/
2026-02-20

2026-02-20

Shibboleth Developer's Meeting, 2026-02-20

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2026-03-06. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. SP 4 Alpha

  2. Any testbed questions / clarifications

Attendees:

Brent

  • Nothing much this week

  • Will work soon on cleaning up and generalizing the release support stuff

Daniel

 

Henri

  • OpenID Federation

    • Common topic in TIIME unconference last week, workshop on Friday

      • Interop event on Friday afternoon - no big surprises (I was too strict on iat claim)

    • Testing against conformance suite - no big surprises either

    • Spec 1.0 approved this week: https://openid.net/openid-federation-1-0-final-specification-approved/

    • Work items:

      • Authentication to the federation endpoints (client/server)

      • Trust Anchor key rotation

      • Signed_jwks_uri endpoint

      • Top-down trust chain resolution for batch caching

Ian

 

John

  • Rearrange httpd restart attempts to after each type of add/change/delete. Back-ported to maint-3.

    • While here, removed obsolete spec conditionals and bumped builder image versions.

  • Investigated origins of Apache username.

  • Started to get oriented to SP4 agent config and Hub connection requirements in preparation for session cache load testing.

Marvin

 

Phil

  • Merged the odic-common branch with changes for the OIDC-SP back into main

  • Getting the OIDC-SP ready for an alpha

    • All the usual tweaks to the plugin setup and assembly

    • Setting up an Agent to talk to my test Hub (can move to the testbed Scott deployed in the future)

    • Testing against the OIDC RP certification suite—basic set of tests pass.

    • Added standard attribute extraction.

    • One issue that I am emitting cookies after token consumption, will fix ASAP.

      • Think solved, I’ve messed up the cookie name somewhere, I think it is trying to Max-Age=0 a cookie using the wrong name.

    • Needs docs on basic setup, then hopefully good for an Alpha.

 

Rod

  • Nothing

  • Vacation all next week

Scott

  • IdP bug triage

  • Prepping for Alpha

    • Added local logout and sketched out general design expected for full logout support. Likely will look a lot like existing class design, just a lot less code deferring to Hub to handle the details.

    • Doc review

      • Added new RequestMap docs and examples

  • Testbed in AWS revamped, freshened IdP, set up IdP Demo and Hello modules, added SP plugins, set up Apache in front of IdP and added new Hub vhost with self-signed keypair for remote use

    • Left Jetty running internally only for now - figured testing Apache front-ending Hub is a good scenario to explore

    • Can add access as desired to manipulate the IdP/Hub config for adding more Agents, connecting to other IdPs if anybody wants that

    • Apache will be running continuously for now, installed Let’s Encrypt cron task

Tom

  • integration tests maintenance

Other