Shibboleth Developer's Meeting, 2023-03-03

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-03-17. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

• Jetty 12 has entered beta phase. This requires Java 17 minimum but supposedly supports servlet 3.1, 4.0, 5.0 and 6.0, and both the javax and jakarta namespaces. Somehow. They clearly see this as the future after Jetty 10 and 11 retire. What does it mean for us?

• Hack a thon postmortem if any feedback to raise

Add items for discussion here

Attendees:

Brent

• JSSH-16: Update to Apache HttpClient 5.xClosed

  • Fun with IPv6

  • Looking at connection reuse + TLS issue ('Connection: close' header issue), no solid ideas yet

  • Some minor issues to clean up

• Next major project: AttributeQuery DataConnector

Daniel

Henri

• Absent today

• JCOMOIDC-41: Move OIDC Signature Validation resolvers and parameter classes to commonsClosed

  • Tests for signatures on issued JWTs now well covered (UserInfo, ID Token, JWT Access Token)

  • Finalising the tests for encrypted JWTs: will need some discussion with Phil regarding client secrets

• JOIDC-142: Improve Request Object handling and configurationClosed

  • No progress since last meeting, but will continue this once tests (task above) is finished

Ian

John

• Updated Amazon Linux images

  • “2022” is now “2023”, still in preview release

• Making progress on SSPCPP-968: "make clean" target and friendsIn Progress

  • However, discovered that SSPCPP-969: cpp-linbuild manifests do not match actual RPM/SRPM productsResolved

Marvin

Phil

Rod

As a easy task to do during convalescence concentrated on IDP-2069: Null Handling TaskClosed

• Mostly exbedding fields into locals

• Some changing of annotations

• A few bugs

• Use of better methods (BaseContext#getOrCreateSubContext(claz) rather that BaseContext#getSubContext(claz, true)

  • Deprecate the latter in V5?

• assert where we

  • are replacing an NPE or

  • previously checked or

  • From package we don’t own but is known to return non-null (Instant)

• Constraints the module itself cannot determine null-ness

• Currently “just” getting rid of red (errors). A second pass to get rid of (much. but not all) yellow (warnings)

• TBD:

  • idp-saml-impl (tests)

  • idp-conf (tests)

• I’ll send out mail when the IdP is “done” (at which stage we should all use the recommended org.eclipse.jdt.core.prefs

• OpenSAML TBD (but may require structural changes - like stopping the “null in → null out” paradigm.

Scott

• JSPROF-1: Move RelyingParty "layer" into java-shib-profileClosed

• IDP-2067: Refactor assertion-specific profile config settingsClosed

• IDP-2076: Implement new SAML profile settingsClosed

• Bulk of config refactoring done, working on unit tests, then back to SP prototyping based on new shared classes

Tom

• still working on failing integration / browser tests

Other