Shibboleth Developer's Meeting, 2018-11-02
10:00 Central US / 11:00 Eastern US / 16:00 UK
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2018-11-16. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the ZoomGU for access info.system at GU, see
Add items for discussion here
- (iay) Branching OpenSAML and IdP for V4.0; is it time?
- Conclusion: yes, it's time. iay will branch over the weekend; iay/tz will look at Jenkins early next week
- No structural changes yet until we have decided scope. To be raised by Scott with Board. So for now, no removal of deprecated stuff but things round the edges – and technical work for Java and Spring versions – are fair game post-branch.
- Hard branch: no work to be done on maint branches unless associated with a planned patch release.
- (rdw) Ditto the wiki,
- Conclusion: not necessary yet
- (iay) Proposal: use Java 8 parent project for now, with Spring 5.1.1 and other modern dependencies, as Maven Java 11 tooling is still flaky. Should be good in a few months.
- Conclusion: OK
- (Phil) If possible, quick update on MPASSid social auth implementation for the IdP.
- IDP-1354 fixes CAS proxy bug for 3.4.1.
- Lesson learned: flow tests must exercise the context tree in the same way as "real" runtime processing.
- Apologies for leaving early
- Nothing much.
- Last lap of KeyInfo testing.
- Some prep for 3.0.next
- OpenSSL 1.1.1 (new build)
- Curl 62.0 (but a patch may be coming)
- Tom's issue below is classpath and URI - see this comment and following.
- Don't use backslashes
- Don't fork (because that will use backslashes)
- This is probably best done as a JIRA case since it gives us findable history.
- getWholeText postmortem, separate bug filed to review any remanining uses
- xml-sec-c 2.0.2 will release today, I can publish Linux packages for that ahead of new SP release
- xmltooling and SP 3.0.3 are about ready but could use more testing with OpenSSL 1.1 and curl apparently has bugs in their big bang release with TLS 1.3 support (shocker)
- Experiences with null checking
- IdP 3.4.1
Windows paths :
- Some redo of integ tests profile and versions
- Now testing Tomcat 8.5 and 9.0 as 8.0 is way EOL
- Which runtime Java versions should we test against ? 8 and 11 ? (the free LTS ?)
- (back burner) Jetty 9.4 SSLLabs score
- (back burner) Nexus 3 and Maven Enforcer rule