Shibboleth Developer's Meeting, 2024-11-15

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-12-06. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

1. Update on contracting proposals

Attendees:

Brent

• JSSH-56: Implement HttpClient support for an overall request timeoutOpen

  • Confirm thread pool behavior, per Scott.

  • Assuming looks OK, will do Spring parsers, etc.

• JSATTR-6: SAML AttributeQuery DataConnectorOpen

  • Some progress made, still hoping to be functionally complete in a couple of weeks.

Daniel

Henri

• Absent today

• JOIDC-222: Support for OpenID FederationIn Progress

  • First more or less functional implementation for automatic registration in the authorize-flow

    • The RP metadata is fetched via oidfed trust chains and metadata gets stored via ClientInformationManager

      • Same method is used in the dynamic client registration flow - the RP records are stored server-side via configurable storage service

      • With automatic registration we should also provide means to avoid this server-side state (client secrets are never involved)

  • Test deployment plugged to the GEANT testbed - successful automatic registration of a test RP

  • Other upcoming work items:

    • Revisit our metadata policy implementation (in oidc-common)

      • It was done against much older oidfed-spec draft - the section in the spec has been reworked

    • Trust Marks

    • Explicit registration flow (i.e. oidfed-aware dynamic client registration flow)

Ian

• RHEL 10 beta is out. I have set up an instance in the usual way (r10a via the jump host, accepts any iay.org.uk users) for investigation.

  • GA expected some time in the first half of 2025.

  • x86-64-v3!

  • Wayland, if you care.

  • “modules” no longer used in the packaging system. Good.

  • GCC 14.2.

  • Default version of Java is OpenJDK 21.

  • See https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10-beta/

• Spring Framework 6.1.15 and 6.2.0 are out. Just jump to the latter?

John

• Bumped AL2/2023, RHEL8/9 images

• SSPCPP-999: Explore possible use of newer GCC on CentOS 7 / RHEL 7In Progress

  • Planning to focus mainly on RHEL 7

• Rocky 9.4 aarch64 EC2 instance bricked after updating kernel to 5.14.0-427.40.1

  • Somebody was able to reproduce and extract console info

  • Looks like it might be region-dependent

Marvin

Phil

• IDP-2339: CSRF failure from Edge on iOSOpen

  • Added a per-flow session version to a dev branch dev/IDP-2339.

    • Old (per-view) or new (per-flow) configurable by a new property. Defaulting to per-flow for now.

• Finished feature tweaking to the WebAuth plugin, RC3 will be announced next week. Version 1 the week after.

  • Hasn’t been a very stable RC so far. But more feedback which I wanted to address before version 1.

• Was asked by Judith to help present the (now usual) FedCM update at TechEx.

Rod

• Jetty 12.1.0 and 12.0.15

• Windows build and test environment for new SP agents

Scott

• Continued tear down on SP code base

• Review of Boost unit testing framework

• Work on some small unit tests for Boost property tree XML feature

  • UTF-8 appears to parse even on Windows where the default locale probably isn’t that.

• Prepping slides for TechEx

Tom

• FYI “Sonatype will officially sunset its Nexus Repository 2 product on June 30, 2025”

  • Not really interested in upgrading to Nexus 3 because it is database-backed

  • Plan on looking at other file-based hopefully simple alternatives

• Still working on Jetty Plugin support in the integration tests

• TODO : Improve handling of invalid consent records

• TODO : OP Conformance suite logout tests

Other