2022-04-15
Shibboleth Developer's Meeting, 2022-04-15
Call Administrivia
09:00 Central US / 10:00Â Eastern US /Â 15:00Â UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-05-06. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at OSU, see dev list note from Scott.
AGENDA
Release post-mortem on any needed Jenkins changes.
Soliciting any ideas for Spring hardening.
Take Nexus down next week?
Alternative javadoc generation options?
Attendees:
Brent
Out on leave
Daniel
Â
Henri
Minor bug-fixes for 3.1 (JOIDC-87, JOIDC-88, JOIDC-89)
Testing and documentation
Ian
Â
John
Insignificant, incremental progress grinding out build scripts.
Marvin
Â
Phil
Have been plugging in the TrustEngine into the RP for id_token and possibly user_info token validation.
Mocked a credential resolver, but will need a provider metadata based one, and resolved client_secret one
Created a few duplicate classes as e.g. existing SignatureValidationConfiguration was linked to an XML signature typed SignatureTrustEngine.
This was all detailed in the ticket by Scott and Brent, but I added some duplicates locally to see how it all worked.
Created a new id_token signature validation configuration in the OIDCSecurityConfiguration
Deploying stuff, so agenda items.
Â
Rod
Keyring management,
On vacation (so apologies since I will not be at the meeting)
Scott
Testing
JSHIBD-1: Build socket server skeleton on top of a Spring ApplicationContextClosed
Did some playing and reading, some notes in issue.
Not sure at this point how valuable it would be to try and implement actual message dispatching with Spring Integration or just implement an auto-wired solution myself.
JOIDC-7: Support JWT access tokens for code or implicit grantsResolved
Work on branch
Member expressed a more urgent need for this, so evaluating how much work it will take.
Lot of complex issues with this because OIDC wasn’t defined with this in mind.
Tom
nada
Other
Â