2023-10-06
Shibboleth Developer's Meeting, 2023-10-06
Call Administrivia
09:00 Central US / 10:00Â Eastern US /Â 15:00Â UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-10-20. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
(Rod) EDS patches
(Rod) Bringing the build of the IdP MSI into our Standard Process. I’ve circulated discussion notes.
Javadoc status, next steps
Add aggregate jar to parent config
Turn off non-aggregate doc jars?
Jenkins snapshot doc deploy jobs - nightly? weekly?
Turn off site jobs
Remove site config?
Fall workplan and TechEx/Board update
Attendees:
Brent
Â
Daniel
Cannot attend.
Henri
JOIDC-175: issue-registration-access-token flow does not work in OP 4.0.0Closed
JOIDC-176: Scope-parameter is required in some cases with client_credentials grantClosed
JOIDC-13: Support for OIDC LogoutClosed
Propagation:
Back-channel functionality imported from the DAASI plugin
Front-channel is working in the same way as front-channel with SAML: flow ends at LogoutPending-state
This is always treated as failure in UI - does not seem to be simple to get anything else with the default views
RP-initiated logout in progress
Ian
Â
John
Continuing to fight with RHEL UBI containers. Making some progress with 8 and 9. Not so much with 7.
A UBI8 (or 9) container running on two different registered/subscribed RHEL 8 machines do not have the same access to the full set of repos, including
codeready-builder-for-rhel-8-x86_64-rpms
(orfor-rhel-9
), which is where some build dependencies come from:On an ISO-based VirtualBox VM, it sees all repos
On an AMI-based EC2 instance, it sees only the UBI repos
Marvin
Â
Phil
RP cleanups and new features (which required changes to commons)
JCOMOIDC-76: Decouple signature signing logic from SignJWTHandlerClosed - Decoupled the signing logic so it could be reused in the RP.
JOIDCRP-30: Support PCKE (RFC7636)Closed - Support PCKE
JOIDCRP-37: Support the display authentication request parameterClosed - Allow the ‘display’ parameter to be set statically per OP.
JOIDCRP-46: Convert HTTP client executeOpen calls to ResponseHandlersClosed - Moving over the RPs decoders to use the ResponseHandler
Â
Rod
Scott
Javadocalypse Now
Impending curlpocalypse
IDP-2183: Use of JS in views needs to be hardened via CSPClosed
May need to be backported, not sure
Tom
Other
Â