/
2025-08-15

2025-08-15

Shibboleth Developer's Meeting, 2025-08-15

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2025-09-05. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  • Spring CVE

    • Doubt very seriously we’re impacted or that the majority of deployers would be, but…

  • What do we think about Codeberg?

Add items for discussion here

Attendees:

Brent

  • Not much to report this week, it’s back-to-school time.

 

Daniel

 

Henri

  • https://shibboleth.atlassian.net/browse/JOIDC-222

    • Trust chain resolution is now more generic and not hardcoded to RP-entities

      • Resolve Entity API capable of resolving all entity_types

    • Improved entity-configuration flow

      • Harmonised the success response caching with Resolve Entity API

      • Static template for the entity’s own metadata

  • Started drafting the oidfed-functionality into plugins/modules

    • Perhaps following new repositories / plugin.ids

      • java-oidfed-common / net.shibboleth.oidfed.common: profile configuration classes, metadata cache building blocks, helpers, …

      • java-idp-plugin-oidfed-config / net.shibboleth.idp.plugin.oidfed.config: common security and profile configurations

      • java-idp-plugin-oidc-op-oidfed / net.shibboleth.idp.plugin.oidc.op.oidfed: plugin for OP

    • The pattern provided by net.shibboleth.shared.spring.config.IdentifiedComponentManager looks promising for wiring extensions to OP

      • oidc/metadata-lookup flow (MetadataLookupExtensionFlowDescriptorManager )

      • Perhaps even eg. for wiring additional request object JWT claim validators

Ian

  • After testing, added Debian 13 to the “partially supported” list for IdP v5.

John

 

Marvin

 

Phil

  • Help with the IdP release

  • Putting together the OIDC session initiation flow. Early stage, arrived at metadata lookup and realised I should spend some time exploring the Agents and their Application configuration.

 

Rod

  • Jetty plugin

  • Vacation

Scott

  • Jetty systemd testing

  • 5.1 backlog and testing

  • Some minor progress on hub documentation

  • Still working on OOB hub and agent configuration choices facilitating ease of initial setup

    • localhost deploy with no basic auth?

    • “Cracked” a design issue with that satisfying “hey, that just worked, I finally got it right” feeling and should reduce configuration verbosity enormously.

      • Agent beans now self-define their default Application and settings as a single bean

        • Properties default in many settings for simple deploys (SP entityID, IdP to use, etc.)

        • Can contain additional Applications as in the old config for alternative settings.

      • Simple case now dead simple, one liner bean per agent, probably can custom load them from a flat file or property file at some point.

      • Working toward some kind of auto-registration of default profiles to solve for the “SAML plugin requires adding SAML.SSO bean” problem, TBD

      • Overall, this is a second bite at the V3 relying-party.xml layout, which in turn is basically the third iteration of that concept, i.e. we’re at version 3 so probably can finally get it right.

Tom

  • Nexus replacement : working through S3 storage details

Other