Hi Jérôme -
Thanks for the updated docs - I will take a look today.
I am currently still trying to test okta and stuck in a redirect loop.
Did you have to change anything in order to get the
request.getParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER)
set for the callbacks from okta? It is null in my environment and therefore
it moves on to the following:
// otherwise just apply security and requires authentication
// apply RequiresAuthenticationFilter
requiresAuthenticationFilter.doFilter(servletRequest,
servletResponse, filterChain);
which obviously results in the redirect loop.
Curious whether you ran into that...
thanks,
--larry
On Fri, Jan 15, 2016 at 4:00 AM, Jérôme LELEU <lel...@gmail.com> wrote:
> Hi,
>
> I just uploaded a new patch for the documentation with the links pointing
> to the pac4j wiki. It should be clearer.
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2016-01-14 13:20 GMT+01:00 larry mccay <lmc...@apache.org>:
>
> > That sounds pretty reasonable.
> > I will likely document a few of the integrations that are possible in
> > blogs/tutorials anyway.
> >
> > I don't want testing of Knox at release time to have to jump around to
> much
> > in order to be able to test.
> > I think we can make that all good though.
> >
> > I will see what I can do with okta today.
> >
> > On Thu, Jan 14, 2016 at 5:00 AM, Jérôme LELEU <lel...@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > Yes, the documentation is a bit too light. But you guessed it right: we
> > > need to have a keystore for encryption.
> > >
> > > The saml.identityProviderMetadataPath can point to a local resource or
> > to a
> > > remote one, using the right prefix: resource:, file: or an url (by
> > default,
> > > it is a file path). This must be documented though.
> > >
> > > With Okta, I used the defined url (Single Sign On URL = Recipient URL =
> > > Destination URL) for the serviceProviderEntityId, but I think it may
> > > depends on IdP as well. Reading the spec, it must be an URI, but I'm
> not
> > > sure if the SP metadata should be really available on this url. For
> Okta,
> > > it doesn't matter.
> > >
> > > According to your SAML configuration, the SP metadata will be generated
> > > somewhere and this somewhere can be defined via the
> > > serviceProviderMetadataPath parameter. You generally need to update
> your
> > > metadata to the IdP (not required for Okta though). Both the SP and IdP
> > > must know each other.
> > >
> > > When writing the documentation, I went fast on these parameters with
> the
> > > feeling they were regular ones, but indeed, the description in the Knox
> > > manual is not enough. This is somehow a bit normal as the real
> > > documentation for SAML is on the SAML wiki:
> > > https://github.com/pac4j/pac4j/wiki/Clients#details-for-saml-support
> > >
> > > So I propose to keep the Knox documentation mostly "as is", but add
> links
> > > to the pac4j wiki (where I could more easily made updates). All pac4j
> > > integrations need this documentation so it's better to centralize it,
> > from
> > > my point of view. What do you think?
> > >
> > > Thanks.
> > > Best regards,
> > > Jérôme
> > >
> > >
> > >
> > > 2016-01-13 19:37 GMT+01:00 larry mccay <lmc...@apache.org>:
> > >
> > > > Hi Jérôme -
> > > >
> > > > I'm trying to configure the pac4j provider for an okta "application"
> > > that I
> > > > created.
> > > > The following (from KNOX-642 docs patch) isn't quite enough to make
> it
> > > > clear to me how to go about doing so:
> > > >
> > > > +saml.keystorePassword | Password of the keystore
> (storepass)
> > > > +saml.privateKeyPassword | Password for the private key
> > > (keypass)
> > > > +saml.keystorePath | Path of the keystore
> > > > +saml.identityProviderMetadataPath | Path of the identity
> > > > provider metadata
> > > > +saml.maximumAuthenticationLifetime | Maximum lifetime for
> > > > authentication
> > > > +saml.serviceProviderEntityId | Identifier of the service
> > > > provider
> > > > +saml.serviceProviderMetadataPath | Path of the service
> > > provider
> > > > metadata
> > > >
> > > > I assume that I can use the gateway.jks keystore and the
> > gateway-identity
> > > > keypair to do the request signing and that that information is what
> is
> > > > needed for the first 3 params. Unfortunately, I don't see any use of
> > > > gateway services to get the master secret therefore it needs to be in
> > > clear
> > > > text here. This won't work - but may not be a show stopper for
> > committing
> > > > to master as long as we follow up with a fix.
> > > >
> > > > Can saml.identityProviderMetadataPath point to a remote location or
> > does
> > > it
> > > > have to be local to the SP application. This would likely require it
> to
> > > be
> > > > on the local filesystem, provisioned by the contributor into the
> > > generated
> > > > web app or in some central location via NFS or something like that.
> > > >
> > > > The okta application that I created is called KnoxSSO - is that the
> > value
> > > > for saml.serviceProviderEntityId?
> > > >
> > > > The saml.serviceProviderMetadataPath has the same questions as the
> > > metadata
> > > > for the IDP. In addition, is there a sample metadata file that we can
> > > > provide for the use of pac4j with KnoxSSO?
> > > >
> > > > I think that getting this working and clean (no clear text passwords)
> > > will
> > > > make a great feature and blog for featuring pac4j provider and the
> > 0.8.0
> > > > release. So, let's try and iron this out clearly.
> > > >
> > > > I would really like to get this working and committed in the next
> > couple
> > > > days to free us up for follow up items. In particular we need time to
> > > > figure out whether the identity assertion providers that we currently
> > > have
> > > > will suffice for an apache release that is featuring this new
> > > > functionality.
> > > >
> > > > I will also add the above comments/questions to the JIRA for
> > visibility.
> > > >
> > > > thanks,
> > > >
> > > > --larry
> > > >
> > > > On Fri, Jan 8, 2016 at 12:40 PM, larry mccay <lmc...@apache.org>
> > wrote:
> > > >
> > > > > Jérôme -
> > > > >
> > > > > My testing of OpenID Connect is blocked.
> > > > > Can you see the comments in KNOX-641?
> > > > >
> > > > > thanks,
> > > > >
> > > > > --larry
> > > > >
> > > > > On Wed, Jan 6, 2016 at 2:30 PM, larry mccay <larry.mc...@gmail.com
> >
> > > > wrote:
> > > > >
> > > > >> Jérôme -
> > > > >>
> > > > >> Please see the comments on KNOX-641.
> > > > >>
> > > > >> thanks,
> > > > >>
> > > > >> --larry
> > > > >>
> > > > >> On Wed, Jan 6, 2016 at 11:24 AM, Kevin Minder <
> > > > >> kevin.min...@hortonworks.com> wrote:
> > > > >>
> > > > >>> I can certainly appreciate the issue of including external
> > resources
> > > in
> > > > >>> automated tests. Nothing has driven me more crazy over the
> years.
> > > The
> > > > >>> flip side of this of course is not finding out about a breakage
> > until
> > > > >>> someone is willing to go through the manual testing which will
> > > > typically
> > > > >>> happen just before a release. Also the implication is that these
> > > > testing
> > > > >>> procedures must be very will documented so that they can be
> > continue
> > > > to be
> > > > >>> run once any of us are no longer active in the project.
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> On 1/6/16, 2:12 AM, "Jérôme LELEU" <lel...@gmail.com> wrote:
> > > > >>>
> > > > >>> >Hi,
> > > > >>> >
> > > > >>> >Yes, you can hit the CAS server at Heroku. Notice it's a Heroku
> > free
> > > > >>> server
> > > > >>> >so it needs to be re-activated first (it takes a couple of
> > seconds).
> > > > So
> > > > >>> for
> > > > >>> >a UI test, you should first hit it, wait 30 seconds and then
> > perform
> > > > the
> > > > >>> >test.
> > > > >>> >
> > > > >>> >Just my 2 cents:
> > > > >>> >Using automated UI tests was my first strategy for pac4j but I
> > > > finally
> > > > >>> >gave up because public providers change very often, at least
> > enough
> > > to
> > > > >>> make
> > > > >>> >the maintenance tests a nightmare. Currently, I'm using manual
> > tests
> > > > >>> (the
> > > > >>> >same for all demos), it takes me around 5 minutes to play them
> all
> > > by
> > > > >>> hand
> > > > >>> >(for a demo) and I launched manually the UI tests I have for
> every
> > > > major
> > > > >>> >pac4j release. Just to say UI tests are not that easy. For a CAS
> > > > server,
> > > > >>> >it's fairly feasible as the CAS server and protocol change
> rarely.
> > > > >>> >That's why for Knox, I did some compromise with a simulated web
> > test
> > > > >>> (based
> > > > >>> >on the basic auth). See:
> > > > >>> >
> > > > >>>
> > > >
> > >
> >
> https://github.com/apache/knox/pull/2/files#diff-d0c880ca71b310dbe57975c577535e97R47
> > > > >>> >
> > > > >>> >Thanks.
> > > > >>> >Best regards,
> > > > >>> >Jérôme
> > > > >>> >
> > > > >>> >
> > > > >>> >
> > > > >>> >2016-01-05 21:20 GMT+01:00 Kevin Minder <
> > > kevin.min...@hortonworks.com
> > > > >:
> > > > >>> >
> > > > >>> >> From my perspective it would be ideal if there were some
> > > automatable
> > > > >>> >> functional tests for this. I’m not advocating that these be
> > > > something
> > > > >>> >> included in “mvn clean install” as that is running too long as
> > it
> > > > is.
> > > > >>> >> Given that I don’t have as much context as Larry, I have some
> > > > >>> questions
> > > > >>> >> about what this would take. Lets say we had permission to hit
> > > > >>> >> https://casserverpac4j.herokuapp.com/login as part of some
> low
> > > > >>> frequency
> > > > >>> >> automated tests (e.g. Once nighty). What static credentials
> and
> > > > >>> other test
> > > > >>> >> automation infrastructure would need to be implemented in
> > support
> > > of
> > > > >>> this?
> > > > >>> >> I understand that the test suite would require at a minimum
> > > > >>> >> 1) a test driver
> > > > >>> >> 2) a protected mock UI and
> > > > >>> >> 3) an appropriately configured Knox
> > > > >>> >> 4) a profile enabled maven module
> > > > >>> >> 5) an Apache jenkins job
> > > > >>> >> but I’m sure I’m missing other things. I’m certainly willing
> to
> > > > help
> > > > >>> >> setup the skeleton infrastructure (e.g. test driver, mock UI,
> > > maven
> > > > >>> module,
> > > > >>> >> jenkins job)
> > > > >>> >>
> > > > >>> >>
> > > > >>> >>
> > > > >>> >> On 1/5/16, 2:54 PM, "larry mccay" <larry.mc...@gmail.com>
> > wrote:
> > > > >>> >>
> > > > >>> >> >Okay, very good.
> > > > >>> >> >I've used TestShib for the picketlink provider - thanks for
> the
> > > > >>> pointers!
> > > > >>> >> >
> > > > >>> >> >On Tue, Jan 5, 2016 at 1:38 PM, Jérôme LELEU <
> lel...@gmail.com
> > >
> > > > >>> wrote:
> > > > >>> >> >
> > > > >>> >> >> The online CAS server (
> > > > https://casserverpac4j.herokuapp.com/login)
> > > > >>> uses
> > > > >>> >> >> the
> > > > >>> >> >> CAS protocol. SAML support can be tested using some online
> > IdP
> > > > like
> > > > >>> >> Okta,
> > > > >>> >> >> TestShib, OpenFeide, Ssocircle...
> > > > >>> >> >>
> > > > >>> >> >>
> > > > >>> >> >> 2016-01-05 17:32 GMT+01:00 larry mccay <
> > larry.mc...@gmail.com
> > > >:
> > > > >>> >> >>
> > > > >>> >> >> > Great - thanks for that pointer!
> > > > >>> >> >> >
> > > > >>> >> >> > I will take a look at that and help drive the release
> > related
> > > > >>> testing.
> > > > >>> >> >> > Merge testing will be gated on CAS server (is this SAML
> or
> > > CAS
> > > > >>> >> protocol?)
> > > > >>> >> >> > and testBasicAuth.
> > > > >>> >> >> >
> > > > >>> >> >> > On Tue, Jan 5, 2016 at 10:52 AM, Jérôme LELEU <
> > > > lel...@gmail.com>
> > > > >>> >> wrote:
> > > > >>> >> >> >
> > > > >>> >> >> > > Hi,
> > > > >>> >> >> > >
> > > > >>> >> >> > > Glad to hear back from you!
> > > > >>> >> >> > >
> > > > >>> >> >> > > The core pac4j project is fully tested by unit tests
> (and
> > > > some
> > > > >>> >> >> > integration
> > > > >>> >> >> > > tests I run for major version), then all pac4j
> > > > implementations
> > > > >>> are
> > > > >>> >> each
> > > > >>> >> >> > > tested by the appropriate demo: j2e-pac4j-demo tests
> > > > j2e-pac4j,
> > > > >>> >> >> > > spring-webmvc-pac4j-demo tests spring-webmvc-pac4j,
> etc.
> > > > >>> >> >> > >
> > > > >>> >> >> > > So if you take a look at:
> > > > >>> >> >> > >
> > > > >>> >> >> > >
> > > > >>> >> >> >
> > > > >>> >> >>
> > > > >>> >>
> > > > >>>
> > > >
> > >
> >
> https://github.com/pac4j/j2e-pac4j-demo/blob/master/src/main/java/org/pac4j/demo/j2e/config/DemoConfigFactory.java#L27
> > > > >>> >> >> > > (for example), you have all the required information to
> > > test.
> > > > >>> >> >> > >
> > > > >>> >> >> > > I can do that on my own, but it can be good for the
> Knox
> > > > >>> community
> > > > >>> >> to
> > > > >>> >> >> > start
> > > > >>> >> >> > > working / testing the pac4j support. It's up to yoy.
> > > > >>> >> >> > >
> > > > >>> >> >> > > Thanks.
> > > > >>> >> >> > > Best regards,
> > > > >>> >> >> > > Jérôme
> > > > >>> >> >> > >
> > > > >>> >> >> > >
> > > > >>> >> >> > > 2016-01-05 16:11 GMT+01:00 larry mccay <
> > > > larry.mc...@gmail.com
> > > > >>> >:
> > > > >>> >> >> > >
> > > > >>> >> >> > > > Hello Jérôme -
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > Happy New Year!
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > I am going to start reviewing your updates today,
> > > > hopefully.
> > > > >>> >> >> > > > I was thinking that we need to start discussions on
> > what
> > > > the
> > > > >>> key
> > > > >>> >> >> > usecases
> > > > >>> >> >> > > > are and how to go about testing them.
> > > > >>> >> >> > > > We can certainly test the testBasicAuth and against
> the
> > > > >>> hosted CAS
> > > > >>> >> >> > server
> > > > >>> >> >> > > > but what about FB, openid, OAuth, etc?
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > I'm not sure that FB would be a key feature but
> OpenID
> > > > >>> Connect and
> > > > >>> >> >> > OAuth
> > > > >>> >> >> > > > would be - as is SAML.
> > > > >>> >> >> > > > I think CAS buys us SAML testing - assuming that the
> > > > >>> >> configuration of
> > > > >>> >> >> > the
> > > > >>> >> >> > > > hosted server is actually a SAML 2 instance.
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > What about the others?
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > I don't know that we need to be able to test them all
> > > > before
> > > > >>> merge
> > > > >>> >> >> but
> > > > >>> >> >> > > some
> > > > >>> >> >> > > > sort of manual verification would be great.
> > > > >>> >> >> > > > We would need to be able to test them before the next
> > > > release
> > > > >>> >> which
> > > > >>> >> >> > would
> > > > >>> >> >> > > > be featuring the pac4j functionality.
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > Maybe you can describe how you go about testing such
> > > things
> > > > >>> for
> > > > >>> >> the
> > > > >>> >> >> > pac4j
> > > > >>> >> >> > > > project itself?
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > thanks,
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > --larry
> > > > >>> >> >> > > >
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > On Tue, Jan 5, 2016 at 9:55 AM, Jérôme LELEU <
> > > > >>> lel...@gmail.com>
> > > > >>> >> >> wrote:
> > > > >>> >> >> > > >
> > > > >>> >> >> > > > > Hi,
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > > Happy new year!
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > > A few days ago, I updated my patch of the pac4j
> > gateway
> > > > >>> provider
> > > > >>> >> >> > > > according
> > > > >>> >> >> > > > > to all comments on
> > > > >>> >> https://issues.apache.org/jira/browse/KNOX-641
> > > > >>> >> >> as
> > > > >>> >> >> > > > well
> > > > >>> >> >> > > > > as the documentation on KNOX-642.
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > > Is everything ok for the merge?
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > > Thanks.
> > > > >>> >> >> > > > > Best regards,
> > > > >>> >> >> > > > > Jérôme
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > > 2015-12-14 15:28 GMT+01:00 larry mccay <
> > > > >>> larry.mc...@gmail.com>:
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > > > > Hi Jérôme -
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > Not sure if you saw but I added review comments
> to
> > > > >>> KNOX-641.
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > I think that we need to determine whether we want
> > the
> > > > >>> >> >> testBasicAuth
> > > > >>> >> >> > > in
> > > > >>> >> >> > > > > the
> > > > >>> >> >> > > > > > provider itself.
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > Let's follow up on the JIRA.
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > thanks,
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > --larry
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > On Fri, Dec 11, 2015 at 8:44 AM, Jérôme LELEU <
> > > > >>> >> lel...@gmail.com>
> > > > >>> >> >> > > > wrote:
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > > Hi,
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > > No problem. It can go into a version 0.8.0 if
> > > needed.
> > > > >>> The
> > > > >>> >> truth
> > > > >>> >> >> > is
> > > > >>> >> >> > > > that
> > > > >>> >> >> > > > > > > there is only one change outside the new pac4j
> > > > module,
> > > > >>> so I
> > > > >>> >> >> think
> > > > >>> >> >> > > > risks
> > > > >>> >> >> > > > > > are
> > > > >>> >> >> > > > > > > extremly limited.
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > > Just let met know.
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > > Thanks.
> > > > >>> >> >> > > > > > > Best regards,
> > > > >>> >> >> > > > > > > Jérôme
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > > 2015-12-11 14:23 GMT+01:00 larry mccay <
> > > > >>> >> larry.mc...@gmail.com
> > > > >>> >> >> >:
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > > > Hi Jérôme -
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > I have unfortunately not had a chance to
> pull,
> > > > >>> review and
> > > > >>> >> >> test
> > > > >>> >> >> > it
> > > > >>> >> >> > > > yet
> > > > >>> >> >> > > > > > and
> > > > >>> >> >> > > > > > > > have intended to do that today.
> > > > >>> >> >> > > > > > > > I apologize for the delay.
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > I was actually thinking that this would go
> > into a
> > > > >>> follow
> > > > >>> >> up
> > > > >>> >> >> > > release
> > > > >>> >> >> > > > > > that
> > > > >>> >> >> > > > > > > we
> > > > >>> >> >> > > > > > > > would try and get done rapidly after the
> 0.7.0
> > > > >>> release
> > > > >>> >> but we
> > > > >>> >> >> > can
> > > > >>> >> >> > > > > > discuss
> > > > >>> >> >> > > > > > > > the target and its chances of destabilizing
> > > 0.7.0.
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > I believe that it is rather self-contained
> with
> > > > only
> > > > >>> a few
> > > > >>> >> >> > > changes
> > > > >>> >> >> > > > to
> > > > >>> >> >> > > > > > > > external modules.
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > Opening the JIRAs is perfect and I was going
> to
> > > do
> > > > >>> that
> > > > >>> >> once
> > > > >>> >> >> I
> > > > >>> >> >> > > > > started
> > > > >>> >> >> > > > > > > the
> > > > >>> >> >> > > > > > > > review.
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > Let's continue review comments and
> > collaboration
> > > on
> > > > >>> those
> > > > >>> >> >> > JIRAs.
> > > > >>> >> >> > > > > > > > I will add you to the contributors list so
> that
> > > we
> > > > >>> can
> > > > >>> >> assign
> > > > >>> >> >> > > them
> > > > >>> >> >> > > > to
> > > > >>> >> >> > > > > > > you.
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > Thank you for your contributions and your
> > > patience,
> > > > >>> >> Jérôme!
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > --larry
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > On Fri, Dec 11, 2015 at 3:00 AM, Jérôme
> LELEU <
> > > > >>> >> >> > lel...@gmail.com>
> > > > >>> >> >> > > > > > wrote:
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > > > > Hi,
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > I didn't get any new feedback on the pull
> > > request
> > > > >>> so I
> > > > >>> >> >> assume
> > > > >>> >> >> > > > > > > everything
> > > > >>> >> >> > > > > > > > is
> > > > >>> >> >> > > > > > > > > ok from your point of view.
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > I released pac4j v1.8.1 and j2e-pac4j
> v1.2.1
> > > so I
> > > > >>> >> updated
> > > > >>> >> >> the
> > > > >>> >> >> > > > pull
> > > > >>> >> >> > > > > > > > request
> > > > >>> >> >> > > > > > > > > to use them and successfully re-tested
> > > > everything.
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > I opened KNOX-641 and submitted the
> > > corresponding
> > > > >>> patch.
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > I also wrote the documentation, opened
> > KNOX-642
> > > > and
> > > > >>> >> >> submitted
> > > > >>> >> >> > > the
> > > > >>> >> >> > > > > > > > > corresponding patch (just to let you know
> > that
> > > it
> > > > >>> >> doesn't
> > > > >>> >> >> > work
> > > > >>> >> >> > > > out
> > > > >>> >> >> > > > > of
> > > > >>> >> >> > > > > > > the
> > > > >>> >> >> > > > > > > > > box in Windows, I had to replace mvn.bat by
> > > > >>> mvn.cmd to
> > > > >>> >> make
> > > > >>> >> >> > ant
> > > > >>> >> >> > > > > > work).
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > Even if the branch 0.7.0 has already been
> > > > created,
> > > > >>> I
> > > > >>> >> >> assumed
> > > > >>> >> >> > > this
> > > > >>> >> >> > > > > new
> > > > >>> >> >> > > > > > > > pac4j
> > > > >>> >> >> > > > > > > > > provider will go into this version 0.7.0
> > > > >>> (dependency on
> > > > >>> >> the
> > > > >>> >> >> > > > > > > > 0.7.0-SNAPSHOT
> > > > >>> >> >> > > > > > > > > parent version).
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > Just let me know if everything is ok and
> when
> > > > it's
> > > > >>> >> goind to
> > > > >>> >> >> > be
> > > > >>> >> >> > > > > > merged.
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > Thanks.
> > > > >>> >> >> > > > > > > > > Best regards,
> > > > >>> >> >> > > > > > > > > Jérôme
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > 2015-12-04 14:20 GMT+01:00 larry mccay <
> > > > >>> >> >> > larry.mc...@gmail.com
> > > > >>> >> >> > > >:
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > > > > That ability to configure multiple
> > mechanisms
> > > > >>> based on
> > > > >>> >> >> > > > clientName
> > > > >>> >> >> > > > > > is
> > > > >>> >> >> > > > > > > > > really
> > > > >>> >> >> > > > > > > > > > interesting for Knox.
> > > > >>> >> >> > > > > > > > > > Currently, we require separate topologies
> > per
> > > > >>> >> >> > authentication
> > > > >>> >> >> > > > > > > mechanism.
> > > > >>> >> >> > > > > > > > > > The ability to configure them all in one
> is
> > > > >>> really
> > > > >>> >> great.
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > We would need to think through the best
> way
> > > to
> > > > >>> provide
> > > > >>> >> >> the
> > > > >>> >> >> > > > > > clientName
> > > > >>> >> >> > > > > > > > > > parameter.
> > > > >>> >> >> > > > > > > > > > Since this is targeting KnoxSSO it can
> > > actually
> > > > >>> be
> > > > >>> >> added
> > > > >>> >> >> to
> > > > >>> >> >> > > the
> > > > >>> >> >> > > > > > > > > providerURL
> > > > >>> >> >> > > > > > > > > > used to redirect from the participating
> > > > >>> application.
> > > > >>> >> >> > > > > > > > > > Regardless of the authentication
> mechanism
> > > used
> > > > >>> each
> > > > >>> >> >> > > > application
> > > > >>> >> >> > > > > > will
> > > > >>> >> >> > > > > > > > > still
> > > > >>> >> >> > > > > > > > > > get the same JWT based cookie.
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > I think that should work really nicely.
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > On Fri, Dec 4, 2015 at 7:17 AM, larry
> > mccay <
> > > > >>> >> >> > > > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > > > > > wrote:
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > > Excellent, Jérôme.
> > > > >>> >> >> > > > > > > > > > > Thanks!
> > > > >>> >> >> > > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > > On Fri, Dec 4, 2015 at 2:40 AM, Jérôme
> > > LELEU
> > > > <
> > > > >>> >> >> > > > lel...@gmail.com
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > > > > > wrote:
> > > > >>> >> >> > > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > >> Hi,
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> I will write how to configure the
> pac4j
> > > > >>> provider in
> > > > >>> >> >> the
> > > > >>> >> >> > > > > > > > documentation,
> > > > >>> >> >> > > > > > > > > > but
> > > > >>> >> >> > > > > > > > > > >> I can already give you some insights.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> My main goal is always to respect the
> > key
> > > > >>> design
> > > > >>> >> >> > > principles
> > > > >>> >> >> > > > of
> > > > >>> >> >> > > > > > > pac4j
> > > > >>> >> >> > > > > > > > > > >> whatever the environment / framework
> in
> > > > which
> > > > >>> it is
> > > > >>> >> >> > > > > implemented.
> > > > >>> >> >> > > > > > > For
> > > > >>> >> >> > > > > > > > > > Knox,
> > > > >>> >> >> > > > > > > > > > >> I'm pretty happy with the use of the
> > > > j2e-pac4j
> > > > >>> >> >> library,
> > > > >>> >> >> > > > which
> > > > >>> >> >> > > > > > > means
> > > > >>> >> >> > > > > > > > > that
> > > > >>> >> >> > > > > > > > > > >> almost all the pac4j features are
> > > available,
> > > > >>> >> >> especially
> > > > >>> >> >> > > both
> > > > >>> >> >> > > > > > > direct
> > > > >>> >> >> > > > > > > > > and
> > > > >>> >> >> > > > > > > > > > >> indirect clients. So it can do what
> > Shiro
> > > > >>> already
> > > > >>> >> does
> > > > >>> >> >> > but
> > > > >>> >> >> > > > > also,
> > > > >>> >> >> > > > > > > as
> > > > >>> >> >> > > > > > > > we
> > > > >>> >> >> > > > > > > > > > >> agreed together, supports remote
> > > > >>> authentications.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> It is only limited by what you can
> > > currently
> > > > >>> >> >> configure.
> > > > >>> >> >> > > And
> > > > >>> >> >> > > > > even
> > > > >>> >> >> > > > > > > > > > >> configuration is a pac4j feature as
> the
> > > CAS
> > > > >>> server
> > > > >>> >> has
> > > > >>> >> >> > the
> > > > >>> >> >> > > > > same
> > > > >>> >> >> > > > > > > > need.
> > > > >>> >> >> > > > > > > > > > >> Everything happens in this class:
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > >
> > > > >>> >> >> > >
> > > > >>> >> >> >
> > > > >>> >> >>
> > > > >>> >>
> > > > >>>
> > > >
> > >
> >
> https://github.com/pac4j/pac4j/blob/master/pac4j-config/src/main/java/org/pac4j/config/client/ConfigPropertiesFactory.java
> > > > >>> >> >> > > > > > > > > > >> ,
> > > > >>> >> >> > > > > > > > > > >> which allows you to configure
> Facebook,
> > > > >>> Twitter, a
> > > > >>> >> CAS
> > > > >>> >> >> > > > > server, a
> > > > >>> >> >> > > > > > > > SAML
> > > > >>> >> >> > > > > > > > > > IdP
> > > > >>> >> >> > > > > > > > > > >> or an OpenID Connect provider. All the
> > > > >>> provided
> > > > >>> >> >> > parameters
> > > > >>> >> >> > > > to
> > > > >>> >> >> > > > > > the
> > > > >>> >> >> > > > > > > > > pac4j
> > > > >>> >> >> > > > > > > > > > >> provider are put into a Map and the
> > > > >>> >> >> > > ConfigPropertiesFactory
> > > > >>> >> >> > > > is
> > > > >>> >> >> > > > > > > built
> > > > >>> >> >> > > > > > > > > > with
> > > > >>> >> >> > > > > > > > > > >> this Map to return the built client (=
> > > > >>> >> authentication
> > > > >>> >> >> > > > > > mechanism).
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> You have one more specific option for
> > Knox
> > > > as
> > > > >>> a
> > > > >>> >> basic
> > > > >>> >> >> > > > > > > authentication
> > > > >>> >> >> > > > > > > > > > popup
> > > > >>> >> >> > > > > > > > > > >> where the username must match the
> > > password,
> > > > >>> you can
> > > > >>> >> >> > define
> > > > >>> >> >> > > > > that
> > > > >>> >> >> > > > > > > by:
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> <param>
> > > > >>> >> >> > > > > > > > > > >> <name>clientName</name>
> > > > >>> >> >> > > > > > > > > > >> <value>testBasicAuth</value>
> > > > >>> >> >> > > > > > > > > > >> </param>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> It's for testing only.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> For a CAS server:
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> <param>
> > > > >>> >> >> > > > > > > > > > >> <name>cas.loginUrl</name>
> > > > >>> >> >> > > > > > > > > > >> <value>
> > > > >>> >> https://casserverpac4j.herokuapp.com/login
> > > > >>> >> >> > > </value>
> > > > >>> >> >> > > > > > > > > > >> </param>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> Here are all the properties available
> > for
> > > > >>> building
> > > > >>> >> >> > clients
> > > > >>> >> >> > > > > > (their
> > > > >>> >> >> > > > > > > > > > meaning
> > > > >>> >> >> > > > > > > > > > >> is obvious):
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> facebook.id
> > > > >>> >> >> > > > > > > > > > >> facebook.secret
> > > > >>> >> >> > > > > > > > > > >> facebook.scope
> > > > >>> >> >> > > > > > > > > > >> facebook.fields
> > > > >>> >> >> > > > > > > > > > >> twitter.id
> > > > >>> >> >> > > > > > > > > > >> twitter.secret
> > > > >>> >> >> > > > > > > > > > >> saml.keystorePassword
> > > > >>> >> >> > > > > > > > > > >> saml.privateKeyPassword
> > > > >>> >> >> > > > > > > > > > >> saml.keystorePath
> > > > >>> >> >> > > > > > > > > > >> saml.identityProviderMetadataPath
> > > > >>> >> >> > > > > > > > > > >> saml.maximumAuthenticationLifetime
> > > > >>> >> >> > > > > > > > > > >> saml.serviceProviderEntityId
> > > > >>> >> >> > > > > > > > > > >> saml.serviceProviderMetadataPath
> > > > >>> >> >> > > > > > > > > > >> cas.loginUrl
> > > > >>> >> >> > > > > > > > > > >> cas.protocol
> > > > >>> >> >> > > > > > > > > > >> oidc.id
> > > > >>> >> >> > > > > > > > > > >> oidc.secret
> > > > >>> >> >> > > > > > > > > > >> oidc.discoveryUri
> > > > >>> >> >> > > > > > > > > > >> oidc.customParamKey1
> > > > >>> >> >> > > > > > > > > > >> oidc.customParamValue1
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> If you define multiple clients, the
> > first
> > > > one
> > > > >>> will
> > > > >>> >> be
> > > > >>> >> >> > used
> > > > >>> >> >> > > > for
> > > > >>> >> >> > > > > > > > > > >> authentication, but you can explicitly
> > > > choose
> > > > >>> the
> > > > >>> >> >> client
> > > > >>> >> >> > > you
> > > > >>> >> >> > > > > > want
> > > > >>> >> >> > > > > > > to
> > > > >>> >> >> > > > > > > > > use
> > > > >>> >> >> > > > > > > > > > >> via the clientName parameter, assuming
> > you
> > > > >>> want to
> > > > >>> >> >> > switch
> > > > >>> >> >> > > > from
> > > > >>> >> >> > > > > > > > client
> > > > >>> >> >> > > > > > > > > > >> depending on environment for example.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> So if you want to add some new
> > > > authentication
> > > > >>> >> >> mechanism,
> > > > >>> >> >> > > you
> > > > >>> >> >> > > > > > must
> > > > >>> >> >> > > > > > > > > first
> > > > >>> >> >> > > > > > > > > > >> check that it is available in pac4j
> (if
> > > it's
> > > > >>> not,
> > > > >>> >> it's
> > > > >>> >> >> > > > another
> > > > >>> >> >> > > > > > > > > > discussion,
> > > > >>> >> >> > > > > > > > > > >> but generally, it is). Then, you'll
> need
> > > to
> > > > >>> upgrade
> > > > >>> >> >> the
> > > > >>> >> >> > > > > > > > > > >> ConfigPropertiesFactory by submitting
> a
> > > new
> > > > >>> pull
> > > > >>> >> >> request
> > > > >>> >> >> > > to
> > > > >>> >> >> > > > > the
> > > > >>> >> >> > > > > > > > pac4j
> > > > >>> >> >> > > > > > > > > > >> project (I can do it myself, but I'm
> > sure
> > > > you
> > > > >>> >> could do
> > > > >>> >> >> > > that
> > > > >>> >> >> > > > > > > easily),
> > > > >>> >> >> > > > > > > > > > >> finally wait for the new pac4j release
> > and
> > > > >>> switch
> > > > >>> >> >> pac4j
> > > > >>> >> >> > > > > versions
> > > > >>> >> >> > > > > > > in
> > > > >>> >> >> > > > > > > > > Knox
> > > > >>> >> >> > > > > > > > > > >> to
> > > > >>> >> >> > > > > > > > > > >> benefit from the new feature.
> > > > >>> >> >> > > > > > > > > > >> The good thing is that if someone
> > related
> > > to
> > > > >>> the
> > > > >>> >> CAS
> > > > >>> >> >> > > server
> > > > >>> >> >> > > > > does
> > > > >>> >> >> > > > > > > the
> > > > >>> >> >> > > > > > > > > > same
> > > > >>> >> >> > > > > > > > > > >> thing for CAS (in pac4j), you will
> > > > >>> automatically
> > > > >>> >> get
> > > > >>> >> >> it
> > > > >>> >> >> > > when
> > > > >>> >> >> > > > > > > you'll
> > > > >>> >> >> > > > > > > > > > >> upgrade
> > > > >>> >> >> > > > > > > > > > >> pac4j.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> To go even further, replacing LDAP
> Shiro
> > > > >>> >> >> authentication
> > > > >>> >> >> > is
> > > > >>> >> >> > > > > just
> > > > >>> >> >> > > > > > a
> > > > >>> >> >> > > > > > > > > matter
> > > > >>> >> >> > > > > > > > > > >> of
> > > > >>> >> >> > > > > > > > > > >> making pac4j LDAP authentication
> > available
> > > > via
> > > > >>> >> >> > > configuration
> > > > >>> >> >> > > > > > > > > parameters.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> I hope it was clear enough.
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> Thanks.
> > > > >>> >> >> > > > > > > > > > >> Best regards,
> > > > >>> >> >> > > > > > > > > > >> Jérôme
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> 2015-12-03 20:45 GMT+01:00 larry
> mccay <
> > > > >>> >> >> > > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > >:
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >> > Excellent!
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > I will carve out some time to do
> code
> > > > >>> review.
> > > > >>> >> >> > > > > > > > > > >> > We will need to get some insights
> into
> > > how
> > > > >>> to go
> > > > >>> >> >> about
> > > > >>> >> >> > > > > > testing:
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > * is the CAS server going to be
> > > available
> > > > >>> for
> > > > >>> >> >> testing?
> > > > >>> >> >> > > > > > > > > > >> > * what are the specific and
> > > > >>> generic/standard (if
> > > > >>> >> >> any)
> > > > >>> >> >> > > > > > > > authentication
> > > > >>> >> >> > > > > > > > > > >> > mechanisms available - for instance:
> > > > >>> >> >> > > > > > > > > > >> > - Facebook, Google, LinkedIn and
> > CAS
> > > > are
> > > > >>> >> >> specifics
> > > > >>> >> >> > > > > > > > > > >> > - OAuth 2, OpenID Connect, SAML
> > are
> > > > >>> >> >> > > generic/standards
> > > > >>> >> >> > > > -
> > > > >>> >> >> > > > > > that
> > > > >>> >> >> > > > > > > > may
> > > > >>> >> >> > > > > > > > > > be
> > > > >>> >> >> > > > > > > > > > >> > used for the above specifics...
> > > > >>> >> >> > > > > > > > > > >> > * how do we test things other than
> > CAS -
> > > > in
> > > > >>> >> terms of
> > > > >>> >> >> > > > getting
> > > > >>> >> >> > > > > > > > > > >> credentials,
> > > > >>> >> >> > > > > > > > > > >> > configuration, etc
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > We could certainly do this is phases
> > as
> > > > >>> well.
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > If you can enumerate the things that
> > > > should
> > > > >>> work
> > > > >>> >> and
> > > > >>> >> >> > > > provide
> > > > >>> >> >> > > > > > > some
> > > > >>> >> >> > > > > > > > > > >> testing
> > > > >>> >> >> > > > > > > > > > >> > details for CAS or as many as
> possible
> > > and
> > > > >>> OpenID
> > > > >>> >> >> > > Connect
> > > > >>> >> >> > > > > then
> > > > >>> >> >> > > > > > > we
> > > > >>> >> >> > > > > > > > > can
> > > > >>> >> >> > > > > > > > > > >> test
> > > > >>> >> >> > > > > > > > > > >> > the specific implementations that
> you
> > > > >>> provide and
> > > > >>> >> >> > enable
> > > > >>> >> >> > > > the
> > > > >>> >> >> > > > > > > > testing
> > > > >>> >> >> > > > > > > > > > of
> > > > >>> >> >> > > > > > > > > > >> > another OpenID Connect effort that
> is
> > in
> > > > the
> > > > >>> >> works
> > > > >>> >> >> in
> > > > >>> >> >> > > the
> > > > >>> >> >> > > > > > > > community.
