Loading…
Tilbage
×

Info

Der findes en nyere version af resourcen her

oiosaml.java 2.1.1

25-01-2020 12:25:14
Version: 2.1.1

OIOSAML for Java release 2.1.1 has been made available. This release contains the following changes

  • Improved validation of timestamps on SAML assertions
  • Support for upcoming change to browsers handling of missing samesite attribute on cookies)

Code repository

The SVN repository on Softwarebørsen has been closed, and the code is being moved to Github. When the migration is completed, it will be made availble here

https://github.com/digst/OIOSAML.Java

Maven repository

The binary artifacts are distributed as Maven dependencies, and can be located here

https://mvnrepository.com/artifact/dk.digst/oiosaml2.java

Note about SameSite handling

From Chrome version 80 and onwards, cookies that does not contain a SameSite attribute, will not be included in cross-domain communication. This causes several issues with SAML-based logins

For details on the planned Chrome rollout, please read the following

https://www.chromium.org/updates/same-site

If your application stores data on the servlet session before the user logs in, those data will be lost after a successful login, unless your application handles this by either

  • Ensuring that session cookies has the SameSite=none attribute set
  • Or adding the SessionCopyListener servlet Listener to web.xml configuration file

If your application does not store data on the servlet session before login, or your session cookies has the SameSite=none attribute set, then you do not need to add the SessionCopyListener servlet Listener, but if you do, add the following section to your web.xml file


<listener>
<listener-class>dk.itst.oiosaml.sp.service.session.SessionCopyListener</listener-class>
</listener>

This Listener implementation the SameSiteSessionSynchronizer interface found in the OIOSAML.java framework, and ensures that session data is correctly stored during the SAML communication flows.

If you need customized functionality in your session handling, you can implement the interface yourself, and configure OIOSAML.java to use your custom class with this setting

oiosaml-sp.samesite.handler=com.company.MyImplementationClass