/
2020-06-19

2020-06-19

Jul 29, 2021

Shibboleth Developer's Meeting, 2020-06-19

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call will be Friday 2020-07-17 due to the US vacation around the 4th.

60 to 90 minute call window.



Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.



AGENDA

  1. CVE-2017-17485 - don't think V3 is strictly vulnerable but we need to verify - should review for any other Jackson vulns since

  2. IBM DID demo/presentation at their request at 11am EDT

Attendees:



Brent

  • OSJ-304 - Getting issue details... STATUS
    - Coded up most of the bits, just need to decide on the default strategy, and whether we need strategy plugability vs just on/off.

Daniel

  • Nothing for today

Henri



Ian

  • Java 15 is now in "rampdown phase one", i.e., mostly feature frozen.

    • Nashorn removal: Rod has most of this covered already, but a couple of test dependencies required:

      • JSE-37 - Getting issue details... STATUS

      • OSJ-320 - Getting issue details... STATUS

      • JOIDC-10 - Getting issue details... STATUS

    • Sun EC provider partially disabled:

      • OSJ-319 - Getting issue details... STATUS

    • Haven't tried integration tests yet.

    • Honestly, not as much as I expected (for which all credit to Rod for the work he's done already).



Marvin



Phil

  • IDP-1588 - Getting issue details... STATUS

    • How to add a plugin to the testbed for 'real' integration testing. Documented (not a lot) here PluginTestbedGuidance so far. 

      • One obvious thing; is there a better way to 'mixin' plugin POMs to test rather than directly in the testbed POM.

      • Does work end-to-end, but nowhere near finished.

    • Where/how to register an MVC controller for a plugin which a) uses annotations and b) requires beans from the spring application context (which it shares with SWF beans). The answer to make it work is in the mvc-beans.xml file, but that is not something a plugin can do.

      • Rod has pointed me to the postconfig stuff, will look at that.

    • Probably gone beyond their SDK JavaDocs and README file in terms of understanding their 'protocol' or at least their model objects. If possibly to kindly ask for any additional formal docs they have.

    • POM cleanup advice from Rod. 



Rod

  • (slow) Progress on 

    IDP-1595 - Getting issue details... STATUS

    • Review of PluginPOMGuidance welcome

    • Steps to putting the scripting plugins into git & CI 

    • Support TGZ and Zip ?

    • Plugin Information : fall back to local information...

  • Need to review the latest jetty in case we decide to ship a windows installer with it.



Scott

  • Renaming questionable settings - mostly done I think except docs

    • Added a new bean that can monitor an application context for bean definitions to deprecate

  • Various 4.1 features and bugs

  • Ongoing documentation fixing

  • Working on "Hello World" admin flow for out of the box testing of authentication and attribute settings, and debugging error handling

    • Enhanced conditional resource class to support alternative "default content", allowing "conditional" scriptlets

    • We could use this to scatter around ScriptedAction exits in many places if we wanted

  • Access to PrivacyIdea code from SWITCH