Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inquiry About the State of Maintenance for crewjam/saml #583

Open
wz2b opened this issue Dec 30, 2024 · 1 comment
Open

Inquiry About the State of Maintenance for crewjam/saml #583

wz2b opened this issue Dec 30, 2024 · 1 comment

Comments

@wz2b
Copy link

wz2b commented Dec 30, 2024

First, thank you for creating and maintaining this library. It has been incredibly helpful in my projects, particularly as I work on building a custom SAML2 SP. Crewjam/saml strikes an excellent balance by handling much of the SAML2 protocol complexity while allowing for customization, such as JWE support and tailored token exchange workflows. Judging from the activity here, it seems many others find the library just as invaluable.

That said, I’ve noticed some indicators that leave me wondering about the current state of maintenance and feature development. For instance:

  • There are 62 open issues, some dating back to 2018.
  • There are 30 open pull requests, and the most recent commit to main was several months ago. Many of them are bug fixes, a few are security-related, the others appear to be feature requests and small improvements.
  • While the most recent release was fairly recent (October 14, 2023), these trends could suggest that maintaining this project is becoming challenging.

As someone who has submitted a few pull requests, I’ve also encountered difficulties contributing. For example, some existing tests appear to fail independently of my changes, which suggests the main branch might have unresolved issues. Additionally, the lack of responsiveness to PRs makes it harder to determine how best to proceed, whether that’s maintaining backward compatibility in my changes or potentially forking.

I completely understand that maintaining an open-source library, especially one that involves security-sensitive code like this, requires significant time and effort, often from contributors who are volunteering their time. I also recognize that this library spans both SP and IDP functionality, which broadens the scope significantly.

With this in mind, I wanted to kindly ask:

  • Are there plans for future maintenance or feature development for the library?
  • Would the project maintainers consider any strategies to help share the load, such as onboarding additional maintainers, triaging issues, or providing guidance on addressing failing tests?

I deeply appreciate the work that’s gone into this project and would love to see it continue thriving. If there’s anything I or others in the community can do to assist, I’d be happy to help brainstorm ways forward.

Thanks again for your efforts!
@joesiltberg
Copy link
Contributor

Tagging @crewjam just in case this issue hasn't been seen (sorry if you just haven't had time to respond!)

I might be able to help out as well if help is wanted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wz2b @joesiltberg