Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update MUJINA project to Follow New Spring Security SAML 2.0 Implementation #92

Open
wolfminseu opened this issue Jul 1, 2024 · 1 comment
Assignees

Comments

@wolfminseu
Copy link

I have noticed that the project relies on the Spring Security SAML extension (spring-attic/spring-security-saml), which is no longer maintained. Additionally, it uses Spring Security version 5.6.1.

Given that the Spring Security SAML 2.0 SP implementation has transitioned to using Saml2WebSsoAuthenticationFilter and OpenSaml4AuthenticationProvider, rather than the older SAMLProcessingFilter and SAMLAuthenticationProvider, I wanted to inquire about the future plans for the MUJINA SP & IDP.

Specifically:

Are there any plans to update the MUJINA SP to follow the new Spring Security SAML 2.0 implementation using Saml2WebSsoAuthenticationFilter and OpenSaml4AuthenticationProvider?

Since Spring Security does not provide support for an IdP, do you have any plans to create a new implementation for the IdP based on OpenSAML4 or potentially OpenSAML5, especially considering the releases of Spring Boot 3.x and jdk 22?

@oharsta
Copy link
Member

oharsta commented Jul 1, 2024

We have implemented a SAML2 IdP library end of 2023, which only depends on the Shibboleth SAML libraries. We already use this library in production for the eduID IdentityProvider as a replacement of the not-maintained Spring Security SAML extension.

We do have the intention on migrating Mujina IdP / SP to use this library in combination with the latest Spring Security libraries. However we have no urgent requirements for this migration, as we use the docker containerized Mujina SP / IdP only in our test-environments. If you have compelling reasons to see Mujina migrated, I would recommend a fork (and preferably a PR). We are of course more then willing to discuss the broadlines of what such a migration would include.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants