Think this is done? Leave defaults as they are now?
Think I have a workable solution for the role descriptor adapter issues (mutable collections, and setters which throw). Need to test, mindful of the freeze timing.
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-03-01 Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
Rod: IDP-2242 Can/Should we stop using “Unsupported” and rely instead on SECADV/OutOfDate/Current
5.1 freeze schedule
Feature freeze on 2/26, code freeze 3/4 and release that week if possible
Santuario (C++) future
Will make a proposal for a cut down V3 either at Apache if accepted, or we close it down, and fork if not (at which point it’s optional for us to do if we want).
Think this is done? Leave defaults as they are now?
Think I have a workable solution for the role descriptor adapter issues (mutable collections, and setters which throw). Need to test, mindful of the freeze timing.
The JWT refresh token seems to be working as expected in test deployments
and
Working OK for both metadata policies (in registration) and unregistered client policies
Do we want to make a scriptable abstract bean for custom policy operator ?
Found when integrating the custom operators (above) to the merging function
Automated logout testing scripts still need to be fine-tuned for minimal template changes
Polishing and minor changes before minor release - and NonNull-work..
RP developments
Hook to add arbitrary claims into the signed Request Object.
Allowed the RP to send empty ACR and AMR claims to the translators. The translation function can be overridden with their own.
WebAuthn developments:
Missing 1 key for cose-java. It looks like Emil has eliminated that dependency from the Yubico libraries, and will be releasing a patch release (2.5.1) very soon. When we grab that, we will not need the key.
Lots of cleanups.
A decent amount of work on the registration process.
Username and password authentication to first register a WebAuthn credential, but WebAuthn flow is required once you have one.
Requires username collection as a first step in the registration flow.
Adding attestation support even if not used initially.
EDS: We have had three patches submitted. New release?
New helper class with 6 methods - any more needed?
(agenda)
- I plan to use this to write the documentation
Other IdP Bugs
Grant proposal was submitted by Jisc.
Met with Duo regarding Passwordless, follow up planned prior to finalizing
Thymeleaf plugin - think this is in a satisfactory place for the release
Will consider whether there’s more worth doing but probably good enough for now.
Noting this only because I did do the initializer refactor to use the new shared base class. I can’t see this causing problems but I’ll want to test that on my dev system before we freeze.
OIDC tests : looking for example / test flows (as discussed on Slack, thank you)
nit : maybe add link to source on wiki pages for IdP plugins