2022-12-02
Shibboleth Developer's Meeting, 2022-12-02
Call Administrivia
09:00 Central US / 10:00Â Eastern US /Â 15:00Â UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-12-15. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
4.3.0 schedule
Another Nexus repository for commit jobs ? (as discussed on Slack) (Tom)
Attendees:
Brent
JSSH-16: Update to Apache HttpClient 5.xClosed
Still making good progress, working on OpenSAML and higher layers now. Mostly mechanical.
Daniel
Henri
OP-snapshot now depends on oidc-commons 2.2-snapshot
Refactoring OP to exploit the new features from commons
JCOMOIDC-38: Move various support classes from the OP pluginOpen
JCOMOIDC-41: Move OIDC Signature Validation resolvers and parameter classes to commonsClosed
Started with
relying-party/postconfig.xml
, now proceeding flow by flow
For the next joint release of commons, OP and RP:
Ian
RHEL 9 FUTURE crypto policy: IdP clear, taking a quick look at the SP now.
John
No updates today
Marvin
Â
Phil
Released RP v0.0.2. Now includes a JSON Web Keys document location: JOIDCRP-21: PublishKeySet Security Configuration and FlowReopened
Some oidc-comms work:
Still need to move in OIDC.SSO and now OIDC.KeySet beans and figure out how well that all works.
TechEx is next week. Thanks to Scott for helping me with that.
Â
Rod
JSSH-5: ServiceableComponent should implement AutoCloseClosed
SSPCPP-961: Shibboleth SP - Windows - possible Privilege EscalationClosed
Need to test IDP-1927: Make Jetty run under its own credentials for windows installsClosed
Various deprecations
Scott
JSSH-5: ServiceableComponent should implement AutoCloseClosed
Unclear to me how much this is likely to affect deployers, I suspect minimally
I made a null → nonnull API change around the getServiceableComponent method
Should this raise a checked exception instead of the original unchecked ServiceException?
IDP-2042: Finalize deprecation of HttpServletXXX proxiesClosed
Continued work on null cleanup
Tom
FYI Added Pipeline (Jenkinsfile) support to Jenkins as a PoC (as mentioned on Slack)
Other
Â