2021-09-03
Shibboleth Developer's Meeting, 2021-09-03
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-09-17. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Jenkins / LDAP
Attendees:
Brent
Java socket server: Not much progress since last meeting, due to start-of-semester work. Looking at the best way amongst several possible approaches to marry the DDF protocol code to these components.
Daniel
Henri
https://shibboleth.atlassian.net/browse/JOIDC-50
First thoughts on this: a new configuration property for a function that feeds profile configurations
A lesson learned from the incompatibilities with the legacy tokens: make sure that the endpoints can handle prefix-configuration changes
The prefix approach doesn’t work with the JWT access tokens (JOIDC-7)
JOIDC-21: Use token authentication for OIDC dynamic client registrationClosed
The admin-flow approach (input: JSON, output: token compatible with some profile) could be useful in other parts too → Trying to make the structure generic
The first functional PoC progressing
Ian
Heads up: Maven 3.8.2 is broken: JPAR-185: Site builds are not compatible with Maven 3.8.2Open
Initial details for Spring 6 have been announced: https://spring.io/blog/2021/09/02/a-java-17-and-jakarta-ee-9-baseline-for-spring-framework-6
Short fluffy talk at Juergen Hoeller at SpringOne 2021 covers most of the following
Java 17 baseline, will also support next two LTS after that (Java 23 and 29 in 2024 and 2027 respectively) (Spring 5 will not go beyond Java 17).
Jakarta EE 9 baseline, implying
namespace change from
javax
tojakarta
Tomcat 10, Jetty 11 baseline
The talks from Spring One (incl. Juergen Hoeller’s deeper dive on Spring 6) will be available 2021-09-07 at SpringOne.
GA 2022 Q4
M1 2021 Q4, i.e., in a couple of months. In principle, we could start a feature branch for Spring 6 at this point, or in general branch for v5. (Hibernate or some other dependency might be a sticking point; beta of next version of Hibernate expected in 2022).
What about Spring Web Flow? I assume that’s Servlet-dependent and therefore won’t work vs.
jakarta
APIs as it stands.
John
Preliminary success getting Jenkins to produce Docker images
Continuing to investigate options/techniques for combining Docker, Jenkins, AWS
Marvin
Phil
Not around for the call.
Still this JCOMOIDC-23: Add OpenID Provider Configuration Document ResolverOpen
Rod
https://shibboleth.atlassian.net/browse/JPAR-182
Still chasing up Hibernate
Probably need to make it into a verify plugin.
Sob
See no value in an end user program (“use this jar you downloaded to see if these jars you downloaded are safe”).
Complete the Nashorn Plugin V1.1
Now using JDK
But the GraalVM one also works
Some feedback on MetadataGen. So ready for release
Bug squashing:
IDP-1854: Add a discovery option to the plugin commandClosed
IDP-1830: Installer should check for outdated web.xml contentClosed
IDP-1848: Expose any missing settings for LDAP poolingClosed
Note - properties in documentation but not in the properties file
Wiki conversion
Scott
Jira down as of this AM
Working on https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/2764865554
Started building and testing new Rocky 8 server and documenting that under https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/2780070020
Having issues with the server locking up, still doing A/B testing to pin down the cause
Tom
Maven Central
deploying to Central : on hold
working through hosting our repo via Apache rather than Nexus
isolates us from Nexus sec vulns (i.e. how we run Jenkins)
Containerizing Jenkins and Nexus
working through using Docker Compose to run Jenkins/Nexus containers in AWS
Other