Open willyborankin opened 1 year ago
stephen-crawford
commented
1 year ago [Triage] Hi @willyborankin, thank you for opening this issue. It sounds like you have done some research and that version 5 is in the works. Please follow up on what you recommend for moving forward (wait for v5 or not).
MaciejMierzwa
commented
11 months ago Hi, looking into this one
willyborankin
commented
11 months ago Hi, looking into this one
@MaciejMierzwa, thank you. The problem can be solved with OpenSAML 5.x but the minimum JDK version for it is JDK 17, since we still support JDK 11 it is not possible to move forward with it. Here is the issue about it: https://github.com/opensearch-project/security/issues/3609
MaciejMierzwa
commented
10 months ago Hi @willyborankin I created draft pr for the task: https://github.com/opensearch-project/security/pull/3894 Feel free to take a look and make suggestions
Is your feature request related to a problem? During review of https://github.com/opensearch-project/security/pull/2927, @cwperks mentioned that the main reason of why we still use HTTP commons 4 is
SamlHTTPMetadataResolverwhich reads IDP metadata file and track the state of it. The new version 4.3.0 still use HTTP commons 4 though.What solution would you like? To exclude HTTP commons 4 completely there are 2 options exists:
org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolverand implement almost the same logic asorg.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolverwhichSamlHTTPMetadataResolverextends.Shibbolethrepository with new version (do not know what is the process since repo is not GiHub one)