Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Done
-
None
-
localhost
Description
Here is a pull request which adds an authentication handler for a SAML2 Service Provider via the embedded OpenSAML V3 dependencies
https://github.com/apache/sling-whiteboard/pull/51
TODO Before Initial
[X] Sync attributes released by the IDP
[X] Confirm license and attribution
"As the code is ASL2 and does not require a notice or anything else, we don't need to mention in. But I think its usually good style to do so and have a single sentence in our NOTICE that we include (modified) code from ... which has ASL2 as the license"
TODO After Initial
[X] Get confirmation the project builds and operates as expected
[X] Ensure that the NOTICE file is the correct one
[X] Testing setup ( documentation, local SAML provider, etc )
[X] Clarify whether we can depend on artifacts not deployed on Maven Central
[X] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects
* https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
[X] Decide whether to make signing and encryption optional. Currently it is required
[X] Get feedback whether README instructions are too much, too little, unclear, etc
[X] Consider whether use of SAML2ConfigService and SAML2ConfigServiceImpl is a good design or not.
[ok] Find and fix any bugs.
Attachments
Issue Links
- relates to
-
SLING-10193 SAML Auth Handler Initial Release
-
- Resolved
-
