Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove OpenSAML3 support #10556

Closed
marcusdacoregio opened this issue Nov 29, 2021 · 3 comments · Fixed by #11789
Closed

Remove OpenSAML3 support #10556

marcusdacoregio opened this issue Nov 29, 2021 · 3 comments · Fixed by #11789
Assignees
@rwinch
Labels
in: saml2 An issue in SAML2 modules type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Milestone
6.0.0-RC1

Comments

@marcusdacoregio
Copy link
Contributor

Currently, the spring-security-saml2-service-provider supports the two versions of OpenSAML: 3 and 4.

Since the classes for OpenSAML3 are already deprecated in Spring Security, we should remove them in version 6.0.

It will also simplify the version management and make it more clear for users which version to use. See #10547
@marcusdacoregio marcusdacoregio added type: enhancement A general enhancement in: saml2 An issue in SAML2 modules labels Nov 29, 2021
@marcusdacoregio marcusdacoregio added this to the 6.0.0-M1 milestone Nov 29, 2021
@marcusdacoregio marcusdacoregio self-assigned this Nov 29, 2021
@marcusdacoregio marcusdacoregio mentioned this issue Nov 29, 2021
Closed
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.0-M1, 6.x, 6.0.0-M2 Jan 17, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.0-M2, 6.x Feb 15, 2022
@rwinch rwinch modified the milestones: 6.0.x, 6.0.0-M4 Mar 25, 2022
@rwinch rwinch added the type: breaks-passivity A change that breaks passivity with the previous release label Mar 25, 2022
@marcusdacoregio marcusdacoregio mentioned this issue Apr 20, 2022
Closed
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue May 6, 2022
@marcusdacoregio
Remove OpenSAML3 support
4df12a0 
Closes spring-projectsgh-10556
@sjohnr sjohnr modified the milestones: 6.0.0-M4, 6.0.0-M5, 6.0.0-M6 May 16, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.0-M6, 6.0.x Jun 2, 2022
@rwinch rwinch assigned rwinch and unassigned marcusdacoregio Jun 13, 2022
@phtyson
Copy link

phtyson commented Aug 1, 2022
edited
Loading

The 6.0.0-M5 spring-security-saml2-service-provider pom uses opensaml 3.4.6. I had to exclude this and add opensaml4 dependencies, in order to get compatible jakarta servlet libraries (not javax.servlet). Consider updating pom to opensaml4 version.
Correction: opensaml4 AbstractHttpServletResponseMessageEncoder still wants to use javax.servlet.http.HttpServletResponse, which is a problem in java17

@marcusdacoregio
Copy link
Contributor Author

Thank you @phtyson. I've opened #11658 to track the issue.

@marcusdacoregio marcusdacoregio mentioned this issue Aug 2, 2022
Open
@phtyson
Copy link

phtyson commented Aug 2, 2022

Further to my previous comment, none of the opensaml 4.x releases or snapshots work with java17. I used opensaml 5.0.0-SNAPSHOT.

@marcusdacoregio marcusdacoregio mentioned this issue Aug 5, 2022
Closed
@marcusdacoregio marcusdacoregio mentioned this issue Sep 1, 2022
Closed
@rwinch rwinch mentioned this issue Sep 7, 2022
Merged
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.x, 6.0.0-M7, 6.0.0-RC1 Sep 13, 2022
jzheaux pushed a commit to rwinch/spring-security that referenced this issue Sep 20, 2022
@rwinch @jzheaux
Remove Deprecated OpenSAML 3 Support
47f505f 
Closes spring-projectsgh-10556
jzheaux pushed a commit that referenced this issue Sep 20, 2022
@rwinch @jzheaux
Remove Deprecated OpenSAML 3 Support
48e31f8 
Closes gh-10556
@bclozel bclozel mentioned this issue Oct 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: saml2 An issue in SAML2 modules type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.0.0-RC1
Development

Successfully merging a pull request may close this issue.

Remove Deprecated OpenSAML 3 Support rwinch/spring-security
4 participants
@rwinch @phtyson @sjohnr @marcusdacoregio