Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
Ping. :-) On Mon, May 3, 2010 at 5:03 PM, scott.battag...@gmail.com wrote: Thanks for the clarification. We'll also hopefully be migrating to 2 sometime soon. -Original Message- From: Brent Putman putm...@georgetown.edu Also, be aware that as of June 30, 2010, OpenSAML 1.x will be in a wholly unsupported status (as Shibboleth 1.x transitions to an unsupported status). https://spaces.internet2.edu/display/OpenSAML/OS1Status http://shibboleth.internet2.edu/shib-which-version.html Now that 3.4.6 is out the door, congratulations, will we see an update to the supported version of SAML? Thanks! -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
Now that 3.4.6 is out the door, congratulations, will we see an update to the supported version of SAML? Thanks! It's certainly not reasonable to move to SAML 2 in CAS 3.4.x. While it may be feasible to move to the SAML 2.x libs and use the SAML 1.1 support therein, there seems marginal value. Other than official support having ended for 1.1b, I'm not aware of any issues in particular. Are you? M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
Greetings, On Tue, Feb 22, 2011 at 8:11 AM, Marvin Addison marvin.addi...@gmail.com wrote: Now that 3.4.6 is out the door, congratulations, will we see an update to the supported version of SAML? Thanks! It's certainly not reasonable to move to SAML 2 in CAS 3.4.x. While Ok, that makes sense. I know that CAS 4.x has been in planning for quite some time though, and perhaps there's still time to update the dependency.. it may be feasible to move to the SAML 2.x libs and use the SAML 1.1 support therein, there seems marginal value. Other than official support having ended for 1.1b, I'm not aware of any issues in particular. Are you? I think that having one of a security product's dependency as unsupported is a pretty big deal and shouldn't be marginalized. From their own wiki[1], they state: There is NO support of any kind, including security fixes, for any previous releases. So, if they should happen to find a bug in their 1.1 support shim/mechanism they will not fix it in our branch. It also seems unlikely that they would notify the 1.1 community that they may be affected.. This seems to me to have fail written all over it. I'm not aware of any existing bugs that would themselves warrant an update to OpenSAML 2.x. -Jesse [1] https://spaces.internet2.edu/display/OpenSAML/OS1Status -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
I think that having one of a security product's dependency as unsupported is a pretty big deal and shouldn't be marginalized. While you're right in theory, in practice it's hardly as dire as marginalization. The lines of communication between the Shib and CAS projects are open and working. (FWIW, Chad was formerly the technical lead in our group at Tech.) If there is a reported issue, and in particular a security-related issue, in the SAML libraries, we will get word and act accordingly. In any case it would be wise to investigate migrating to opensaml 2.x in CAS 3.4.x. I've created https://issues.jasig.org/browse/CAS-951 to track a resolution. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
Its not there and despite the warning you shouldn't need it. Is it causing something to fail? On Mon, May 3, 2010 at 11:13 AM, Jesse Farinacci jie...@gmail.com wrote: Greetings, I can not seem to find, nor can Maven, the opensaml 1.1 pom. When building my customized CAS war overlay, v3.4.2, Maven issues the following: [WARNING] Missing POM for org.opensaml:opensaml:jar:1.1b Any thoughts? Thanks! -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
It's not causing anything to fail, but it's irritating. :-) Previous versions of opensaml had proper artifacts in the main maven repository[1]; this facilitates nice integration with tools like M2E. Just curious if we've given up putting quality/proper maven artifacts into the JA-SIG repository.. [1] http://repo1.maven.org/maven2/org/opensaml/ -Jesse On Mon, May 3, 2010 at 2:54 PM, Scott Battaglia scott.battag...@gmail.com wrote: Its not there and despite the warning you shouldn't need it. Is it causing something to fail? -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
We're not responsible for those artifacts. We can't generate poms for something we don't own (I mean we could but it would be kind of wrong and misleading). We have the artifact in there because we need it and its not available in the public repository. If you have issues with OpenSAML, and its deployment into the public repository, you should contact Internet2. Cheers, Scott On Mon, May 3, 2010 at 3:20 PM, Jesse Farinacci jie...@gmail.com wrote: It's not causing anything to fail, but it's irritating. :-) Previous versions of opensaml had proper artifacts in the main maven repository[1]; this facilitates nice integration with tools like M2E. Just curious if we've given up putting quality/proper maven artifacts into the JA-SIG repository.. [1] http://repo1.maven.org/maven2/org/opensaml/ -Jesse On Mon, May 3, 2010 at 2:54 PM, Scott Battaglia scott.battag...@gmail.com wrote: Its not there and despite the warning you shouldn't need it. Is it causing something to fail? -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom
Brent Thanks for the clarification. We'll also hopefully be migrating to 2 sometime soon. Cheers Scott Sent from my Verizon Wireless BlackBerry -Original Message- From: Brent Putman putm...@georgetown.edu Date: Mon, 03 May 2010 16:55:21 To: cas-user@lists.jasig.org Subject: Re: [cas-user] missing org.opensaml:opensaml:1.1b:pom Hi, I am one of the OpenSAML developers within Internet2. Let me say for the record that: Internet2 has never published any OpenSAML version in the public Maven repository. In fact, 1.x as a project was never Mavenized (by us) and was never published (by us) in any Maven repository. OpenSAML 2.x is Maven-based, but is currently published (by us) only in our repo at http://shibboleth.internet2.edu/downloads/maven2/ If any Maven artifacts are found in any other Maven repo for OpenSAML or Shibboleth, they were not published there by Internet2. Must have been someone publishing something they they don't own (as Scott warned against). Just wanted to clarify. This thread is apropos: http://groups.google.com/group/opensaml-users/browse_thread/thread/eb39df1e21b73df1 Also, be aware that as of June 30, 2010, OpenSAML 1.x will be in a wholly unsupported status (as Shibboleth 1.x transitions to an unsupported status). https://spaces.internet2.edu/display/OpenSAML/OS1Status http://shibboleth.internet2.edu/shib-which-version.html Thanks, Brent On 5/3/10 4:00 PM, Jesse Farinacci wrote: I do have a problem with Internet2 and will request they deploy their 1.1b artifact, however I also have a problem with the half-hearted way we've handled it, too. -Jesse -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
