2023-09-01
Shibboleth Developer's Meeting, 2023-09-01
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-09-15. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
HTTPClient TBDs?
(PS) ResponseHandlers?
Freeze?
Plan to freeze EOD Tuesday EDT
Release week of the 11th.
Jira admin rights
Leave alone for now
V4 next steps
Start the dependency review in case we need a patch, but likely regroup in October around when/what to do here
EOL no later than Sep 24, maybe a little earlier if uptake feedback is positive
(PS) Duo 1.4.1 with HTTPClient fixes?
Release a patch next week
(PS) Should we remove zip assemblies from plugins?
Yes
Attendees:
Brent
Daniel
Nothing to report.
Henri
JCOMOIDC-81: Support policies for unregistered clientsClosed
The profiles involving OAuth2 client authentication (some form) can now be fed with UnregisteredClientPolicy
That class is extending MetadataPolicy - implemented earlier for dynamic registration
JOIDC-161: Support unregistered clients at authz endpointClosed
Authorize-endpoint can now exploit the policies for validating client_id, redirect_uri, response_type and scope
Lacks documentation and testing on real deployment - flow test coverage already good
JOIDC-171: Support unregistered client policies in userinfo/token/introspection/revocationClosed
Still in progress: mostly flow test fine-tuning TODO
JOIDC-160: Add profile counter metrics to the OP flows.Closed
Ian
John
Having obtained a Red Hat developer subscription and access to Ian’s environment, now attempting UBI-based builds on a registered RHEL host system. Inconsistent results so far.
Marvin
Phil
RP
JOIDCRP-30: Support PCKE (RFC7636)Closed Work in a local feature branch. Not too tricky, but wait until after V2.0.0
JOIDCRP-45: Leaks in HTTP response handlingClosed Cleaning up RP.
Duo
JDUO-74: Possible leaks in HTTP response handlingClosed Cleaning up Duo. Backport to maint-1 (on agenda).
JDUO-73: Null Handling TaskClosedSame as the others for Duo.
Rod
jetty 11.0.16
Minor new features to the plugin installer, to the installer and to the JDBC plugin
Next up is probably looking to make the msi build “more mainline”
Scott
JSSH-34: Process nested beans in RelocatedBeanFactoryPostProcessorClosed
Bit of work on Phil’s archetype, now checked into java-idp-plugin-archetype
WebAuthn research
Yubico’s library hands down the obvious choice I can see for this, so probably best to just evaluate Duke’s code and polish it up into a plugin
Tom
Other