From larry.mccay at gmail.com Tue Jan 6 11:06:54 2015 From: larry.mccay at gmail.com (larry mccay) Date: Tue, 6 Jan 2015 11:06:54 -0500 Subject: [security-dev] Handling of NameIDType objects in SAML2AuthenticationHandler Message-ID: All - I've run into an issue while trying to POC the use of picketlink for SAML based SSO against the hosted shibboleth IdP at testshib.org. This was an issue that was reported in PLINK2-10 which was set as resolved but never verified. The issue manifests as an exception while handling adding the roles from the assertion because of an unknown role type. I have verified a fix for this issue that will actually complete that previous issue and can provide a pull request for it. The fact that the PLINK2 jira system is old and deprecated makes it confusing as to where to hang the pull request. Would you like me to create a new jira for this issue in PLINK? Also, do you prefer pull requests or patches? thanks, --larry -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/security-dev/attachments/20150106/a9e395bb/attachment-0001.html From psilva at redhat.com Wed Jan 7 07:03:52 2015 From: psilva at redhat.com (Pedro Igor Silva) Date: Wed, 7 Jan 2015 07:03:52 -0500 (EST) Subject: [security-dev] Handling of NameIDType objects in SAML2AuthenticationHandler In-Reply-To: References: Message-ID: <645585695.5017851.1420632232205.JavaMail.zimbra@redhat.com> ----- Original Message ----- > From: "larry mccay" > To: security-dev at lists.jboss.org > Sent: Tuesday, January 6, 2015 2:06:54 PM > Subject: [security-dev] Handling of NameIDType objects in SAML2AuthenticationHandler > > All - > > I've run into an issue while trying to POC the use of picketlink for SAML > based SSO against the hosted shibboleth IdP at testshib.org . > > This was an issue that was reported in PLINK2-10 which was set as resolved > but never verified. > > The issue manifests as an exception while handling adding the roles from the > assertion because of an unknown role type. > > I have verified a fix for this issue that will actually complete that > previous issue and can provide a pull request for it. > > The fact that the PLINK2 jira system is old and deprecated makes it confusing > as to where to hang the pull request. > > Would you like me to create a new jira for this issue in PLINK? Yes, please. > > Also, do you prefer pull requests or patches? You can send a PR. Thanks. > > thanks, > > --larry > > _______________________________________________ > security-dev mailing list > security-dev at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/security-dev From adamdong at vidder.com Thu Jan 15 17:30:20 2015 From: adamdong at vidder.com (Adam Dong) Date: Thu, 15 Jan 2015 22:30:20 +0000 Subject: [security-dev] How to bring over the source code ? Message-ID: How to check out SAML/federation related code ? I did this a few months back for 2.6.0.final, now I'd like to bring over the code for 2.7.0.CR3, but don't remember how to do it. Thanks, Adam Dong From psilva at redhat.com Thu Jan 15 20:36:37 2015 From: psilva at redhat.com (Pedro Igor Silva) Date: Thu, 15 Jan 2015 20:36:37 -0500 (EST) Subject: [security-dev] How to bring over the source code ? In-Reply-To: References: Message-ID: <1157453224.10422547.1421372197226.JavaMail.zimbra@redhat.com> Here is the tag. https://github.com/picketlink/picketlink/tree/v2.7.0.CR3/modules/federation/src/main/java/org/picketlink/identity/federation/core/saml/v2 ----- Original Message ----- From: "Adam Dong" To: security-dev at lists.jboss.org Sent: Thursday, January 15, 2015 8:30:20 PM Subject: [security-dev] How to bring over the source code ? How to check out SAML/federation related code ? I did this a few months back for 2.6.0.final, now I'd like to bring over the code for 2.7.0.CR3, but don't remember how to do it. Thanks, Adam Dong _______________________________________________ security-dev mailing list security-dev at lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev From pskopek at redhat.com Fri Jan 16 02:13:18 2015 From: pskopek at redhat.com (Peter Skopek) Date: Fri, 16 Jan 2015 08:13:18 +0100 Subject: [security-dev] How to bring over the source code ? In-Reply-To: References: Message-ID: <54B8BA0E.9090304@redhat.com> Adam, you can also follow 2.6.x maintenance branch. PicketLink: https://github.com/picketlink/picketlink/tree/2.6.x PicketLink Bindings: https://github.com/picketlink/picketlink-bindings/tree/2.6.x HTH, Peter On 01/15/2015 11:30 PM, Adam Dong wrote: > > How to check out SAML/federation related code ? > > I did this a few months back for 2.6.0.final, now I'd like to bring over the code for 2.7.0.CR3, but don't remember how to do it. > > Thanks, > Adam Dong > > _______________________________________________ > security-dev mailing list > security-dev at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/security-dev > From adamdong at vidder.com Fri Jan 23 14:22:21 2015 From: adamdong at vidder.com (Adam Dong) Date: Fri, 23 Jan 2015 19:22:21 +0000 Subject: [security-dev] What is the meaning of CR in the release name (like 2.7.0.CR3) ? When will 2.7.0.Final be out ? Message-ID: What is the meaning of CR in the release name (like 2.7.0.CR3) ? When will 2.7.0.Final be out ? Thanks, Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/security-dev/attachments/20150123/6ed5bd2d/attachment.html From psilva at redhat.com Fri Jan 23 14:40:10 2015 From: psilva at redhat.com (Pedro Igor Silva) Date: Fri, 23 Jan 2015 14:40:10 -0500 (EST) Subject: [security-dev] What is the meaning of CR in the release name (like 2.7.0.CR3) ? When will 2.7.0.Final be out ? In-Reply-To: References: Message-ID: <195797989.14350791.1422042010491.JavaMail.zimbra@redhat.com> Hey Adam, CR means Candidate Release. Final release is planned around middle of feb. Regards. ----- Original Message ----- From: "Adam Dong" To: security-dev at lists.jboss.org Sent: Friday, January 23, 2015 5:22:21 PM Subject: [security-dev] What is the meaning of CR in the release name (like 2.7.0.CR3) ? When will 2.7.0.Final be out ? What is the meaning of CR in the release name (like 2.7.0.CR3) ? When will 2.7.0.Final be out ? Thanks, Adam _______________________________________________ security-dev mailing list security-dev at lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev