Shibboleth Developer's Meeting, 2020-10-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-11-06. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- CVE-2020-13956
Attendees:
Brent
- OpenSAML code done and 90% tested. IdP parser and schema support pending.
- Next major item on my todo list.
Daniel
Henri
- Added complete unit tests + improved Javadocs/style
- java-oidc-common needs to be added to Jenkins
- Starting hands-on with the plugin stuff
Ian
John
Marvin
Phil
Duo are not changing their key length to meet the spec. Auth0 (lib they use) are not going to enforce the key length requirement either.- Will look to do the MAC computation directly using the standard JCA Mac algorithm - to remove the dependency on Auth0.
Added a PKIX trust engine to pin the set of trust anchors required in Duo API TLS connections. Is done, maybe I need to think about CRLs or OSCP. - Added the X509 certs for those root CAs to the Nimbus client module of the Duo plugin also.
Update plugin to be inline with the new module and plugin changes- Probably mostly there, but I need to be sure of that.
Rod
- Plugins almost done
- API / installation format firmed up. Maybe
- Documentation next. Then we can revisit the POM (its pretty cookie cutter now)
- License wording needs thoughts
- What guards do we put into place for IdP upgrades?
- Can we punt I18N to 4.2?
- With
done (Unix only), are there any other module impacts on the installer - Then back to JIRA
Scott
- Built out standard classes for plugins
- Working on documentation updates for all the new material
- examples of tab extension in authentication topics
- Considering idea to add a classpath:* hook to import beans into all the reloadable services
Tom
Other