2024-10-18

Shibboleth Developer's Meeting, 2024-10-18

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-11-01. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  • Nexus Coordinates for the jetty and SP plugins

    • Subquestion: Where does the “legacy jetty base” live

  • Plugin documentation proposal to move “most” of them into IdP doc space

  • (Lack of) timeout for HttpClient – any appetite to try to fix?

  • Plugin use of impl classes

Attendees:

Brent

 

Daniel

 

Henri

Ian

  • Spring Framework 6.2.0 GA expected mid-November.

John

  • No progress worth mentioning on ECR integration

  • Tested SP upgrade (3.4.1-6 → 3.5.0-1) on all supported platforms (x86-64 and aarch64) except CentOS 7 & 8

  • Rocky 9.4 aarch64 bug on EC2

Marvin

 

Phil

 

 

Rod

  • Jetty plugin

  • Bug Squashing

Scott

  • Proposals for IdP doc improvement

  • SP 3.5 release

    • Waiting on final testing of RPMs before publishing

    • Xerces 3.3.0 and xml-security 3.0.0 tagged and released

  • Reviewing existing SP design notes to align to running code

    • Prep for beginning to work on agent development plan expecting possible external contribution to that work

    • Current state of things is to allow agents to act as any URLs because determination of entityID is entirely Java-side

      • Could still supply an unused callout for validation

      • SP’s auto-vhosting feature would be handled by moving generation of entityID to hub, so the entityID “pattern” remains controlled

      • Need to see if that assumption holds for OpenID

Tom

  • Seems like global.xml should be reloaded when any service is reloaded, since it’s … global ? or maybe it is

  • MFA : trying to use the authn/MFA flow as mechanism for failover - should step-up authn work ?

    • use case : want to failover to a backup authn flow (External) if the primary (SAML) is not available (e.g. disaster scenario)

      • MFA strategy is simple = always return primary authn flow unless a certain file exists, then return the backup authn flow

    • step-up MFA is not working > NoAuthnContext - what to do ?

Other