2022-09-16

Owned by Ian Young

Last updated: Sept 16, 2022 by John W. O'Brien

2 min read

Shibboleth Developer's Meeting, 2022-09-16

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-10-07. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Are we ready to bump Jenkins agents to latest Maven 3.8.6 ? (Tom)
JPAR-197: Remove our repositories from POMsOpen (Tom)
(Phil & Henri) oidc-commons branch merging, testing, and eventual release

Attendees:

Brent

OSJ-360: Regenerate PKIX test certs with SHA-2Closed
- Done, after figuring out some pesky policy OID stuff.
Users list question about Veracode, EC named curves implies: Should we consider a security policy layer that blocks “weak” keys from being used (as opposed to weak signing/encryption/other algorithms)?

Daniel

Henri

JOIDC-127: Include sid claim in id_tokenResolved
- The sid claim is required for the logout feature
- Fairly simple to implement, but API-module changes cannot be avoided
JOIDC-128: Support OAuth authorization requestsResolved
- Currently the authorize flow hardcoded to decode OIDC authentication requests
- Prototyping with a decision-state before decoding request:
  - if the scope-parameter contains openid, it’s OIDC authentication request
  - OAuth authorization request otherwise
  - Refactor SWF actions / functions into using OIDC only when really OIDC-specific

Ian

Repository pruning continues.
Spring Framework 6.0.0-M6 (and 5.3.23) are out.
- 6.0.0-RC1 due 2022-10-12.
- 6.0.0-RC2 due 2022-10-20.

John

cpp-linbuild
- SSPCPP-954: Build target for all components supported on a specific platformClosed
- Minor updates to Docker images

Marvin

Phil

WikiDocs - OIDCRelyingPartyAuthnConfiguration
Lots of little cleanups to the RP and some code TODOs.
commons merging, on the agenda.

Rod

Nothing to report
Apologies, I won’t be able to make the call

Scott

Refactoring…
- Bean created that will rewrite class and parent declarations based on a map, and the bean is now installed on main branch for global and all service contexts. Should be able to add it to the flows too.
- All of spring-extensions has been migrated to net.shibboleth.shared.spring.* package names with rules added to the rewrite map in global-system.xml. One stub left behind for web.xml compatibility.
- Moved on to work on test refactoring. OpenSAML now has a -testing module for test APIs, and many of its impl modules now depend on it, but -api cannot to prevent loops. This necessitated breaking apart -core (which we should have done anyway) and also migrating a few other tests down into -impl modules.
  - Any tests of a package defined in -api but implemented in -impl tend to have “.tests” on the end of the package name to avoid package sealing violations.
  - Will be moving on to remaining layers to eliminate test-jar dependencies.

Tom

Other