You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Misagh Moayyed (Jira)" <ji...@apache.org> on 2021/08/10 13:04:00 UTC

[jira] [Created] (CXF-8579) Upgrade wss4j to v2.5.0 and OpenSAML to 4.x

Misagh Moayyed created CXF-8579:
-----------------------------------

             Summary: Upgrade wss4j to v2.5.0 and OpenSAML to 4.x
                 Key: CXF-8579
                 URL: https://issues.apache.org/jira/browse/CXF-8579
             Project: CXF
          Issue Type: Task
          Components: STS, WS-* Components
    Affects Versions: 3.5.0
            Reporter: Misagh Moayyed


The next release of wss4j has switched to support OpenSAML v4. This release as of this writing is in SNAPSHOT mode. When testing wss4j against CXF, it turns out that SAMLTokenProvider  is not compatible with the latest wss4j and opensaml v4, mainly due to the following:

 
{code:java}
DateTime validFrom = null;
DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
    validFrom = assertion.getSaml2().getConditions().getNotBefore();
    validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
} else {
    validFrom = assertion.getSaml1().getConditions().getNotBefore();
    validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
}
{code}
There may be other areas that require attention.

This Jira focuses on upgrading wss4j to the next 2.5.x line, while making sure opensaml v4 continues to work correctly. If possible, it would be great to publish a SNAPSHOT version of CXF that contains an updated 2.5.0-SNAPSHOT version for wss4j, and allow the user community to test it.

 

I can surely submit a patch or pull request that attempts to handle the upgrade on GH, etc.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)