Excellent!
I will carve out some time to do code review.
We will need to get some insights into how to go about testing:
* is the CAS server going to be available for testing?
* what are the specific and generic/standard (if any) authentication
mechanisms available - for instance:
- Facebook, Google, LinkedIn and CAS are specifics
- OAuth 2, OpenID Connect, SAML are generic/standards - that may be
used for the above specifics...
* how do we test things other than CAS - in terms of getting credentials,
configuration, etc
We could certainly do this is phases as well.
If you can enumerate the things that should work and provide some testing
details for CAS or as many as possible and OpenID Connect then we can test
the specific implementations that you provide and enable the testing of
another OpenID Connect effort that is in the works in the community.
I'm not sure whether we want to commit contributions that are dependent on
snapshots - we certainly can't release with any such dependencies.
I would hate to add a cleanup task to a release to make sure there are no
snapshots in there.
We will probably wait until after the pac4j releases to commit.
I am really happy that this integration is happening and that it went
rather smoothly.
These sorts of authentication protocols are complex and I think we lined up
pretty well overall.
Thanks for your work!
On Thu, Dec 3, 2015 at 2:28 PM, Jérôme LELEU <lel...@gmail.com> wrote:
> Hi,
>
> I just sync'ed with master, cleaned dependencies and added missing
> Javadocs. Everything works correctly now. Many thanks.
>
> The pull request is ready for a full code review:
> https://github.com/apache/knox/pull/2
>
> I'll write the documentation after the pac4j releases (I hope next week).
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2015-12-02 19:18 GMT+01:00 larry mccay <larry.mc...@gmail.com>:
>
> > Fixed in https://issues.apache.org/jira/browse/KNOX-636.
> >
> > On Wed, Dec 2, 2015 at 12:42 PM, larry mccay <larry.mc...@gmail.com>
> > wrote:
> >
> > > Sure - I can file a JIRA and commit a fix.
> > >
> > > The secret generation should be done in one instance and replicated
> > across
> > > others.
> > > This replication/management of the credential stores is outside of the
> > > scope of Knox itself as of now.
> > >
> > > Documentation is done in markdown and is contributing details are
> > > available at:
> > >
> >
> https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow
> > >
> > > Which should give you a general idea.
> > >
> > > Find an example like: ./trunk/books/0.7.0/
> config_preauth_sso_provider.md
> > >
> > > For an example of typical content and format.
> > >
> > > Here is how that example renders:
> > >
> >
> http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider
> > >
> > > You'll need to tie it into the rest of the book - just grep for where
> > that
> > > filename is referenced.
> > > To test how it renders build the site with: "ant" and note the url to
> the
> > > 0.7.0 book.
> > >
> > >
> > > On Wed, Dec 2, 2015 at 12:12 PM, Jérôme LELEU <lel...@gmail.com>
> wrote:
> > >
> > >> Hi,
> > >>
> > >> Why it doesn't work for pac4j while it works for others is a bit
> strange
> > >> to
> > >> me, but if you have the patch in front of your eyes, I'd rather prefer
> > you
> > >> to commit it. In all cases, I'll sync with the master.
> > >>
> > >> There was one question you didn't answer previously: is the password
> > >> generated for the pac4j provider the same across all gateway
> instances?
> > >> Because I expect to have the same value as I use it to encrypt /
> decrypt
> > >> data.
> > >>
> > >> I will add the Javadoc. After that, you can review the pull request
> more
> > >> completely.
> > >>
> > >> What do you expect for the documentation?
> > >>
> > >> Notice that pac4j dependencies are still snapshots, but they will be
> > >> released in a week or two.
> > >>
> > >> Thanks.
> > >> Best regards,
> > >> Jérôme
> > >>
> > >>
> > >> 2015-12-02 17:51 GMT+01:00 larry mccay <larry.mc...@gmail.com>:
> > >>
> > >> > Jérôme -
> > >> >
> > >> > If you would like to add that change as part of your patch or as a
> > >> > separately filed JIRA to fix a bug that would certainly be welcomed.
> > >> > Otherwise, I can do it.
> > >> >
> > >> > Let me know.
> > >> >
> > >> > thanks,
> > >> >
> > >> > --larry
> > >> >
> > >> > On Wed, Dec 2, 2015 at 11:44 AM, larry mccay <larry.mc...@gmail.com
> >
> > >> > wrote:
> > >> >
> > >> > > Okay - I had to add an override of getUserPrincipal() to the
> > >> > > IdentityAsserterHttpServletRequestWrapper and return the member
> > >> variable
> > >> > > username and it works like a charm.
