Add to collection(s) Add to saved
  1. No category

Word - Spring JIRA

advertisement 
[SES-166] Consider using OpenSAML 2.6.4 (or above)? Created: 21/May/15
Updated:
05/Feb/16 Resolved: 05/Feb/16
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Closed
SX Spring Security Extension
saml
saml-1.0.1
Type:
Reporter:
Resolution:
Labels:
Remaining
Estimate:
Time Spent:
Original
Estimate:
Improvement
Thomas Maslen
Complete
None
Not Specified
None
Priority:
Assignee:
Votes:
Minor
Vladimir Schäfer
2
Not Specified
Not Specified
Description
If I understand correctly, spring-security-saml2-core (both in 1.0.1.RELEASE and in master) is
using OpenSAML 2.6.1 (as 1.0.0.RELEASE did).
That's not terrible, but there are a couple of fine reasons for moving to OpenSAML 2.6.4 or
above (IIRC latest is 2.6.5):


It fixed an XML vulnerability
In the course of doing that it got rid of all the awkward stuff that wanted to have
endorsed JARs for some of the XML libraries, so it's a lot easier now to have e.g. a nice,
self-contained WAR file
[OpenSAML 3 has also been released (3.0.0, 3.1.0 and 3.1.1) and OpenSAML 2 may be headed
toward legacy status, but the upgrade to 2.6.4+ is easy whereas moving to 3.* may be
nontrivial].
[By the way, JIRA lists saml-1.0.0 and saml-1.0.1 under "Unreleased versions"]
Comments
Comment by manoj pathak [ 25/May/15 ]
Does this solve my decryption issue which I am facing while encrypting SAML token.
DEBUG Decrypter:631 - Attempt to decrypt EncryptedKey using credential from KEK KeyInfo
resolver failed:
org.opensaml.xml.encryption.DecryptionException: Probable runtime exception on
decryption:unknown parameter type.
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:705)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628)
at
org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
09:21:51,120 ERROR Decrypter:639 - Failed to decrypt EncryptedKey, valid decryption key
could not be resolved
09:21:51,120 DEBUG Decrypter:787 - Attempt to decrypt EncryptedData using key extracted
from EncryptedKey faile
Comment by Richard Kettelerij [ 13/Aug/15 ]
+1, I would suggest moving to OpenSAML 3.x if possible.
Comment by Donnchadh O Donnabhain [ 26/Oct/15 ]
+1 for OpenSAML 3.x
Comment by marian lopatnic [ 09/Dec/15 ]
+1 for OpenSAML 3.x
Comment by George Stanchev [ 07/Jan/16 ]
+1 for OpenSAML 3.x
Generated at Tue Feb 09 13:18:27 UTC 2016 using JIRA 6.4.11#64026sha1:78f6ec473a3f058bd5d6c30e9319c7ab376bdb9c.
Related documents
VideoCase08:_Security
VideoCase08:_Security
Approval to Decrypt Device for Travel
Approval to Decrypt Device for Travel
Description
Description
Generic encryption
Generic encryption
Notes16
Notes16
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
Download
advertisement