2022-06-17
Shibboleth Developer's Meeting, 2022-06-17
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-07-01. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at OSU, see https://marc.info/?l=shibboleth-dev&m=165419483503328&w=2 (same details apply as for 6/3).
AGENDA
Merged repo: reactions and timescales (@Ian Young)
Thoughts on opensaml-spring
Add items for discussion here
Attendees:
Brent
Daniel
Merging ldaptive v2 into IDP v5
waiting until v5 main branch work settles down
Henri
The current non-resolved issues for OP 3.2:
Regarding refresh tokens:
Almost there, some final polishings / documentation to do
https://shibboleth.atlassian.net/browse/JOIDC-6
Helper-function for scripts and example via attribute resolver service now exists
JOIDC-112: PROTOCOL_MESSAGE.OAUTH2 log appender to trace all the exchanged protocol messagesResolved
Technically not complicated, will probably use
PROTOCOL_MESSAGE.OAUTH2
JOIDC-7: Support JWT access tokens for code or implicit grantsResolved
No known issues, I’ve run some tests for both OAUTH2.Token and OAUTH2.TokenAudience profiles
The plan is to release OP 3.2 and common 2.1 during the last week of June.
Ian
John
Rocky Linux 9 forecast: “ready for general release in the June - July 2022 timeframe”
Vanishingly little progress on cpp-linbuild for Fargate since last time due to competing demands on my time
Marvin
Phil
JCOMOIDC-41: Move OIDC Signature Validation resolvers and parameter classes to commonsClosed RP updated to support Brent’s JOSE Header JWK resolver
JCOMOIDC-45: Add a Decrypter for JWE tokens similar to the opensaml DecrypterClosedAdded JWT decryption and signature validation support to UserInfo JWT (which could just be a plain JSON object)
Test certain modes against the OIDC certification OP
Improved the response_mode and response_type lookup from RP config
Added scopes to RP config, default obviously openid.
Added OIDC ACR proxy pass-through function from upstream SAML request (similar to SAML proxy)
Flow XML cleanups
More tests
Rod
JSPT-98: Integrate lifecycle checking methods in base classesResolved
OSJ-342: Investigate Strategies to end of life our use of Hibernate in V5Closed
Windows Server recommendations.
Scott
Working on IdP refactor
Cloned IdP into java-shib-metadata
shib-metadata-api/impl
Unfortunately depends on some shib-attribute modules due to EntityAttributes node processor, including an impl module
shib-metadata-spring (maybe it’s time to split these into -api/-impl?)
This is at least all building and passing tests
Cloned IdP into java-shib-attribute
shib-attribute-api/impl
Probably need to deprecate and move in various Attribute-related predicates and such out of other packages
shib-attribute-resolver-api/impl/spring
Some connectors and definitions will probably stay in the IdP somewhere (e.g. anything to do with Subject)
shib-attribute-filter-api/impl/spring
Filter impl relies on shib-metadata-api due to Scope extension
Considered Spring classes open to package rename/reorg, but not the rest for now
Fair bit of work left to get this building
Tom
need to patch server
worked on Windows Server 2022 image
Other