[ https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303272#comment-14303272 ]
Sergey Beryozkin commented on CXF-6237: --------------------------------------- So you use OpenSaml with a non-CXF SAML WebSso ? And also CXF for something else (not its own SAML WebSSO SP module [1]) ? IMHO it is a not a CXF issue but XmlSec 2.0.2 issue. Please consider raising an XMLSec issue (OpenSaml 2.6.1 org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator.validate does not work with XmlSec 2.0.2). Might also make sense to investigate if [1] would work for you. We have a demo of [1] being used with Shibboleth... Cheers, Sergey [1] http://cxf.apache.org/docs/saml-web-sso.html > CXF 3.0.3 rt-security has problems working with latest open saml version > (2.6.1) > -------------------------------------------------------------------------------- > > Key: CXF-6237 > URL: https://issues.apache.org/jira/browse/CXF-6237 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security, WS-* Components > Affects Versions: 3.0.3 > Reporter: moshiko kasirer > Assignee: Colm O hEigeartaigh > > Hi, > CXF-rt-ws-security 3.0.3 is working with wss4j of version: > <cxf.wss4j.version>2.0.2</cxf.wss4j.version> > an xmlsec version of version: > <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version> > and open SAML of version: > <cxf.opensaml.version>2.6.1</cxf.opensaml.version> > that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version > 2.*+ and throws multiple no method exist exceptions when working with 1.5.5* > XMLSEC versions > and on the other hand the latest open SAML which is the CXF open saml version > (2.6.1) fails on validating the SAML token when working with XMLSEC version > 2.* > so actually when working with both CXF 3 and OPEN SAML 2.6.1 > this will happen > when working with xmlsec 1.5.* OPEN SAML works CXF fails > when working with xmlsec 2.0.* CXF works OPEN SAML fails... > you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is > overrided by CXF and wss4j (2.0.2) > can you please help me figure out a way to overcome this issue? -- This message was sent by Atlassian JIRA (v6.3.4#6332)