2024-09-20
Shibboleth Developer's Meeting, 2024-09-20
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-10-04. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
Git config issue from patching server
Attendees:
Brent
JSATTR-6: SAML AttributeQuery DataConnectorOpen
Making progress. Have some stubbed out components. Working through the various input questions.
OSJ-416: Test coverage for disallowed encryption or signing algorithmsOpen
Couldn’t spot anything obvious with user’s report of exclusions bean not working.
Reproducing is stalled b/c my test IdP is down.
Daniel
No update
Henri
Out this week
Final testing and fine-tunings for DPoP, PAR and JAR
Ian
John
Marvin
Phil
Closed off the issues preventing v1 release of the WebAuthn plugin
I’ve been testing it. It seems ready.
Timo has been testing it. It seems to have fixed his issues.
He has made a few more improvement suggestions which I think I will target for a v1.1.0.
Support the JSON list of passkey providers not in the FIDO Metadata Service (basically, the untrusted software authenticators)
This would only be to improve the UI for registrations for these authenticators
Add a more granular version of the allow/deny AAGUID policy I was looking at post v1, to say allow/deny for 2FA v sole-factor
Updating and reorganising the docs
Release next Tuesday?
Rod
A bit of JDBC apart from that nothing
Normal service should resume in October (starting with finishing the windows configuration for the Jetty plugin).
Has anyone had a chance to try it on real Unix?
Scott
Did some cleanup on SP 3 for a 3.5 patch, mostly done except for all the “outside” work
Work mostly completed on new SP SAML consumer flow, close to doing the flow unit test
Everything but the final steps are copied from proxy flow
Final steps just suck out data into IdPAttributes and encode them into agent response
Includes an opaque field of session data that the agent is expected to attach to session and use for operations like logout, so agent doesn’t know about the requirements or content of e.g. a SAML NameID
For now, no session construct in the Java code at all
Lot of support activity, some quite involved or frustrating
Probably seeing uptick of V5 upgrades
OSJ-416: Test coverage for disallowed encryption or signing algorithmsOpen
Significant? bug in V4, but was accidentally patched for V5
Original issue I filed holds, we don’t have unit tests for this case and definitely should
We may have a significant issue with the override of included algorithms, need to reproduce for member
Tom
IDP-2323: Exception in flow, when consent goes to the databaseOpen testing in progress
integration tests for WebAuthn plugin
will enable when Firefox / geckodriver supports virtual authenticators (any day now ?)
otherwise might run them on Chrome using SauceLabs
or could install Chrome on the Rocky nodes - not exactly sure how
Other