Shibboleth Developer's Meeting, 2021-09-03

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-09-17. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

1. Jenkins / LDAP

Attendees:

Brent

• Java socket server: Not much progress since last meeting, due to start-of-semester work. Looking at the best way amongst several possible approaches to marry the DDF protocol code to these components.

Daniel

Henri

• https://shibboleth.atlassian.net/browse/JOIDC-50

  • First thoughts on this: a new configuration property for a function that feeds profile configurations

  • A lesson learned from the incompatibilities with the legacy tokens: make sure that the endpoints can handle prefix-configuration changes

  • The prefix approach doesn’t work with the JWT access tokens (JOIDC-7)

• https://shibboleth.atlassian.net/browse/JOIDC-21

  • The admin-flow approach (input: JSON, output: token compatible with some profile) could be useful in other parts too → Trying to make the structure generic

  • The first functional PoC progressing

Ian

• Heads up: Maven 3.8.2 is broken: https://shibboleth.atlassian.net/browse/JPAR-185

• Initial details for Spring 6 have been announced:

  • Short fluffy talk at covers most of the following

  • Java 17 baseline, will also support next two LTS after that (Java 23 and 29 in 2024 and 2027 respectively) (Spring 5 will not go beyond Java 17).

  • Jakarta EE 9 baseline, implying

    • namespace change from javax to jakarta

    • Tomcat 10, Jetty 11 baseline

  • The talks from Spring One (incl. Juergen Hoeller’s deeper dive on Spring 6) will be available 2021-09-07 at SpringOne.

  • GA 2022 Q4

  • M1 2021 Q4, i.e., in a couple of months. In principle, we could start a feature branch for Spring 6 at this point, or in general branch for v5. (Hibernate or some other dependency might be a sticking point; beta of next version of Hibernate expected in 2022).

  • What about Spring Web Flow? I assume that’s Servlet-dependent and therefore won’t work vs. jakarta APIs as it stands.

John

• Preliminary success getting Jenkins to produce Docker images

• Continuing to investigate options/techniques for combining Docker, Jenkins, AWS

Marvin

Phil

• Not around for the call.

• Still this

Rod

• • Still chasing up Hibernate

  • Probably need to make it into a verify plugin.

    • Sob

    • See no value in an end user program (“use this jar you downloaded to see if these jars you downloaded are safe”).

• Complete the Nashorn Plugin V1.1

  • Now using JDK

  • But the GraalVM one also works

• Some feedback on MetadataGen. So ready for release

• Bug squashing:

  • • Note - properties in documentation but not in the properties file

  • Blocked on

• Wiki conversion

Scott

• Jira down as of this AM

• Working on

• Started building and testing new Rocky 8 server and documenting that under

  • Having issues with the server locking up, still doing A/B testing to pin down the cause

Tom

• Maven Central

  • deploying to Central : on hold

  • working through hosting our repo via Apache rather than Nexus

    • isolates us from Nexus sec vulns (i.e. how we run Jenkins)

• Containerizing Jenkins and Nexus

  • working through using Docker Compose to run Jenkins/Nexus containers in AWS

Other