Hi Dinusha, Can you please specify the relevant identity features you are using ?. IS-5.2.0 will be based on kernel 4.4.6. We are planning the component release along with the IS 5.2.0 GA release .
Thanks, Kasun. On Fri, Jun 24, 2016 at 11:44 AM, Dinusha Senanayaka <dinu...@wso2.com> wrote: > Kasun, this blocks the AppM kernel-4.4.6 upgrade. Is it possible to do > this today ? I thought IS-5.2.0 is already based on kernel 4.4.6. > > Regards, > Dinusha. > > On Fri, Jun 24, 2016 at 11:38 AM, Kasun Bandara <kas...@wso2.com> wrote: > >> Hi Dinusha, >> >> Yes. we will be fixing this issue with once we upgrade the kernel version >> to 4.4.6. The opensaml version of the feature you have mentioned will be >> upgraded to opensaml-2.6.4.wso2v3. The corresponding repository release >> will be done along with the IS 5.2.0 GA release. >> >> Thanks, >> Kasun. >> >> On Fri, Jun 24, 2016 at 11:28 AM, Dinusha Senanayaka <dinu...@wso2.com> >> wrote: >> >>> Hi Kasun, >>> >>> Non of the appmgt features are bundling opensaml. It's comes to AppM >>> product through identity features. Seems through the >>> org.wso2.carbon.identity.xacml.server.feature [1] and it has still using >>> opensaml-2.6.4.wso2v2 [2]. Could you please fix that. That should resolve >>> this. >>> >>> [1] >>> https://github.com/wso2/carbon-identity-framework/blob/master/features/xacml/org.wso2.carbon.identity.xacml.server.feature/pom.xml#L118 >>> [2] >>> https://github.com/wso2/carbon-identity-framework/blob/master/pom.xml#L1476 >>> >>> Regards, >>> Dinusha. >>> >>> On Fri, Jun 24, 2016 at 10:55 AM, Kasun Bandara <kas...@wso2.com> wrote: >>> >>>> Hi Sajith, >>>> >>>> This issue was identified in [1] and we have fixed the issue with [2]. >>>> This issue can be resolve by using the new opensaml orbit. We are planning >>>> to release identity repositories (~50) on top of kernel 4.4.6, after fixing >>>> the security vulnerabilities as stated in [3]. You can refer [4] to get the >>>> latest updates on IS 5.2.0 GA release. >>>> >>>> Thanks, >>>> Kasun. >>>> >>>> >>>> [1] https://wso2.org/jira/browse/IDENTITY-4680 >>>> >>>> [2] [Engineering] Request to merge and release opensaml 2.6.4.wso2v3 >>>> orbit >>>> >>>> [3] [Engineering] Security Hackathon to start from tomorrow >>>> >>>> [4] [Engineering] IS 5.2.0 GA Update >>>> >>>> On Fri, Jun 24, 2016 at 10:10 AM, Sajith Abeywardhana <saji...@wso2.com >>>> > wrote: >>>> >>>>> Hi IS Team, >>>>> >>>>> AppM has been updated to the carbon kernel 4.4.6, and also I updated >>>>> the IS version to 5.1.1-SNAPSHOT. When I try to login to the publisher >>>>> jaggery app I got below exception[1]. >>>>> >>>>> The root cause is for this is, opensaml_2.6.4.wso2v2 haven't properly >>>>> imported the required bouncy castle version which is version >>>>> 1.52.0.wso2v1(packed >>>>> with kernel 4.4.6), and currently, it's [1.49.0,1.50.0)[2]. >>>>> >>>>> Then I found that there is an opensaml_2.6.4.wso2v3 orbit bundle in >>>>> the git repo with the required bouncy castle version[3]. So when you >>>>> are planning to release the IS version, which bundles the opensaml_2. >>>>> 6.4.wso2v3 into a feature? Currently, we are blocking due to this >>>>> issue. >>>>> >>>>> >>>>> [1]. osgi> [2016-06-24 00:18:46,052] ERROR - StandardWrapperValve >>>>> Servlet.service() for servlet [bridgeservlet] in context with path [/] >>>>> threw exception [Servlet execution threw an exception] with root cause >>>>> java.lang.ClassNotFoundException: org.bouncycastle.util.encoders.Hex >>>>> cannot be found by opensaml_2.6.4.wso2v2 >>>>> at >>>>> org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:501) >>>>> at >>>>> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421) >>>>> at >>>>> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412) >>>>> at >>>>> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107) >>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358) >>>>> at >>>>> org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:63) >>>>> at >>>>> org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.createID(SAMLSSOUtil.java:726) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildResponse(DefaultResponseBuilder.java:57) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:160) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:164) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:702) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:178) >>>>> at >>>>> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:95) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>> at >>>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >>>>> at >>>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >>>>> at >>>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >>>>> at >>>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:61) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>> at >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>> at >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>>> at >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>>> at >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>> at >>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>> at >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>> at >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>> at >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) >>>>> at >>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) >>>>> at >>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>> at >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>>> at >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>> at >>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:745) >>>>> >>>>> [2]. >>>>> https://github.com/wso2/orbit/blob/master/opensaml/2.6.4.wso2v2/pom.xml#L322 >>>>> >>>>> [3]. >>>>> https://github.com/wso2/orbit/blob/master/opensaml/2.6.4.wso2v3/pom.xml#L342 >>>>> >>>>> Regards, >>>>> Sajith. >>>>> >>>>> -- >>>>> *Sajith Abeywardhana* | Software Engineer >>>>> WSO2, Inc | lean. enterprise. middleware. >>>>> #20, Palm Grove, Colombo 03, Sri Lanka. >>>>> Mobile: +94772260485 >>>>> Email: saji...@wso2.com | Web: www.wso2.com >>>>> >>>> >>>> >>>> >>>> -- >>>> Kasun Bandara >>>> *Software Engineer* >>>> Mobile : +94 (0) 718 338 360 >>>> <%2B94%20%280%29%20773%20451194> >>>> kas...@wso2.com <thili...@wso2.com> >>>> >>> >>> >>> >>> -- >>> Dinusha Dilrukshi >>> Associate Technical Lead >>> WSO2 Inc.: http://wso2.com/ >>> Mobile: +94725255071 >>> Blog: http://dinushasblog.blogspot.com/ >>> >> >> >> >> -- >> Kasun Bandara >> *Software Engineer* >> Mobile : +94 (0) 718 338 360 >> <%2B94%20%280%29%20773%20451194> >> kas...@wso2.com <thili...@wso2.com> >> > > > > -- > Dinusha Dilrukshi > Associate Technical Lead > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- Kasun Bandara *Software Engineer* Mobile : +94 (0) 718 338 360 <%2B94%20%280%29%20773%20451194> kas...@wso2.com <thili...@wso2.com>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev