Lots of vacations and other interruptions lately so this is a short update. Following on last month, work continues on code reorganization and refactoring. That’s not terribly exciting but is ongoing.

In parallel, some new work is being done in anticipation of an IdP V4.3 release, either late this year or early in 2023. This will allow us to ship a small number of in-demand features that require core changes, while getting warnings in place for deprecated and at-risk features ahead of the release of a V5.0 sometime in 2023. Maintaining and working across multiple branches is not a common thing for us to do, and it’s definitely not ideal, but it’s the only way to avoid bottlenecks in the workstream at this point.

Administrative logout has been a long-standing need. This is really not “logout” in the more usual sense, but rather revocation of active state for subjects to force re-authentication (under the assumption that accounts are either locked or reset). This work is mostly finished, and described in https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/3031990275 (the logout term was kept simply because it’s a common way people refer to the feature). It was designed to be as simple to configure as possible, while retaining a fair amount of flexibility in terms of integration with the IAM environment that typically has to make this work properly. There’s still time for feedback of course.

I don’t expect much else in the way of major features for 4.3 but we’ll be reviewing the backlog (and please submit anything smallish if it’s not already filed).

We’re expecting a first milestone release of Spring Web Flow 3 in the near future, and one major contribution from us was already accepted, eliminating a number of duplicated classes we had created in the course of bending it to our will.

On the SP front, we built and posted official packages for Rocky Linux 9 (which are of course usable on RHEL 9), which took me an hour or so, as compared to the days it would have taken me in the past.