09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2025-09-19. Any reason to deviate from this?

60 to 90 minute call window.

This week's call will use the Zoom system at GU, see ZoomGU for access info.

1. Codeberg per Ian

2. Release process discussion?

3. 5.2 outlook

4. Board steps on next phase of operations

• 5.1.6 release

• Did some work on streamlining and enhancing the existing release script process. Generation from templates etc.

• Did some work on one idea for possibly automating more of the release in some fashion.

• ldaptive release for netty CVE (target v5.2)

• cryptacular release to wrap up OSJ-410 (target v5.2)

• Prototyping new extension hooks for OP that would serve fed-plugin for OP

  • Most of them are already described in the OP Jira for v4.4.0

  • Once all committed, then move to populating the new java-idp-plugin-oidc-op-oidfed repo

• Codeberg migrationPreview is now ready to move to whatever we think the next phase is:

  • Everything that is publicly available from git.shibboleth.net is now available on Codeberg

  • Mirroring is in place for all of this, respecting the SSH throttling they appear to be imposing.

  • See linked page for what I’ve put out of scope for now, and wrinkles around testing.

  • We’re currently well under their nominal storage limit at 626 MiB / 750 MiB. We have 70 repositories, again a little under what they allow as a matter of course. I’m pretty sure we can expand if and when we need to.

• Smoke tested 3.5.0->3.5.1 update on AL 2/2023, RHEL 7/8/9/10, and Rocky 8/9/10. All OK.

• SSPCPP-968: "make clean" target and friendsIn ProgressPreview

  • Had a minor epiphany: Generate RPMs and SRPMs inside container, generate the manifests, then copy them out to the host. So obvious in retrospect. Now feel like I’m unblocked on this item.

• OIDC SP work

  • initiator/oidc now builds an authorization (authentication) request.

    • The configuration of that request is, wrongly, only coming from the profile config and global config for now (as taken from the proxy work).

    • Exploring initiator/oidc INPUT for OIDC in the DDF.

    • And from the Application of the Agent (I need to incorporate the AgentContext)

  • In addition to the above, need to move onto the consumer sp/consumer/callback

• Jetty Plugin.

  • Ships (potentially multiple) jetty-base releases(collected via maven).

  • Code to down load jetty and sigcheck

    • Open question about keystore

  • Command files in windows to configure

    • Set jetty version

    • Set jetty-base version

    • Set procrun version

    • Set up the system service, poke holes in the firewalll &c

  • Logging

    • Proposal to add jar sig checking

    • ?

  • What’s missing?

  • What's needed for a beta?

• ODBC issue and SP patch

• Continued work on hub documentation, opened wiki space for broader access

  • Remaining critical items to document for alpha

    • Basic use of agent resolver config, the “core” of the new SP

    • Some material on attribute handling (not gating this on the SAML Data Connector as that’s a quite advanced use case)

    • Maybe a bit more detail on agent secret validation but the properties and examples are probably enough for an alpha

• Apologies - will miss the call

• Have been bumping integration test dependencies

• We probably should consider bumping Maven plugins in the parent POM at some point (i.e. all the maven-*-plugin.version properties)

• Still working on the Nexus > Reposilite > S3 migration