[
https://issues.apache.org/jira/browse/WSS-146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680894#action_12680894
]
Todd Dunst commented on WSS-146:
--------------------------------
Hi! I could upload the patch today if you would like, but I would still like
to add a couple of pieces. Perhaps you could take a look at what I currently
have, evaluate it, and begin the merge process while I am finishing up the
following items:
1.) I have added a configurable SAMLCallbackHandler (an instance of
javax.security.auth.callback.CallbackHandler) and a SAMLCallback that users can
leverage to extract data from their local applications and provide it to WSS4J
for use in creating the various SAML statement types. In my case, I am using
Spring Security, so I have provided a callback handler implementation that
pulls security-related information from the Spring Security context and makes
it available to WSS4J for SAML statement creation. I don't think we need to
include my callback handler instance in the main codebase (all we should need
there is the SAML callback itself, not the environment specific handler), but
you might want to include it as a sample in the examples section to demonstrate
how to build a SAML callback handler. In addition, my callback handler
currently only supports collecting data for the SAML authentication and
attribute statements. I would like to make it a little more generic, and add
support for collecting data for SAML authorization decision statements as well.
2.) I have added two SAML component building classes that are used by the
assertion wrapper to generate both SAML v1.1 and SAML v2.0 artifacts. These
builders currently support SAML authentication statements, and SAML attribute
statements. I would like to add support for creating SAML authorization
decision statements as well.
These two additional pieces should provide a reasonable base to support SAML
v1.1 and SAML v2.0 going forward as at that point, all of the SAML statement
types will be supported at both SAML version levels. Let me know how you would
like to proceed. I could also just wait to upload the patch until I have had a
chance to add these last two features. That way, you would only have to
attempt the merge once. I should have a chance to complete these items over
the few days, so they would be available early to mid next week.
> Upgrade opensaml dependency to 2.x line
> ---------------------------------------
>
> Key: WSS-146
> URL: https://issues.apache.org/jira/browse/WSS-146
> Project: WSS4J
> Issue Type: Improvement
> Reporter: Bob Jacoby
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Attachments: wss4j_opensaml2.1.0.patch,
> wss4j_opensaml2.1.0_correct.patch, wss4j_opensaml2.2.3.patch
>
>
> WSS4J has a dependency on opensaml 1.1. OpenSAML 1.1 is, for the most part,
> no longer supported (https://spaces.internet2.edu/display/OpenSAML/OS1Status).
> 2.1 has been out for a while, and 2.2 was released in Oct. '08. The 2.x line
> is not backwards compatible with 1.1 so unfortunately it's not as simple as
> dropping in the newer jar.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
