[
https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17107330#comment-17107330
]
Cris Rockwell commented on SLING-9397:
--------------------------------------
Looks good. I've pulled the latest, built and confirmed the NOTICE has the
statement by using the command below and inspecting the file. I've marked that
as done in the description above.
{{jar xf org.apache.sling.auth.saml2-0.1.0-SNAPSHOT.jar META-INF/NOTICE}}
Let me know what is next.
Thanks!
> SAML2 Authentication Handler [initial submission]
> -------------------------------------------------
>
> Key: SLING-9397
> URL: https://issues.apache.org/jira/browse/SLING-9397
> Project: Sling
> Issue Type: New Feature
> Components: Authentication
> Environment: localhost
> Reporter: Cris Rockwell
> Priority: Major
> Labels: SAML, authentification, security, user_management
> Original Estimate: 168h
> Time Spent: 1h
> Remaining Estimate: 167h
>
> Here is a pull request which adds an authentication handler for a SAML2
> Service Provider via the embedded OpenSAML V3 dependencies
> [https://github.com/apache/sling-whiteboard/pull/51]
>
> *TODO Before Initial*
> [X] Sync attributes released by the IDP
> [X] Confirm license and attribution
> "As the code is ASL2 and does not require a notice or anything else, we don't
> need to mention in. But I think its usually good style to do so and have a
> single sentence in our NOTICE that we include (modified) code from ... which
> has ASL2 as the license"
>
> *TODO After Initial*
> [ ] Get confirmation the project builds and operates as expected
> [X] Ensure that the NOTICE file is the correct one
> [ ] Clarify whether we can depend on artifacts not deployed on Maven Central
> [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects
> * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]
> [ ] Consider whether use of {{SAML2ConfigService}} and
> {{SAML2ConfigServiceImpl}} is a good design or not.
> [ ] Get feedback whether README instructions are too much, too little,
> unclear, etc
> [ ] Decide whether to make signing and encryption optional. Currently it is
> required
> [ ] Find and fix any bugs
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
