2024-03-01

Shibboleth Developer's Meeting, 2024-03-01

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-03-15. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. Release schedule - give it another week for final testing?

    1. Firm freeze next Monday, March 4th. Week for testing and bug fixing, release the week of March 11th.

  2. Jetty 12

  3. Checkstyle – any changes warranted after the release? Move to remote config perhaps?

  4. WebAuthn alpha announcement

    1. Add SHIBBOLETH_SNAPSHOT_PGP_KEYS download example to the Plugin testing page

  5. Board update

Attendees:

Brent

  • Fun with the Eclipse Checkstyle plugin

  • Santuario 3.0.4 issue

Daniel

 

Henri

Ian

  • Dependencies for v5.1 in decent shape:

    • Santuario 3.0.4 breaks our tests (https://shibboleth.atlassian.net/browse/OSJ-400 )

    • Looking into bumping logback and Jackson to their next minors (have updated to latest patch)

    • Skipping test and build dependencies for now.

    • commons-dbcp2 is two minors behind, but updating to the very latest brings in new keys.

John

  • No updates. Still up to my eyeballs in competing demands for my attention.

Marvin

 

Phil

 

Rod

  • Nothing of note

 

Scott

  • 5.1 cleanup and testing

  • Duo Passwordless bug fixing

  • Support time ramping up with people finally moving to 5.0

  • https://shibboleth.atlassian.net/browse/JTHYMELEAF-2

    • No response from the developer

  • SP – reviewing state of my POC code and reconfiguring to explore the idea of an IdP plugin model

  • Santuario – as expected, mostly a couple of people suggesting it’s better to fork it than keep it at Apache

Tom

  • https://shibboleth.atlassian.net/browse/IDP-2243 not enabled yet, but basic SSO test working via Jenkins

  • assert keyword ? needs to be enabled at runtime with -ea ? (Ian: I think when we looked at this last time the conclusion was that assertions weren’t enabled by default at runtime, so shouldn’t be relied on for functionality. I believe we determined that they are enabled during tests, so they can be used instead of Assert when appropriate.)

Other

Â