OpenSAML user discussion

[Brent Putman <>]

Prasanna Krishna wrote:

Hi Brent -
 
Thank you for your patience and immediate appropriate reply.
 
We now have another question: 
 
At this juncture we probably cannot move with the latest saml code base for this version of ours since we are already production like.

Well, the OpenSAML stack is (just barely, as of last week) implicitly in a beta state, because we rolled out Shibboleth in beta1.  Based on the key vs. Credential API change I noted, which SVN shows took place on 5/22/07, the (alpha) code that you are using is at least 4+ months old.  There have been a lot of changes to the code since then, especially with the security related components.  I obviously can't tell you what to do, but I would strongly advise you to reconsider using that in production.

 
Please suggest how I can set the digest algorithm to 'sha1' from within the code snippet I sent you earlier.

Well, it's going to be the same mechanism, just change the algorithm URI constant:

response.setSignature(signature);
((SAMLObjectContentReference)signature.getContentReferences().get(0))
      .setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);

 
Also can you please let me know or point me to the current stable distribution of open saml or is it that we should build the jars from the source?

There is currently no packaged source or binary distribution, stable or otherwise.  Checkout from SVN is still the way to go.  The OpenSAML stack is implictly in a beta1 state, concurrent with the Shibboleth beta1 (really a rolling beta), although we haven't actually formally tagged a beta1 for OpenSAML yet.  We'll probably do that very soon, to give people a consistent target against which to start really testing and developing in earnest.  However, I doubt we will be providing an official binary distribution for at least a little while - at the earliest probably a later, more formal beta stage.  We haven't discussed a timeline for that yet, it could be sooner.


--Brent