3

I recently tried to upgrade saml2-core from 1.0.10 to 2.0.0.M31. When I tried building the project it fails with many "cannot find symbol" and "package does not exists" exceptions.

[ERROR] /C:/restproject/restsecurity/restsaml2/src/main/java/security/entry/AbstractSaml2AuthEntryPoint.java:[33,99] cannot find symbol
  symbol:   class SAMLEntryPoint
  location: package org.springframework.security.saml
[ERROR] /C:/restproject/restsecurity/restsaml2/src/main/java/security/binding/RestHTTPArtifactEncoder.java:[35,46] cannot find symbol
  symbol: class BaseSAML2MessageEncoder
[ERROR] /C:/restproject/restsecurity/restsaml2/src/main/java/security/discovery/Saml2AuthDiscovery.java:[16,41] cannot find symbol
  symbol:   class SAMLDiscovery
  location: package org.springframework.security.saml
[ERROR] /C:/restproject/restsecurity/restsaml2/src/main/java/security/ticket/Saml2UserDetails.java:[33,34] cannot find symbol
  symbol:   class SAMLCredential
  location: package org.springframework.security.saml

When I compared the package structure of both the version the structure and classes are different which is why It cannot find the required classes. What are replacement classes for these or is there any other new jar introduced which contains these missing classes.

Alison
  • 31
  • 3
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Nov 02 '21 at 18:05
  • 1
    Hi, Did you solve this? I have the same problem. If you have a page with the solution please share it. – Eder Armando Anillo Lora Apr 07 '22 at 22:19

2 Answers2

1

So I found this issue looking for something else, but I think I can point you in the right direction here.

So in this commit, you can see that some of the classes that your error mentions. The classes missing their symbols have been deleted from the project.

It appears they have been deleted in a "clean up" commit after implementing OpenSAML 3.3 into the spring SAML extension for version 2.0.0-M1. So if you upgraded to 2.0.0-M1, I'd assume you get the same errors, which you can confirm.

I'd assume you will have to re-implement your code to work with this version of the Spring SAML extension 2.0.0-M31. Although, you should really be using the Spring security core SAML libraries and not the extension, since the extension is considered "end of life". Either way, you will need to re-implement your code.

Note: I've not seen any document or guide on how to migrate from version 1.0.10 to any version of 2.0. There is a request for a guide here on the extensions github and another here on the integrated spring security core github.

Navigatron
  • 2,065
  • 6
  • 32
  • 61
1

Effectively, the saml library for 1.0.10.RELEASE is the last version that contains those classes. Navigatron is right, Spring considers the extension library as "End of life". So, we must implement the spring security library to configure the SAML. Here some links for checking:

The new library implemented there is spring-security-saml2-service-provider. It uses opensaml-core and not opensaml-2.6.6. You probably need to rewrite your core for SAML even the custom classes.

I hope to help with this info.

Eder Armando Anillo Lora
  • 149
  • 1
  • 10