Shibboleth Developer's Meeting, 2022-12-16

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-01-06. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU instead of the usual. See Shibboleth development call Fri Dec 16th

AGENDA

Add items for discussion here

• (PS) TechEx takeaways - if people want.

  • FedCM (this stands for “F$$^& every damn commercial monopoly” as of now)

• 4.3 schedule, backlog

  • Feature freeze end of 2022, eye to ship mid Jan

• Board meeting summary

Attendees:

Brent

Daniel

• IDP-2035: LDAP connection pools are not freeing connections when shut downClosed

  • Fix commit in v5, fix in flight for v4

• IDP-1950: Disabling TLS options requires setting a trust value.Closed

  • Moving on to this issue next for v4

Henri

• JCOMOIDC-41: Move OIDC Signature Validation resolvers and parameter classes to commonsClosed

  • Signature validation mostly done: OAuth2Client (token/introspection/revocation) + request objects

  • Now working on signature signing, encryption and decryption

  • Flow tests need to be improved

Ian

• Java 20 is now in Rampdown Phase One, i.e. feature complete:

  • Mainly incubating features and previews.

    • https://bugs.openjdk.org/browse/JDK-8294241

    • https://bugs.openjdk.org/browse/JDK-8297030

  • Now -multi testing against this for both Java 11 and Java 17 stacks.

  • Still possible that virtual threads will be finalised for Java 21 LTS in September (second preview in Java 20).

• Baby’s first Java bug report:

  • https://bugs.openjdk.org/browse/JDK-8298712

  • Process was interesting.

• IDP-2055: Review dependencies for 4.3Closed

John

Marvin

Phil

• TechEx

• Tightening up ID token validation in the RP.

• Next, going to improve the authentication request parameter encoder.

• Possibly release a 0.9.0 next week as a further prompt/call for testers

Rod

• Windows Installer stuff. Mostly the “dedicated account for Jetty” but also some usability and jetty ugrade work

• Starting on null stuff for V5 but prioritizing V4.3 stuff as it comes in

Scott

• IDP-2039: Add audit logging to login flowsClosed

  • 4.3 work complete, no feedback on fields as of yet

• JSSH-20: Spring is still falling through to remote access of XML filesClosed

  • IDP-2050: Support auto-throwing EntityResolver in default ParserPoolClosed

  • IDP-2051: Eliminate all remote schema imports in embedded schemasClosed

• Upcoming advisory

Tom

nothing to report

Other