2021-07-02

Owned by Ian Young
Last updated: Jul 29, 2021
2 min read

Shibboleth Developer's Meeting, 2021-07-02

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-07-16. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  1. Atlassian provisioning options.

Attendees:


Brent

  • Back from vacation. No progress to report. Next up is continuing to look at the Java socket server question.


Daniel


Henri

  • JOIDC-21 - Getting issue details... STATUS
    • High-level planning at: /wiki/spaces/DEV/pages/1213038673
    • Functional PoC for the admin flow & CLI
    • Access token encoding/encryption: the current method used for Authz codes and access/refresh tokens rely unnecessarily to Nimbus

Ian

  • Java 17: now being tested in -multi jobs; all seems well.
  • SKS (PGP/GPG) keyservers are defunct (RTBF/GDPR, apparently). Acronyms much?


John

  • Not much to report. Started to look at AWS container options for cloudifying cpp-linbuild.

Marvin


Phil

  • JDUO-47 - Getting issue details... STATUS  added test, fixed, and deployed 1.1.1 of the Duo plugin
  • Maven cleanup
    • JPAR-178 - Getting issue details... STATUS  - we can get rid of our patched one from Nexus.
    • JPAR-176 - Getting issue details... STATUS  - thanks to the work Scott put in, I think this is done, other than testing (and some possible adjustment of server-side scripts) during a release.
  • OIDC-RP
    • Slow progress, hopefully have more time now the Maven stuff is done.
    • Spent a small amount of time on Webfinger for OP discovery - can not see much support for this. 
      • The plugin probably should provide some support? to support OP discovery on the flow (like SAML proxying does with IdP disco).
      • Strategy-based lookup for now.
  • Test


Rod

JPAR-175 - Getting issue details... STATUS

  • 'test' to check against our poms is complete and in place.  Scott Cantormade some changes to our parent pom.
  • 'test' to check war contents signing is ongoing.
  • We are going to have to have a conversation about jar signing & supply chain attacks.  

Scott

  • Started wiki migration, member pages "in production"
  • JPAR-175 - Getting issue details... STATUS
  • JPAR-176 - Getting issue details... STATUS
  • A few more 4.2 odds and ends

Tom

  • Regrets - will miss call
  • Green lights on browser tests
    • Run latest-browsers vs latest-Jetty vs IdP-latest and IdP-next nightly ?
      • don't need to re-run tests against static versions
      • Sauce Labs tests are slower than local headless Firefox

Other