February 2024 Update

Unsurprisingly we’re a bit delayed on the next planned set of releases due to a certain amount of scope creep along with a general lack of urgency as most of what we’re doing right now is new work, not really bug fixing. Late February is still a target for V5.1 of the IdP, but that’s speculative due to a few smaller items we have in progress. We have no plans right now to require that upgrade for any of the plugin work we have in flight, though some of the new work going on will work a bit better with it.

One significant late addition was to investigate the possibility of incorporating other view technologies into the system in addition to the built-in support for Velocity. Initially that was experimental, and we have no plans to forcibly add anything else, but we have redone the Spring MVC configuration to successfully allow plugins to inject new view resolvers at runtime and we have a prototype/proof of concept in the form of a Thymeleaf plugin that we will release after the IdP is done (and of course that plugin does require V5.1). This is the beginning of a workstream we will be continuing over time to potentially allow all of the existing uses of Velocity to be supplanted in the event that project becomes non-viable. Thymeleaf is not so well-suited to some of those uses, but is a good choice for views because it allows templates to be displayed in a browser outside the running IdP so designers have a better opportunity to contribute to them. Long term, we may have a contributor willing to redo all of the default templates in a much more modern style and approach, which is a major need. We may eventually look at moving Velocity into its own plugin so that one can choose an approach at install time.

The rest of our plugin development work has continued and is on track. We expect to have an alpha version of the native WebAuthn plugin available for evaluation soon. The parallel work on Duo for Passwordless is largely done but we are coordinating that work with Duo to make sure we’re moving in a direction they’re comfortable with and can jointly publicize and support, but the general feeling now is that we’re in a good place with that and will be able to release it in March at the latest.

With initial work on OpenID logout support done, the task now falls to us to see how well we can fit that into the existing IdP design to minimize the amount of changes required to the logout views, which are already complex enough as it is. Once that’s done, we’ll assess whether that work would require IdP 5.1 or if it can be run at least partially on 5.0 as we would hope.