diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 497a1dda2..dda1c63db 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
- java: [ '8', '11', '17', '21', '25' ]
+ java: [ '11', '17', '21', '25' ]
os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
fail-fast: false
steps:
@@ -42,6 +42,7 @@ jobs:
openig-war/target/*.war
openig-docker/target/Dockerfile*
build-docker:
+ needs: build-maven
runs-on: 'ubuntu-latest'
services:
registry:
@@ -49,10 +50,10 @@ jobs:
ports:
- 5000:5000
steps:
- - uses: actions/checkout@v4
+ - name: Download artifacts
+ uses: actions/download-artifact@v4
with:
- fetch-depth: 0
- submodules: recursive
+ name: ubuntu-latest-11
- name: Get latest release version
shell: bash
run: |
@@ -73,12 +74,15 @@ jobs:
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
+ - name: Prepare Dockerfile
+ shell: bash
+ run: sed -i -E '/^#COPY openig-war\//s/^#//' ./openig-docker/target/Dockerfile
- name: Build image
uses: docker/build-push-action@v5
continue-on-error: true
with:
- context: ./openig-docker
- file: ./openig-docker/Dockerfile
+ context: .
+ file: ./openig-docker/target/Dockerfile
build-args: |
VERSION=${{ env.release_version }}
platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x
@@ -90,52 +94,3 @@ jobs:
run: |
docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
- build-docker-alpine:
- runs-on: 'ubuntu-latest'
- services:
- registry:
- image: registry:2
- ports:
- - 5000:5000
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 0
- submodules: recursive
- - name: Get latest release version
- shell: bash
- run: |
- export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenIG/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
- echo "release_version=$git_version_last" >> $GITHUB_ENV
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v5
- with:
- images: |
- localhost:5000/${{ github.repository }}
- tags: |
- type=raw,value=alpine
- type=raw,value=${{ env.release_version }}-alpine
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v3
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- with:
- driver-opts: network=host
- - name: Build image
- uses: docker/build-push-action@v5
- continue-on-error: true
- with:
- context: ./openig-docker
- file: ./openig-docker/Dockerfile-alpine
- build-args: |
- VERSION=${{ env.release_version }}
- platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
- push: true
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
- - name: Docker test
- shell: bash
- run: |
- docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
- timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 02157bfb0..f167c003e 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -23,7 +23,7 @@ jobs:
- name: Set up Java for publishing to Maven Central Repository OSS
uses: actions/setup-java@v4
with:
- java-version: ${{ github.event.workflow_run.head_branch == 'release/6.0.0-SNAPSHOT' && '11' || '8'}}
+ java-version: ${{ github.event.workflow_run.head_branch == 'sustaining/5.4.x' && '8' || '11'}}
distribution: 'temurin'
server-id: ossrh
server-username: MAVEN_USERNAME
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 22103ce44..8b8795174 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,7 +26,7 @@ jobs:
- name: Set up Java for publishing to Maven Central Repository OSS
uses: actions/setup-java@v4
with:
- java-version: '8'
+ java-version: '11'
distribution: 'temurin'
server-id: ossrh
server-username: MAVEN_USERNAME
@@ -155,50 +155,4 @@ jobs:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- release-docker-alpine:
- runs-on: 'ubuntu-latest'
- needs:
- - release-maven
- steps:
- - uses: actions/checkout@v4
- with:
- ref: ${{ github.event.inputs.releaseVersion }}
- fetch-depth: 1
- submodules: recursive
- - name: Docker meta (alpine)
- id: meta
- uses: docker/metadata-action@v5
- with:
- images: |
- ${{ github.repository }}
- ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}
- tags: |
- type=raw,value=alpine
- type=raw,value=${{ github.event.inputs.releaseVersion }}-alpine
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v3
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- - name: Login to DockerHub
- uses: docker/login-action@v3
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Login to GHCR
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.repository_owner }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - name: Build and push image
- continue-on-error: true
- uses: docker/build-push-action@v5
- with:
- context: ./openig-docker
- file: ./openig-docker/Dockerfile-alpine
- build-args: |
- VERSION=${{ github.event.inputs.releaseVersion }}
- platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
- push: true
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
+
diff --git a/README.md b/README.md
index c3c6cccc5..a9eb93e54 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ This project is licensed under the [Common Development and Distribution License
* [OpenIG WAR](https://github.com/OpenIdentityPlatform/OpenIG/releases) (All OS)
* [OpenIG Docker](https://hub.docker.com/r/openidentityplatform/openig/) (All OS)
-Java 1.8+ required
+Java 11 or later required
## How-to build
For windows use:
diff --git a/SECURITY.md b/SECURITY.md
index 86fec1a37..b58947314 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -5,15 +5,12 @@
Use this section to tell people about which versions of your project are
currently being supported with security updates.
-| Version | Supported |
-| ------- | ------------------ |
-| 5.1.x | :white_check_mark: |
-| 5.0.x | :x: |
+| Version | Java Versions Support | EE | Supported |
+|---------|-----------------------|------------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| 6.x | 11 and later | Jakarta EE | :white_check_mark: Community support, [approved vendor support](https://github.com/OpenIdentityPlatform/.github/wiki/Approved-Vendor-List) |
+| 5.1.x | 8 and later | Java EE | :white_check_mark: [Approved vendor support](https://github.com/OpenIdentityPlatform/.github/wiki/Approved-Vendor-List) |
+| 5.0.x | 8 and later | Java EE | :x: |
## Reporting a Vulnerability
-Use this section to tell people how to report a vulnerability.
-
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
+Please draft [security advisory](https://github.com/OpenIdentityPlatform/OpenIG/security/advisories/new)
diff --git a/contrib-http-framework/pom.xml b/contrib-http-framework/pom.xml
index 357a5ff9d..6b5de12f4 100644
--- a/contrib-http-framework/pom.xml
+++ b/contrib-http-framework/pom.xml
@@ -19,7 +19,7 @@
openig-project
org.openidentityplatform.openig
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
4.0.0
diff --git a/openig-core/pom.xml b/openig-core/pom.xml
index 9147af3e3..3e1553a72 100644
--- a/openig-core/pom.xml
+++ b/openig-core/pom.xml
@@ -14,13 +14,14 @@
Copyright 2010-2011 ApexIdentity Inc.
Portions Copyright 2011-2016 ForgeRock AS.
+ Portions copyright 2025 3A Systems LLC.
-->
4.0.0
org.openidentityplatform.openig
openig-project
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
openig-core
OpenIG Core library
@@ -120,15 +121,20 @@
- javax.servlet
- javax.servlet-api
+ jakarta.servlet
+ jakarta.servlet-api
provided
- javax.websocket
- javax.websocket-api
+ jakarta.websocket
+ jakarta.websocket-api
provided
+
+ jakarta.websocket
+ jakarta.websocket-client-api
+ provided
+
org.openidentityplatform.commons.http-framework
servlet
diff --git a/openig-core/src/main/java/org/forgerock/openig/decoration/capture/MessageCapture.java b/openig-core/src/main/java/org/forgerock/openig/decoration/capture/MessageCapture.java
index 5b0d53629..18a287cc3 100644
--- a/openig-core/src/main/java/org/forgerock/openig/decoration/capture/MessageCapture.java
+++ b/openig-core/src/main/java/org/forgerock/openig/decoration/capture/MessageCapture.java
@@ -166,8 +166,8 @@ private static void captureContextAsJson(final PrintWriter writer, final Context
if (context.containsContext(AttributesContext.class)) {
AttributesContext attributesContext = context.asContext(AttributesContext.class);
Map map = new LinkedHashMap<>(attributesContext.getAttributes());
- map.remove("javax.servlet.http.HttpServletRequest");
- map.remove("javax.servlet.http.HttpServletResponse");
+ map.remove("jakarta.servlet.http.HttpServletRequest");
+ map.remove("jakarta.servlet.http.HttpServletResponse");
writer.println(prettyPrint(toJson(map)));
}
}
diff --git a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Configurator.java b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Configurator.java
index 4ff91d053..50351c75d 100644
--- a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Configurator.java
+++ b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Configurator.java
@@ -1,11 +1,27 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2022-2025 3A Systems LLC.
+ */
+
package org.openidentityplatform.openig.websocket;
import java.util.List;
-import javax.websocket.Extension;
-import javax.websocket.HandshakeResponse;
-import javax.websocket.server.HandshakeRequest;
-import javax.websocket.server.ServerEndpointConfig;
+import jakarta.websocket.Extension;
+import jakarta.websocket.HandshakeResponse;
+import jakarta.websocket.server.HandshakeRequest;
+import jakarta.websocket.server.ServerEndpointConfig;
public class Configurator extends ServerEndpointConfig.Configurator {
diff --git a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Filter.java b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Filter.java
index 360eee23d..fd519471d 100644
--- a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Filter.java
+++ b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/Filter.java
@@ -1,3 +1,19 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2022-2025 3A Systems LLC.
+ */
+
package org.openidentityplatform.openig.websocket;
@@ -5,15 +21,15 @@
import java.security.Principal;
import java.util.Enumeration;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.annotation.WebFilter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Status;
@@ -28,7 +44,7 @@
import org.slf4j.LoggerFactory;
@WebFilter(urlPatterns = "/*")
-public class Filter implements javax.servlet.Filter {
+public class Filter implements jakarta.servlet.Filter {
private static final Logger logger = LoggerFactory.getLogger(Filter.class);
@Override
diff --git a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint.java b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint.java
index 16c824c0e..3395bfb62 100644
--- a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint.java
+++ b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint.java
@@ -1,12 +1,38 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2022-2025 3A Systems LLC.
+ */
+
package org.openidentityplatform.openig.websocket;
+import jakarta.websocket.ClientEndpointConfig;
+import jakarta.websocket.CloseReason;
+import jakarta.websocket.ContainerProvider;
+import jakarta.websocket.Endpoint;
+import jakarta.websocket.EndpointConfig;
+import jakarta.websocket.MessageHandler;
+import jakarta.websocket.OnClose;
+import jakarta.websocket.OnError;
+import jakarta.websocket.OnMessage;
+import jakarta.websocket.OnOpen;
+import jakarta.websocket.Session;
import org.forgerock.http.protocol.Header;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.websocket.*;
-import javax.websocket.ClientEndpointConfig.Builder;
-import javax.websocket.server.ServerEndpoint;
+import jakarta.websocket.ClientEndpointConfig.Builder;
+import jakarta.websocket.server.ServerEndpoint;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.List;
@@ -58,7 +84,7 @@ public void beforeRequest(Map> headers) {
}
});
- this.session_upstream=ContainerProvider.getWebSocketContainer().connectToServer(
+ this.session_upstream = ContainerProvider.getWebSocketContainer().connectToServer(
new Endpoint() {
@Override
diff --git a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint2.java b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint2.java
index 455e3ef6a..1c0b2b63d 100644
--- a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint2.java
+++ b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint2.java
@@ -1,6 +1,22 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2022-2025 3A Systems LLC.
+ */
+
package org.openidentityplatform.openig.websocket;
-import javax.websocket.server.ServerEndpoint;
+import jakarta.websocket.server.ServerEndpoint;
@ServerEndpoint(value = "/{level1}/{level2}",configurator = Configurator.class)
public class ServerEndPoint2 extends ServerEndPoint {
diff --git a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint3.java b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint3.java
index 699e6cd97..bafe78007 100644
--- a/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint3.java
+++ b/openig-core/src/main/java/org/openidentityplatform/openig/websocket/ServerEndPoint3.java
@@ -1,6 +1,22 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2022-2025 3A Systems LLC.
+ */
+
package org.openidentityplatform.openig.websocket;
-import javax.websocket.server.ServerEndpoint;
+import jakarta.websocket.server.ServerEndpoint;
@ServerEndpoint(value = "/{level1}/{level2}/{level3}",configurator = Configurator.class)
public class ServerEndPoint3 extends ServerEndPoint {
diff --git a/openig-doc/pom.xml b/openig-doc/pom.xml
index 4c3baf18b..642da781f 100644
--- a/openig-doc/pom.xml
+++ b/openig-doc/pom.xml
@@ -20,7 +20,7 @@
openig-project
org.openidentityplatform.openig
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
openig-doc
diff --git a/openig-doc/src/main/asciidoc/gateway-guide/chap-install.adoc b/openig-doc/src/main/asciidoc/gateway-guide/chap-install.adoc
index 38e22b6f5..cdd179d41 100644
--- a/openig-doc/src/main/asciidoc/gateway-guide/chap-install.adoc
+++ b/openig-doc/src/main/asciidoc/gateway-guide/chap-install.adoc
@@ -62,9 +62,9 @@ For details, see xref:#install[Installing OpenIG].
This section provides installation and configuration tips that you need to run OpenIG in supported containers.
OpenIG runs in the following web application containers:
-* Apache Tomcat 8 or 9
+* Apache Tomcat 10 or 11
-* Jetty 8 (8.1.13 or later), 9 or 10
+* Jetty 11 or 12
For further information on advanced configuration for a particular container, see the container documentation.
@@ -503,7 +503,7 @@ Tomcat can help with session stickiness, and a Tomcat cluster can handle session
+
In the HowTo, you configure the `jvmRoute` attribute in the Tomcat server configuration, `/path/to/tomcat/conf/server.xml`, to identify the server. The connector can use this identifier to achieve session stickiness.
-* A Tomcat link:http://tomcat.apache.org/tomcat-7.0-doc/config/cluster.html[cluster, window=\_blank] configuration can handle session replication. When setting up a cluster configuration, the link:http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html[ClusterManager, window=\_blank] defines the session replication implementation.
+* A Tomcat link:https://tomcat.apache.org/tomcat-10.1-doc/config/cluster.html[cluster, window=\_blank] configuration can handle session replication. When setting up a cluster configuration, the link:http://tomcat.apache.org/tomcat-7.0-doc/config/cluster-manager.html[ClusterManager, window=\_blank] defines the session replication implementation.
Jetty has provisions for session stickiness, and also for session replication through clustering:
diff --git a/openig-doc/src/main/asciidoc/gateway-guide/chap-quickstart.adoc b/openig-doc/src/main/asciidoc/gateway-guide/chap-quickstart.adoc
index 10d849b0a..827a2e4b6 100644
--- a/openig-doc/src/main/asciidoc/gateway-guide/chap-quickstart.adoc
+++ b/openig-doc/src/main/asciidoc/gateway-guide/chap-quickstart.adoc
@@ -54,9 +54,9 @@ To perform initial installation, follow these steps:
+
OpenIG runs in the following web application containers:
-* Apache Tomcat 8 or 9
+* Apache Tomcat 10 or 11
-* Jetty 8, 9 or 10
+* Jetty 11 or 12
. link:https://github.com/OpenIdentityPlatform/OpenIG/releases[Download, window=\_blank] the OpenIG.war file.
diff --git a/openig-docker/Dockerfile b/openig-docker/Dockerfile
index 3fba42e0b..a8d24c868 100644
--- a/openig-docker/Dockerfile
+++ b/openig-docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM tomcat:9-jre21
+FROM tomcat:11-jre21
LABEL org.opencontainers.image.authors="Open Identity Platform Community"
@@ -11,11 +11,13 @@ ENV PATH=$CATALINA_HOME/bin:$PATH
ENV MEMORY="-server"
ENV CATALINA_OPTS="$MEMORY"
+RUN rm -fr $CATALINA_HOME/webapps/*
+
+#COPY openig-war/target/OpenIG-*.war $CATALINA_HOME/webapps/ROOT.war
RUN apt-get update && apt-get install -y curl unzip \
- && rm -fr $CATALINA_HOME/webapps/* \
&& if [ -z "$VERSION" ] ; then VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenIG/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)"; fi \
- && curl -L https://github.com/OpenIdentityPlatform/OpenIG/releases/download/$VERSION/OpenIG-$VERSION.war --output $CATALINA_HOME/webapps/ROOT.war \
+ && if [ ! -f "$CATALINA_HOME/webapps/ROOT.war" ]; then curl -L https://github.com/OpenIdentityPlatform/OpenIG/releases/download/$VERSION/OpenIG-$VERSION.war --output $CATALINA_HOME/webapps/ROOT.war; fi \
&& useradd -m -r -u 1001 -g root $OPENIG_USER \
&& install -d -o $OPENIG_USER $OPENIG_BASE \
&& chown -R $OPENIG_USER:root $CATALINA_HOME \
diff --git a/openig-docker/Dockerfile-alpine b/openig-docker/Dockerfile-alpine
deleted file mode 100644
index eb9bdab58..000000000
--- a/openig-docker/Dockerfile-alpine
+++ /dev/null
@@ -1,34 +0,0 @@
-FROM tomcat:9-jre8-alpine
-
-LABEL org.opencontainers.image.authors="Open Identity Platform Community"
-
-ARG VERSION
-
-ENV CATALINA_HOME=/usr/local/tomcat
-ENV OPENIG_USER="openig"
-ENV OPENIG_BASE=/var/openig
-ENV PATH=$CATALINA_HOME/bin:$PATH
-ENV MEMORY="-server -XX:+UseG1GC -XX:+UseContainerSupport"
-ENV CATALINA_OPTS="$MEMORY"
-
-RUN apk add --update --no-cache --virtual curl builddeps unzip bash && apk upgrade --update --no-cache \
- && rm -rf $CATALINA_HOME/webapps/* \
- && if [ -z "$VERSION" ] ; then VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenIG/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)"; fi \
- && curl -L https://github.com/OpenIdentityPlatform/OpenIG/releases/download/$VERSION/OpenIG-$VERSION.war --output $CATALINA_HOME/webapps/ROOT.war \
- && adduser -S -u 1001 -G root $OPENIG_USER \
- && install -d -o $OPENIG_USER $OPENIG_BASE \
- && chown -R $OPENIG_USER $CATALINA_HOME \
- && chgrp -R 0 $CATALINA_HOME \
- && chmod -R g=u $CATALINA_HOME \
- && chgrp -R 0 $OPENIG_BASE \
- && chmod -R g=u $OPENIG_BASE \
- && apk del unzip && rm -rf /var/cache/apk/* \
- && sed -i '/<\/Host>/i \ \ \ \ ' $CATALINA_HOME/conf/server.xml
-
-USER $OPENIG_USER
-
-EXPOSE 8080/tcp
-
-HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -v -L --fail http://localhost:8080/openig/ || exit 1
-
-CMD ["/usr/local/tomcat/bin/catalina.sh", "run"]
\ No newline at end of file
diff --git a/openig-docker/pom.xml b/openig-docker/pom.xml
index 6fd4e8a54..7264a99cc 100644
--- a/openig-docker/pom.xml
+++ b/openig-docker/pom.xml
@@ -22,7 +22,7 @@
org.openidentityplatform.openig
openig-project
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
diff --git a/openig-oauth2/pom.xml b/openig-oauth2/pom.xml
index bf133785b..52ef44446 100644
--- a/openig-oauth2/pom.xml
+++ b/openig-oauth2/pom.xml
@@ -19,7 +19,7 @@
openig-project
org.openidentityplatform.openig
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
4.0.0
diff --git a/openig-openam/pom.xml b/openig-openam/pom.xml
index d675d4624..8eaa5d7ad 100644
--- a/openig-openam/pom.xml
+++ b/openig-openam/pom.xml
@@ -19,7 +19,7 @@
openig-project
org.openidentityplatform.openig
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
4.0.0
diff --git a/openig-saml/pom.xml b/openig-saml/pom.xml
index 0d947dff8..f3af0a702 100644
--- a/openig-saml/pom.xml
+++ b/openig-saml/pom.xml
@@ -14,13 +14,14 @@
Copyright 2010-2011 ApexIdentity Inc.
Portions Copyright 2011-2016 ForgeRock AS.
+ Portions copyright 2025 3A Systems LLC.
-->
4.0.0
org.openidentityplatform.openig
openig-project
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
openig-saml
OpenIG SAML Support
@@ -29,8 +30,8 @@
- javax.servlet
- javax.servlet-api
+ jakarta.servlet
+ jakarta.servlet-api
provided
diff --git a/openig-saml/src/main/java/org/forgerock/openig/handler/saml/RequestAdapter.java b/openig-saml/src/main/java/org/forgerock/openig/handler/saml/RequestAdapter.java
index 9a1a94e14..31afa99c4 100644
--- a/openig-saml/src/main/java/org/forgerock/openig/handler/saml/RequestAdapter.java
+++ b/openig-saml/src/main/java/org/forgerock/openig/handler/saml/RequestAdapter.java
@@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
*/
package org.forgerock.openig.handler.saml;
@@ -22,8 +23,8 @@
import java.util.List;
import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
import org.forgerock.http.protocol.Request;
diff --git a/openig-saml/src/main/java/org/forgerock/openig/handler/saml/ResponseAdapter.java b/openig-saml/src/main/java/org/forgerock/openig/handler/saml/ResponseAdapter.java
index a9429fa2a..eb6e399ae 100644
--- a/openig-saml/src/main/java/org/forgerock/openig/handler/saml/ResponseAdapter.java
+++ b/openig-saml/src/main/java/org/forgerock/openig/handler/saml/ResponseAdapter.java
@@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
*/
package org.forgerock.openig.handler.saml;
@@ -21,8 +22,8 @@
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
/**
* Adapts a given {@link HttpServletResponse} to override {@link #getWriter()}.
diff --git a/openig-saml/src/main/java/org/forgerock/openig/handler/saml/SamlFederationHandler.java b/openig-saml/src/main/java/org/forgerock/openig/handler/saml/SamlFederationHandler.java
index c24189806..e4b87783a 100644
--- a/openig-saml/src/main/java/org/forgerock/openig/handler/saml/SamlFederationHandler.java
+++ b/openig-saml/src/main/java/org/forgerock/openig/handler/saml/SamlFederationHandler.java
@@ -12,6 +12,7 @@
* information: "Portions Copyright [year] [name of copyright owner]".
*
* Copyright 2014-2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
*/
package org.forgerock.openig.handler.saml;
@@ -28,9 +29,9 @@
import java.util.Properties;
import java.util.Set;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.forgerock.http.Handler;
import org.forgerock.http.header.LocationHeader;
diff --git a/openig-saml/src/test/java/org/forgerock/openig/handler/saml/RequestAdapterTest.java b/openig-saml/src/test/java/org/forgerock/openig/handler/saml/RequestAdapterTest.java
index 701f232c6..1a31f8c4b 100644
--- a/openig-saml/src/test/java/org/forgerock/openig/handler/saml/RequestAdapterTest.java
+++ b/openig-saml/src/test/java/org/forgerock/openig/handler/saml/RequestAdapterTest.java
@@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
*/
package org.forgerock.openig.handler.saml;
@@ -23,7 +24,7 @@
import java.net.URI;
import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import org.forgerock.http.protocol.Request;
import org.mockito.Mock;
diff --git a/openig-saml/src/test/java/org/forgerock/openig/handler/saml/ResponseAdapterTest.java b/openig-saml/src/test/java/org/forgerock/openig/handler/saml/ResponseAdapterTest.java
index 74000ead3..9c4e7f417 100644
--- a/openig-saml/src/test/java/org/forgerock/openig/handler/saml/ResponseAdapterTest.java
+++ b/openig-saml/src/test/java/org/forgerock/openig/handler/saml/ResponseAdapterTest.java
@@ -25,9 +25,9 @@
import java.io.IOException;
import java.io.PrintWriter;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.WriteListener;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.WriteListener;
+import jakarta.servlet.http.HttpServletResponse;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
diff --git a/openig-ui/pom.xml b/openig-ui/pom.xml
index bb7e4e32b..a0ca2a99b 100644
--- a/openig-ui/pom.xml
+++ b/openig-ui/pom.xml
@@ -18,7 +18,7 @@
openig-project
org.openidentityplatform.openig
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
4.0.0
diff --git a/openig-uma/pom.xml b/openig-uma/pom.xml
index 7679004e0..7064116a1 100644
--- a/openig-uma/pom.xml
+++ b/openig-uma/pom.xml
@@ -19,7 +19,7 @@
openig-project
org.openidentityplatform.openig
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
4.0.0
diff --git a/openig-war/pom.xml b/openig-war/pom.xml
index 4d2786c19..e4a54bb73 100644
--- a/openig-war/pom.xml
+++ b/openig-war/pom.xml
@@ -14,13 +14,14 @@
Copyright 2010-2011 ApexIdentity Inc.
