November Update

Created by Scott Cantor
Last updated: Nov 13, 2018
2 min read

Since last month we've released IdP V3.4.0 and the first patch for it once the initial round of bug reports came in. We have one or two remaining annoyances around deprecation warnings outstanding and the ReleaseNotes are being kept up to date to provide the most accurate information we have on what to watch out for. We can't do patches every week obviously but as these things accumulate there will be additional patches coming to get things cleaned up. Overall the release seems to be solid and I've had it in production for a couple of weeks now.

The GEANT OIDC extensions is now in beta, with an improved installation process, so please check it out and provide feedback if you're interested in that.

In parallel with the occasional maintenance commit, we've branched the source tree so the master branches are open for development on the V4 code base. All commits are now intended to be on those master branches, with only specific authorized commits backported to the 3.4 maintenance branch.

The master branches have been moved to a new parent POM based on Java 8 and Spring 5 as the first "step forward" and all but a couple of tests are passing and the IdP seems to be functional, so that's a good sign that we won't have too much remediation needed. Eventually this will be moved to Java 11, but right now the Maven toolchain isn't stable on Java 11, so we're on Java 8 for now.

We also have a buildable artifact containing a curated and well-organized Jetty 9.4 configuration that works with the IdP with minimal adjustments and will probably make that available in some capacity, with an eye towards including it in V4 to help bootstrap new installs (assuming 9.4 is a current release at that point in time).

What isn't really decided at this stage is what the schedule and scope of V4 will be, with the most likely options being a 12 month development cycle with minimal feature additions vs. a longer cycle of perhaps 24 months to accomodate more new features. Both options are possible and make some sense, and hopefully we'll be able to engage people on this question once we have some initial discussions with the Board about it. Regardless of the decision, we don't expect the upgrade process to V4 to be onerous, though we can definitely promise there won't be a supported path to upgrade from V2 directly to V4.

On the SP front, we are in the process of getting a patch out the door, but the latest curl release (7.62.0) was a big one that has a number of regressions, so right now we're probably waiting another month to include the next version rather than ship this one, but that could change depending on bugs reported and the urgency to get an update done.