[
https://issues.apache.org/jira/browse/WSS-204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12905586#action_12905586
]
Colm O hEigeartaigh commented on WSS-204:
-----------------------------------------
I've finally had some time to think about this patch, and I'm going to mark
this issue as won't fix. There are a number of problems with it as far as I'm
concerned:
- WSS4J would have two dependencies on different versions of the same library
(Opensaml 1 and 2)
- Opensaml 2 has a compile time dependency on bouncycastle, whereas WSS4J does
not require bouncycastle. In fact, some of the tests fail unless the
bouncycastle dependency is explicitly excluded from Opensaml 2.
- Opensaml2 introduces some new dependencies, such as slf4j. I feel that this
is too big a change for a minor release, as we still release a distribution
with each release.
Rather than apply this patch (aside from the reasons above), it is only a
temporary fix anyway....the real solution is to completely move to Opensaml2
and release WSS4J 1.6.
Colm.
> Support validating SAML 2.0 tokens
> ----------------------------------
>
> Key: WSS-204
> URL: https://issues.apache.org/jira/browse/WSS-204
> Project: WSS4J
> Issue Type: New Feature
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Thilina Buddhika
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
> Attachments: wss4j.patch
>
>
> With the patch submitted for Rampart-231, SAML 2.0 support will be available
> for Rampart. That patch only generates SAML 2.0 tokens as per the SAML Token
> Profile 1.1 specification. SAML 2.0 validation support is mandatory for the
> full completion of SAML 2.0 support in Rampart.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
