2022-12-16
Shibboleth Developer's Meeting, 2022-12-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-01-06. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at OSU instead of the usual. See Shibboleth development call Fri Dec 16th
AGENDA
Add items for discussion here
(PS) TechEx takeaways - if people want.
FedCM (this stands for “F$$^& every damn commercial monopoly” as of now)
4.3 schedule, backlog
Feature freeze end of 2022, eye to ship mid Jan
Board meeting summary
Attendees:
Brent
Daniel
IDP-2035: LDAP connection pools are not freeing connections when shut downClosed
Fix commit in v5, fix in flight for v4
IDP-1950: Disabling TLS options requires setting a trust value.Closed
Moving on to this issue next for v4
Henri
JCOMOIDC-41: Move OIDC Signature Validation resolvers and parameter classes to commonsClosed
Signature validation mostly done: OAuth2Client (token/introspection/revocation) + request objects
Now working on signature signing, encryption and decryption
Flow tests need to be improved
Ian
Java 20 is now in Rampdown Phase One, i.e. feature complete:
Mainly incubating features and previews.
Now
-multi
testing against this for both Java 11 and Java 17 stacks.Still possible that virtual threads will be finalised for Java 21 LTS in September (second preview in Java 20).
Baby’s first Java bug report:
Process was interesting.
John
Marvin
Phil
TechEx
Tightening up ID token validation in the RP.
Next, going to improve the authentication request parameter encoder.
Possibly release a 0.9.0 next week as a further prompt/call for testers
Rod
Windows Installer stuff. Mostly the “dedicated account for Jetty” but also some usability and jetty ugrade work
Starting on null stuff for V5 but prioritizing V4.3 stuff as it comes in
Scott
IDP-2039: Add audit logging to login flowsClosed
4.3 work complete, no feedback on fields as of yet
JSSH-20: Spring is still falling through to remote access of XML filesClosed
Upcoming advisory
Tom
nothing to report
Other