2024-11-01
Shibboleth Developer's Meeting, 2024-11-01
Call Administrivia
09:00 Central US / 10:00 Eastern US / 14:00 UK / 16:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-11-15. Any reason to deviate from this?
60 to 90 minute call window.
Call Details
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
RDW:JMVN-68: Remove signatures from the enforcer dataClosed
Mostly For locally signed artifacts no longer used (xercesImpl, xml-apis)
I am reluctant to remove anything from a Keystore just because it isn't being used right now
Ditto keystores themselves.
Attendees:
Brent
JSATTR-6: SAML AttributeQuery DataConnectorOpen
Still coming along. Progress slow over last couple of weeks due to local Project From Hell.
JSMD-11: Add support for HttpClient responseTimeout param to relevant componentsOpen
Completed for HTTP metadata resolvers.
JSSH-55: Clarify behavior of new HttpClient responseTimeout parameterOpen
We discussed this as an open question and I opened this issue to track.
Daniel
Nothing to report.
Henri
JOIDC-222: Support for OpenID FederationIn Progress
DynamicMetadataCache (in oidc-common) based trust chain resolution
Signature validation via metadata filters (BiFunction -hook)
Finishing first prototype for automatic registration via PAR and authorize -endpoints
Ian
Nothing to report.
John
Marvin
Phil
JWEBAUTHN-27: Add basic authenticator policyClosed
Cleaning this up based on feedback.
Also cleaning up the registration and management UIs. Credentials can be labelled in the view. e.g.
Once merged into main, I will announce RC3.
After RC3 is announced, I will switch contexts to work on:
WebAuthn Docs
the CSRF changes in the IdP IDP-2339: CSRF failure from Edge on iOSOpen
Updates to the Native Duo SDK JDUO-92: Update duo_universal_java to version 1.2.0Open
RP Automated tests against the OIDC conformance suite. I had a call with Henri about this, so I see a route forward
Think about HTTP APIs to the WebAuthn registration repository
Rod
Bug squashing
Jetty re-org (and fallout). No new testing
Tracking the CPP code in the windows build
Scott
IDP-2288: Injection of beans into BeanPostProcessor causes Spring warningsResolved
Replaced post processors with “property-specifiied class” indirection in Spring parser, deployer-compatible with original design
Had to redesign the ByReference metadata filter handling to preserve proper filter order
SP 3.5 release, smooth apart from some older packaging mistakes
Design breakdown for SP agent work
Branched cpp-sp and started teardown of existing code base
Plan is to get as much torn out as possible before working back up to new or replacement code, but keep it building as much as possible.
Looking at unit testing to validate new development to defer the need to produce a working agent I can test against Java (same way I tested the Java without a working agent). Boost has a unit testing framework worth looking at.
Tom
Thanks Henri - OP Conformance Suite tests pass for IdP 5.1.3 and V5
still need to work on the logout conformance tests
probably should test previous, current, and next versions of the OP plugin with both IdP 5.1.3 and 5.2
Thanks Rod - Jetty Plugin tests a work in progress
Back to working on IDP-2323 - consent invalid data
as I have mentioned, throwing the JsonException is trivial
looking at how that would affect storage record pruning and what to do with that “feature”
Other