Announce external OpenSAML init in spring-security#19059
Announce external OpenSAML init in spring-security#19059strehle wants to merge 1 commit intospring-projects:mainfrom
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
Signed-off-by: strehle <markus.strehle@sap.com>
strehle
force-pushed
the
opensaml-init-main
branch
from
39e6d70 to
cfbcded
Compare
|
Thanks for the contribution, @strehle. I will not be able to review this likely until after the 7.1 release in May. In the meantime, can you confirm if #14656 (comment) works in your case? |
Yes it works and I would also provide PRs for your downports, means 6.5.x because in CF we first had the challenge to decouple from the fix version of opensaml, e.g. and then as preparation before boot 4.x we will do Therefore I can provide a similar PR for your opensaml4 integration. because of the need for BC-FIPS we have forked parts of spring security but we will also remove that step by step.... before that PR, I have verified other approaches from other projects , e.g. elastic/elasticsearch#98785 but that was also somehow dangerous, so we know that SAML with EC keys will have restrictions, but this combination is not that common in enterprises |
3 participants
Problem: see details of #14656
Solution. Allow to mark with "initializedAlready" (name can be discussed), that OpenSAML was initialized outside of spring-security
There are situation, e.g. omit an algorithm and change one because you use FIPS, then you need another way of opensaml initialization and spring should not try to init it again.
This PR is in order to solve cloudfoundry/uaa#3811