ruby-saml version 2.x major version
#235
Comments
|
Right now I would say we could do a 2.3.x for this, the major version was last time bumped for omniauth 2. |
|
Is the configuration language of omniauth-saml considered part of its "public API"? On one hand, it seems like the settings themselves are all just delegated to ruby-saml, but when you look at usage examples in practice, it gets a little fuzzy... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This gem currently pins ruby-saml to ~> 1.18. The upstream maintainers are working on v2.x now. How would omniauth-saml like to handle the major version update for the dependency?
I've tested omniauth-saml with the v2.x branch and it works without modification, other than the dependency pin. However, there may be a few changes in the gem which do cause breaking changes for omniauth-saml users depending on their use and configuration. ruby-saml has a v2.x upgrading document at https://github.com/SAML-Toolkits/ruby-saml/blob/v2.x/UPGRADING.md.
An example where a v2.x change is likely to break things for omniauth-saml users is the default idp_cert_fingerprint will change from SHA1 to SHA256. To continue using SHA1, users will need to explicitly set idp_cert_fingerprint_algorithm.
Should omniauth-saml also experience a major version bump to coincide with ruby-saml v2.x, or is a minor version bump sufficient?
The text was updated successfully, but these errors were encountered: