Shibboleth Developer's Meeting, 2023-09-01

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-09-15. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

1. HTTPClient TBDs?

   1. (PS) ResponseHandlers?

2. Freeze?

   1. Plan to freeze EOD Tuesday EDT

   2. Release week of the 11th.

3. Jira admin rights

   1. Leave alone for now

4. V4 next steps

   1. Start the dependency review in case we need a patch, but likely regroup in October around when/what to do here

   2. EOL no later than Sep 24, maybe a little earlier if uptake feedback is positive

5. (PS) Duo 1.4.1 with HTTPClient fixes?

   1. Release a patch next week

6. (PS) Should we remove zip assemblies from plugins?

   1. Yes

Attendees:

Brent

Daniel

• Nothing to report.

Henri

• https://shibboleth.atlassian.net/browse/JCOMOIDC-81

  • The profiles involving OAuth2 client authentication (some form) can now be fed with UnregisteredClientPolicy

  • That class is extending MetadataPolicy - implemented earlier for dynamic registration

• https://shibboleth.atlassian.net/browse/JOIDC-161

  • Authorize-endpoint can now exploit the policies for validating client_id, redirect_uri, response_type and scope

  • Lacks documentation and testing on real deployment - flow test coverage already good

• https://shibboleth.atlassian.net/browse/JOIDC-171

  • Still in progress: mostly flow test fine-tuning TODO

• https://shibboleth.atlassian.net/browse/JOIDC-160

Ian

John

• Having obtained a Red Hat developer subscription and access to Ian’s environment, now attempting UBI-based builds on a registered RHEL host system. Inconsistent results so far.

Marvin

Phil

• RP

  • https://shibboleth.atlassian.net/browse/JOIDCRP-30 Work in a local feature branch. Not too tricky, but wait until after V2.0.0

  • https://shibboleth.atlassian.net/browse/JOIDCRP-45 Cleaning up RP.

• Duo

  • https://shibboleth.atlassian.net/browse/JDUO-74 Cleaning up Duo. Backport to maint-1 (on agenda).

  • https://shibboleth.atlassian.net/browse/JDUO-73Same as the others for Duo.

Rod

• jetty 11.0.16

• Minor new features to the plugin installer, to the installer and to the JDBC plugin

• Next up is probably looking to make the msi build “more mainline”

Scott

• https://shibboleth.atlassian.net/browse/JDUO-74

• https://shibboleth.atlassian.net/browse/JSSH-34

• Bit of work on Phil’s archetype, now checked into java-idp-plugin-archetype

• WebAuthn research

  • Yubico’s library hands down the obvious choice I can see for this, so probably best to just evaluate Duke’s code and polish it up into a plugin

    • https://github.com/sipatel2/shibboleth-webauthn

Tom

Other