Portions Copyright 2011-2016 ForgeRock AS.
+ Portions copyright 2025 3A Systems LLC.
-->
4.0.0
org.openidentityplatform.openig
openig-project
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
openig-war
OpenIG web application
@@ -29,12 +30,13 @@
${project.build.directory}/${project.build.finalName}/WEB-INF/legal-notices
+ tomcat10x
- javax.servlet
- javax.servlet-api
+ jakarta.servlet
+ jakarta.servlet-api
provided
@@ -169,6 +171,7 @@
org.codehaus.cargo
cargo-maven3-plugin
+ 1.10.20
true
@@ -206,7 +209,7 @@
- tomcat9x
+ ${maven.cargo.containerId}
embedded
@@ -238,4 +241,15 @@
+
+
+ jdk17.options
+
+ [17,)
+
+
+ tomcat11x
+
+
+
diff --git a/openig-war/src/main/java/org/forgerock/openig/web/OpenIGInitializer.java b/openig-war/src/main/java/org/forgerock/openig/web/OpenIGInitializer.java
index 19bca34cc..2aef467ce 100644
--- a/openig-war/src/main/java/org/forgerock/openig/web/OpenIGInitializer.java
+++ b/openig-war/src/main/java/org/forgerock/openig/web/OpenIGInitializer.java
@@ -13,6 +13,7 @@
*
* Copyright 2016 ForgeRock AS.
* Portions copyright 2022 Open Identity Platform Community
+ * Portions copyright 2022-2025 3A Systems LLC.
*/
package org.forgerock.openig.web;
@@ -30,10 +31,10 @@
import java.nio.file.Paths;
import java.util.Set;
-import javax.servlet.ServletContainerInitializer;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRegistration;
+import jakarta.servlet.ServletContainerInitializer;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRegistration;
import ch.qos.logback.core.joran.util.ConfigurationWatchListUtil;
import org.forgerock.http.servlet.HttpFrameworkServlet;
diff --git a/openig-war/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer b/openig-war/src/main/resources/META-INF/services/jakarta.servlet.ServletContainerInitializer
similarity index 94%
rename from openig-war/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
rename to openig-war/src/main/resources/META-INF/services/jakarta.servlet.ServletContainerInitializer
index 023670374..887a35aff 100644
--- a/openig-war/src/main/resources/META-INF/services/javax.servlet.ServletContainerInitializer
+++ b/openig-war/src/main/resources/META-INF/services/jakarta.servlet.ServletContainerInitializer
@@ -12,6 +12,7 @@
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2016 ForgeRock AS.
+# Portions copyright 2025 3A Systems LLC.
#
org.forgerock.openig.web.OpenIGInitializer
diff --git a/pom.xml b/pom.xml
index 5968ec48c..4eddf273b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
org.openidentityplatform.openig
openig-project
pom
- 5.4.1-SNAPSHOT
+ 6.0.0-SNAPSHOT
OpenIG Project
@@ -36,15 +36,19 @@
https://github.com/OpenIdentityPlatform/OpenIG/wiki
3.1.0
- 8
- 8
+ 11
+ 11
1.0.3
2.9.1
5.5
1.0b3
- -server
+
+ -server
+ --add-opens java.base/java.lang=ALL-UNNAMED
+ --add-opens java.base/java.io=ALL-UNNAMED
+
@@ -133,6 +137,7 @@
+ transform-jakarta
contrib-http-framework
openig-core
openig-war
@@ -875,7 +880,11 @@
ossrh
true
- 5400
+ 5400
+
+ jaxrpc-impl
+ jaxrpc-spi
+
@@ -893,8 +902,10 @@
3.13.0
true
