09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2025-08-01. Any reason to deviate from this?

60 to 90 minute call window.

This week's call will use the Zoom system at GU, see ZoomGU for access info.

1. GitWeb mess / SP deployment status / Cloudflare/etc. options

   1. Plans should coalesce next week for the SP registration.

2. Spring release schedule, impact on upcoming IdP releases

   1. We have actions to research Spring 6.2 an 7.0 impact on APIs and deployers

   2. Scott will propose a couple of release scheduling scenarios and we will settle on a plan if not over email then by next call.

      1. Consensus leaning to getting a 5.1.x out with Spring 6.2 and turning main in to IdP 6 on Spring 7.0

3. Nexus replacement, sounds like we have a plan?

   1. We have a replacement ready and tested

   2. Secondary plan to move artifacts out to S3 but likely continue to serve via Apache will help with costs

   3. Subsequent steps to improve HA for artifacts and downloads TBD

• Bringing up Rocky 10 smoke test instances now that an AMI is finally available

• Started to construct the java-plugin-shibd-oidcplugin, then got entirely distracted with databases, so…

• https://shibboleth.atlassian.net/browse/JWEBAUTHN-56

  • Spent a decent amount of time trying to figure out how to improve the scalability of the WebAuthn plugin when used with a database.

  • Settled on the ‘accelerator’ (option 3 as discussed by email) approach where you can configure a bean that gets configured and injected by the Credential Repository factory, and allows specialised database queries to run when searching for registrations by userHandle and credentiaId.

    • Works fine using MySQL. Will also work in Postgres, although I need to test that more.

  • I provided a development branch snapshot to Shannon for testing. Feedback has been positive so far. I will send the latest version today.

  • Hope to freeze that Monday, see if there is further feedback for a week, and then release around the 31st (I’ll be visiting family until the following Wednesday)

  • I will get back to the oidc sp plugin.

• https://shibboleth.atlassian.net/browse/JJETTY-13

• next up: https://shibboleth.atlassian.net/browse/JSSH-61

• Dealing with tremendous amount of mishegaas

• First round of work completed on new SP session cache (via filesystem), session initiation and token validation

• Implemented discovery in the hub with some, changes applied back to agent, tested via SeamlessAccess

• Tested a full (secure) login round trip with discovery and CGI dump of data (golden spike?)

• Begun the work on documentation with the intention the agent/hub material will be separate (pros and cons there)

  • https://shibboleth.atlassian.net/wiki/spaces/SP4 (project access only for the moment)

  • Starting with reference material (I know) but am keeping it deliberately separate from the expected “how to use agent” material, not yet to the point of knowing what that might look like, other than “keep it braindead bloody simple”.

  • Obviously need to write up migration recipe

    • Plan is to rename package subdirectory from shiibboleth to shibboleth-sp (already done), allowing cleaner separation between old/new files

• https://shibboleth.atlassian.net/browse/GEN-352 almost ready to plan cutover if we are ok with Reposilite

  • migration :

    • stop Nexus

    • rsync repositories

    • start Reposilite

    • update Jenkins deploy node to use updated AMI (~/.m2/settings.xml updates)

    • remove the <distributionManagement> URLs from the parent POM ( ? right ? )

  • deployers will need to update password and deployment URL in ~/.m2/settings.xml