Shibboleth Developer's Meeting, 2024-07-19

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-08-02. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU, see announcement for access info.

AGENDA

Attendees:

Brent

• Absent

Daniel

Henri

• On vacation, nothing to report.

Ian

John

• Bumped AL images (2.0.20240709.1, 2023.5.20240708.0)

• Resolved SSPCPP-987: Packages for amazon linux 2023 contain don't install systemd service fileClosed

• Started looking into ECR for builder image persistence

Marvin

Phil

• Released RP and OIDC-Commons patches

• JWEBAUTHN-16: Add auditingClosed

  • Finally finished the auditing support for the admin actions. I need to document the defaults and properties.

    • That is now in the beta

• JCOMOIDC-115: Update Nimbus oauth2-oidc-sdk into 10.15Resolved

  • Something on the new 3.2.0 commons snapshot is breaking the signature config resolution for the RP

  • Does not seem to be related to the actual purpose of upgrading to 11.11 though.

• On leave next week, but I do not see any reason not to target V1 release of the WebAuthn plugin (with the current feature set) in the second or third week of July.

Rod

• jetty-base 12 for windows issue bottomed out. Pending confirmation from JISC I may wait for the unpack bug to be fixed before doing the full release

• Working through the bug backlog in the attribute resolver.

  • Do we think that the data connector cache stats reporting is correct (the metrics are a bit ‘wierd’ for dataconnectors)

Scott

• Bumped main branches for IdP 5.2 development in support of future changes for the SP prototyping work. Will essentially have SP project tracking IdP main for a while.

• Resumed work on SP with SessionInitiator flow(s) and framework.

  • Noted/realized we don’t have the SP side of ECP implemented in OpenSAML (e.g. PAOS message encoder/decoder)

  • ECP’s typical mode of not knowing the IdP ahead of time complicates the reuse of IdP code due to violating some core assumptions

    • May be worth investigating the demand for the feature (as opposed to on the IdP where it has some amount of use)

Tom

• Progress on Safari integration tests (iOS and macOS) and one test for OIDC

  • uses Let’s Encrypt certs, Route 53 DNS / acme.sh, mod_auth_oidc via Docker, etc.

• Next : OIDC Conformance Suite tests ? or try to test the WebAuthn plugin ? or ?

Other