jzheaux
commented
4 years ago Hi, @dimitar-stanev, thanks for the report.
This is actually in accordance with the OpenSAML documentation - OpenSAML 2.x artifacts are published to Shibboleth's Maven repository and intentionally not published to Maven Central. Any 2.x version in Maven Central was published there by a third-party.
Hi team,
First of all, thanks for all the hard work and great addition to the spring security module with this great extension, the ease it provides by using dsl setup is awesome! Now on to my question/suggestion:
The current version of the extension saml2-core we have been using is 1.0.9.RELEASE
This, at some point started pointing to a dependency of version 2.6.6 of org.opensaml:opensaml, and this is only hosted on a private repo ( alfresco ) , and mavencentral, jcenter etc. bigger repositories don't have that version and only go up to 2.6.4.
This problem is solvable, of course, for example by just excluding this module and using one version you do have access to, but I think that this behavior is undesirable for people and adding new repositories for companies that use central ones ( for example an instance of JFrog Artifactory ) can cause problems.
Thanks in advance for taking the time to read this and answer!
Kind regards, Dimitar Stanev