You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2022/04/19 08:13:00 UTC
[jira] [Assigned] (CXF-8579) Upgrade wss4j to v2.5.0 and OpenSAML to 4.x
[ https://issues.apache.org/jira/browse/CXF-8579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-8579:
----------------------------------------
Assignee: Colm O hEigeartaigh
> Upgrade wss4j to v2.5.0 and OpenSAML to 4.x
> -------------------------------------------
>
> Key: CXF-8579
> URL: https://issues.apache.org/jira/browse/CXF-8579
> Project: CXF
> Issue Type: Task
> Components: STS, WS-* Components
> Affects Versions: 3.5.0
> Reporter: Misagh Moayyed
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 4.0.0
>
>
> The next release of wss4j has switched to support OpenSAML v4. This release as of this writing is in SNAPSHOT mode. When testing wss4j against CXF, it turns out that SAMLTokenProvider is not compatible with the latest wss4j and opensaml v4, mainly due to the following:
>
> {code:java}
> DateTime validFrom = null;
> DateTime validTill = null;
> if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
> validFrom = assertion.getSaml2().getConditions().getNotBefore();
> validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
> } else {
> validFrom = assertion.getSaml1().getConditions().getNotBefore();
> validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
> }
> {code}
> There may be other areas that require attention.
> This Jira focuses on upgrading wss4j to the next 2.5.x line, while making sure opensaml v4 continues to work correctly. If possible, it would be great to publish a SNAPSHOT version of CXF that contains an updated 2.5.0-SNAPSHOT version for wss4j, and allow the user community to test it.
>
> I can surely submit a patch or pull request that attempts to handle the upgrade on GH, etc.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)