2024-09-20

Shibboleth Developer's Meeting, 2024-09-20

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-10-04. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. Git config issue from patching server

Attendees:

Brent

Daniel

  • No update

Henri

  • Out this week

  • Final testing and fine-tunings for DPoP, PAR and JAR

Ian

 

John

 

Marvin

 

Phil

Rod

  • A bit of JDBC apart from that nothing

  • Normal service should resume in October (starting with finishing the windows configuration for the Jetty plugin).

  • Has anyone had a chance to try it on real Unix?

Scott

  • Did some cleanup on SP 3 for a 3.5 patch, mostly done except for all the “outside” work

  • Work mostly completed on new SP SAML consumer flow, close to doing the flow unit test

    • Everything but the final steps are copied from proxy flow

    • Final steps just suck out data into IdPAttributes and encode them into agent response

    • Includes an opaque field of session data that the agent is expected to attach to session and use for operations like logout, so agent doesn’t know about the requirements or content of e.g. a SAML NameID

    • For now, no session construct in the Java code at all

  • Lot of support activity, some quite involved or frustrating

    • Probably seeing uptick of V5 upgrades

  • OSJ-416: Test coverage for disallowed encryption or signing algorithmsOpen

    • Significant? bug in V4, but was accidentally patched for V5

    • Original issue I filed holds, we don’t have unit tests for this case and definitely should

  • We may have a significant issue with the override of included algorithms, need to reproduce for member

Tom

Other