OpenSAML user discussion

["Scott Cantor" <>]

Craig Setera wrote on 2009-06-15:
> 1) My understanding is that OpenSAML 2 is not API compatible with 1.1?
> How difficult is it going to be to switch?  Are there good migration
> instructions anywhere?

There are no instructions for much of anything in either version, that's
always been true. The old library has been unsupported for over a year, so
you either switch, regardless of the pain, or you're now the proud
maintainer of a SAML library. That's why we don't advertise or market this
code. We don't have the resources to provide any niceties.

> 2) At least at the moment, I've been stepping through code and this
> *seems* to be down in the Apache XML security layer.  Does OpenSAML 2
> continue to use the same underlying libraries?  Makes me wonder if I
> will see a difference?

There's no way to answer that without knowing what the problem is. Yes, the
new code uses the same library (probably a much newer version). There are
substantial differences in how the code handles signing, but verification
still basically requires the original DOM and just hands it to the same
code. Chances are it's being corrupted in transit if the signing code is
known to work.

-- Scott