Shibboleth Developer's Meeting, 2021-09-17

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-10-01. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

• Oracle JDK 17 Free Java License: do we think deployers will use this? Do we need to support Oracle JDK again? (see Java Distributions)

• Jira issue voting?

• Server move

Attendees:

Brent

• Java socket server: Working PoC using Scott’s remoted HTTP Request/Response. Next will flesh out more with more real-world config and (maybe) with some basic SAML processing to illustrate the end-goal.

Daniel

Henri

• JOIDC-57: OIDC endpoints stopped working with IPv6 after Jetty upgradeClosed

  • Root-cause is that Jetty includes brackets in the response for HttpServletRequest.getLocalAddr()

• JOIDC-21: Use token authentication for OIDC dynamic client registrationClosed

  • Managed to get full sequence PoC flow working with the access tokens

  • Realized that the “metadata policy” (see https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/1213038673 ) included in the access token is probably useful as a profile configuration option too

Ian

• Java 17 is GA. No change since early RC1 in early August.

  • New LTS cadence? Moving the JDK to a Two Year LTS Cadence

    • This is still proposed by Oracle, not definitely happening.

    • LTS old scheme: 17 (2021), 23 (2024), 29 (2027)

    • LTS new scheme: 17 (2021), 21 (2023), 25 (2025), 29 (2027)

    • No change in length of LTS support (from Oracle, anyway)

  • New Oracle JDK license for 17: Introducing the Free Java License.

    • Includes redistribution if not for a fee.

    • See agenda topic.

  • Corretto 17 expected next week.

John

• Working on adding EDS to cpp-linbuild.

• No more progress on Jenkins/Fargate to report yet

Marvin

Phil

• Still this JCOMOIDC-23: Add OpenID Provider Configuration Document ResolverOpen

  • Decoupled caching into a caching type implementation, build using a factory.

  • Pushed lots of variable (between OIDC and SAML) functionality into strategies to allow OIDC things to be slightly different.

    • e.g. how to fetch metadata when not in cache is now in a strategy.

  • Is tricky, almost have a PoC of something. Might not even be good, will need a review later on.

Rod

• JPAR-182: Check our Distributions for consistencyClosed(see separate mail)

• IDP-1860: Same Jars in bin/lib and bin/webapp/WEB-INF/libClosed

• OSJ-342: Investigate Strategies to end of life our use of Hibernate in V5Closed

Scott

• Server rebuild and docs

• Drafted up some servlet facades for Brent to play with

Tom

• mostly busy with consulting

Other