Hi.
I have some questions to updates strategy for WSO2 IS. (I know that WSO2 IS
5.4.0 is released now, but I can better explain my question on version 5.3.0.)
There was in basic installation package for WSO2 IS 5.3.0 (wso2is-5.3.0.zip),
in folder "repository/components/dropins" SAML Federation plugin
(org.wso2.carbon.identity.application.authenticator.samlsso) version 5.1.5.
There was a bug in the class DefaultSAML2SSOManager. Method
buildLogoutRequest() incorrectly set (always!)
nameId.setFormat(NameIDType.UNSPECIFIED), which was interpreted by som trusted
IDPs as wrong LogoutRequest. This bug was fixed in version 5.1.6: if some
conditions are met, it sets: nameId.setFormat(NameIDType.ENTITY);
In the time when version 5.1.7 was available in GIT, I tried to download
updates for WSO2 IS by WUM. But updated zip-package contained only unpatched
version 5.1.5. Command "wum list" shows basic and "updated" versions of WSO2 IS:
c:\Program Files\WUM\bin>wum list
Product Updated Filename
wso2is-5.3.0 16 Oct 17 13:36 CEST
wso2is-5.3.0.1497977325530.zip
wso2is-5.3.0 - wso2is-5.3.0.zip
Version 5.1.7 was released on Jun 27, 2017 (by
https://github.com/wso2-extensions/identity-outbound-auth-samlsso/releases).
- How to instruct WUM to include also latest patches for specific
component (for example SAML Federation plugin :
org.wso2.carbon.identity.application.authenticator.samlsso)? Or is it a bug in
WUM that it doesn't download latest patches for dropins?
- I know that I can download the source code of 5.1.6+ from GIT and
build the plugin ("OSGI bundle") by Maven. But can I copy newly created JAR
file into the dropins folder? Don't expect other OSGI components specific
version 5.1.5? I am afraid that it can lead to inconsistent state of WSO2 IS.
How to get to consistent state with version 5.1.6+?
Best regards,
Roman Chrenko
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
