Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZCS-11505: update library com.sun.org.apache.xml.internal to org.apache.santuario for JDK 17 support #97

Merged
merged 1 commit into from
Jun 9, 2022
Merged

ZCS-11505: update library com.sun.org.apache.xml.internal to org.apache.santuario for JDK 17 support #97

merged 1 commit into from
Jun 9, 2022

Conversation

dasiyogesh
Copy link
Contributor

Issue
With JDK 17 update there is error in validating SAML response as SamlDereferencer cannot access class com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput

2022-06-07 03:30:48,986 INFO  [qtp252651381-115:https://zqa-226.eng.zimbra.com/service/extension/samlreceiver] [] extensions - Error in validating SAML response.
javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: java.lang.IllegalAccessException: class com.zimbra.cs.security.saml.SamlDereferencer cannot access class com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput (in module java.xml.crypto) because module java.xml.crypto does not export com.sun.org.apache.xml.internal.security.signature to unnamed module @2c08c9e8
        at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:420) ~[java.xml.crypto:?]
        at org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:384) ~[java.xml.crypto:?]
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:278) ~[java.xml.crypto:?]
        at com.zimbra.cs.security.saml.SamlLoginReceiverHandler.validateSignature(SamlLoginReceiverHandler.java:332) ~[?:?]
        at com.zimbra.cs.security.saml.SamlLoginReceiverHandler.validateSamlResponse(SamlLoginReceiverHandler.java:218) ~[?:?]
        at com.zimbra.cs.security.saml.SamlLoginReceiverHandler.validateSamlResponse(SamlLoginReceiverHandler.java:195) ~[?:?]
        at com.zimbra.cs.security.saml.SamlLoginReceiverHandler.handleSamlResponse(SamlLoginReceiverHandler.java:127) ~[?:?]
        at com.zimbra.cs.security.saml.SamlLoginReceiverHandler.doPost(SamlLoginReceiverHandler.java:99) ~[?:?]

Fix
Library com.sun.org.apache.xml.internal:20050927 is not updated to support JDK 17, switched the library to org.apache.santuario:3.0.0 which works fine.

Testing
Verified the login works with SAML and no exceptions are seen.

https://github.com/Zimbra/zm-saml-consumer-store/pull/12

@dasiyogesh dasiyogesh merged commit 08ae078 into develop Jun 9, 2022
@dasiyogesh dasiyogesh deleted the bugfix/ZCS-11505 branch June 9, 2022 07:40
@umagmrit umagmrit mentioned this pull request Jun 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@desouzas desouzas desouzas approved these changes

@gautamdg gautamdg gautamdg approved these changes

@zimsuchitgupta zimsuchitgupta zimsuchitgupta approved these changes

@RakeshAMore RakeshAMore Awaiting requested review from RakeshAMore

@dawoodshaikh dawoodshaikh Awaiting requested review from dawoodshaikh

@prashantajari prashantajari Awaiting requested review from prashantajari

@abhishekdeshmukh2209 abhishekdeshmukh2209 Awaiting requested review from abhishekdeshmukh2209

@nilamraut24 nilamraut24 Awaiting requested review from nilamraut24

@ronstra-synacor ronstra-synacor Awaiting requested review from ronstra-synacor

@pallavikhairnar21 pallavikhairnar21 Awaiting requested review from pallavikhairnar21

@preshitaagrawal preshitaagrawal Awaiting requested review from preshitaagrawal

@rcyarrapothu rcyarrapothu Awaiting requested review from rcyarrapothu

@shrutig0510 shrutig0510 Awaiting requested review from shrutig0510

@nikdeshmukh nikdeshmukh Awaiting requested review from nikdeshmukh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dasiyogesh @desouzas @gautamdg @zimsuchitgupta