[ https://issues.apache.org/jira/browse/WSS-204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12905586#action_12905586 ]
Colm O hEigeartaigh commented on WSS-204: ----------------------------------------- I've finally had some time to think about this patch, and I'm going to mark this issue as won't fix. There are a number of problems with it as far as I'm concerned: - WSS4J would have two dependencies on different versions of the same library (Opensaml 1 and 2) - Opensaml 2 has a compile time dependency on bouncycastle, whereas WSS4J does not require bouncycastle. In fact, some of the tests fail unless the bouncycastle dependency is explicitly excluded from Opensaml 2. - Opensaml2 introduces some new dependencies, such as slf4j. I feel that this is too big a change for a minor release, as we still release a distribution with each release. Rather than apply this patch (aside from the reasons above), it is only a temporary fix anyway....the real solution is to completely move to Opensaml2 and release WSS4J 1.6. Colm. > Support validating SAML 2.0 tokens > ---------------------------------- > > Key: WSS-204 > URL: https://issues.apache.org/jira/browse/WSS-204 > Project: WSS4J > Issue Type: New Feature > Components: WSS4J Core > Affects Versions: 1.5.8 > Reporter: Thilina Buddhika > Assignee: Colm O hEigeartaigh > Fix For: 1.5.9, 1.6 > > Attachments: wss4j.patch > > > With the patch submitted for Rampart-231, SAML 2.0 support will be available > for Rampart. That patch only generates SAML 2.0 tokens as per the SAML Token > Profile 1.1 specification. SAML 2.0 validation support is mandatory for the > full completion of SAML 2.0 support in Rampart. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org