Kasun, this blocks the AppM kernel-4.4.6 upgrade. Is it possible to do this today ? I thought IS-5.2.0 is already based on kernel 4.4.6.
Regards, Dinusha. On Fri, Jun 24, 2016 at 11:38 AM, Kasun Bandara <[email protected]> wrote: > Hi Dinusha, > > Yes. we will be fixing this issue with once we upgrade the kernel version > to 4.4.6. The opensaml version of the feature you have mentioned will be > upgraded to opensaml-2.6.4.wso2v3. The corresponding repository release > will be done along with the IS 5.2.0 GA release. > > Thanks, > Kasun. > > On Fri, Jun 24, 2016 at 11:28 AM, Dinusha Senanayaka <[email protected]> > wrote: > >> Hi Kasun, >> >> Non of the appmgt features are bundling opensaml. It's comes to AppM >> product through identity features. Seems through the >> org.wso2.carbon.identity.xacml.server.feature [1] and it has still using >> opensaml-2.6.4.wso2v2 [2]. Could you please fix that. That should resolve >> this. >> >> [1] >> https://github.com/wso2/carbon-identity-framework/blob/master/features/xacml/org.wso2.carbon.identity.xacml.server.feature/pom.xml#L118 >> [2] >> https://github.com/wso2/carbon-identity-framework/blob/master/pom.xml#L1476 >> >> Regards, >> Dinusha. >> >> On Fri, Jun 24, 2016 at 10:55 AM, Kasun Bandara <[email protected]> wrote: >> >>> Hi Sajith, >>> >>> This issue was identified in [1] and we have fixed the issue with [2]. >>> This issue can be resolve by using the new opensaml orbit. We are planning >>> to release identity repositories (~50) on top of kernel 4.4.6, after fixing >>> the security vulnerabilities as stated in [3]. You can refer [4] to get the >>> latest updates on IS 5.2.0 GA release. >>> >>> Thanks, >>> Kasun. >>> >>> >>> [1] https://wso2.org/jira/browse/IDENTITY-4680 >>> >>> [2] [Engineering] Request to merge and release opensaml 2.6.4.wso2v3 >>> orbit >>> >>> [3] [Engineering] Security Hackathon to start from tomorrow >>> >>> [4] [Engineering] IS 5.2.0 GA Update >>> >>> On Fri, Jun 24, 2016 at 10:10 AM, Sajith Abeywardhana <[email protected]> >>> wrote: >>> >>>> Hi IS Team, >>>> >>>> AppM has been updated to the carbon kernel 4.4.6, and also I updated >>>> the IS version to 5.1.1-SNAPSHOT. When I try to login to the publisher >>>> jaggery app I got below exception[1]. >>>> >>>> The root cause is for this is, opensaml_2.6.4.wso2v2 haven't properly >>>> imported the required bouncy castle version which is version >>>> 1.52.0.wso2v1(packed >>>> with kernel 4.4.6), and currently, it's [1.49.0,1.50.0)[2]. >>>> >>>> Then I found that there is an opensaml_2.6.4.wso2v3 orbit bundle in >>>> the git repo with the required bouncy castle version[3]. So when you >>>> are planning to release the IS version, which bundles the opensaml_2. >>>> 6.4.wso2v3 into a feature? Currently, we are blocking due to this >>>> issue. >>>> >>>> >>>> [1]. osgi> [2016-06-24 00:18:46,052] ERROR - StandardWrapperValve >>>> Servlet.service() for servlet [bridgeservlet] in context with path [/] >>>> threw exception [Servlet execution threw an exception] with root cause >>>> java.lang.ClassNotFoundException: org.bouncycastle.util.encoders.Hex >>>> cannot be found by opensaml_2.6.4.wso2v2 >>>> at >>>> org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:501) >>>> at >>>> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421) >>>> at >>>> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412) >>>> at >>>> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107) >>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358) >>>> at >>>> org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:63) >>>> at >>>> org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56) >>>> at >>>> org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.createID(SAMLSSOUtil.java:726) >>>> at >>>> org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildResponse(DefaultResponseBuilder.java:57) >>>> at >>>> org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:160) >>>> at >>>> org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:164) >>>> at >>>> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:702) >>>> at >>>> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:178) >>>> at >>>> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:95) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at >>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at >>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:61) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>> at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>> at >>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) >>>> at >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) >>>> at >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>> at >>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> >>>> [2]. >>>> https://github.com/wso2/orbit/blob/master/opensaml/2.6.4.wso2v2/pom.xml#L322 >>>> >>>> [3]. >>>> https://github.com/wso2/orbit/blob/master/opensaml/2.6.4.wso2v3/pom.xml#L342 >>>> >>>> Regards, >>>> Sajith. >>>> >>>> -- >>>> *Sajith Abeywardhana* | Software Engineer >>>> WSO2, Inc | lean. enterprise. middleware. >>>> #20, Palm Grove, Colombo 03, Sri Lanka. >>>> Mobile: +94772260485 >>>> Email: [email protected] | Web: www.wso2.com >>>> >>> >>> >>> >>> -- >>> Kasun Bandara >>> *Software Engineer* >>> Mobile : +94 (0) 718 338 360 >>> <%2B94%20%280%29%20773%20451194> >>> [email protected] <[email protected]> >>> >> >> >> >> -- >> Dinusha Dilrukshi >> Associate Technical Lead >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > > > -- > Kasun Bandara > *Software Engineer* > Mobile : +94 (0) 718 338 360 > <%2B94%20%280%29%20773%20451194> > [email protected] <[email protected]> > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
