/
2025-10-17

2025-10-17

Shibboleth Developer's Meeting, 2025-10-17

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2025-11-07. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. Jetty plugin implications for SP

    1. Move to ee10 as a baseline?

  2. Codeberg next steps

    1. java-idp-plugin-vci?

  3. Board updates

Attendees:

Brent

  • https://shibboleth.atlassian.net/browse/JSATTR-6

    • Spring schema and parsers in progress. Going well on the SAML bits, just tons of beans, properties and details to sort through.

    • A number of things are by default going to reference well-known bean IDs from the IdP wiring. Open question as to how many and which should be exposed for configuring custom values.

    • Need to circle back on the wiring for common data connector stuff, like caching and other base class properties.

Daniel

  • Working towards a cryptacular release

Henri

  • Initial implementation of the OP’s client-side for resolve entity API

    • Customizable Function to provide “trusted entities” for remote resolution

      • Their entity configurations provide the resolve entity API endpoints

      • List of trust_anchors (resolve entity request parameter) may be customized per entity

      • Possible to fall back into local resolution if remote resolution(s) fail

    • May be used with both automatic and explicit registration

  • Updated the trust mark code according to the current drafts

    • Initial implementation of a new attribute filter policy rule

      • “Issue attribute only to RPs with specific trust mark(s)”

Ian

  • My IdP is now running 5.1.6, Jetty 12.1.2, Java (Corretto) 25. Seems fine.

John

  • https://shibboleth.atlassian.net/browse/CPPSP-26

    • Aiming to get the build working on all supported platforms with minimal changes to scripts, builder images, and spec file, then start pulling stuff out more aggressively against a roughly-working baseline.

  • https://shibboleth.atlassian.net/browse/SSPCPP-1010

    • Learned a little about pulling container logs. Running background processes is not a good fit for a make-driven build, though. Maybe we should consider jettisoning GNU Make in favor of shell, Python, or a CI/CD-optimized something-or-other given the vastly simplified dependency graph for SP4.

Marvin

 

Phil

  • https://shibboleth.atlassian.net/browse/JCOMOIDC-139

    • Adding various RP profile configuration options

    • Moving updated (added strategies) shared classes from the RP-Proxy to the RP and now into commons

  • Added support for the vast majority of OIDC/OAuth request parameters.

    • The initiator flow is in OK shape for the time being

  • Moved to the token consumer flow

    • Stubbed out the flow files and added a basic test to assist development

    • Beginning on step 1, decode the incoming ‘response’.

 

Rod

  • Sp4 Pre-alpha testing on IIS. And general windows debugging thereof

Scott

  1. Finished basic tests of SP POST recovery, more or less all done in Java now

    1. Bottomed out encoding issues as best I can due to misunderstanding HTML encoding

  2. More docs, outlined Attribute handling

    1. Collapsed “typical” config for this back into main agent.ini config, eliminating an extra file in most cases

  3. Renames of modules done for SxS installs to help with upgrades

  4. Branched the cpp-linbuild repo for work on new packaging, did initial cutdown of current specfile

  5. Lots of Jetty defaults discussion

Tom

  • https://shibboleth.atlassian.net/browse/JPAR-236 filed a couple issues requesting KEYS files

  • some trouble with Jenkins updates

  • initial work on SP 4 integration tests

  • Nexus upgrade : S3 on back burner

    • considering a separate URL for the browser view / directory indexing Lambda

Other