2024-03-01
Shibboleth Developer's Meeting, 2024-03-01
Call Administrivia
09:00 Central US / 10:00Â Eastern US /Â 15:00Â UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-03-15. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Release schedule - give it another week for final testing?
Firm freeze next Monday, March 4th. Week for testing and bug fixing, release the week of March 11th.
Jetty 12
Checkstyle – any changes warranted after the release? Move to remote config perhaps?
WebAuthn alpha announcement
Add SHIBBOLETH_SNAPSHOT_PGP_KEYSÂ download example to the Plugin testing page
Board update
Attendees:
Brent
Fun with the Eclipse Checkstyle plugin
Santuario 3.0.4 issue
Daniel
Â
Henri
JOIDC-13: Support for OIDC LogoutClosed
Conformance suite tests passing with IdP 5.0 (with two Velocity template changes) and with 5.1 (no changes)
Initial documentation drafted at OPLogout
JOIDC-182: Spurious warning "File resource is null, no bytes will be returned"Closed
Changed the wiring to exploit ConditionalResource
JCOMOIDC-102: Implement metadata cache loading strategy for generic resourcesClosed
Ian
Dependencies for v5.1 in decent shape:
Santuario 3.0.4 breaks our tests (OSJ-400: Failure in OpenSAML tests with Santuario xmlsec 3.0.4Open )
Looking into bumping logback and Jackson to their next minors (have updated to latest patch)
Skipping test and build dependencies for now.
commons-dbcp2 is two minors behind, but updating to the very latest brings in new keys.
John
No updates. Still up to my eyeballs in competing demands for my attention.
Marvin
Â
Phil
Commons:
JCOMOIDC-101: Fix Principal typing issue in profile config default implementationClosed - Scott found an issue with the IdP which needed fixing in commons
ODIC RP
JOIDCRP-56: map OIDC ACRs to SAML authnContexts in proxied authentication?Closed - Same as IDP-2251 but for the RP.
JOIDCRP-54: Arbitrary claims to requestClosed - Added a hook to allow arbitrary claims to be added to the request object
DuoOIDC
Duo passwordless videos
WebAuthn
JWEBAUTHN-2: Add the WebAuthn plugin to JenkinsClosed - Thanks Tom (Jenkins work) and the Yubico guys (Signature work), this is now running and deploying to Nexus.
Fixes, ready for alpha on agenda
Maybe we should target 5.1 to enable the username caching support.
Â
Rod
Nothing of note
Â
Scott
5.1 cleanup and testing
IDP-2251: Map OIDC ACRs to SAML AC classes in proxied authenticationClosed
This does break something that was accidentally working but not strictly intended to, I don’t see an alternative at this point.
Duo Passwordless bug fixing
Support time ramping up with people finally moving to 5.0
JTHYMELEAF-2: Try to get Keys for Thymeleaf related jarsOpen
No response from the developer
SP – reviewing state of my POC code and reconfiguring to explore the idea of an IdP plugin model
Santuario – as expected, mostly a couple of people suggesting it’s better to fork it than keep it at Apache
Tom
IDP-2243: Initial OIDC OP testsOpen not enabled yet, but basic SSO test working via Jenkins
assert keyword ? needs to be enabled at runtime with -ea ? (Ian: I think when we looked at this last time the conclusion was that assertions weren’t enabled by default at runtime, so shouldn’t be relied on for functionality. I believe we determined that they are enabled during tests, so they can be used instead of
Assert
when appropriate.)
Other
Â