2021-08-06
Shibboleth Developer's Meeting, 2021-08-06
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-08-20. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Schedule for rest of Jira migrations
Handling support issues
@Ian Young : probably time to start thinking about - GEN-290Getting issue details... STATUS
Confirmed CentOS 8.5 will (briefly) be a thing, for perhaps a month, around the end of the year.
Makes sense to migrate in advance of that mess.
Add items for discussion here
Attendees:
Brent
Java socket server: Have a very simple telnet echo server using Spring Integration. It’s very slick, everything is declarative using custom Spring XML. Now working on evaluating for overall appropriateness, e.g. performance. Not sure yet on things like the threading model and throughput.
My “fix” for the Bouncy Castle FIPS didn’t pan out b/c it’s actually missing even more classes.
Daniel
Henri
https://issues.shibboleth.net/jira/browse/JOIDC-52
The tokens produced by V1 and V2 of the extension are not compatible with 3.0.0 and 3.0.1
Fix seems to be simple. The flow tests need to be improved to make sure this won’t happen again.
https://issues.shibboleth.net/jira/browse/JOIDC-53
“Do not remember consent” option doesn’t work with the backend flows if encodeConsentInTokens is not enabled
Could there be a way to exploit consent options outside the attribute-release flow?
Patch release next week with JOIDC-49 and JOIDC-52
Ian
Initial Java 17 release candidate expected any day now.
Debian 11 (Bullseye) expected 2021-08-14 or thereabouts.
I’m assuming we want to treat it the same as Debian 10 (smoke test, then add to Java Distributions as “partially supported” for the Java 11 platform).
I plan to pick it up when released to make sure there are no surprises (last time, interesting random source behaviour broke things).
Observation: Debian has a peculiar support lifecycle, in which there’s an initial end-of-support date on which responsibility for security patches passes to another team. For Debian 9 this was on 2020-07-18. That “long term support team” supports Debian 9 until 2022-06-30. Which date do we want to use to remove it from our list? NB: as Debian 9 only shipped with Java 8, this isn’t relevant for IdP V4 so it’s really mostly a question about policy for the future.
John
Managed to get Fargate wired up to EFS to run a test build, and not much else. Coordinating with Tom Z. to discuss options for a Jenkins DEV instance, and pipeline approaches.
Marvin
Phil
Rebased our patched maven-javadoc-plugin on V3.3.0 of the official plugin.
Probably not a good long-term solution. I might have to get into the weeds again to try and get them to incorporate a proper fix.
Added a unit and flow test for loading classpath* resources to the IdP.
- JDUO-50Getting issue details... STATUS They fixed an NPE, but it is not likely to occur in practice. So I do not think there is a rush to release a new version - although I guess there is no harm in doing so.
Will wait for them to do their dependency updates before deciding what to do.
More in-depth work on:
- JCOMOIDC-22Getting issue details... STATUS Discussed with Henri, made the transition, now needs looking at - have asked Henri for a sanity check.
- JCOMOIDC-23Getting issue details... STATUS Pretty much a FunctionDrivenDynamicHTTPMetadataResolver but tied to an OIDCProviderMetadata result. Is pretty involved, I seem to be mostly copying the HTTPMetadataResolver stuff over to OIDC objects in JSON. If that makes sense I will keep going, but maybe that is not a good idea.
Also Out on Vacation and AFI 9-Aug to 13-Aug - but not with Rod.
Rod
Stalled on POM/WAR checking…
Odds and ends.
Wiki conversion
Windows build & RC files
&c &c
Out on Vacation and AFI 9-Aug to 13-Aug
Scott
Migration obviously
Wiki “style guide” TBD to capture all the bugs and problems we have to step around
IdP regression
Tom
Looking at deploying Nexus 3 via ECS
Other