Committed to master in a9e8a35f36fc502b002cc54f047ad81ab3317a11.

After discussion on the dev call today we agreed that the impact to deployers is minimal and can be covered in release notes, so the code on this branch will be committed to master. I plan to write up release notes prior to closing the issue.

Thank you. I was actually planning to attend to discuss this issue, so works beautifully.

@Marvin Addison, I put this on tomorrow's agenda for any final discussion, don't know if you're able to join or not.

It doesn't seem too extensive a change in the user file. You mentioned there's a deprecation of one component and a replacement added. If the old one still "works" given the original configuration without this feature added that's all fine, just make sure to add a deprecation warning to the old class via DeprecationSupport, probably in an initialization method.

If that's not possible and the original component just doesn't work now, I'd have to talk it through further to understand the options.

As far as the changes to the file, removing a commented out bean is obviously fine since that just changes examples that aren't even enabled.

The other addition is also fine unless you have wiring internally that fails if that shibboleth.CASProxyTrustedCertificates bean isn't defined. In that case, what you want to do is either make sure the injection spot in the wiring uses #{getObject('shibboleth.CASProxyTrustedCertificates')} and can take a null and then it works either way.

If that's not an option due to some nullable constraint that can't be changed, then you just conditionally inject either that bean or an empty list bean defined internally to make sure something gets injected properly.

Does that help?