Shibboleth Developer's Meeting, 2022-11-04

Call Administrivia

09:00 Central US / 10:00 Eastern US / 14:00 UK / 16:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-11-18. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

• Add items for discussion here

Attendees:

Brent

• JSSH-16: Update to Apache HttpClient 5.xClosed

  • Refactoring going well, just tedious. So far have a couple of questions will likely have to float to HC users list.

Daniel

Henri

• JCOMOIDC-50: Update Nimbus oauth2-oidc-sdk into 10.1Closed

  • Looks fairly straightforward: unit tests ok for both RP and OP

  • Need to run some certification tests well before the release

• JCOMOIDC-51: Support OIDC logout URIs in SAML metadataClosed

  • Should we also add SAML metadata parsing for other new metadata claims “in advance”

• JOIDC-132: Improve customization methods for the configuration flowResolved

• Make sure that the OP’s abstract flows can be exploited by other plugins (extending OP)

• Some successful smoke-testing of RP

Ian

• w/Tom: Jenkins updates: everything now on Rocky9 and Windows2022. Java versions aligned with our documentation.

• Seeing a significant (100%+) performance regression in the UKf tooling run under Java 17 (not MDA 0.10-related). Anyone seeing similar in other contexts?

  • Seems to be (a) not Corretto only (b) not Ventura only (c) not Mac only (d) not Intel only and (e) starts in Java 15.

John

• Investigating ARM builds for SP

  • Rocky 9 cloud images are not listed on cloud-images page

  • Rocky 8 and Rocky 9 Docker images use different architecture strings for ARM

Marvin

Phil

• Absent from the meeting

• Released v0.0.1 of the RP plugin for early testing.

• Work is ongoing — and some tickets for the Duo plugin.

Rod

• Java17 stack now being signature checked again by the nightly builds

• IDP-1927: Make Jetty run under its own credentials for windows installsClosed Complete but testing needed.

• JSATTR-4: Remove springResources from data connectorClosed

  • Note change in the syntax for LDAP Data connectors (using Spring Bean refs) reflecting the ldaptive version upgrade

• JSMD-1: Remove deprecationsClosed

• JSATTR-7: PairwiseIdDataConnectorParser does not derive from the data connector parser base classClosed

• Bring people’s attention to JSSH-18: Consider adding spring support classes to shib-shared-testingOpen

• Reminder: AFI all next week

Scott

• SP release done

  • ARM64 packages produced as well, treating as unsupported officially for now

  • Included a new section on repo builder for “Beta Platforms” with Amazon 2022 listed

• IDP-2027: Flow exception handling is breaking under EclipseClosed

  • Fixed but don’t know when/why it broke

• Some initial progress on SP session design

  • Likely will attempt to architect a request processing design based around ProfileRequestContext/MessageContext to reuse code despite challenges.

Tom

• Might not be a good idea, but how about moving idp-conf resources to the project root for IdP V5 ?

  Idea is to support tracking changes of a deployed instance via git.

  For example, workflow would be :

  • checkout idp-conf resources to /opt/shibboleth-idp

  • run installer or copy existing deployment

  • use git to track changes

  If we thought this was worthwhile, probably would need to create a separate repository/project for idp-conf (separate from test, but that might be a good idea anyway, to have an idp-conf-test project).

  The benefit is that during upgrades, it should be possible to look at revision information for config files to know who-changed-what.

  FWIW looks like there is another way to filter idp-conf/src/main/resources and retain history :

  git clone https://git.shibboleth.net/git/java-identity-provider

  cd java-identity-provider

  git filter-repo --subdirectory-filter idp-conf/src/main/resources/

  git remote add source https://git.shibboleth.net/git/java-identity-provider

  git fetch source

Created the following issues as result of discussion regarding how-to-track-configuration-file-changes :
IDP-2032: Add version to .idpnew file namesClosed
IDP-2033: Add versions to configuration file commentsOpen

Other