- changed status to open
OpenSAML dependencies and the upcoming V4
I can see 3 dependencies to OpenSAML in the POM file:
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml-core</artifactId>
<version>[3.0.0,)</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml-saml-api</artifactId>
<version>[3.0.0,)</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml-saml-impl</artifactId>
<version>[3.0.0,)</version>
<optional>true</optional>
</dependency>
I noticed that when my own POM file has Shibboleth releases repository enabled [1], the dependencies above already resolve to the 4.0.0-beta1 version, which was couple weeks ago. So, once OpenSAML V4 gets released in a near future, I assume also Maven central will have it and thus V4 will be resolved. I don’t know how you exploit OpenSAML, but as its API will change from V3 to V4, it may be reasonable to define the dependencies so that V3 is always resolved.
[1] https://mvnrepository.com/artifact/org.opensaml/opensaml-core?repo=shibboleth-releases
Comments (2)
-
-
- changed status to resolved
Fixed version to latest stable v3: df50efb8
(OpenSAML used to exchange SAML bearer assertions for OAuth 2.0 tokens - https://connect2id.com/products/server/docs/integration/saml-bearer-grant-handler)
- Log in to comment