| | Failed to verify signature using KeyInfo-derived | | Сергей Иванов | | | Invalid | Jun 29, 2016 | Jun 30, 2016 | | |
| | Small memory leak in ChainingMetadataProvider | | | | | Won't Fix | Feb 8, 2016 | Feb 8, 2016 | | |
| | Too-narrow cast in SingleLogoutProfileImpl hinders implementing Identity Provider profile | | | | | Invalid | Dec 18, 2015 | Jan 9, 2016 | | |
| | BaseSAML2MessageDecoder tries to get SAML1 role descriptor | | | | | Fixed | Dec 18, 2015 | Jan 9, 2016 | | |
| | durations in log messages should be given in ISO format, not milliseconds | | | | | Fixed | Oct 12, 2015 | Jan 9, 2016 | | |
| | Metadata reload errors logged on DEBUG only | | | | | Fixed | Sep 14, 2015 | Jun 22, 2021 | | |
| | Resource required to be non-empty in AuthzDecisionStatement | | | | | Fixed | Jul 2, 2015 | Jan 15, 2016 | | |
| | Allow reloading metadata providers to accept a null Timer | | | | | Completed | Feb 25, 2015 | Feb 25, 2015 | | |
| | Switch to use new XML Tooling HostnameVerifier impl | | | | | Fixed | Sep 17, 2014 | Sep 17, 2014 | | |
| | CLONE - On MetadataProviderCredentialResolver, expose the MetadataProvider used to construct the resolver | | | | | Invalid | May 27, 2014 | Jul 25, 2014 | | |
| | Maven Pom Files Seem to have Incorrect Values | | | | | Invalid | May 6, 2014 | Jul 25, 2014 | | |
| | Misspelled method name in SAMLMDCredentialContext, getEncryptionMethod vs getEncryptionMethods | | | | | Fixed | Mar 21, 2014 | Mar 21, 2014 | | |
| | Socket factory is not respected for meta data provider | | | | | Won't Fix | Jan 6, 2014 | Aug 8, 2014 | | |
| | Superfluous/wrong type constants in SAML 1 and SAML 2 interfaces | | | | | Fixed | Jan 5, 2014 | Feb 20, 2014 | | |
| | Misspelled error constant in SAML 1 StatusCode interface | | | | | Fixed | Jan 5, 2014 | Mar 21, 2014 | | |
| | Destination parsing in BaseSAMLMessageDecoder | | | | | Won't Fix | Dec 29, 2013 | Jan 29, 2014 | | |
| | OpenSAML v2.6.1 release process | | | | | Completed | Dec 18, 2013 | Aug 8, 2014 | | |
| | AbstractReloadingMetadataProvider refresh() is public, should be synchronized for concurrent access | | | | | Fixed | Nov 1, 2013 | Nov 1, 2013 | | |
| | AbstractMetadataProvider is incorrectly performing an unnecessary validity check and erroneous TRACE message | | | | | Fixed | Oct 30, 2013 | Oct 30, 2013 | | |
| | Failed to pass veracode due Use of a Broken or Risky Cryptographic Algorithm (CWE ID 327) | | | | | Won't Fix | Oct 15, 2013 | Oct 23, 2013 | | |
| | Failed to pass veracode due Use of a Broken or Risky Cryptographic Algorithm (CWE ID 327) | | | | | Won't Fix | Oct 15, 2013 | Oct 23, 2013 | | |
| | Opensaml1 failed to pass veracode due Use of Wrong Operator in String Comparison (CWE ID 597) | | | | | Fixed | Oct 15, 2013 | Oct 23, 2013 | | |
| | Scoping class has incorrect xsi:type | | | | | Fixed | Aug 15, 2013 | Aug 15, 2013 | | |
| | AbstractSAMLObject should not override equals but not hashCode | | | | | Fixed | Apr 15, 2013 | Apr 17, 2013 | | |
| | Add tests for fail-fast in HTTPMetadataProvider | | | | | Completed | Mar 22, 2013 | Mar 22, 2013 | | |
| | FileBackedHTTPMetadataProvider constructor doesn't behave correctly vis-a-vis fail-fast setting if the backing file path has problems | | | | | Fixed | Mar 20, 2013 | Mar 22, 2013 | | |
| | FilesystemMetadataProvider fetchMetadata() does not work correctly if file last modified time is older than getLastRefresh() in some cases | | | | | Fixed | Mar 20, 2013 | Mar 22, 2013 | | |
| | Setting failFastInitialization=false has no effect | | | | | Fixed | Mar 20, 2013 | Mar 20, 2013 | | |
| | MetadataProvider doesn't report error during refresh if the metadata file doesn't exist any more | | | | | Fixed | Mar 20, 2013 | Mar 20, 2013 | | |
| | Head/body template injection for SAML binding templates | | | | | Fixed | Mar 8, 2013 | Mar 8, 2013 | | |
| | SAML1 and 2 base message encoders have incorrect selection logic in getEndpointURL() | | | | | Fixed | Jan 25, 2013 | Apr 17, 2013 | | |
| | Reduce memory usage of unit tests | | | | | Fixed | Jan 22, 2013 | Jan 23, 2013 | | |
| | SAML SOAP encoders should use the supplied outbound SOAP Envelope from the message context, if it exists | | | | | Fixed | Jan 11, 2013 | Jan 11, 2013 | | |
| | Configuration files for XMLObject providers often missing Type registrations | | | | | Fixed | Nov 8, 2012 | Nov 12, 2012 | | |
| | XML providers for Async Logout extensions | | | | | Fixed | Nov 7, 2012 | Apr 5, 2013 | | |
| | On MetadataProviderCredentialResolver, expose the MetadataProvider used to construct the resolver | | | | | Fixed | Sep 26, 2012 | May 27, 2014 | | |
| | Use system property-based override for our custom ESAPI config rather than ESAPI locator class call | | | | | Fixed | Aug 15, 2012 | Nov 5, 2012 | | |
| | org.opensaml.ESAPISecurityConfig should use singleton pattern like the default ESAPI reference class | | | | | Fixed | Aug 15, 2012 | Nov 5, 2012 | | |
| | Make the implementation of custom bootstrap code easier, without relying on private data from DefaultBootstrap | | | | | Fixed | Aug 15, 2012 | Nov 5, 2012 | | |
| | org.opensaml.saml2.metadata.provider.SignatureValidationFilter => java.lang.UnsupportedOperationException | | | | | Fixed | Jul 17, 2012 | Nov 5, 2012 | | |
| | Merge forward bugs found in testing XACML code for OS3 | | | | | Fixed | Jul 3, 2012 | Apr 9, 2013 | | |
| | Backport fixes from OpenSAML3 | | | | | Fixed | Jun 19, 2012 | Nov 5, 2012 | | |
| | RoleDescriptorImpl isValid check enforces that validUntil date is before now, instead of in the future | | | | | Fixed | May 18, 2012 | Aug 10, 2012 | | |
| | DefaultBootstrap is unnecessarily calling Velocity singleton initialization | | | | | Fixed | May 2, 2012 | Nov 5, 2012 | | |
| | Velocity initialization code uses an invalid key for the configuration properties set | | | | | Fixed | May 1, 2012 | Nov 5, 2012 | | |
| | Defaultbootstrap does not initialize the providers from the WS-Trust and WS-Policy schemas in openws | | | | | Fixed | Mar 15, 2012 | Nov 5, 2012 | | |
| | It would be nice if ESAPI.encodeForURL could be made to work | | | | | Fixed | Mar 14, 2012 | Nov 5, 2012 | | |
| | AbstractReloadingMetadataProvider code for maxRefreshDelay doesn't match documentation | | | | | Fixed | Mar 12, 2012 | Nov 7, 2012 | | |
| | Clean up maven assembly description | | | | | Fixed | Feb 26, 2012 | Feb 26, 2012 | | |
| | Bug in marshalling an XACML Policy AttributeDesignatorType | | | | | Fixed | Feb 21, 2012 | Feb 21, 2012 | | |