/
June 2022 Update

June 2022 Update

Created by Scott Cantor
Last updated: Jun 14, 2022 by Ian Young

Work has continued over the last month on all of the roadmap items I noted in the May update.

The OIDC RP work continues, primarily with a focus on redoing the way we handle signing and encryption for JWTs to match the APIs we use in OpenSAML for SAML, which we will be using in the RP plugin, and eventually migrating over to the OP plugin once the work is done. This will add a few features such as equivalent support for allow/deny lists of algorithms, but is mostly just to make sure we don’t have multiple APIs doing similar things.

Work is mostly complete on a drop-in replacement for the current Hibernate-based JPA StorageService option that relies on pure JDBC alone and implements some more advanced options for locking that we hope might improve reliability and avoid the constant retries and “deadlocks that aren’t really deadlocks” that plague this code. It should be available very shortly, and the old JPA version will be removed from the code base in the V5 branch.

Various new enhancements are being finalized and tested on the OP plugin, such as more complete JWT support, rotation of refresh tokens, revocation enhancements, and some new extension points for advanced deployers. That update should be ready fairly soon.

With the 4.2 release done, we have turned our attention jointly to the SP redesign work involving Java and to the Java 17/Spring 6 fork. The repositories have all been branched for mainline development on these versions, and we have started seriously working on refactoring the libraries we have to better organize the code, allow use of it by the new SP development work, and fix some of the overly generic naming of libraries we used in some cases. This is a big roto-till of the code layout but we’re working to avoid losing any code history and at least initially we’re not really changing a lot of APIs, so the actual impact on deployers from all this will hopefully be minimal. It may be that a lot of APIs that shouldn’t contain the segment “idp” in the package names if we were starting over may end up staying that way out of expediency, but some changes are likely.

It’s really just a lot of heads down work at the moment, not much to see until we get a lot farther along. But it’s a good time to be identifying any new features people really want to see in V5 so that we know what kind of scope we’ll be looking at when we finally come up for air. I would expect similar updates for the summer as this refactoring work will likely take some months.