sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Munteanu (Jira)" <j...@apache.org>
Subject [jira] [Updated] (SLING-9397) SAML2 Authentication Handler [initial submission]
Date Tue, 26 May 2020 18:03:00 GMT

     [ https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Munteanu updated SLING-9397:
-----------------------------------
    Description: 
Here is a pull request which adds an authentication handler for a SAML2 Service Provider via
the embedded OpenSAML V3 dependencies

[https://github.com/apache/sling-whiteboard/pull/51]

 

*TODO Before Initial*

[X] Sync attributes released by the IDP

[X] Confirm license and attribution 

"As the code is ASL2 and does not require a notice or anything else, we don't need to mention
in. But I think its usually good style to do so and have a single sentence in our NOTICE that
we include (modified) code from ... which has ASL2 as the license"

 

*TODO After Initial* 

[ ] Get confirmation the project builds and operates as expected

[X] Ensure that the NOTICE file is the correct one

[ ] Testing setup ( documentation, local SAML provider, etc )

[ ] Clarify whether we can depend on artifacts not deployed on Maven Central

[ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects 

* [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]

[ ] Consider whether use of {{SAML2ConfigService}} and {{SAML2ConfigServiceImpl}} is a
good design or not.

[ ] Get feedback whether README instructions are too much, too little, unclear, etc

[ ] Decide whether to make signing and encryption optional. Currently it is required

[ ] Find and fix any bugs

 

  was:
Here is a pull request which adds an authentication handler for a SAML2 Service Provider via
the embedded OpenSAML V3 dependencies

[https://github.com/apache/sling-whiteboard/pull/51]

 

*TODO Before Initial*

[X] Sync attributes released by the IDP

[X] Confirm license and attribution 

"As the code is ASL2 and does not require a notice or anything else, we don't need to mention
in. But I think its usually good style to do so and have a single sentence in our NOTICE that
we include (modified) code from ... which has ASL2 as the license"

 

*TODO After Initial* 

[ ] Get confirmation the project builds and operates as expected

[X] Ensure that the NOTICE file is the correct one

[ ] Clarify whether we can depend on artifacts not deployed on Maven Central

[ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects 

* [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]

[ ] Consider whether use of {{SAML2ConfigService}} and {{SAML2ConfigServiceImpl}} is a
good design or not.

[ ] Get feedback whether README instructions are too much, too little, unclear, etc

[ ] Decide whether to make signing and encryption optional. Currently it is required

[ ] Find and fix any bugs

 


> SAML2 Authentication Handler [initial submission]
> -------------------------------------------------
>
>                 Key: SLING-9397
>                 URL: https://issues.apache.org/jira/browse/SLING-9397
>             Project: Sling
>          Issue Type: New Feature
>          Components: Authentication
>         Environment: localhost
>            Reporter: Cris Rockwell
>            Priority: Major
>              Labels: SAML, authentification, security, user_management
>   Original Estimate: 168h
>          Time Spent: 1h
>  Remaining Estimate: 167h
>
> Here is a pull request which adds an authentication handler for a SAML2 Service Provider
via the embedded OpenSAML V3 dependencies
> [https://github.com/apache/sling-whiteboard/pull/51]
>  
> *TODO Before Initial*
> [X] Sync attributes released by the IDP
> [X] Confirm license and attribution 
> "As the code is ASL2 and does not require a notice or anything else, we don't need to
mention in. But I think its usually good style to do so and have a single sentence in our
NOTICE that we include (modified) code from ... which has ASL2 as the license"
>  
> *TODO After Initial* 
> [ ] Get confirmation the project builds and operates as expected
> [X] Ensure that the NOTICE file is the correct one
> [ ] Testing setup ( documentation, local SAML provider, etc )
> [ ] Clarify whether we can depend on artifacts not deployed on Maven Central
> [ ] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects 
> * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]
> [ ] Consider whether use of {{SAML2ConfigService}} and {{SAML2ConfigServiceImpl}} is
a good design or not.
> [ ] Get feedback whether README instructions are too much, too little, unclear, etc
> [ ] Decide whether to make signing and encryption optional. Currently it is required
> [ ] Find and fix any bugs
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message