Shibboleth Developer's Meeting, 2022-06-03

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-06-17. Any reason to deviate from this?

60 to 90 minute call window.

https://shibboleth.atlassian.net/browse/IDP-1955
1. No decision pending more information but we did identify usage of this option in the testbed and would like to investigate why it’s there.
ComponentSupport
1. Will adopt changes made in the MDA code base for V5, deprecate ComponentSupport.
Library refactoring – steps/timeline
1. Initial plan is to create a merged history reposistory for java-support and spring-extensions before subsequent changes. Additional top level projects may be created by cloning existing superset projects followed by optional reposurgeon cleanup of unneeded history for things stripped out before we move them into a “stable/supported” state.
2. Initially all the new top-level projects should be veiwed as having unstable history and may require occasional recloning with notice, so long term new work probably should live in private branches for now.

IdP v5 Jenkins jobs working for: commits, nightly, multi, site
- Included: java-parent-project, java-support, spring-extensions, java-opensaml, spring-webflow, java-identity-provider
- Excluded: idwsfconsumer, testbed, integration tests, plugins, xmlsectool, MDA
- idwsfconsumer depends on java-support and OpenSAML, so probably should be branched
Still to look at:
- Dependency signature enforcement.

Working on adding RHEL9 support to cpp-linbuild.
- Main challenge is figuring out how to find and enable useful RPM repos inside the UBI container from which to fulfill build environment dependencies
- Navigating the world of Red Hat is quickly becoming one of my least favorite things to do

On leave for this meeting. Progress on:
- added decryption related config, params, and context classes to commons.
- - added a JWE decrypter to commons, similar to what exists in the OP and what already existed for the XML case.
- All in the commons dev branch for Brent to mull over when he can.
- Tested with the OIDC certification platform using RSA Key Encryption (the certification OP seems to NPE when I try Direct Encryption, their OP declares support for that algo, so might need to ask them)

- Approaching completion
- Need a Jira project
- Beta testers?
V5 tidy
- Question: Are we forking the wiki for V5 (like we did for V4).
- Possible agenda: Rules for breaking/api changes in V5
Possible agenda item: Component state management. Proposal:
- Leave ComponentSupport as is (because of plugins), but deprecate them
- Add methods to appropriate base classes and convert projects to use them
- Each project can decide what is an appropriate level of testing
- Plugins are interesting:
  - It gratuitous to require V5 just for this
  - But when do we start withdrawing support for aged IdP releases (do we really want to support IdP4.1 for current versions of plugins?)

Fleshing out more SP design docs
- Thinking about how the pieces will fit together and how to “secure” a shared instance of the service

Henri - As a deployer, anything we can do to deploy a fix for JOIDC-106 sooner ? is there a release-quality snapshot we can use ?

Java updated except for Windows EC2 agent
What version of Jetty should we test using integration tests ?
- 10 ? (because that’s what ships in the Windows Installer)
- 11 ? (because that’s what’s next)
Update EC2 Jenkins build agents :
- Windows Server 2016 > 2022
- CentOS7 > Amazon Linux ?
- RHEL8 > ?
Windows Shibboleth SP documentation : install instructions / screenshots