Shibboleth Developer's Meeting, 2020-08-21

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-09-04. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Add items for discussion here

Attendees:

Brent

• IDP-1657 - Getting issue details... STATUS
  
  
  

  • Fun with TLS!  We see different behavior when connecting to newer vs older target Linux systems with different versions of openssl.  Trying to confirm.

Daniel

Henri

• Polishing 

  JOIDC-5 - Getting issue details... STATUS

  • Testing client secret value resolution on test deployment

  • Polishing the configuration XMLs (also help documentation)

• Premilinary studying 

  JOIDC-13 - Getting issue details... STATUS

Ian

• Mostly complete: 

  GEN-264 - Getting issue details... STATUS

  • gitolite-config and personal repositories still unconverted. Probably declaring victory, assuming people don't think it's worth fixing gitolite-config (would require changes to Gitolite itself).

  • Meanwhile, I observe that the main branch in java-idp-jetty-base and java-idp-tomcat-base is surplus to requirements.

    • Open

      

       

    • Proposal: remove the main branch in these two repositories and set HEAD to the most recent numbered branch (e.g., 9.4 for java-idp-jetty-base).
      ok with me --Tom

• Progress on 

  JPAR-132 - Getting issue details... STATUS
   (for 
  MDA-65 - Getting issue details... STATUS
  )

  • Have this working on one module (the important one) in java-metadata-aggregator. You can see it as part of the site for the product here:

    • https://build.shibboleth.net/nexus/content/sites/site/java-metadata-aggregator/0.10.0-SNAPSHOT/aggregator-pipeline/jacoco/index.html

  • Changes seem minimal:

    • Needs a build plugin instance and a reporting plugin instance.

    • Need to add test to the command line used to build the site, or it doesn't include it (probably fixable, if we care).

  • We could probably add these to the parent POM if we wanted this everywhere. I don't know if it would work everywhere, of course.

  • There's a Jenkins plugin to allow you to graph a summary from job results, perhaps the nightlies? Not using that yet.

  • Example output from mvn clean verify (with <haltOnFailure>false</haltOnFailure>):
    [WARNING] Rule violated for bundle aggregator-pipeline: classes missed count is 4, but expected maximum is 0
    [WARNING] Rule violated for package net.shibboleth.metadata.pipeline: instructions covered ratio is 0.69, but expected minimum is 0.80
    [WARNING] Rule violated for package net.shibboleth.metadata.pipeline: classes missed count is 3, but expected maximum is 0
    [WARNING] Rule violated for package net.shibboleth.metadata.dom: instructions covered ratio is 0.78, but expected minimum is 0.80
    [WARNING] Rule violated for package net.shibboleth.metadata: classes missed count is 1, but expected maximum is 0
    [WARNING] Rule violated for package net.shibboleth.metadata.dom.impl: instructions covered ratio is 0.67, but expected minimum is 0.80
    [WARNING] Rule violated for package net.shibboleth.metadata.pipeline.impl: instructions covered ratio is 0.75, but expected minimum is 0.80

John

Marvin

Phil

• Some leave, plus one more day tomorrow so will not be able to attend.

• Closed 

  JDUO-10 - Getting issue details... STATUS
   thanks to Scott's work on 
  IDP-1652 - Getting issue details... STATUS

• Spent some time understanding where the supported principals were set, overridden, and used in order to (I think) add a strategy sensibly to the Duo validation action e.g. 

   (leaving open for now).

• Updated to the latest Duo SDK (

  ). Adds more validation including id_token authentication.

• Plugin POM now has the java-parent as the parent, works well. Updated to make explicit SL4FJ in the plugin.

• Still, cleanups and tickets left.