Monday, May 28, 2012

Apache WSS4J 1.6.6 released

Apache WSS4J 1.6.6 has been released and is available for download. WSS4J 1.6.6 contains an upgrade to use XML Security 1.5.2, the features of which are covered in a previous blog entry. Some significant fixes in the new release include:
  • Support for a configurable clock skew setting when processing the "NotBefore" timestamp associated with a SAML Token. 
  • Extending the maximum Time-To-Live setting associated with validating a Timestamp from the old value of 25 days.
  • Support for populating SubjectConfirmationData attributes of a SAML Assertion.
  • Support for a wider range of AuthenticationMethod values for SAML 1.1 Assertions.

Wednesday, May 16, 2012

Apache XML Security for Java 1.4.7 and 1.5.2 released

There are two new releases for the Apache XML Security for Java project, which are now available for download. The main feature of the 1.5.2 release is that the default canonicalization algorithm for encryption has changed from inclusive with comments to a new canonicalization algorithm that preserves the physical representation of the element being encrypted. This change fixes a problem where an element might be decrypted to the wrong namespace. The release notes are available here.

The 1.4.7 release fixes a problem with a missing KeyInfo Element when multiple elements are encrypted, as well as a number of other issues. The release notes are available here.