-/- On Mon, May 25, 2020, 11:04 AM Robert Munteanu (Jira) <[email protected]> wrote:
> > [ > https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17116098#comment-17116098 > ] > > Robert Munteanu commented on SLING-9397: > ---------------------------------------- > > [~cris_rockwell] - I plan to make a review pass this week. In the > meantime, feel free to develop the module according to your needs. > > > SAML2 Authentication Handler [initial submission] > > ------------------------------------------------- > > > > Key: SLING-9397 > > URL: https://issues.apache.org/jira/browse/SLING-9397 > > Project: Sling > > Issue Type: New Feature > > Components: Authentication > > Environment: localhost > > Reporter: Cris Rockwell > > Priority: Major > > Labels: SAML, authentification, security, user_management > > Original Estimate: 168h > > Time Spent: 1h > > Remaining Estimate: 167h > > > > Here is a pull request which adds an authentication handler for a SAML2 > Service Provider via the embedded OpenSAML V3 dependencies > > [https://github.com/apache/sling-whiteboard/pull/51] > > > > *TODO Before Initial* > > [X] Sync attributes released by the IDP > > [X] Confirm license and attribution > > "As the code is ASL2 and does not require a notice or anything else, we > don't need to mention in. But I think its usually good style to do so and > have a single sentence in our NOTICE that we include (modified) code from > ... which has ASL2 as the license" > > > > *TODO After Initial* > > [ ] Get confirmation the project builds and operates as expected > > [X] Ensure that the NOTICE file is the correct one > > [ ] Clarify whether we can depend on artifacts not deployed on Maven > Central > > [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all > aspects > > * [ > https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf] > > [ ] Consider whether use > of {{SAML2ConfigService}} and {{SAML2ConfigServiceImpl}} is a good design > or not. > > [ ] Get feedback whether README instructions are too much, too little, > unclear, etc > > [ ] Decide whether to make signing and encryption optional. Currently it > is required > > [ ] Find and fix any bugs > > > > > > -- > This message was sent by Atlassian Jira > (v8.3.4#803005) >
