/
2021-02-05

2021-02-05

Jul 29, 2021

Shibboleth Developer's Meeting, 2021-02-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-02-19. Any reason to deviate from this?

60 to 90 minute call window.



Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.



AGENDA

  1. AWS permissions

    1. GEN-274 - Getting issue details... STATUS

  2. New Duo plugin release for testing?

  3. 4.1 schedule   ship in March, freeze end of February

    1. when do we need all the JDKs and AMIs in CI ? (Tom)

    2. when do we freeze Jetty ? (Tom)

Attendees:



Brent

  • OSJ-75 - Getting issue details... STATUS


    • This turned out to be very easy

  • OSJ-118 - Getting issue details... STATUS

    • Done, although still chewing over whether should by default support ~30 legacy curves that SunEC currently supports, but which are deprecated and require a system prop in Java 15+. Leaning towards yes.  Relevant Oracle SunEC docs here.

  • OSJ-82 - Getting issue details... STATUS

    • Not quite done on this yet, sidetracked on other things.  All that remains is EncryptionParametersResolver.

  • OSJ-328 - Getting issue details... STATUS

    • Pretty sure Scott is right about race condition.  Actually more worried about the related conditions in LazyList, etc.



Daniel



Henri

  • JOIDC-17 - Getting issue details... STATUS

    • All done: Java, XML-namespaces and profile identifiers

  • JOIDC-22 - Getting issue details... STATUS

    • oauth2-oidc-sdk from 7.1.1 to 8.33 to 9.0

    • nimbus-jose-jwt from 8.8 to 9.4.1

  • JOIDC-19 - Getting issue details... STATUS

    • Do we want to support OAuth2 flows not involving end-users?

    • Had a meeting with a member using Shibboleth as IdP and OP, together with an OAuth2 AS

  • Testing plan

    • Make pre-releases of oidc-common and OP

    • Install them via plugin installer (via remote endpoint)

    • Start running OIDC certification tests against the instance

Ian

  • Dependencies

  • Java 16 RC1 is out



John

  • Took another pass at producing a Docker image for SLES. Got further than the first try, but mainly succeeded in discovering subsequent problems to solve.

  • Began adding support for Amazon Linux.

Marvin



Phil

  • Various oidc-common and Duo plugin changes

    •  - surfaced oidc-common as a plugin and single module. Created a BOM for import.

    •  - bumped oidc-common to the very latest Nimbus libs. Henri completed that work on the OP.

    •  Move JWT claims validation to a new framework in oidc-common 

    •  - delegated signature validation functions to oidc-common

  • Asked for help testing the Duo plugin on the Jisc-Shib list - no response yet.