2024-01-19
Shibboleth Developer's Meeting, 2024-01-19
Call Administrivia
09:00 Central US / 10:00Â Eastern US /Â 15:00Â UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-02-02. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Plan to submit grant proposal to GEANT for OpenID Fed work
Release schedule
Will do a 3.0.1 of OIDC commons to fix javadoc and allow a Duo release when it’s ready
The plugins will get done when they’re done
5.1 would be nice to get out by end of Feb but no particular urgency
Board updates
Attendees:
Brent
OSJ-391: Default supported TLS protocols appears too broadClosed
I obviously overlooked issues with the custom schemas in the IdP. I’ll take a look at those and see if there is a viable solution, such as merging the <TrustEngine> etc type of stuff with an injected HttpClientSecurityParameters, using some order of precedence.
OSJ-392: OpenSAML's strict processing mode does not load ADFS metadataClosed
Will investigate doing something rational on the interface collections. I think having them throw on mutation attempts would be consistent with the other setter methods.
Daniel
Â
Henri
JCOMOIDC-95: Add clockSkew and idGenerator configuration hooks to JSONSecurityConfigurationClosed
Realized that those could not be customized with the JSON security configuration
Should we inherit clockSkew setting from security configuration?
JOIDC-191: Harmonise the use of identifier generation strategiesClosed
xml-safe flag enabled by default → _ -prefixes in identifiers
JOIDC-186: Support additional refresh token typesClosed
JWT-format committed and tested
JCOMOIDC-96: Support custom/additional metadata policy operatorsClosed
TODO: wiring and tests for OP
Work on the GEANT proposal
Ian
Â
John
Amazon Linux (2, 2023) and RHEL (7, 8, 9) image bumps
Starting to get oriented to the IdP with an eye toward SP testing
Marvin
Â
Phil
plexus-io-3.4.2 released with a key from a known individual.
Although no new release of maven-javadoc-plugin that uses that yet. And overriding versions non-trivial.
(As Ian noted) Should be easier to override a plugin dep version than exclude transitive dependencies.
JDUO-82: API to access enrollment informationClosed- Some amendments to that.
Strategy to release commons 3.0.1. Happy to do this if the email makes sense. Release stuff already on the agenda.
JOIDCRP-53: removing the oidc.rp plugin removes too many configuration filesIn Progress
My fault, but I should have put those two user-controlled files into oidc-config.
Need to think about versions, compatibility, updates etc.
JWEBAUTHN-1: Map out authentication flowsClosed
2FA flow working. Off logic that needs review
Usernameless flow working.
Passwordless flow in progress
Working on username input
Then, integration into Storage API.
Â
Rod
Starting to kick the wheels on non web use of Thymeleaf
Hope to restart the discussions about WiX v4 in the next 2 weeks
Scott
JDUO-80: Use of Duo as a Passwordless solutionResolved and subtasks
UI has been thrashing a lot but I think things have mostly settled
Docs are mostly done, need to get more detail in about the defaults and implications in terms of Duo features
Keeping up with minor 5.1 backlog
Tom
Safari tests
Other
Â