Comments (17)
Depends on #13
from java-saml.
Solved. Thanks for contribute.
from java-saml.
This one isn't solved actually. Most Java libraries are published a location called the Maven Central Repository. Then projects can automatically download the code for the library and all of its dependencies (and their dependencies and so on). It would make this code far easier to use if it were available there like nearly every other Java library is.
It looks like there's another library org.opensaml:opensaml:2.6.1, which is already available in Maven Central. It looks like a much more mature library, so I'll probably try to use it. It's maintained by parties like Internet2, Ohio State University, and Georgetown University and is used in popular projects like JBoss, Apache CXF, and Shibboleth. I'm not sure if there's a reason SAML code was re-implemented here, but it might be interesting to make the sample project use the opensaml.org library instead as it probably solves several problems users of this library haven't encountered yet.
from java-saml.
I know the opensaml library (It has years and as you said is used by shibboleth).
We created the php-saml toolkit and we are building new toolkits based on it, translating from php to another languages (java, .net, python). The idea is to have similar workflow and similar settings.
As a big IAM company, we want to manage our own libraries.
from java-saml.
We will publish the the new release of the java-saml toolkit on Maven Central as you suggested
from java-saml.
Any update on this?
from java-saml.
We would need this too. When can we expect the libraries to be in Maven Central? And why is this marked as closed if it is not done?
from java-saml.
The toolkit is still under development, we plan to publish it at the end of this month.
from java-saml.
Looked for this on Maven Central this week and did not find it.
from java-saml.
Not published yet. I'm adding unit test for all the methods and need to write documentation.
For those users that used the 2.0.0 version
Does anyone be able to contribute with the project describing the steps they followed to include the library on their project/IDE?
from java-saml.
Anyone with some spare time to contribute on releasing the new java-saml toolkit?
The code is ready and I implemented a big bunch of unit test to ensure all is working as expected, but I'm not a Java expert so some help with documentation, testing (install and try the toolkit) and guide how prepare the toolkit to be published in maven is very welcome!
from java-saml.
I ended up using pac4j-saml, so I'm afraid I can't help on this one
from java-saml.
@pitbulk I can help preparing the project for releasing to maven central, and prepare a short guide for doing the actual release. To clarify, would you like to release from the v2.0.0 branch, or from the v1.1.2/master branch (actually what's the difference between the two? Both seem to have the 1.1.2 version)?
For releasing the easiest way to go is to use the Sonatype OSS Repository Hosting. You'll want to follow the linked guide to create a JIRA account, and create a New Project ticket, to claim the 'com.onelogin' groupid, so later on you can use it to publish the project to maven central.
from java-saml.
Hi @miszobi
thanks for the info and for your proposal.
I want to release the v2.0.0 branch (it has a lot of security improvements that aren't in 1.1.2).
I sent the info to my manager to validate the process that you suggested.
P.S I will push a big amount of code with more improvements and unit test for the v2.0.0 this week.
from java-saml.
I am watching this with interest. I agree that going the Sonatype OSS route is the easiest/best way to go about it, also happy to help where possible.
from java-saml.
People with far more knowledge than me already have responded, but still I would like to help wherever I can.
from java-saml.
Ok, thanks for the support. I pushed the new code on the v2.0.0 branch.
I think first step is to install manually, configure and test if you experience any issue with the toolkit.
I created this meta-ticket with the pending tasks: #50
from java-saml.
Related Issues (20)
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 vulnerability HOT 3
- This project is currently not under active development HOT 20
- Access Denied! You do not have access to this application. Please contact your administrator. HOT 1
- Signing both Message and Assertion throws Invalid Signature Error HOT 3
- CVE-2022-40152 affecting com.fasterxml.woodstox:woodstox-core HOT 3
- Unsigned saml assertions are not rejected HOT 1
- Signature validation failed. SAML Response rejected HOT 1
- Jakarta supported version HOT 3
- Testcases seems to be failing HOT 2
- Signing both Message and Assertion throws Invalid Signature Error HOT 1
- SAML Response - EncryptionMethod with Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" fails validation HOT 1
- Is onelogin saml toolkit supports the saml assertion decryption using the symmetric encryption method as well
- Preferred Alternative or Fork?
- Invalid_response Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd ( SAML Toolkit Java ) HOT 3
- Insecure/obsolete default signature algorithm HOT 1
- Please Help - clarification for using the SAML toolkit with existing Java Web Apps
- Links are broken for "How it Works" section
- Issues Javax EE to Jakarta EE using java-saml HOT 10
- SamlResponse.decryptAssertion, logical error
- xmlsec 2.2.3 vulnerabilities
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from java-saml.