jzheaux
commented
1 year ago Thanks for reaching out, @siddharth-78.
Given that the two codebases are quite different, there may not be a 1-to-1 package replacement, which is why no such table exists. Instead, there are samples written with both libraries that you can compare. Have you already tried the sample applications?
Let me make an attempt to draw a comparison to what you have outlined here. If that isn't sufficient, then I'd recommend that you create a simplified GitHub sample application that demonstrates the setup and post to StackOverflow, where you and I can work together on getting your questions answered in more detail. After that, it may be clearer what should specifically be added to the migration guide.
org.opensaml.saml2.metadata, org.opensaml.xml, org.opensaml.xml.security, org.opensaml.xml.signature, org.opensaml.xml.security.credential, org.opensaml.saml2.core
These are OpenSAML packages. Spring Security wraps OpenSAML; so you should be able to still use it. Note, though, that the OpenSAML team has not supported 2.6 for several years now. Spring Security works against OpenSAML 4. You would need to consult the OpenSAML team for more guidance on how to upgrade from 2 up to 4.
org.springframework.security.saml.key
I believe what you are looking for here is org.springframework.security.saml2.core.Saml2X509Credential. You can configure credentials in a RelyingPartyRegistration instance.
org.springframework.security.saml.metadata
Metadata is represented in a RelyingPartyRegistration instance.
org.springframework.security.providers
Spring Security supports a single authentication provider, OpenSaml4AuthenticationProvider. It supports the WebSSO POST Binding. You can read about it in the reference manual.
org.springframework.security.saml.userdetails
There is no user details service implementation. Instead, you can call OpenSaml4AuthenticationProvider#setAuthenticationResponseConverter and use that to connect to your database.
My recommendation is the following:
- Take a look at the sample applications that are linked to in the migration guide
- Read the reference documentation to learn the new API
- Reach out through a question on StackOverflow that includes a minimal sample application.
I'm working on upgrading spring-security-saml2-core from version 1.0.10.RELEASE to 2.0.0.M31 in my project. I don't want to switch to the newer spring-security-library. After the upgrade, I face the following missing import errors on compilation:
org.opensaml.saml2.metadata (from org.opensaml:opensaml:2.6.6 jar)
org.opensaml.xml (from org.opensaml:xmltooling:1.4.4 jar)
org.opensaml.xml.security (from org.opensaml:xmltooling:1.4.4 jar)
org.opensaml.xml.signature (from org.opensaml:xmltooling:1.4.4 jar)
org.springframework.security.saml.key (from org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE jar)
org.springframework.security.saml.metadata (from org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE jar)
org.opensaml.xml.security.credential (from org.opensaml:xmltooling:1.4.4 jar)
org.springframework.security.providers (from org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE jar)
org.opensaml.saml2.core (from org.opensaml:opensaml:2.6.6 jar)
org.springframework.security.saml.userdetails (from org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE jar)
These missing imports are crucial for my application, and I'm unable to compile the code without resolving them.
I was expecting the migration to be straightforward, but unfortunately, that was not the case. I've looked for migration documentation to help with the transition, but the only document available is the SAML 2.0 Migration Guide. However, it's poorly written and doesn't suggest alternate packages for the ones that have changed.
I expected to find a clear and concise migration path, including the necessary package replacements. Now, I'm stuck with these compilation errors and unsure how to proceed. [Good example doc: https://restsharp.dev/v107/#reference]
Can anyone point me to the alternatives or solutions for these missing imports? Any help or guidance on this migration would be greatly appreciated.