2022-09-02

Shibboleth Developer's Meeting, 2022-09-02

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-09-16. Any reason to deviate from this?

90 to 120 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Attendees:

Brent

  • Xalan XSLT bug: Seems like we’re ok here

Daniel

  • Nothing to report

Henri

  • Absent today

  • (At least) one more patch release needed for OP 3.2

Ian

  • New repository trimming work:

    • Have this working for java-shib-attribute, probably

    • Empty commits and their tags are expunged as a side-effect

    • Size comes down from 80MB to 25MB, approx

    • Optional pre-renaming to help avoid the need for --follow

    • What to do about old tags and branches?

John

 

Marvin

 

Phil

  • JOIDCRP-19: Add audit context actions and audit extractors where necessaryClosed - hadn’t added the audit extractors. Have now. But just thinking it through.

    • Copied some OP extractors to commons.

  • JOIDCRP-17: Add JWT Encryption Parameter Resolver SupportClosed Completed some refactoring of the encryption resolvers.

    • Have not committed in-case Brent was in the middle of looking at its current state.

    • Mostly a refactor from subclasses to lookup strategies to determine algorithms to use and credential resolvers. The credential resolvers allow the reuse of the existing signature validation resolvers for looking up the client_secret from criterion, and the OP’s keys from its public keyset document.

    • Also removed the direct capability of resolver encryption keys from local config. The OIDC spec says the symmetric keys must be derived from client_secret, and the asymmetric keys must come from the OP’s keyset document - makes sense. That said, you could technically plug any cred resolver into it.

Rod

  • Apologies, but may not make today’s meeting.

  • Nothing to report.

Scott

  • GEN-315: Fix the mess of Eclipse files checked into gitClosed

    • Mostly done at this point.

    • Be aware compiler error/warnings are now uncontrolled

  • Misc backlog

  • Started the java-shib-shared refactor with a goal of eliminating unusual dependency chains based on test jars

    • Criteria for new modules? E.g., OpenSAML uses a Velocity class but not Spring, so a velocity module without requiring optional dependencies has a single class in it.

Tom

  • working on Sauce Labs tests

    • seems to be a Selenium / Safari driver bug which prevents clicking on a radio button on iOS / iPadOS

  • new Jenkins agents : AmazonLinux2 and Rocky9

    • still working on WindowsServer2022

Other