CAS4 is actually using OpenSAML2. I haven't actually tested the support yet that I wrote (I need to write unit tests tonight). *If* everything works okay I can attempt to backport it. Though note that OpenSAML2 isn't in the public Maven repository (other than the ones someone else put in there) which makes our relying on it not particularly useful from a dependency standpoint.
On Tue, Feb 22, 2011 at 8:36 AM, Marvin Addison <[email protected]>wrote: > > I think that having one of a security product's dependency as > > unsupported is a pretty big deal and shouldn't be marginalized. > > While you're right in theory, in practice it's hardly as dire as > marginalization. The lines of communication between the Shib and CAS > projects are open and working. (FWIW, Chad was formerly the technical > lead in our group at Tech.) If there is a reported issue, and in > particular a security-related issue, in the SAML libraries, we will > get word and act accordingly. > > In any case it would be wise to investigate migrating to opensaml 2.x > in CAS 3.4.x. I've created https://issues.jasig.org/browse/CAS-951 to > track a resolution. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
