[CXF-8579] Upgrade wss4j to v3.0.0 and OpenSAML to 4.x - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.5.0
Fix Version/s: 4.0.0
Component/s: STS, WS-* Components
Labels:
None

Estimated Complexity:
Unknown
Language:
- English

Description

The next release of wss4j has switched to support OpenSAML v4. This release as of this writing is in SNAPSHOT mode. When testing wss4j against CXF, it turns out that SAMLTokenProvider is not compatible with the latest wss4j and opensaml v4, mainly due to the following:

DateTime validFrom = null;
DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
    validFrom = assertion.getSaml2().getConditions().getNotBefore();
    validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
} else {
    validFrom = assertion.getSaml1().getConditions().getNotBefore();
    validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
}

There may be other areas that require attention.

This Jira focuses on upgrading wss4j to the next 2.5.x line, while making sure opensaml v4 continues to work correctly. If possible, it would be great to publish a SNAPSHOT version of CXF that contains an updated 2.5.0-SNAPSHOT version for wss4j, and allow the user community to test it.

I can surely submit a patch or pull request that attempts to handle the upgrade on GH, etc.

Attachments

Issue Links

relates to

WSS-687 Upgrade OpenSAML to v4.1.x

Closed

links to

GitHub Pull Request #833

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Misagh Moayyed

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Aug/21 13:03

Updated:: 18/Sep/23 18:48

Resolved:: 19/Apr/22 08:15