2022-08-05

Shibboleth Developer's Meeting, 2022-08-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-08-19. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Attendees:

Brent

Daniel

 

Henri

  • Back online next week

Ian

  • As yet, no upstream Spring Webflow milestone release.

  • Spring Framework 6.0.0-M5 integrated everywhere, M6 is due 2022-09-15 along with 5.3.23.

  • Commit jobs now running on CentOS7-commits instances, mostly.

    • Please review my mail to committers@ so that I don’t have to talk through this!

John

    • Trying again with new Rocky Linux 9 image as of 20220720

    • Probably going without doxygen and libmemcached

Marvin

 

Phil

  • On leave for the meeting. Been in and out of leave for a few weeks, ending end of next week.

    • Small improvements to the credential resolver. I think I now need to hook up the local credential resolver to also use any public key info from ‘jwk’s inside the JOSE headers to locate corresponding private keys, in addition to the ‘kid’ (keyID) it currently uses (algorithm info is also currently used).

      • Brent might want to put me straight on that if not.

    • See the issue for the current logic (which needs reviewing).

    • Tricky to test ECDHE-ES as the runtime does not support EC/ECB/PKCS1Padding. Also not easy to get something downstream to test it e.g. OIDC cert tests. Will try with our OP.

 

Rod

  • I've made it an agenda item

 

Scott

  • xml-security-c buffer overrun

    • No exposure in library itself or SP so low priority, will get a patch released at some point

    • Approaching this as a revocation problem due to client-side storage, with two back-ends, storage service or attribute resolver

Tom

  • Working on updating/fixing integration tests for Sauce Labs :

    • removing Sauce Labs dependency (use environment variables + Jenkins Sauce Labs OnDemand plugin for credentials instead)

    • bump to Selenium 4

    • bump to Java 17 parent

      • workaround deprecated Spring Framework method to find available ports

Other