+ ${maven.compiler.target}
-XDignore.symbol.file
+ -Xlint:unchecked
@@ -1039,43 +1050,7 @@
-
- set-compiler-release
-
- [9,)
-
-
-
-
-
- org.apache.maven.plugins
- maven-compiler-plugin
-
- true
- 8
-
- -XDignore.symbol.file
- -Xlint:unchecked
-
-
-
-
-
-
-
-
- jdk11.options
-
- [11,)
-
-
-
- -server
- --add-opens java.base/java.lang=ALL-UNNAMED
- --add-opens java.base/java.io=ALL-UNNAMED
-
-
-
+
@@ -1083,7 +1058,7 @@
org.openidentityplatform.openam
openam
- 15.2.2
+ 16.0.0-SNAPSHOT
pom
import
@@ -1100,8 +1075,7 @@
com.sun.mail
- javax.mail
- 1.5.1
+ jakarta.mail
org.apache.zookeeper
@@ -1111,7 +1085,7 @@
ch.qos.logback
logback-classic
- 1.2.13
+ 1.3.15
diff --git a/transform-jakarta/jaxrpc-parent/jaxrpc-impl/pom.xml b/transform-jakarta/jaxrpc-parent/jaxrpc-impl/pom.xml
new file mode 100644
index 000000000..c000da253
--- /dev/null
+++ b/transform-jakarta/jaxrpc-parent/jaxrpc-impl/pom.xml
@@ -0,0 +1,40 @@
+
+
+
+ 4.0.0
+
+ org.openidentityplatform.openam.jakarta
+ jaxrpc-parent
+ 6.0.0-SNAPSHOT
+
+
+ jaxrpc-impl
+ 1.1.3_01
+ ${project.groupId}.${project.artifactId}
+
+
+
+
+ org.eclipse.transformer
+ transformer-maven-plugin
+
+
+
+
+
\ No newline at end of file
diff --git a/transform-jakarta/jaxrpc-parent/jaxrpc-spi/pom.xml b/transform-jakarta/jaxrpc-parent/jaxrpc-spi/pom.xml
new file mode 100644
index 000000000..674424e2e
--- /dev/null
+++ b/transform-jakarta/jaxrpc-parent/jaxrpc-spi/pom.xml
@@ -0,0 +1,40 @@
+
+
+
+ 4.0.0
+
+ org.openidentityplatform.openam.jakarta
+ jaxrpc-parent
+ 6.0.0-SNAPSHOT
+
+
+ jaxrpc-spi
+ 1.1.3_01
+ ${project.groupId}.${project.artifactId}
+
+
+
+
+ org.eclipse.transformer
+ transformer-maven-plugin
+
+
+
+
+
\ No newline at end of file
diff --git a/transform-jakarta/jaxrpc-parent/pom.xml b/transform-jakarta/jaxrpc-parent/pom.xml
new file mode 100644
index 000000000..70d21074e
--- /dev/null
+++ b/transform-jakarta/jaxrpc-parent/pom.xml
@@ -0,0 +1,39 @@
+
+
+
+ 4.0.0
+
+ org.openidentityplatform.openam.jakarta
+ transform-jakarta
+ 6.0.0-SNAPSHOT
+
+ pom
+ jaxrpc-parent
+ ${project.groupId}.${project.artifactId}
+
+
+ com.sun.xml.rpc
+
+
+
+ jaxrpc-impl
+ jaxrpc-spi
+
+
+
\ No newline at end of file
diff --git a/transform-jakarta/pom.xml b/transform-jakarta/pom.xml
new file mode 100644
index 000000000..ea51120dd
--- /dev/null
+++ b/transform-jakarta/pom.xml
@@ -0,0 +1,89 @@
+
+
+
+ 4.0.0
+
+ org.openidentityplatform.openig
+ openig-project
+ 6.0.0-SNAPSHOT
+
+ org.openidentityplatform.openam.jakarta
+ transform-jakarta
+ pom
+
+ ${project.groupId}.${project.artifactId}
+ ${project.groupId}:${project.artifactId}
+
+
+ jaxrpc-parent
+
+
+ ${project.groupId}
+
+
+
+
+
+ org.eclipse.transformer
+ transformer-maven-plugin
+ 0.5.0
+ true
+
+
+ default-jar
+
+ jar
+
+
+
+ ${transformer.artifact.groupId}
+ ${project.artifactId}
+ ${project.version}
+
+
+
+
+ transform-jakarta
+
+ jar
+
+
+
+ true
+
+
+ ${transformer.artifact.groupId}
+ ${project.artifactId}
+ ${project.version}
+
+
+
+
+
+
+
+ maven-install-plugin
+ 2.4
+
+
+
+
+
+
+
\ No newline at end of file