2024-07-19

Owned by Scott Cantor
Last updated: Jul 19, 2024 by Philip Smart
2 min read

Shibboleth Developer's Meeting, 2024-07-19

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-08-02. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU, see announcement for access info.

AGENDA

 

Attendees:

Brent

  • Absent

Daniel

 

Henri

  • On vacation, nothing to report.

Ian

 

John

Marvin

 

Phil

  • Released RP and OIDC-Commons patches

  • https://shibboleth.atlassian.net/browse/JWEBAUTHN-16

    • Finally finished the auditing support for the admin actions. I need to document the defaults and properties.

      • That is now in the beta

  • https://shibboleth.atlassian.net/browse/JCOMOIDC-115

    • Something on the new 3.2.0 commons snapshot is breaking the signature config resolution for the RP

    • Does not seem to be related to the actual purpose of upgrading to 11.11 though.

  • On leave next week, but I do not see any reason not to target V1 release of the WebAuthn plugin (with the current feature set) in the second or third week of July.

 

Rod

  • jetty-base 12 for windows issue bottomed out. Pending confirmation from JISC I may wait for the unpack bug to be fixed before doing the full release

  • Working through the bug backlog in the attribute resolver.

    • Do we think that the data connector cache stats reporting is correct (the metrics are a bit ‘wierd’ for dataconnectors)

Scott

  • Bumped main branches for IdP 5.2 development in support of future changes for the SP prototyping work. Will essentially have SP project tracking IdP main for a while.

  • Resumed work on SP with SessionInitiator flow(s) and framework.

    • Noted/realized we don’t have the SP side of ECP implemented in OpenSAML (e.g. PAOS message encoder/decoder)

    • ECP’s typical mode of not knowing the IdP ahead of time complicates the reuse of IdP code due to violating some core assumptions

      • May be worth investigating the demand for the feature (as opposed to on the IdP where it has some amount of use)

Tom

  • Progress on Safari integration tests (iOS and macOS) and one test for OIDC

    • uses Let’s Encrypt certs, Route 53 DNS / acme.sh, mod_auth_oidc via Docker, etc.

  • Next : OIDC Conformance Suite tests ? or try to test the WebAuthn plugin ? or ?

Other

Â