Shibboleth Developer's Meeting, 2022-05-06

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-05-20. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

1. Refactoring/renaming components for V5 (Slack thread)

   1. Long discussion about how to reorg things, no decisions other than to revisit once we have a working Spring 6 build of everything.

   2. Scott will take an AI to write up a summary inventory of components in the various places right now

Attendees:

Brent

Daniel

Henri

Ian

• https://shibboleth.atlassian.net/browse/IDP-1892

  • in service to https://shibboleth.atlassian.net/browse/JPAR-186

  • Notes on Hibernate

John

Marvin

Phil

• Success! https://shibboleth.atlassian.net/browse/JPAR-207

  • They fixed it. We either move to 3.3.2 or 3.4.0. The latter breaks backward compatibility with reporting-api < 3.1.0 - not sure we care, so should use 3.4.0.

• https://shibboleth.atlassian.net/browse/JCOMOIDC-41 Pushed the changes I was working on to the oidc-common dev branch to support JWT signature validation using the new trust engine.

  • Works for resolving and validating the RSA signature on the id_token that comes back from the OIDC certification simple client test.

  • Added several misc. classes. Added an OP metadata credential resolver to extract ‘trusted’ keys from the jwks_uri.

  • Will need a resolver to acquire the client_secret for MAC validation - which I almost already have in the RP for resolving the client_authentication.

  • Maybe a resolver for PKIX style validation of the public key used using the x5c headers.

Rod

• Closed multiple outstanding Jira cases

• https://shibboleth.atlassian.net/browse/OSJ-342

  • Plan is to release a Plugin/Module ASAP, deprecate JPA version immediately and remove Hibernate in V5

• Need to loop back around on missing keys ( https://shibboleth.atlassian.net/browse/JPAR-200, https://shibboleth.atlassian.net/browse/JPAR-201

Scott

• Testbed / Jetty 10

• https://shibboleth.atlassian.net/browse/JOIDC-7

  • Bum-rushed adding JWT support to the remaining grants (not sure about refresh but I think that’s handled) in parallel with the design we just shipped.

• https://shibboleth.atlassian.net/browse/IDP-1945

  • Logback defaults to debug, so relocating classpath:/logback.xml did a bad thing

• Started work on next-stage of POC for SP service in Java

  • Making slow progress standing something up that parallels the IdP (sp.home, properties, etc.)

  • Experimenting with Spring context design for this, wondering about implications of a ReloadableService containing other ReloadableServices and what happens to the refresh threads if the parent service reloads.

  • Once there’s a viable Spring container, will add the Spring integration gateway in and start working on message endpoint registration API for components to call

Tom

• Testbed with Jetty 10

  • Would like integration tests to work with the 10 branch, rather than creating a test-specific branch, as I thought 10 is the example for deployers

  • Do we just need to change the jetty.sslContext.keyStorePath in the 10-testbed-eclipse branch instead of 10 for the testbed ?

  • Would like to default the testbed / integ tests/ doc to Jetty 10

• https://shibboleth.atlassian.net/browse/JPAR-197 Schedule for V5 ?

Other