Tracking any compatibility changes during development for the release notes.
Deprecated Beans/Properties
Liberty.SSOS
Liberty.SSOS.MDDriven
Removed Beans/Properties
shibboleth.OutgoingIDWSFSSOSBindings
shibboleth.Encoders.IDWSFSOAPEncoder
shibboleth.Binding.LibertySOAP
shibboleth.Conditions.IssuingDelegatedAssertion
shibboleth.Conditions.AllowedSAMLPresenters
idp.service.attribute.resolver.suppressDisplayInfo
User Visible
Removed V2 scripted attribute compatibility classes
Added methods to SPSession interface for logout enhancements dating to V4.2
Deprecated and ignored profileContextRef (sp?) XML attribute in resolver and filter schemas and parsers
Programmer Visible (-api changes)
Removed various APIs related to SAML delegation
Removed profileRequestContextLookupStrategy on various resolver and filter plugins
IdPAttributes can no longer display information
IdPAttribute#setValues()
takes a List
not a Collection
(non-list deprecated since at least 4.1)
Removal of joda-time and a few deprecated APIs that supported it. Major impact is use of DateTime for external authentication time signaling, and using the joda-time formatter string/class wiring up a DateAttributePredicate, usually part of expiring-password config.
We only ever inject HttpServletRequest
or HttpServletResponse
into an object if it is known to have a short life (which means exactly one place - org.opensaml.saml.saml2.profile.impl.ValidateAssertions.AssertionValidationInput
. In all other places we inject a java.util.function.Supplier
. Two new beans are set in global-system which return the object directly from the TLS.
Moved net.shibboleth.utilities.java.support.net → net.shibboleth.shared.net
Impacts a few APIs some might use in scripts to do servlet-y things, but should be rare. IPRange in particular tends to be used with String conversions via Spring.
Moved net.shibboleth.utilities.java.support.httpclient → net.shibboleth.shared.httpclient
Used in some APIs but not likely by many deployers. One exception is the HttpClientSupport class which gets used in scripts to process response bodies, eg. in the HTTP data connector. To maintain compatibility, a stub with warnings was left behind.