2022-05-06
Shibboleth Developer's Meeting, 2022-05-06
Call Administrivia
09:00 Central US / 10:00Â Eastern US /Â 15:00Â UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-05-20. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Refactoring/renaming components for V5 (Slack thread)
Long discussion about how to reorg things, no decisions other than to revisit once we have a working Spring 6 build of everything.
Scott will take an AI to write up a summary inventory of components in the various places right now
Attendees:
Brent
Â
Daniel
Â
Henri
Â
Ian
https://shibboleth.atlassian.net/browse/IDP-1892
in service to https://shibboleth.atlassian.net/browse/JPAR-186
Notes on Hibernate
John
Â
Marvin
Â
Phil
Success! https://shibboleth.atlassian.net/browse/JPAR-207
They fixed it. We either move to 3.3.2 or 3.4.0. The latter breaks backward compatibility with reporting-api < 3.1.0 - not sure we care, so should use 3.4.0.
https://shibboleth.atlassian.net/browse/JCOMOIDC-41 Pushed the changes I was working on to the oidc-common dev branch to support JWT signature validation using the new trust engine.
Works for resolving and validating the RSA signature on the id_token that comes back from the OIDC certification simple client test.
Added several misc. classes. Added an OP metadata credential resolver to extract ‘trusted’ keys from the jwks_uri.
Will need a resolver to acquire the client_secret for MAC validation - which I almost already have in the RP for resolving the client_authentication.
Maybe a resolver for PKIX style validation of the public key used using the x5c headers.
Â
Rod
Closed multiple outstanding Jira cases
https://shibboleth.atlassian.net/browse/OSJ-342
Plan is to release a Plugin/Module ASAP, deprecate JPA version immediately and remove Hibernate in V5
Need to loop back around on missing keys ( https://shibboleth.atlassian.net/browse/JPAR-200, https://shibboleth.atlassian.net/browse/JPAR-201
Â
Scott
Testbed / Jetty 10
https://shibboleth.atlassian.net/browse/JOIDC-7
Bum-rushed adding JWT support to the remaining grants (not sure about refresh but I think that’s handled) in parallel with the design we just shipped.
https://shibboleth.atlassian.net/browse/IDP-1945
Logback defaults to debug, so relocating classpath:/logback.xml did a bad thing
Started work on next-stage of POC for SP service in Java
Making slow progress standing something up that parallels the IdP (sp.home, properties, etc.)
Experimenting with Spring context design for this, wondering about implications of a ReloadableService containing other ReloadableServices and what happens to the refresh threads if the parent service reloads.
Once there’s a viable Spring container, will add the Spring integration gateway in and start working on message endpoint registration API for components to call
Tom
Testbed with Jetty 10
Would like integration tests to work with the
10
branch, rather than creating a test-specific branch, as I thought10
is the example for deployersDo we just need to change the
jetty.sslContext.keyStorePath
in the10-testbed-eclipse
branch instead of10
for the testbed ?Would like to default the testbed / integ tests/ doc to Jetty 10
https://shibboleth.atlassian.net/browse/JPAR-197 Schedule for V5 ?
Other
Â