Shibboleth Developer's Meeting, 2022-03-04

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-03-18. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Add items for discussion here

Attendees:

Brent

• https://shibboleth.atlassian.net/browse/OSJ-315

  • Currently marked for 4.2. I don’t recall the background on this. Do we still need to do?

• https://shibboleth.atlassian.net/browse/OSJ-344

  • Currently marked for 4.2. Is this just a simple exclude? There’s some discussion about doing things with Rod’s new checking support, etc.

Daniel

Henri

Ready for the next release:

• https://shibboleth.atlassian.net/browse/JOIDC-63

• • The authorize-endpoint is expecting OIDC authentication requests now, and Nimbus verifies they contain openid scope

  • Verified now by flow tests, so we’ll notice if Nimbus’s behaviour changes

Still some final things to be finished:

• • CORS can be handled by

  • Testbed incompatilibity is weird: when I print out the contents of the ServletContext in the initializer, I see web.xml contents from the testbed app (not idp.war’s web.xml)

• • Works and fairly well tested - need to finish unit testing though

  • Currently way too complicated to inject non-default metadata policies via file (multiple beans needed) - must be simplified

• • Can CLI really be compatible with the authenticated:true

  • No error handling yet - the successful output is currently TokenResponse JSON - should it be a velocity view instead

  • Unit testing need to be finished

• Ref: users-list discussion. Client secret expiration time is not currently exploited.

Ian

John

Marvin

Phil

Rod

• • Removing central-disabled profile from parent project (main only) for Friday night's builds.

  • Discuss: Add a -P check-m2 profile (again to main only) to assist with releases.

• • Mostly removing things (good)

  • A chance to reconverge to our “standard” jetty base

Scott

• Docs for OAuth work

• New stylesheet/templates merged in

  • Reviewed implications for upgrades

  • New TOTP plugin release needed

• Jetty 10 example page added

• Finishing up backlog for OP and IdP

Tom

• Updates on testing :

  • Browser tests working again after accessibility changes for IdP 4.2

  • Browser tests not working for IdP 4.1

    • Because test code enables IdP 4.2 modules instead of 4.1

    • Working on using installer to set up the IdP during testing

      • Works on Linux

      • Does not work on Windows (unable to run .bat files properly, WIP)

  • Revived Tomcat tests

  • Jetty 10 tests should work once is resolved

Other