[ https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17104161#comment-17104161 ]
Robert Munteanu commented on SLING-9397: ---------------------------------------- I've started the release vote for the parent pom and the resource bundle. With the following changes to the SAML handler, the NOTICE file is generated correctly for me {noformat}diff --git a/saml-handler/pom.xml b/saml-handler/pom.xml index d1f6a07f..715cd4ee 100644 --- a/saml-handler/pom.xml +++ b/saml-handler/pom.xml @@ -15,7 +15,7 @@ <parent> <groupId>org.apache.sling</groupId> <artifactId>sling-bundle-parent</artifactId> - <version>38</version> + <version>39</version> <relativePath /> </parent> @@ -35,6 +35,9 @@ <sling.user>admin</sling.user> <sling.password>admin</sling.password> <bnd.baseline.skip>true</bnd.baseline.skip> + <noticeStatement>This module includes modified code from webprofile-ref-project-v3 [1], which has ASL2 as the license. + +[1]: https://bitbucket.org/srasmusson/webprofile-ref-project-v3</noticeStatement> </properties> <build> {noformat} Of course, this needs the vote to pass and the artifacts to be released. > SAML2 Authentication Handler [initial submission] > ------------------------------------------------- > > Key: SLING-9397 > URL: https://issues.apache.org/jira/browse/SLING-9397 > Project: Sling > Issue Type: New Feature > Components: Authentication > Environment: localhost > Reporter: Cris Rockwell > Priority: Major > Labels: SAML, authentification, security, user_management > Original Estimate: 168h > Time Spent: 1h > Remaining Estimate: 167h > > Here is a pull request which adds an authentication handler for a SAML2 > Service Provider via the embedded OpenSAML V3 dependencies > [https://github.com/apache/sling-whiteboard/pull/51] > > *TODO Before Initial* > [X] Sync attributes released by the IDP > [X] Confirm license and attribution > "As the code is ASL2 and does not require a notice or anything else, we don't > need to mention in. But I think its usually good style to do so and have a > single sentence in our NOTICE that we include (modified) code from ... which > has ASL2 as the license" > > *TODO After Initial* > [ ] Get confirmation the project builds and operates as expected > [ ] Ensure that the NOTICE file is the correct one > [ ] Clarify whether we can depend on artifacts not deployed on Maven Central > [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects > * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf] > [ ] Consider whether use of {{SAML2ConfigService}} and > {{SAML2ConfigServiceImpl}} is a good design or not. > [ ] Get feedback whether README instructions are too much, too little, > unclear, etc > [ ] Decide whether to make signing and encryption optional. Currently it is > required > [ ] Find and fix any bugs > -- This message was sent by Atlassian Jira (v8.3.4#803005)