An enterprise architect has raised licensing concerns to me about opensaml-1.1b.jar in CAS. It is unsupported and of unknown icensing. (please refer to https://spaces.internet2.edu/display/OpenSAML/OSTwoLicense)
Unfortunately, an attempt to use new version of OpenSAML failed due to reference for SAMLArtifact class in SamlCompliantUniqueTicketIdGenerator (although this can be configured in xml). Another note of interest: CAS includes xmlsec-1.4.0 that has security vulnerabilities. It needs to be upgraded to version 1.4.3 (refernce: http://www.kb.cert.org/vuls/id/466161 http://santuario.apache.org/Java/index.html ) Thanks in advance for your help. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
