guanxi idp 2 1 1 released

Fri, Dec 4, 2009

This is a update that improves explicit key validation and PKIX path validation, as well as improving the efficiency of the attributor process. The release is available from the project site.

Common

  • v2.0.5
  • Updated org.guanxi.common.trust.impl.ShibbolethTrustEngineImpl to use updated embedded key validation
  • Updated org.guanxi.common.trust.TrustUtils, removed validateWithEmbeddedCert(), added validateEmbeddedCert() to fully implement public key comparison for checking message/tls keys with metadata keys. Added hostname to the metadata validating process to support virtual KeyName validation.
  • Updated org.guanxi.common.trust.TrustUtils::validateClientCert to use validateEmbeddedCert for explicit key validation.
  • Updated org.guanxi.common.trust.TrustUtils::validateX509WithKeyName to use the hostname as a “virtual” KeyName as per the Shibboleth spec.
  • Updated org.guanxi.common.trust.TrustUtils::validateCertPath to full PKIX path validation.
  • Updated org.guanxi.common.metadata.Metadata to store the hostname of a validation session
  • Updated org.guanxi.common.metadata.impl.GuanxiSAML2MetadataImpl for the new hostname methods
IdP
  • v2.1.1
  • Updated org.guanxi.idp.farm.attributors.SimpleAttributor, added arp(), map() and added config file loading to init(). Added abstract getAttributes()
  • Updated org.guanxi.idp.farm.attributors.JDBCAttributor, to use base class arp() and map() methods
  • Updated org.guanxi.idp.farm.attributors.JDBCAttributor::getAttributes to not throw GuanxiException as it breaks the attribute flow
  • Updated org.guanxi.idp.farm.attributors.FlatFileAttributor, to use base class arp() and map() methods
  • Updated org.guanxi.idp.farm.attributors.LDAPAttributor, to use base class arp() and map() methods
  • Updated org.guanxi.idp.trust.impl.IdPTrustEngineImpl to pass the hostname to the trust engine for virtual KeyName validation

comments powered by Disqus