OpenSAML user discussion

[Chad La Joie <>]

No new releases of OpenSAML 1 will be made.  It has been end-of-lifed.
OpenSAML 2 is the only supported version.


 wrote:
> Hi,
> 
> we are still using opensaml 1.1 as our applicationservers do not yet 
> support saml 2.
> 
> I noticed in the sourcecode there was a bugfix solving the following issue:
> 
> The specification says that in a saml:Subject, either NameIdentifier or 
> ConfirmationMethod (in block SubjectConfirmation) is mandatory.
> However, the javacode building a SAMLSubject out of a dom Element never 
> reads the SubjectConfirmation part if the NameIdentifier is null.
> => if the NameIdentifier is null, it always throws a MalformedException.
> 
> This was solved in the latest version of SAMLSubject (of saml1.1):
> Revision 405 -  
> Modified Wed May 17 15:03:54 2006 EDT (2 years, 10 months ago) by cantor 
> Handle Subject with no NameID.
> 
> However,
> this version of the class is not in the downloadable jar which means 
> everyone using the jar of opensaml 1.1 has this bug.
> I can easily integrate the bugfix locally but some of our clients that will 
> be using opensaml1.1 to send/receive saml messages will have problems with 
> this unless I present them an updated jar.
> 
> Can't there be a new, official release of the jar containing the bugfix ?
> 
> 
> Frederik

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch