From my perspective it would be ideal if there were some automatable functional tests for this. I’m not advocating that these be something included in “mvn clean install” as that is running too long as it is. Given that I don’t have as much context as Larry, I have some questions about what this would take. Lets say we had permission to hit https://casserverpac4j.herokuapp.com/login as part of some low frequency automated tests (e.g. Once nighty). What static credentials and other test automation infrastructure would need to be implemented in support of this? I understand that the test suite would require at a minimum 1) a test driver 2) a protected mock UI and 3) an appropriately configured Knox 4) a profile enabled maven module 5) an Apache jenkins job but I’m sure I’m missing other things. I’m certainly willing to help setup the skeleton infrastructure (e.g. test driver, mock UI, maven module, jenkins job)
On 1/5/16, 2:54 PM, "larry mccay" <larry.mc...@gmail.com> wrote: >Okay, very good. >I've used TestShib for the picketlink provider - thanks for the pointers! > >On Tue, Jan 5, 2016 at 1:38 PM, Jérôme LELEU <lel...@gmail.com> wrote: > >> The online CAS server (https://casserverpac4j.herokuapp.com/login) uses >> the >> CAS protocol. SAML support can be tested using some online IdP like Okta, >> TestShib, OpenFeide, Ssocircle... >> >> >> 2016-01-05 17:32 GMT+01:00 larry mccay <larry.mc...@gmail.com>: >> >> > Great - thanks for that pointer! >> > >> > I will take a look at that and help drive the release related testing. >> > Merge testing will be gated on CAS server (is this SAML or CAS protocol?) >> > and testBasicAuth. >> > >> > On Tue, Jan 5, 2016 at 10:52 AM, Jérôme LELEU <lel...@gmail.com> wrote: >> > >> > > Hi, >> > > >> > > Glad to hear back from you! >> > > >> > > The core pac4j project is fully tested by unit tests (and some >> > integration >> > > tests I run for major version), then all pac4j implementations are each >> > > tested by the appropriate demo: j2e-pac4j-demo tests j2e-pac4j, >> > > spring-webmvc-pac4j-demo tests spring-webmvc-pac4j, etc. >> > > >> > > So if you take a look at: >> > > >> > > >> > >> https://github.com/pac4j/j2e-pac4j-demo/blob/master/src/main/java/org/pac4j/demo/j2e/config/DemoConfigFactory.java#L27 >> > > (for example), you have all the required information to test. >> > > >> > > I can do that on my own, but it can be good for the Knox community to >> > start >> > > working / testing the pac4j support. It's up to yoy. >> > > >> > > Thanks. >> > > Best regards, >> > > Jérôme >> > > >> > > >> > > 2016-01-05 16:11 GMT+01:00 larry mccay <larry.mc...@gmail.com>: >> > > >> > > > Hello Jérôme - >> > > > >> > > > Happy New Year! >> > > > >> > > > I am going to start reviewing your updates today, hopefully. >> > > > I was thinking that we need to start discussions on what the key >> > usecases >> > > > are and how to go about testing them. >> > > > We can certainly test the testBasicAuth and against the hosted CAS >> > server >> > > > but what about FB, openid, OAuth, etc? >> > > > >> > > > I'm not sure that FB would be a key feature but OpenID Connect and >> > OAuth >> > > > would be - as is SAML. >> > > > I think CAS buys us SAML testing - assuming that the configuration of >> > the >> > > > hosted server is actually a SAML 2 instance. >> > > > >> > > > What about the others? >> > > > >> > > > I don't know that we need to be able to test them all before merge >> but >> > > some >> > > > sort of manual verification would be great. >> > > > We would need to be able to test them before the next release which >> > would >> > > > be featuring the pac4j functionality. >> > > > >> > > > Maybe you can describe how you go about testing such things for the >> > pac4j >> > > > project itself? >> > > > >> > > > thanks, >> > > > >> > > > --larry >> > > > >> > > > >> > > > On Tue, Jan 5, 2016 at 9:55 AM, Jérôme LELEU <lel...@gmail.com> >> wrote: >> > > > >> > > > > Hi, >> > > > > >> > > > > Happy new year! >> > > > > >> > > > > A few days ago, I updated my patch of the pac4j gateway provider >> > > > according >> > > > > to all comments on https://issues.apache.org/jira/browse/KNOX-641 >> as >> > > > well >> > > > > as the documentation on KNOX-642. >> > > > > >> > > > > Is everything ok for the merge? >> > > > > >> > > > > Thanks. >> > > > > Best regards, >> > > > > Jérôme >> > > > > >> > > > > >> > > > > 2015-12-14 15:28 GMT+01:00 larry mccay <larry.mc...@gmail.com>: >> > > > > >> > > > > > Hi Jérôme - >> > > > > > >> > > > > > Not sure if you saw but I added review comments to KNOX-641. >> > > > > > >> > > > > > I think that we need to determine whether we want the >> testBasicAuth >> > > in >> > > > > the >> > > > > > provider itself. >> > > > > > >> > > > > > Let's follow up on the JIRA. >> > > > > > >> > > > > > thanks, >> > > > > > >> > > > > > --larry >> > > > > > >> > > > > > On Fri, Dec 11, 2015 at 8:44 AM, Jérôme LELEU <lel...@gmail.com> >> > > > wrote: >> > > > > > >> > > > > > > Hi, >> > > > > > > >> > > > > > > No problem. It can go into a version 0.8.0 if needed. The truth >> > is >> > > > that >> > > > > > > there is only one change outside the new pac4j module, so I >> think >> > > > risks >> > > > > > are >> > > > > > > extremly limited. >> > > > > > > >> > > > > > > Just let met know. >> > > > > > > >> > > > > > > Thanks. >> > > > > > > Best regards, >> > > > > > > Jérôme >> > > > > > > >> > > > > > > >> > > > > > > 2015-12-11 14:23 GMT+01:00 larry mccay <larry.mc...@gmail.com >> >: >> > > > > > > >> > > > > > > > Hi Jérôme - >> > > > > > > > >> > > > > > > > I have unfortunately not had a chance to pull, review and >> test >> > it >> > > > yet >> > > > > > and >> > > > > > > > have intended to do that today. >> > > > > > > > I apologize for the delay. >> > > > > > > > >> > > > > > > > I was actually thinking that this would go into a follow up >> > > release >> > > > > > that >> > > > > > > we >> > > > > > > > would try and get done rapidly after the 0.7.0 release but we >> > can >> > > > > > discuss >> > > > > > > > the target and its chances of destabilizing 0.7.0. >> > > > > > > > >> > > > > > > > I believe that it is rather self-contained with only a few >> > > changes >> > > > to >> > > > > > > > external modules. >> > > > > > > > >> > > > > > > > Opening the JIRAs is perfect and I was going to do that once >> I >> > > > > started >> > > > > > > the >> > > > > > > > review. >> > > > > > > > >> > > > > > > > Let's continue review comments and collaboration on those >> > JIRAs. >> > > > > > > > I will add you to the contributors list so that we can assign >> > > them >> > > > to >> > > > > > > you. >> > > > > > > > >> > > > > > > > Thank you for your contributions and your patience, Jérôme! >> > > > > > > > >> > > > > > > > --larry >> > > > > > > > >> > > > > > > > On Fri, Dec 11, 2015 at 3:00 AM, Jérôme LELEU < >> > lel...@gmail.com> >> > > > > > wrote: >> > > > > > > > >> > > > > > > > > Hi, >> > > > > > > > > >> > > > > > > > > I didn't get any new feedback on the pull request so I >> assume >> > > > > > > everything >> > > > > > > > is >> > > > > > > > > ok from your point of view. >> > > > > > > > > >> > > > > > > > > I released pac4j v1.8.1 and j2e-pac4j v1.2.1 so I updated >> the >> > > > pull >> > > > > > > > request >> > > > > > > > > to use them and successfully re-tested everything. >> > > > > > > > > >> > > > > > > > > I opened KNOX-641 and submitted the corresponding patch. >> > > > > > > > > >> > > > > > > > > I also wrote the documentation, opened KNOX-642 and >> submitted >> > > the >> > > > > > > > > corresponding patch (just to let you know that it doesn't >> > work >> > > > out >> > > > > of >> > > > > > > the >> > > > > > > > > box in Windows, I had to replace mvn.bat by mvn.cmd to make >> > ant >> > > > > > work). >> > > > > > > > > >> > > > > > > > > Even if the branch 0.7.0 has already been created, I >> assumed >> > > this >> > > > > new >> > > > > > > > pac4j >> > > > > > > > > provider will go into this version 0.7.0 (dependency on the >> > > > > > > > 0.7.0-SNAPSHOT >> > > > > > > > > parent version). >> > > > > > > > > >> > > > > > > > > Just let me know if everything is ok and when it's goind to >> > be >> > > > > > merged. >> > > > > > > > > >> > > > > > > > > Thanks. >> > > > > > > > > Best regards, >> > > > > > > > > Jérôme >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > 2015-12-04 14:20 GMT+01:00 larry mccay < >> > larry.mc...@gmail.com >> > > >: >> > > > > > > > > >> > > > > > > > > > That ability to configure multiple mechanisms based on >> > > > clientName >> > > > > > is >> > > > > > > > > really >> > > > > > > > > > interesting for Knox. >> > > > > > > > > > Currently, we require separate topologies per >> > authentication >> > > > > > > mechanism. >> > > > > > > > > > The ability to configure them all in one is really great. >> > > > > > > > > > >> > > > > > > > > > We would need to think through the best way to provide >> the >> > > > > > clientName >> > > > > > > > > > parameter. >> > > > > > > > > > Since this is targeting KnoxSSO it can actually be added >> to >> > > the >> > > > > > > > > providerURL >> > > > > > > > > > used to redirect from the participating application. >> > > > > > > > > > Regardless of the authentication mechanism used each >> > > > application >> > > > > > will >> > > > > > > > > still >> > > > > > > > > > get the same JWT based cookie. >> > > > > > > > > > >> > > > > > > > > > I think that should work really nicely. >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > On Fri, Dec 4, 2015 at 7:17 AM, larry mccay < >> > > > > larry.mc...@gmail.com >> > > > > > > >> > > > > > > > > wrote: >> > > > > > > > > > >> > > > > > > > > > > Excellent, Jérôme. >> > > > > > > > > > > Thanks! >> > > > > > > > > > > >> > > > > > > > > > > On Fri, Dec 4, 2015 at 2:40 AM, Jérôme LELEU < >> > > > lel...@gmail.com >> > > > > > >> > > > > > > > wrote: >> > > > > > > > > > > >> > > > > > > > > > >> Hi, >> > > > > > > > > > >> >> > > > > > > > > > >> I will write how to configure the pac4j provider in >> the >> > > > > > > > documentation, >> > > > > > > > > > but >> > > > > > > > > > >> I can already give you some insights. >> > > > > > > > > > >> >> > > > > > > > > > >> My main goal is always to respect the key design >> > > principles >> > > > of >> > > > > > > pac4j >> > > > > > > > > > >> whatever the environment / framework in which it is >> > > > > implemented. >> > > > > > > For >> > > > > > > > > > Knox, >> > > > > > > > > > >> I'm pretty happy with the use of the j2e-pac4j >> library, >> > > > which >> > > > > > > means >> > > > > > > > > that >> > > > > > > > > > >> almost all the pac4j features are available, >> especially >> > > both >> > > > > > > direct >> > > > > > > > > and >> > > > > > > > > > >> indirect clients. So it can do what Shiro already does >> > but >> > > > > also, >> > > > > > > as >> > > > > > > > we >> > > > > > > > > > >> agreed together, supports remote authentications. >> > > > > > > > > > >> >> > > > > > > > > > >> It is only limited by what you can currently >> configure. >> > > And >> > > > > even >> > > > > > > > > > >> configuration is a pac4j feature as the CAS server has >> > the >> > > > > same >> > > > > > > > need. >> > > > > > > > > > >> Everything happens in this class: >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >> https://github.com/pac4j/pac4j/blob/master/pac4j-config/src/main/java/org/pac4j/config/client/ConfigPropertiesFactory.java >> > > > > > > > > > >> , >> > > > > > > > > > >> which allows you to configure Facebook, Twitter, a CAS >> > > > > server, a >> > > > > > > > SAML >> > > > > > > > > > IdP >> > > > > > > > > > >> or an OpenID Connect provider. All the provided >> > parameters >> > > > to >> > > > > > the >> > > > > > > > > pac4j >> > > > > > > > > > >> provider are put into a Map and the >> > > ConfigPropertiesFactory >> > > > is >> > > > > > > built >> > > > > > > > > > with >> > > > > > > > > > >> this Map to return the built client (= authentication >> > > > > > mechanism). >> > > > > > > > > > >> >> > > > > > > > > > >> You have one more specific option for Knox as a basic >> > > > > > > authentication >> > > > > > > > > > popup >> > > > > > > > > > >> where the username must match the password, you can >> > define >> > > > > that >> > > > > > > by: >> > > > > > > > > > >> >> > > > > > > > > > >> <param> >> > > > > > > > > > >> <name>clientName</name> >> > > > > > > > > > >> <value>testBasicAuth</value> >> > > > > > > > > > >> </param> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> It's for testing only. >> > > > > > > > > > >> >> > > > > > > > > > >> For a CAS server: >> > > > > > > > > > >> >> > > > > > > > > > >> <param> >> > > > > > > > > > >> <name>cas.loginUrl</name> >> > > > > > > > > > >> <value>https://casserverpac4j.herokuapp.com/login >> > > </value> >> > > > > > > > > > >> </param> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> Here are all the properties available for building >> > clients >> > > > > > (their >> > > > > > > > > > meaning >> > > > > > > > > > >> is obvious): >> > > > > > > > > > >> >> > > > > > > > > > >> facebook.id >> > > > > > > > > > >> facebook.secret >> > > > > > > > > > >> facebook.scope >> > > > > > > > > > >> facebook.fields >> > > > > > > > > > >> twitter.id >> > > > > > > > > > >> twitter.secret >> > > > > > > > > > >> saml.keystorePassword >> > > > > > > > > > >> saml.privateKeyPassword >> > > > > > > > > > >> saml.keystorePath >> > > > > > > > > > >> saml.identityProviderMetadataPath >> > > > > > > > > > >> saml.maximumAuthenticationLifetime >> > > > > > > > > > >> saml.serviceProviderEntityId >> > > > > > > > > > >> saml.serviceProviderMetadataPath >> > > > > > > > > > >> cas.loginUrl >> > > > > > > > > > >> cas.protocol >> > > > > > > > > > >> oidc.id >> > > > > > > > > > >> oidc.secret >> > > > > > > > > > >> oidc.discoveryUri >> > > > > > > > > > >> oidc.customParamKey1 >> > > > > > > > > > >> oidc.customParamValue1 >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> If you define multiple clients, the first one will be >> > used >> > > > for >> > > > > > > > > > >> authentication, but you can explicitly choose the >> client >> > > you >> > > > > > want >> > > > > > > to >> > > > > > > > > use >> > > > > > > > > > >> via the clientName parameter, assuming you want to >> > switch >> > > > from >> > > > > > > > client >> > > > > > > > > > >> depending on environment for example. >> > > > > > > > > > >> >> > > > > > > > > > >> So if you want to add some new authentication >> mechanism, >> > > you >> > > > > > must >> > > > > > > > > first >> > > > > > > > > > >> check that it is available in pac4j (if it's not, it's >> > > > another >> > > > > > > > > > discussion, >> > > > > > > > > > >> but generally, it is). Then, you'll need to upgrade >> the >> > > > > > > > > > >> ConfigPropertiesFactory by submitting a new pull >> request >> > > to >> > > > > the >> > > > > > > > pac4j >> > > > > > > > > > >> project (I can do it myself, but I'm sure you could do >> > > that >> > > > > > > easily), >> > > > > > > > > > >> finally wait for the new pac4j release and switch >> pac4j >> > > > > versions >> > > > > > > in >> > > > > > > > > Knox >> > > > > > > > > > >> to >> > > > > > > > > > >> benefit from the new feature. >> > > > > > > > > > >> The good thing is that if someone related to the CAS >> > > server >> > > > > does >> > > > > > > the >> > > > > > > > > > same >> > > > > > > > > > >> thing for CAS (in pac4j), you will automatically get >> it >> > > when >> > > > > > > you'll >> > > > > > > > > > >> upgrade >> > > > > > > > > > >> pac4j. >> > > > > > > > > > >> >> > > > > > > > > > >> To go even further, replacing LDAP Shiro >> authentication >> > is >> > > > > just >> > > > > > a >> > > > > > > > > matter >> > > > > > > > > > >> of >> > > > > > > > > > >> making pac4j LDAP authentication available via >> > > configuration >> > > > > > > > > parameters. >> > > > > > > > > > >> >> > > > > > > > > > >> I hope it was clear enough. >> > > > > > > > > > >> >> > > > > > > > > > >> Thanks. >> > > > > > > > > > >> Best regards, >> > > > > > > > > > >> Jérôme >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> 2015-12-03 20:45 GMT+01:00 larry mccay < >> > > > larry.mc...@gmail.com >> > > > > >: >> > > > > > > > > > >> >> > > > > > > > > > >> > Excellent! >> > > > > > > > > > >> > >> > > > > > > > > > >> > I will carve out some time to do code review. >> > > > > > > > > > >> > We will need to get some insights into how to go >> about >> > > > > > testing: >> > > > > > > > > > >> > >> > > > > > > > > > >> > * is the CAS server going to be available for >> testing? >> > > > > > > > > > >> > * what are the specific and generic/standard (if >> any) >> > > > > > > > authentication >> > > > > > > > > > >> > mechanisms available - for instance: >> > > > > > > > > > >> > - Facebook, Google, LinkedIn and CAS are >> specifics >> > > > > > > > > > >> > - OAuth 2, OpenID Connect, SAML are >> > > generic/standards >> > > > - >> > > > > > that >> > > > > > > > may >> > > > > > > > > > be >> > > > > > > > > > >> > used for the above specifics... >> > > > > > > > > > >> > * how do we test things other than CAS - in terms of >> > > > getting >> > > > > > > > > > >> credentials, >> > > > > > > > > > >> > configuration, etc >> > > > > > > > > > >> > >> > > > > > > > > > >> > We could certainly do this is phases as well. >> > > > > > > > > > >> > >> > > > > > > > > > >> > If you can enumerate the things that should work and >> > > > provide >> > > > > > > some >> > > > > > > > > > >> testing >> > > > > > > > > > >> > details for CAS or as many as possible and OpenID >> > > Connect >> > > > > then >> > > > > > > we >> > > > > > > > > can >> > > > > > > > > > >> test >> > > > > > > > > > >> > the specific implementations that you provide and >> > enable >> > > > the >> > > > > > > > testing >> > > > > > > > > > of >> > > > > > > > > > >> > another OpenID Connect effort that is in the works >> in >> > > the >> > > > > > > > community. >> > > > > > > > > > >> > >> > > > > > > > > > >> > I'm not sure whether we want to commit contributions >> > > that >> > > > > are >> > > > > > > > > > dependent >> > > > > > > > > > >> on >> > > > > > > > > > >> > snapshots - we certainly can't release with any such >> > > > > > > dependencies. >> > > > > > > > > > >> > I would hate to add a cleanup task to a release to >> > make >> > > > sure >> > > > > > > there >> > > > > > > > > are >> > > > > > > > > > >> no >> > > > > > > > > > >> > snapshots in there. >> > > > > > > > > > >> > We will probably wait until after the pac4j releases >> > to >> > > > > > commit. >> > > > > > > > > > >> > >> > > > > > > > > > >> > I am really happy that this integration is happening >> > and >> > > > > that >> > > > > > it >> > > > > > > > > went >> > > > > > > > > > >> > rather smoothly. >> > > > > > > > > > >> > These sorts of authentication protocols are complex >> > and >> > > I >> > > > > > think >> > > > > > > we >> > > > > > > > > > >> lined up >> > > > > > > > > > >> > pretty well overall. >> > > > > > > > > > >> > >> > > > > > > > > > >> > Thanks for your work! >> > > > > > > > > > >> > >> > > > > > > > > > >> > On Thu, Dec 3, 2015 at 2:28 PM, Jérôme LELEU < >> > > > > > lel...@gmail.com> >> > > > > > > > > > wrote: >> > > > > > > > > > >> > >> > > > > > > > > > >> > > Hi, >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > I just sync'ed with master, cleaned dependencies >> and >> > > > added >> > > > > > > > missing >> > > > > > > > > > >> > > Javadocs. Everything works correctly now. Many >> > thanks. >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > The pull request is ready for a full code review: >> > > > > > > > > > >> > > https://github.com/apache/knox/pull/2 >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > I'll write the documentation after the pac4j >> > releases >> > > (I >> > > > > > hope >> > > > > > > > next >> > > > > > > > > > >> week). >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > Thanks. >> > > > > > > > > > >> > > Best regards, >> > > > > > > > > > >> > > Jérôme >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > 2015-12-02 19:18 GMT+01:00 larry mccay < >> > > > > > larry.mc...@gmail.com >> > > > > > > >: >> > > > > > > > > > >> > > >> > > > > > > > > > >> > > > Fixed in >> > > > https://issues.apache.org/jira/browse/KNOX-636 >> > > > > . >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > > On Wed, Dec 2, 2015 at 12:42 PM, larry mccay < >> > > > > > > > > > larry.mc...@gmail.com >> > > > > > > > > > >> > >> > > > > > > > > > >> > > > wrote: >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > > > Sure - I can file a JIRA and commit a fix. >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > The secret generation should be done in one >> > > instance >> > > > > and >> > > > > > > > > > >> replicated >> > > > > > > > > > >> > > > across >> > > > > > > > > > >> > > > > others. >> > > > > > > > > > >> > > > > This replication/management of the credential >> > > stores >> > > > > is >> > > > > > > > > outside >> > > > > > > > > > of >> > > > > > > > > > >> > the >> > > > > > > > > > >> > > > > scope of Knox itself as of now. >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > Documentation is done in markdown and is >> > > > contributing >> > > > > > > > details >> > > > > > > > > > are >> > > > > > > > > > >> > > > > available at: >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > >> > > > > > > > > > >> > >> > > > > > > > > > >> >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >> https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > Which should give you a general idea. >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > Find an example like: ./trunk/books/0.7.0/ >> > > > > > > > > > >> > > config_preauth_sso_provider.md >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > For an example of typical content and format. >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > Here is how that example renders: >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > >> > > > > > > > > > >> > >> > > > > > > > > > >> >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >> http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > You'll need to tie it into the rest of the >> book >> > - >> > > > just >> > > > > > > grep >> > > > > > > > > for >> > > > > > > > > > >> where >> > > > > > > > > > >> > > > that >> > > > > > > > > > >> > > > > filename is referenced. >> > > > > > > > > > >> > > > > To test how it renders build the site with: >> > "ant" >> > > > and >> > > > > > note >> > > > > > > > the >> > > > > > > > > > >> url to >> > > > > > > > > > >> > > the >> > > > > > > > > > >> > > > > 0.7.0 book. >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > On Wed, Dec 2, 2015 at 12:12 PM, Jérôme LELEU >> < >> > > > > > > > > lel...@gmail.com >> > > > > > > > > > > >> > > > > > > > > > >> > > wrote: >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > >> Hi, >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> Why it doesn't work for pac4j while it works >> > for >> > > > > others >> > > > > > > is >> > > > > > > > a >> > > > > > > > > > bit >> > > > > > > > > > >> > > strange >> > > > > > > > > > >> > > > >> to >> > > > > > > > > > >> > > > >> me, but if you have the patch in front of >> your >> > > > eyes, >> > > > > > I'd >> > > > > > > > > rather >> > > > > > > > > > >> > prefer >> > > > > > > > > > >> > > > you >> > > > > > > > > > >> > > > >> to commit it. In all cases, I'll sync with >> the >> > > > > master. >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> There was one question you didn't answer >> > > > previously: >> > > > > is >> > > > > > > the >> > > > > > > > > > >> password >> > > > > > > > > > >> > > > >> generated for the pac4j provider the same >> > across >> > > > all >> > > > > > > > gateway >> > > > > > > > > > >> > > instances? >> > > > > > > > > > >> > > > >> Because I expect to have the same value as I >> > use >> > > it >> > > > > to >> > > > > > > > > encrypt >> > > > > > > > > > / >> > > > > > > > > > >> > > decrypt >> > > > > > > > > > >> > > > >> data. >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> I will add the Javadoc. After that, you can >> > > review >> > > > > the >> > > > > > > pull >> > > > > > > > > > >> request >> > > > > > > > > > >> > > more >> > > > > > > > > > >> > > > >> completely. >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> What do you expect for the documentation? >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> Notice that pac4j dependencies are still >> > > snapshots, >> > > > > but >> > > > > > > > they >> > > > > > > > > > >> will be >> > > > > > > > > > >> > > > >> released in a week or two. >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> Thanks. >> > > > > > > > > > >> > > > >> Best regards, >> > > > > > > > > > >> > > > >> Jérôme >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> 2015-12-02 17:51 GMT+01:00 larry mccay < >> > > > > > > > > larry.mc...@gmail.com >> > > > > > > > > > >: >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> > Jérôme - >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> > If you would like to add that change as >> part >> > of >> > > > > your >> > > > > > > > patch >> > > > > > > > > or >> > > > > > > > > > >> as a >> > > > > > > > > > >> > > > >> > separately filed JIRA to fix a bug that >> would >> > > > > > certainly >> > > > > > > > be >> > > > > > > > > > >> > welcomed. >> > > > > > > > > > >> > > > >> > Otherwise, I can do it. >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> > Let me know. >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> > thanks, >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> > --larry >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> > On Wed, Dec 2, 2015 at 11:44 AM, larry >> mccay >> > < >> > > > > > > > > > >> > larry.mc...@gmail.com >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > > >> > wrote: >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> > > Okay - I had to add an override of >> > > > > > getUserPrincipal() >> > > > > > > > to >> > > > > > > > > > the >> > > > > > > > > > >> > > > >> > > IdentityAsserterHttpServletRequestWrapper >> > and >> > > > > > return >> > > > > > > > the >> > > > > > > > > > >> member >> > > > > > > > > > >> > > > >> variable >> > > > > > > > > > >> > > > >> > > username and it works like a charm. >> > > > > > > > > > >> > > > >> > > >> > > > > > > > > > >> > > > >> > > Why I haven't seen this same behavior >> with >> > > > other >> > > > > > > > > providers >> > > > > > > > > > >> is a >> > > > > > > > > > >> > > bit >> > > > > > > > > > >> > > > >> of a >> > > > > > > > > > >> > > > >> > > mystery but they must be adding other >> > > wrappers >> > > > > that >> > > > > > > > > handle >> > > > > > > > > > >> it. >> > > > > > > > > > >> > > > >> > > This is quite cool, Jérôme! >> > > > > > > > > > >> > > > >> > > >> > > > > > > > > > >> > > > >> > > On Wed, Dec 2, 2015 at 10:41 AM, larry >> > mccay >> > > < >> > > > > > > > > > >> > > larry.mc...@gmail.com >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > >> > > wrote: >> > > > > > > > > > >> > > > >> > > >> > > > > > > > > > >> > > > >> > >> That was it - thanks! >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> > >> On Wed, Dec 2, 2015 at 10:20 AM, Jérôme >> > > LELEU >> > > > < >> > > > > > > > > > >> > lel...@gmail.com> >> > > > > > > > > > >> > > > >> wrote: >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> > >>> This is my exact command line: mvn >> > > -Prelease >> > > > > > clean >> > > > > > > > > > install >> > > > > > > > > > >> > > > >> -DskipTests >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >>> You use an internal Maven repository to >> > > fetch >> > > > > > > > > > dependencies >> > > > > > > > > > >> > from >> > > > > > > > > > >> > > > >> > internet: >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > >> > > > > > > > >> > > http://nexus-private.hortonworks.com/nexus/content/groups/public/ >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >>> Does this repository have access to the >> > > > remote >> > > > > > > > > Snapshots >> > > > > > > > > > >> > > Sonatype >> > > > > > > > > > >> > > > >> repo? >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >>> 2015-12-02 16:16 GMT+01:00 larry mccay >> < >> > > > > > > > > > >> larry.mc...@gmail.com >> > > > > > > > > > >> > >: >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >>> > hmmm - I used: >> > > > > > > > > > >> > > > >> > >>> > >> > > > > > > > > > >> > > > >> > >>> > mvn clean install -DskipTests=true >> > > > -Prelease >> > > > > > > > > > >> > > > >> > >>> > >> > > > > > > > > > >> > > > >> > >>> > The repository entry is in there >> > already. >> > > > > > > > > > >> > > > >> > >>> > No worky. >> > > > > > > > > > >> > > > >> > >>> > >> > > > > > > > > > >> > > > >> > >>> > On Wed, Dec 2, 2015 at 10:12 AM, >> Jérôme >> > > > > LELEU < >> > > > > > > > > > >> > > lel...