/
February 2026 Update

February 2026 Update

This month we are of course turning the page after the release of IdP V5.2.0, which looking back actually spent close to two years in “incubation”, so to speak. That is much too long, as it causes a lot of technical debt to accrete and turns these kinds of releases into “kitchen sink” piles of a lot of unrelated enhancements and changes caused by the fact that as time marches along, stuff happens, libraries change, etc. A lot of things ended up going into that release that increased our risk and the effort it took to get a stable release out the door.

So you can probably tell I wasn’t all that happy with the time it took and the rather chaotic mix of changes, but having said that, I think we’re in ok shape, I just don’t want to repeat that process. The good news is that our accelerated schedule due to Spring should prevent releases from taking that long in the future as they simply have to come out more often now. It’s on us to exercise the discipline needed to plan and execute them more coherently.

All that aside, I’ll note a few things:

  • While we are planning to continue producing MSI packages for both the IdP and for Jetty for the life of the 5.x branch, we are serving notice that we intend to discontinue that for V6.0. We have been pretty vocal about that plan and I’ve mentioned it several times, I’m just doing it again so there’s no confusion on this. The command line is going to be the only intended means of interaction with our installation tools.

  • We don’t have an ETA for an MSI supporting Jetty 12.1. It would not be a bad idea to simply look at removing the older MSI and giving the new Jetty plugin a try, as that natively supports 12.1 (exclusively in fact for the time being). But we will publish the MSI when it’s ready.

  • At least one deployer mentioned having no issues running the new IdP on Tomcat 10, despite the supposed requirement for 11. I’m sure that’s possibly the case, but we have no idea when/if any problems might arise when using an older container that does not deliver the expected Jakarta API baseline, and we’re not going to test that ourselves. YMMV.

Obviously the next priority is to get the SP 4 alpha released. Documentation work continues, as we try and make things as simple as possible for testers; I completed yet more “simplifications”, and we’re getting pretty close to the marrow as far as cutting any fat from the Hub’s Spring configuration. There just isn’t much more to cut, at least without requiring a lot of IdP changes we don’t have time for at the moment. So I think we are getting fairly close, and I would hope we will manage it by the end of this month.

This is in some sense more symbolic than critical for the development of the software; I don’t know how much testing we will get, but I think we are obligated to put together something that is usable enough to give deployers of SP 2/3 the chance to understand what it would mean to replace that software with this version, so they can decide whether to cut bait or not. It needs to “feel” like the eventual release will feel and while there will be significant gaps of course (it is still an alpha), I think we will be able to meet that goal.

OpenID Federation work continues and aside from being fairly sure that should be released this calendar year I do not have a better estimate right now for when that will happen.

We also do have a long-gestating plugin I worked on to add Thymeleaf view template support to the IdP. I would like to release it, but I have really no experience with Thymeleaf and I’m not sure that releasing something without any meaningful documentation is all that useful to do, but if there is interest, I certainly can do so. I still think we would be well served to migrate our default views to Thymeleaf, but that’s a lot of work somebody would have to do and we have bigger priorities at the moment, so I’m not sure how realistic it is right now.

Finally, late addition: with the IdP release done and our Spring 7 platform released, the 1.0 release of the Metadata Aggregator software will be coming shortly, after a long gestation. As it is also Spring-based, we would expect to continue to produce future releases on the same schedule as the IdP, possibly more or less at the same time to simplify our processes.