cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6237) CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1)
Date Tue, 03 Feb 2015 14:22:34 GMT

    [ https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303329#comment-14303329
] 

Sergey Beryozkin commented on CXF-6237:
---------------------------------------

We are not discussing here why CXF works with OpenSaml 2.6.1 and XmlSec 2.0.2 because you
think it should not based on the fact that your Spring filters do not work with OpenSaml 2.6.1
and XmlSec 2.0.2. This is nothing to do with CXF.

I've asked you a very specific question, why OpenSaml 2.6.1 code you linked to fails to provide
a list of Credentials to XmlSec. This is absolutely not related to CXF. To be honest, IMHO
this issue needs to be closed as Invalid. However I'm curious why that non-CXF code fails
- it is up to you whether to investigate that and let us know more details for Colm do decide
if it is related to XmlSec 2.0.2 at all or is it due to Spring filters getting confused somehow



> CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1)
> --------------------------------------------------------------------------------
>
>                 Key: CXF-6237
>                 URL: https://issues.apache.org/jira/browse/CXF-6237
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security, WS-* Components
>    Affects Versions: 3.0.3
>            Reporter: moshiko kasirer
>            Assignee: Colm O hEigeartaigh
>
> Hi, 
> CXF-rt-ws-security 3.0.3 is working with wss4j of version: 
> <cxf.wss4j.version>2.0.2</cxf.wss4j.version>
> an xmlsec version of version:
> <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version>
> and open SAML of version:
> <cxf.opensaml.version>2.6.1</cxf.opensaml.version>
> that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version 2.*+ and
throws multiple no method exist exceptions when working with 1.5.5*  XMLSEC versions
> and on the other hand the latest open SAML which is the CXF open saml version (2.6.1)
fails on validating the SAML token when working with XMLSEC version 2.*
> so actually when working with both CXF 3 and OPEN SAML 2.6.1 
> this will happen 
> when working with xmlsec 1.5.*  OPEN SAML works CXF fails   
> when working with xmlsec 2.0.*  CXF works OPEN SAML fails...
> you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is overrided
by CXF and wss4j (2.0.2)
> can you please help me figure out a way to overcome this issue?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message