> > >> > >
> > >> > > Why I haven't seen this same behavior with other providers is a
> bit
> > >> of a
> > >> > > mystery but they must be adding other wrappers that handle it.
> > >> > > This is quite cool, Jérôme!
> > >> > >
> > >> > > On Wed, Dec 2, 2015 at 10:41 AM, larry mccay <
> larry.mc...@gmail.com
> > >
> > >> > > wrote:
> > >> > >
> > >> > >> That was it - thanks!
> > >> > >>
> > >> > >> On Wed, Dec 2, 2015 at 10:20 AM, Jérôme LELEU <lel...@gmail.com>
> > >> wrote:
> > >> > >>
> > >> > >>> This is my exact command line: mvn -Prelease clean install
> > >> -DskipTests
> > >> > >>>
> > >> > >>> You use an internal Maven repository to fetch dependencies from
> > >> > internet:
> > >> > >>>
> http://nexus-private.hortonworks.com/nexus/content/groups/public/
> > >> > >>>
> > >> > >>> Does this repository have access to the remote Snapshots
> Sonatype
> > >> repo?
> > >> > >>>
> > >> > >>>
> > >> > >>>
> > >> > >>> 2015-12-02 16:16 GMT+01:00 larry mccay <larry.mc...@gmail.com>:
> > >> > >>>
> > >> > >>> > hmmm - I used:
> > >> > >>> >
> > >> > >>> > mvn clean install -DskipTests=true -Prelease
> > >> > >>> >
> > >> > >>> > The repository entry is in there already.
> > >> > >>> > No worky.
> > >> > >>> >
> > >> > >>> > On Wed, Dec 2, 2015 at 10:12 AM, Jérôme LELEU <
> lel...@gmail.com
> > >
> > >> > >>> wrote:
> > >> > >>> >
> > >> > >>> > > Hi,
> > >> > >>> > >
> > >> > >>> > > You need the j2e-pac4j dependencies as well as the pac4j-*
> > >> > >>> dependencies,
> > >> > >>> > > but you don't need to build them locally (hopefully).
> > >> > >>> > >
> > >> > >>> > > But you need a dependency on the Sonatype snapshots
> repository
> > >> > >>> (where the
> > >> > >>> > > snapshot versions are hosted), which is added for Maven in
> the
> > >> root
> > >> > >>> > > pom.xml:
> > >> > >>> > >
> > >> > >>> > >
> > >> > >>> >
> > >> > >>>
> > >> >
> > >>
> >
> https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123
> > >> > >>> > >
> > >> > >>> > > If you use Ant for the build, there is maybe a glitch to
> find
> > >> the
> > >> > >>> > Sonatype
> > >> > >>> > > Maven repo.
> > >> > >>> > >
> > >> > >>> > > Thanks.
> > >> > >>> > > Best regards,
> > >> > >>> > > Jérôme
> > >> > >>> > >
> > >> > >>> > >
> > >> > >>> > > 2015-12-02 16:06 GMT+01:00 larry mccay <
> larry.mc...@gmail.com
> > >:
> > >> > >>> > >
> > >> > >>> > > > Oh - do I need to build j2e-pac4 locally in order to
> resolve
> > >> the
> > >> > >>> > > > dependencies?
> > >> > >>> > > >
> > >> > >>> > > > [ERROR] Failed to execute goal on project
> > >> > >>> > > gateway-provider-security-pac4j:
> > >> > >>> > > > Could not resolve dependencies for project
> > >> > >>> > > >
> > >> > >>>
> > org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT:
> > >> The
> > >> > >>> > > > following artifacts could not be resolved:
> > >> > >>> > > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT,
> > >> > >>> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT,
> > >> > >>> > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT: Could not find
> > >> > artifact
> > >> > >>> > > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT in public (
> > >> > >>> > > >
> > >> > http://nexus-private.hortonworks.com/nexus/content/groups/public/)
> > >> > >>> ->
> > >> > >>> > > > [Help
> > >> > >>> > > > 1]
> > >> > >>> > > >
> > >> > >>> > > > On Wed, Dec 2, 2015 at 10:05 AM, larry mccay <
> > >> > >>> larry.mc...@gmail.com>
> > >> > >>> > > > wrote:
> > >> > >>> > > >
> > >> > >>> > > > > gateway-provider-security-pac4j doesn't build - do you
> > have
> > >> a
> > >> > >>> pending
> > >> > >>> > > > > change for your pom.xml or something?
> > >> > >>> > > > >
> > >> > >>> >
> > >> > >>>
> > >> > >>
> > >> > >>
> > >> > >
> > >> >
> > >>
> > >
> > >
> >
>
