Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8579

Upgrade wss4j to v3.0.0 and OpenSAML to 4.x

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.5.0
    • 4.0.0
    • STS, WS-* Components
    • None
    • Unknown

    Description

      The next release of wss4j has switched to support OpenSAML v4. This release as of this writing is in SNAPSHOT mode. When testing wss4j against CXF, it turns out that SAMLTokenProvider  is not compatible with the latest wss4j and opensaml v4, mainly due to the following:

       

      DateTime validFrom = null;
      DateTime validTill = null;
      if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
          validFrom = assertion.getSaml2().getConditions().getNotBefore();
          validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
      } else {
          validFrom = assertion.getSaml1().getConditions().getNotBefore();
          validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
      }
      

      There may be other areas that require attention.

      This Jira focuses on upgrading wss4j to the next 2.5.x line, while making sure opensaml v4 continues to work correctly. If possible, it would be great to publish a SNAPSHOT version of CXF that contains an updated 2.5.0-SNAPSHOT version for wss4j, and allow the user community to test it.

       

      I can surely submit a patch or pull request that attempts to handle the upgrade on GH, etc.

       

      Attachments

        Issue Links

          Activity

            People

              coheigea Colm O hEigeartaigh
              mmoayyed Misagh Moayyed
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: