance suite logout tests

Other