2023-05-19
Shibboleth Developer's Meeting, 2023-05-19
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-06-02. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Add items for discussion here
(PS) Some things from the EIC 2023 conference:
FAPI 2.0 Security Profile?
For the RP, also relevant for the OP of course.
OIDC4VC. Lots of talk about Wallets in EIC.
(PS) Switch plugins to V5 in parallel? if possible, I am not sure.
wait a few weeks, then switch mainline to 5 and maint branch for 4
Attendees:
Brent
Daniel
ldaptive updated to v2.1.2 for IDP v5
Henri
Bad wiring in the new OIDCConfig caused issues to OP’s non-MDDriven token profile configuration:
Both would have been spotted before release, if only I had used both profile configuration methods in conformance testing
Ian
Java 21 Rampdown Phase 1 on 2023-06-08:
Virtual threads
Sequenced collections
Record patterns
Pattern matching for switch
Debian 12 release 2023-06-10
Spring Framework 6.0.9 integrated
John
Testing/fixing SSPCPP-969: cpp-linbuild manifests do not match actual RPM/SRPM productsResolved
Bumped Amazon Linux 2 image
Marvin
Phil
OIDC-stack release. And some re-releases.
Remembering:
DuoOIDC is indeed part of that stack!
Not to make changes that will affect the enforcer on the day of release. Sounds obvious, so telling off to myself.
Next up:
JOIDCRP-29: Support client_secret_jwt and private_key_jwt client authenticationClosed
JOIDCRP-30: Support PCKE (RFC7636)Closed
Need to figure out what that mitigates for in a confidential OIDC client.
Rod
Kicking off the Installer IDP-2105: V5 Installer Container taskClosed. There will be some discussion needed but I’m not ready for it. Meanwhile I’m tracking open questions in JIRA. Meanwhile also watch V5 IdP Installer
Started poking at metrics for Module and Plugin state. Also considering adding a metric for “Update version available” (as part of IDP-2073: Consider enabling the installer to download new versionsClosed
Scott
Completed NonnullElements review of everything in the IdP stack except OpenSAML and the IdP. Biggest goal is more about flagging Live/NotLive on all returned collections (and Live on a few inputs that get mutated internally).
IdP 5 docs and release notes
IDP-2002: Migrate all unmanaged config files into core moduleClosed
Still working out final changes to POMs subject to installer’s needs but hope for some additional simplifications.
idp-conf is gone
Testing overrides are moved under classpath:/net/shibboleth/idp/modules, which is the new idp.home for now
All installed files are now module-managed.
IDP-2082: Metric EnhancementsClosed
Reviewing use cases, mostly around exposing more configuration state. Probably need a peer to aacli that will analyze and expose the configuration applied to an SP, in effect exercising the relying party and metadata lookups and reporting out the profile settings.
Tom
Integration tests working for IdP V4 and V5
back to working on OIDC and Tomcat
need to update Jenkins AMIs (especially Java on Windows)
Rod / Scott - how about enabling the plugin CLI to install a plugin and its dependencies ?
e.g. when you install the OIDC OP, it fails and rollsback if OIDC.config is not installed, so skip the failure and install dependencies too
Other