Shibboleth Developer's Meeting, 2023-04-21

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-05-05. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

• JSSH-27: Implement an ensureId method to help with nullability annotationClosed

• Standardize on IllegalStateException when calling a method that returns a non-null when in a state during which it’s null.

  • Agreed to, may revisit the Component state exceptions

• Disposition of XACML code?

  • Add deprecation warning to the configuration step of all the providers for these to flag it as going away for V6.

• RP 1.0.0, OP 3.4.0, Config 1.0.0, and Commons 2.2.0 schedule

  • Freeze by 4/30, plan to release shortly after.

Attendees:

Brent

Daniel

Henri

Final items, non-resolved lacking documentation and/or test on real deployment:

• JOIDC-142: Improve Request Object handling and configurationClosed

• JOIDC-144: Improve token audience handling with JWT authenticationClosed

• JOIDC-149: Configurability of ID Token issuance via Refresh TokensClosed

• JOIDC-150: Improve configuration for the refresh token issuanceClosed

Since OP 3.4 requires IdP 4.3.0 anyway:

• JOIDC-151: Use Suppliers for HttpServletRequest/ResponseClosed

Ian

John

• SSPCPP-969: cpp-linbuild manifests do not match actual RPM/SRPM productsResolved

  • Not much progress to report

• Bumped Rocky 8 and 9 images

Marvin

Phil

• JCOMOIDC-66: Review ProfileConfiguration interfaces and concrete classesClosed

  • Merged in. OP, config, and RP fixed up to work with the required XML and test class changes

• RP cleanups.

Rod

• Null cleanup

  • OpenSAML tests remove failures

  • OpenSAML & IdP start to reduce warnings

• Misc bugs and tasks

  • Jetty-base for 10.0.14 and 10.0.15 (and attendant Windows IdP Release)

  • JMVN-50: Allow local signature from data JAR to be used before resolvingClosed

  • IDP-2078: field net.shibboleth.idp.profile.messaging.impl.SelectProfileConfiguration#rpCtx never usedClosed

  • IDP-2088: AbstractIdPModule.BasicModuleResource may orphan a ClassicHttpResponseClosed

  • &c

Scott

• Completed null cleanup of OpenSAML minus some tests and the XACML modules.

  • Occurred to me that another possibly useful annotation for tests (for yellow) would be NonnullBeforeTest or something like that.

• Note NonnullElements can apply to packages now. If it shows up, that means someone has reviewed the package and made sure all collections are nonnull unless annotated otherwise.

• Replacing Collections and Arrays.asList where possible

• Reviewing live but immutable views of internal state; many cases also return Collections.emptyXXX at the same time, which is inconsistent.

  • Suggest we review all Unmodifiable cases and ensure Live or NotLive is stated (and we really should avoid Live…)

  • JSATTR-12: Filter service implementation is mutating via an immutably-defined APIClosed

• Working on IdP backlog

Tom

• TODO update all-the-Javas

• Work on Tomcat tests

• Work on OIDC tests

Other