[ https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17104475#comment-17104475 ]
Cris Rockwell commented on SLING-9397: -------------------------------------- Sounds great. Thanks [~rombert]! > SAML2 Authentication Handler [initial submission] > ------------------------------------------------- > > Key: SLING-9397 > URL: https://issues.apache.org/jira/browse/SLING-9397 > Project: Sling > Issue Type: New Feature > Components: Authentication > Environment: localhost > Reporter: Cris Rockwell > Priority: Major > Labels: SAML, authentification, security, user_management > Original Estimate: 168h > Time Spent: 1h > Remaining Estimate: 167h > > Here is a pull request which adds an authentication handler for a SAML2 > Service Provider via the embedded OpenSAML V3 dependencies > [https://github.com/apache/sling-whiteboard/pull/51] > > *TODO Before Initial* > [X] Sync attributes released by the IDP > [X] Confirm license and attribution > "As the code is ASL2 and does not require a notice or anything else, we don't > need to mention in. But I think its usually good style to do so and have a > single sentence in our NOTICE that we include (modified) code from ... which > has ASL2 as the license" > > *TODO After Initial* > [ ] Get confirmation the project builds and operates as expected > [ ] Ensure that the NOTICE file is the correct one > [ ] Clarify whether we can depend on artifacts not deployed on Maven Central > [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects > * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf] > [ ] Consider whether use of {{SAML2ConfigService}} and > {{SAML2ConfigServiceImpl}} is a good design or not. > [ ] Get feedback whether README instructions are too much, too little, > unclear, etc > [ ] Decide whether to make signing and encryption optional. Currently it is > required > [ ] Find and fix any bugs > -- This message was sent by Atlassian Jira (v8.3.4#803005)