2022-03-04
Shibboleth Developer's Meeting, 2022-03-04
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-03-18. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Add items for discussion here
Attendees:
Brent
https://shibboleth.atlassian.net/browse/OSJ-315
Currently marked for 4.2. I don’t recall the background on this. Do we still need to do?
https://shibboleth.atlassian.net/browse/OSJ-344
Currently marked for 4.2. Is this just a simple exclude? There’s some discussion about doing things with Rod’s new checking support, etc.
Daniel
Henri
Ready for the next release:
The authorize-endpoint is expecting OIDC authentication requests now, and Nimbus verifies they contain openid scope
Verified now by flow tests, so we’ll notice if Nimbus’s behaviour changes
Still some final things to be finished:
CORS can be handled by
Testbed incompatilibity is weird: when I print out the contents of the ServletContext in the initializer, I see web.xml contents from the testbed app (not idp.war’s web.xml)
Works and fairly well tested - need to finish unit testing though
Currently way too complicated to inject non-default metadata policies via file (multiple beans needed) - must be simplified
Can CLI really be compatible with the authenticated:true
No error handling yet - the successful output is currently TokenResponse JSON - should it be a velocity view instead
Unit testing need to be finished
Ref: users-list discussion. Client secret expiration time is not currently exploited.
Ian
John
Marvin
Phil
Rod
Removing central-disabled profile from parent project (
main
only) for Friday night's builds.Discuss: Add a
-P check-m2
profile (again to main only) to assist with releases.
Mostly removing things (good)
A chance to reconverge to our “standard” jetty base
Scott
Docs for OAuth work
New stylesheet/templates merged in
Reviewed implications for upgrades
New TOTP plugin release needed
Jetty 10 example page added
Finishing up backlog for OP and IdP
Tom
Updates on testing :
Browser tests working again after accessibility changes for IdP 4.2
Browser tests not working for IdP 4.1
Because test code enables IdP 4.2 modules instead of 4.1
Working on using installer to set up the IdP during testing
Works on Linux
Does not work on Windows (unable to run .bat files properly, WIP)
Revived Tomcat tests
Jetty 10 tests should work once is resolved
Other