Page tree
Skip to end of metadata
Go to start of metadata

Shibboleth Developer's Meeting, 2020-09-18

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2002-10-02. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


Add items for discussion here



  • OSJ-319 - Getting issue details... STATUS
    • Easy fix.
  • OSJ-323 - Getting issue details... STATUS
    • Haven't found any info on the JSSE → OpenSSL lack of session resumption issue.  Will likely just close this out.
  • OSJ-321 - Getting issue details... STATUS
    • Think we should at least implement the cloning fix to eliminate the side-effect on the cloned object.



  • JOIDC-5 - Getting issue details... STATUS
    • Updated schema to the 'choice' -approach
    • Getting ready to merge to the main branch
      • Initial thought was to use idp-saml-api and -impl for schema and XMLObjects
      • Could a new "common OIDC" -module be more logical destination?


  • Java 15 is GA: no more Nashorn.
  • Spring Framework 5.3 in October, EOL will be 2024.
  • XMLSecTool can't do the most common kind of PKCS#11 operation under Java 9+; time for V3:
    XSTJ-82 - Getting issue details... STATUS
    (Similar issue in a spring-extensions bean)
    JSE-42 - Getting issue details... STATUS




  • JDUO-15 - Getting issue details... STATUS Trying out a feature branch to switch some of my custom JWT handling to Nimbus.
    • Pretty much done - will push the branch when I can. As with Henri's idea above, probably a bit of common Nimbus JWT code we could be sharing - not flow, but JWT verifier setup etc.
    • Wanted to test a DuoClient using only Nimbus, not Duo's SDK. This eventually led to secret key issues  JDUO-16 - Getting issue details... STATUS  and an email to Duo.


  • Misc bug fixes.
  • Is anything gained by making our installation code API? (potential agenda topic)
  • Potentially strip a bunch of config stuff from the plugins.


  • IDP-1664 - Getting issue details... STATUS
    • Modules
    • Authentication and admin modules mostly done, major redesign of authn config approach into properties
    • Interceptors are the main area of work left
  • Work left to do in places to allow plugins to dynamically add components, will need OIDC review for that
  • GEN-266 - Getting issue details... STATUS
    • Package sealing done up to the IdP layer pending full testing
    • Lots of split packages due to test-jar classes, virtually none elsewhere
    • Resource loading does not appear subject to sealing
    • Plugins and new work should seal by default


  • IDP-1660 - Getting issue details... STATUS : still working through it
    • is there a way to order attribute values via the attribute resolver ?


  • No labels