OpenConext / Mujina

A mock IDP and SP using the OpenSAML library
Apache License 2.0
369 stars 166 forks source link

Update MUJINA project to Follow New Spring Security SAML 2.0 Implementation #92

Open wolfminseu opened 5 months ago

wolfminseu commented 5 months ago

I have noticed that the project relies on the Spring Security SAML extension (spring-attic/spring-security-saml), which is no longer maintained. Additionally, it uses Spring Security version 5.6.1.

Given that the Spring Security SAML 2.0 SP implementation has transitioned to using Saml2WebSsoAuthenticationFilter and OpenSaml4AuthenticationProvider, rather than the older SAMLProcessingFilter and SAMLAuthenticationProvider, I wanted to inquire about the future plans for the MUJINA SP & IDP.

Specifically:

Are there any plans to update the MUJINA SP to follow the new Spring Security SAML 2.0 implementation using Saml2WebSsoAuthenticationFilter and OpenSaml4AuthenticationProvider?

Since Spring Security does not provide support for an IdP, do you have any plans to create a new implementation for the IdP based on OpenSAML4 or potentially OpenSAML5, especially considering the releases of Spring Boot 3.x and jdk 22?

oharsta commented 5 months ago

We have implemented a SAML2 IdP library end of 2023, which only depends on the Shibboleth SAML libraries. We already use this library in production for the eduID IdentityProvider as a replacement of the not-maintained Spring Security SAML extension.

We do have the intention on migrating Mujina IdP / SP to use this library in combination with the latest Spring Security libraries. However we have no urgent requirements for this migration, as we use the docker containerized Mujina SP / IdP only in our test-environments. If you have compelling reasons to see Mujina migrated, I would recommend a fork (and preferably a PR). We are of course more then willing to discuss the broadlines of what such a migration would include.