mike-jumper commented on PR #915: URL: https://github.com/apache/guacamole-client/pull/915#issuecomment-1749823340
> I've extracted the `SSOAuthenticationSession` and related classes from the SSO base module and put those up in `guacamole-ext` so that I can re-use them in the Duo module. It was a reasonably clean move, I think? Sounds good to me. Does this solve the issue you mention above regarding losing auth state in the redirect to/from Duo? > I've had to disable the Maven Enforcer plugin for the Duo module. See [Upgrade OkHttp dependency to 4.3+ duosecurity/duo_universal_java#23](https://github.com/duosecurity/duo_universal_java/issues/23) and [Dependency version conflict duosecurity/duo_universal_java#18](https://github.com/duosecurity/duo_universal_java/issues/18) for discussion and information on this. We've had to fix similar issues before from other dependencies through explicitly choosing a version of the conflicting dependency and adding an override. For example: https://github.com/apache/guacamole-client/blob/e75c79f57c642c36c2cff06bacd42aaee7af01f0/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/pom.xml#L61-L67 https://github.com/apache/guacamole-client/blob/e75c79f57c642c36c2cff06bacd42aaee7af01f0/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/pom.xml#L113-L119 Perhaps that would work here? I don't think we should disable Maven Enforcer for any of the modules, as it exists to prevent weird breakage from occurring when two versions of the same dependency get YOLO'd together in the same classpath, when something expects dependency version X but actually gets version Y, etc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
