Misagh Moayyed created CXF-8579:
-----------------------------------
Summary: Upgrade wss4j to v2.5.0 and OpenSAML to 4.x
Key: CXF-8579
URL: https://issues.apache.org/jira/browse/CXF-8579
Project: CXF
Issue Type: Task
Components: STS, WS-* Components
Affects Versions: 3.5.0
Reporter: Misagh Moayyed
The next release of wss4j has switched to support OpenSAML v4. This release as
of this writing is in SNAPSHOT mode. When testing wss4j against CXF, it turns
out that SAMLTokenProvider is not compatible with the latest wss4j and
opensaml v4, mainly due to the following:
{code:java}
DateTime validFrom = null;
DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
validFrom = assertion.getSaml2().getConditions().getNotBefore();
validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
} else {
validFrom = assertion.getSaml1().getConditions().getNotBefore();
validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
}
{code}
There may be other areas that require attention.
This Jira focuses on upgrading wss4j to the next 2.5.x line, while making sure
opensaml v4 continues to work correctly. If possible, it would be great to
publish a SNAPSHOT version of CXF that contains an updated 2.5.0-SNAPSHOT
version for wss4j, and allow the user community to test it.
I can surely submit a patch or pull request that attempts to handle the upgrade
on GH, etc.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
