Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 049561727D for ; Tue, 3 Feb 2015 13:51:34 +0000 (UTC) Received: (qmail 52170 invoked by uid 500); 3 Feb 2015 13:51:34 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 52129 invoked by uid 500); 3 Feb 2015 13:51:34 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 52118 invoked by uid 99); 3 Feb 2015 13:51:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Feb 2015 13:51:34 +0000 Date: Tue, 3 Feb 2015 13:51:34 +0000 (UTC) From: "moshiko kasirer (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-6237) CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303275#comment-14303275 ] moshiko kasirer commented on CXF-6237: -------------------------------------- in one project i have both CXF and openSAML dependencies. we have 2 areas we use SAML. one is CXF rest services in which we Create and validate SAML tokens that we receive using CXF filters and another which uses spring to authenticate using SAML token. the problem is that CXF 3.0.3 is comming with a parent pom versions that makes OpenSAML fail. i dont know what more to give you. the only thing i do know is that openSAML fails with XMLSEC 2.0.2 with the above error which doesnt happen with XMLSEC 1.5.6 On Tue, Feb 3, 2015 at 3:35 PM, Colm O hEigeartaigh (JIRA) > CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1) > -------------------------------------------------------------------------------- > > Key: CXF-6237 > URL: https://issues.apache.org/jira/browse/CXF-6237 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security, WS-* Components > Affects Versions: 3.0.3 > Reporter: moshiko kasirer > Assignee: Colm O hEigeartaigh > > Hi, > CXF-rt-ws-security 3.0.3 is working with wss4j of version: > 2.0.2 > an xmlsec version of version: > 2.0.2 > and open SAML of version: > 2.6.1 > that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version 2.*+ and throws multiple no method exist exceptions when working with 1.5.5* XMLSEC versions > and on the other hand the latest open SAML which is the CXF open saml version (2.6.1) fails on validating the SAML token when working with XMLSEC version 2.* > so actually when working with both CXF 3 and OPEN SAML 2.6.1 > this will happen > when working with xmlsec 1.5.* OPEN SAML works CXF fails > when working with xmlsec 2.0.* CXF works OPEN SAML fails... > you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is overrided by CXF and wss4j (2.0.2) > can you please help me figure out a way to overcome this issue? -- This message was sent by Atlassian JIRA (v6.3.4#6332)