@gmail.com >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > >> > >>> wrote: >> > > > > > > > > > >> > > > >> > >>> > >> > > > > > > > > > >> > > > >> > >>> > > Hi, >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > You need the j2e-pac4j dependencies >> > as >> > > > well >> > > > > > as >> > > > > > > > the >> > > > > > > > > > >> pac4j-* >> > > > > > > > > > >> > > > >> > >>> dependencies, >> > > > > > > > > > >> > > > >> > >>> > > but you don't need to build them >> > > locally >> > > > > > > > > (hopefully). >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > But you need a dependency on the >> > > Sonatype >> > > > > > > > snapshots >> > > > > > > > > > >> > > repository >> > > > > > > > > > >> > > > >> > >>> (where the >> > > > > > > > > > >> > > > >> > >>> > > snapshot versions are hosted), >> which >> > is >> > > > > added >> > > > > > > for >> > > > > > > > > > >> Maven in >> > > > > > > > > > >> > > the >> > > > > > > > > > >> > > > >> root >> > > > > > > > > > >> > > > >> > >>> > > pom.xml: >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > >> > > > > > > > > > >> > >> > > > > > > > > > >> >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >> https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123 >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > If you use Ant for the build, there >> > is >> > > > > maybe >> > > > > > a >> > > > > > > > > glitch >> > > > > > > > > > >> to >> > > > > > > > > > >> > > find >> > > > > > > > > > >> > > > >> the >> > > > > > > > > > >> > > > >> > >>> > Sonatype >> > > > > > > > > > >> > > > >> > >>> > > Maven repo. >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > Thanks. >> > > > > > > > > > >> > > > >> > >>> > > Best regards, >> > > > > > > > > > >> > > > >> > >>> > > Jérôme >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > 2015-12-02 16:06 GMT+01:00 larry >> > mccay >> > > < >> > > > > > > > > > >> > > larry.mc...@gmail.com >> > > > > > > > > > >> > > > >: >> > > > > > > > > > >> > > > >> > >>> > > >> > > > > > > > > > >> > > > >> > >>> > > > Oh - do I need to build j2e-pac4 >> > > > locally >> > > > > in >> > > > > > > > order >> > > > > > > > > > to >> > > > > > > > > > >> > > resolve >> > > > > > > > > > >> > > > >> the >> > > > > > > > > > >> > > > >> > >>> > > > dependencies? >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > > > > > > > >> > > > >> > >>> > > > [ERROR] Failed to execute goal on >> > > > project >> > > > > > > > > > >> > > > >> > >>> > > gateway-provider-security-pac4j: >> > > > > > > > > > >> > > > >> > >>> > > > Could not resolve dependencies >> for >> > > > > project >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > > > org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT: >> > > > > > > > > > >> > > > >> The >> > > > > > > > > > >> > > > >> > >>> > > > following artifacts could not be >> > > > > resolved: >> > > > > > > > > > >> > > > >> > >>> > > > >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT, >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT, >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT: >> > > > > > > > Could >> > > > > > > > > > not >> > > > > > > > > > >> > find >> > > > > > > > > > >> > > > >> > artifact >> > > > > > > > > > >> > > > >> > >>> > > > >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT >> > > > in >> > > > > > > > public >> > > > > > > > > ( >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> >> > > > > > >> http://nexus-private.hortonworks.com/nexus/content/groups/public/ >> > > > > > > > > > >> > ) >> > > > > > > > > > >> > > > >> > >>> -> >> > > > > > > > > > >> > > > >> > >>> > > > [Help >> > > > > > > > > > >> > > > >> > >>> > > > 1] >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > > > > > > > >> > > > >> > >>> > > > On Wed, Dec 2, 2015 at 10:05 AM, >> > > larry >> > > > > > mccay >> > > > > > > < >> > > > > > > > > > >> > > > >> > >>> larry.mc...@gmail.com> >> > > > > > > > > > >> > > > >> > >>> > > > wrote: >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > > > > > > > >> > > > >> > >>> > > > > gateway-provider-security-pac4j >> > > > doesn't >> > > > > > > > build - >> > > > > > > > > > do >> > > > > > > > > > >> you >> > > > > > > > > > >> > > > have >> > > > > > > > > > >> > > > >> a >> > > > > > > > > > >> > > > >> > >>> pending >> > > > > > > > > > >> > > > >> > >>> > > > > change for your pom.xml or >> > > something? >> > > > > > > > > > >> > > > >> > >>> > > > > >> > > > > > > > > > >> > > > >> > >>> > >> > > > > > > > > > >> > > > >> > >>> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> > > >> > > > > > > > > > >> > > > >> > >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > > >> > > > > > > > > > >> > > > >> > > > > > > > > > >> > > >> > > > > > > > > > >> > >> > > > > > > > > > >> >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >>
