2022-08-19
Shibboleth Developer's Meeting, 2022-08-19
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-09-02. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Artifact names and Maven co-ordinates for the performer previously known as Prince repository previously known as
java-support
andspring-extensions
.(rdw:) Windows core (headless) server support.
https://shibboleth.atlassian.net/browse/IDP-1955
Propose we go ahead with this after all.
Eclipse project files
Attendees:
Brent
https://shibboleth.atlassian.net/browse/OSJ-354
The category logging is actually farther down (about 3 layers deep) in the base class hierarchy. Trying to decide whether to change this and move this all the way to the top-level base class for encoders/decoders.
Daniel
ldaptive 1.3.x update for IDPv4 (blocking threads)
ldaptive 2.x update for IDPv5
Henri
Gson dependency should be removed from OP: it’s only used for parsing the contents from sector_identifier_uri during dynamic registration
Need to clarify the use of AttributeInOIDCRequestedClaims matcher
Current documentation and examples are a bit misleading
OAuth2Client authentication flow’s c14n step currently uses same c14n flows as end-user authentication flows
Perhaps a flag to disable c14n step or customisable set of c14n flows for this flow
Ian
V4 integration tests now nightly, not on CI chain.
Note: no V5 integration tests at present.
Old and busted:
java-support
andspring-extensions
repositories. New hotness:java-shib-shared
multi-project repository.Spring Web Flow 3.0.0-M1 has been released, including our code.
I have rebased our fork, and we’re still using it at present.
Do we have anything else we want upstream to consider?
If not, it is probably time to switch over to the upstream milestones and retire ours.
I’d disable jobs and remove old snapshot artifacts to avoid confusion, but stand ready to re-enable them if we need to do more work. I would not delete the fork.
John
Marvin
Phil
https://shibboleth.atlassian.net/browse/JCOMOIDC-41
As per Brent’s suggestion, converted the encryption classes to JWT specific ones without the KeyInfo etc. stuff
Lead to a bit of refactoring and some big changes to the ‘Basic’ encryption parameter resolver, which then needed to become more JWT focused given we actually use Nimbus encrypters.
Which lead to many changes in which needs review.
Suggestions for small improvements to the OP’s encryption . Not sure supporting direct encryption is all that useful given there is no algorithm descriptor for it and I am not sure how you share that secret with the OP (other than client_secret).
Usual RP cleanup work
Need to finish
‘Merging’ the dev commons branch into main is going to be messy, need to ensure the OP does not break.
Rod
Misc tidy
(yet) another JDBC Storage Service plugin release
Next up
Scott
Needs extensive testing
Tom
testbed
need to change the idp-war dependency in the POM from JAR to WAR, i.e. from
<dependency> <groupId>${idp.groupId}</groupId> <artifactId>idp-war</artifactId> <version>${idp.version}</version> <scope>runtime</scope> </dependency>
to
<dependency> <groupId>${idp.groupId}</groupId> <artifactId>idp-war</artifactId> <version>${idp.version}</version> <scope>runtime</scope> <type>war</type> </dependency>
to build from the CLI, but this breaks running the testbed in Eclipse.
Maybe would help, idk.
Added Jenkins jobs :
java-idp-testbed-v5
java-idp-integration-tests-v4.2.1
Working on java-idp-integration-tests-v5
Suggest changing default log level from debug to either warn or info in
idp-conf/src/test/resources/logback-test.xml
similar toidp-conf-impl
because Logback picks this up when running the integration testsCould use help with the AttendedRestart feature
example openssl command to password protect an existing private key ?
configured properties and beans, but flow/view does not appear, just get OpenSAML error message
Other