[ https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cris Rockwell updated SLING-9397: --------------------------------- Description: Here is a pull request which adds an authentication handler for a SAML2 Service Provider via the embedded OpenSAML V3 dependencies [https://github.com/apache/sling-whiteboard/pull/51] *TODO Before Initial* [X] Sync attributes released by the IDP [X] Confirm license and attribution "As the code is ASL2 and does not require a notice or anything else, we don't need to mention in. But I think its usually good style to do so and have a single sentence in our NOTICE that we include (modified) code from ... which has ASL2 as the license" [ ] Get confirmation the project builds and operates as expected *TODO After Initial* [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf] [ ] Consider whether use of {{SAML2ConfigService}} and {{SAML2ConfigServiceImpl}} is a good design or not. [ ] Get feedback whether README instructions are too much, too little, unclear, etc [ ] Decide whether to make signing and encryption optional. Currently it is required [ ] Find and fix any bugs was: Here is a pull request which adds an authentication handler for a SAML2 Service Provider via the embedded OpenSAML V3 dependencies [https://github.com/apache/sling-whiteboard/pull/51] TODO: [X] Sync attributes released by the IDP [ ] Confirm license and attribution [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf] [ ] Consider whether use of {{SAML2ConfigService}} and {{SAML2ConfigServiceImpl}} is a good design or not. [ ] Get feedback whether README instructions are too much, too little, unclear, etc [ ] Get confirmation the project builds and operates as expected [ ] Decide whether to make signing and encryption optional. Currently it is required [ ] Find and fix any bugs > SAML2 Authentication Handler [initial submission] > ------------------------------------------------- > > Key: SLING-9397 > URL: https://issues.apache.org/jira/browse/SLING-9397 > Project: Sling > Issue Type: New Feature > Components: Authentication > Environment: localhost > Reporter: Cris Rockwell > Priority: Major > Labels: SAML, authentification, security, user_management > Original Estimate: 168h > Remaining Estimate: 168h > > Here is a pull request which adds an authentication handler for a SAML2 > Service Provider via the embedded OpenSAML V3 dependencies > [https://github.com/apache/sling-whiteboard/pull/51] > > *TODO Before Initial* > [X] Sync attributes released by the IDP > [X] Confirm license and attribution > "As the code is ASL2 and does not require a notice or anything else, we don't > need to mention in. But I think its usually good style to do so and have a > single sentence in our NOTICE that we include (modified) code from ... which > has ASL2 as the license" > [ ] Get confirmation the project builds and operates as expected > > *TODO After Initial* > [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects > * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf] > [ ] Consider whether use of {{SAML2ConfigService}} and > {{SAML2ConfigServiceImpl}} is a good design or not. > [ ] Get feedback whether README instructions are too much, too little, > unclear, etc > [ ] Decide whether to make signing and encryption optional. Currently it is > required > [ ] Find and fix any bugs > -- This message was sent by Atlassian Jira (v8.3.4#803005)