TauBeblein
commented
2 years ago Logging in IOISAML will be changed to SLF4J, which is already used in OPENSAML, this will give the needed flexibility. Unfortunately, netty, spring, and mockServer introduce dependencies to JCL and Log4j, so, to collect all logs correctly we need bridging.
To integrate to Log4j2 we need the following setup in the demo project:
<!-- Write all logging to Log4j2 -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
<version>2.14.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.32</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.32</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.32</version>
</dependency>
oiosaml2 had an interface called IExternalLogger, but oiosaml3 does not have one, so we cannot customize our logging. And it uses log4j1 library which has security vulnerabilities