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > I'm not sure whether we want to
> commit
> > > > >>> >> contributions
> > > > >>> >> >> > > that
> > > > >>> >> >> > > > > are
> > > > >>> >> >> > > > > > > > > > dependent
> > > > >>> >> >> > > > > > > > > > >> on
> > > > >>> >> >> > > > > > > > > > >> > snapshots - we certainly can't
> release
> > > > with
> > > > >>> any
> > > > >>> >> such
> > > > >>> >> >> > > > > > > dependencies.
> > > > >>> >> >> > > > > > > > > > >> > I would hate to add a cleanup task
> to
> > a
> > > > >>> release
> > > > >>> >> to
> > > > >>> >> >> > make
> > > > >>> >> >> > > > sure
> > > > >>> >> >> > > > > > > there
> > > > >>> >> >> > > > > > > > > are
> > > > >>> >> >> > > > > > > > > > >> no
> > > > >>> >> >> > > > > > > > > > >> > snapshots in there.
> > > > >>> >> >> > > > > > > > > > >> > We will probably wait until after
> the
> > > > pac4j
> > > > >>> >> releases
> > > > >>> >> >> > to
> > > > >>> >> >> > > > > > commit.
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > I am really happy that this
> > integration
> > > is
> > > > >>> >> happening
> > > > >>> >> >> > and
> > > > >>> >> >> > > > > that
> > > > >>> >> >> > > > > > it
> > > > >>> >> >> > > > > > > > > went
> > > > >>> >> >> > > > > > > > > > >> > rather smoothly.
> > > > >>> >> >> > > > > > > > > > >> > These sorts of authentication
> > protocols
> > > > are
> > > > >>> >> complex
> > > > >>> >> >> > and
> > > > >>> >> >> > > I
> > > > >>> >> >> > > > > > think
> > > > >>> >> >> > > > > > > we
> > > > >>> >> >> > > > > > > > > > >> lined up
> > > > >>> >> >> > > > > > > > > > >> > pretty well overall.
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > Thanks for your work!
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > On Thu, Dec 3, 2015 at 2:28 PM,
> Jérôme
> > > > >>> LELEU <
> > > > >>> >> >> > > > > > lel...@gmail.com>
> > > > >>> >> >> > > > > > > > > > wrote:
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > Hi,
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > I just sync'ed with master,
> cleaned
> > > > >>> >> dependencies
> > > > >>> >> >> and
> > > > >>> >> >> > > > added
> > > > >>> >> >> > > > > > > > missing
> > > > >>> >> >> > > > > > > > > > >> > > Javadocs. Everything works
> correctly
> > > > now.
> > > > >>> Many
> > > > >>> >> >> > thanks.
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > The pull request is ready for a
> full
> > > > code
> > > > >>> >> review:
> > > > >>> >> >> > > > > > > > > > >> > >
> > https://github.com/apache/knox/pull/2
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > I'll write the documentation after
> > the
> > > > >>> pac4j
> > > > >>> >> >> > releases
> > > > >>> >> >> > > (I
> > > > >>> >> >> > > > > > hope
> > > > >>> >> >> > > > > > > > next
> > > > >>> >> >> > > > > > > > > > >> week).
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > Thanks.
> > > > >>> >> >> > > > > > > > > > >> > > Best regards,
> > > > >>> >> >> > > > > > > > > > >> > > Jérôme
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > 2015-12-02 19:18 GMT+01:00 larry
> > > mccay <
> > > > >>> >> >> > > > > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > >:
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > > Fixed in
> > > > >>> >> >> > > > https://issues.apache.org/jira/browse/KNOX-636
> > > > >>> >> >> > > > > .
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > On Wed, Dec 2, 2015 at 12:42 PM,
> > > larry
> > > > >>> mccay
> > > > >>> >> <
> > > > >>> >> >> > > > > > > > > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > wrote:
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > Sure - I can file a JIRA and
> > > commit
> > > > a
> > > > >>> fix.
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > The secret generation should
> be
> > > done
> > > > >>> in one
> > > > >>> >> >> > > instance
> > > > >>> >> >> > > > > and
> > > > >>> >> >> > > > > > > > > > >> replicated
> > > > >>> >> >> > > > > > > > > > >> > > > across
> > > > >>> >> >> > > > > > > > > > >> > > > > others.
> > > > >>> >> >> > > > > > > > > > >> > > > > This replication/management of
> > the
> > > > >>> >> credential
> > > > >>> >> >> > > stores
> > > > >>> >> >> > > > > is
> > > > >>> >> >> > > > > > > > > outside
> > > > >>> >> >> > > > > > > > > > of
> > > > >>> >> >> > > > > > > > > > >> > the
> > > > >>> >> >> > > > > > > > > > >> > > > > scope of Knox itself as of
> now.
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > Documentation is done in
> > markdown
> > > > and
> > > > >>> is
> > > > >>> >> >> > > > contributing
> > > > >>> >> >> > > > > > > > details
> > > > >>> >> >> > > > > > > > > > are
> > > > >>> >> >> > > > > > > > > > >> > > > > available at:
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > >
> > > > >>> >> >> > >
> > > > >>> >> >> >
> > > > >>> >> >>
> > > > >>> >>
> > > > >>>
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > Which should give you a
> general
> > > > idea.
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > Find an example like:
> > > > >>> ./trunk/books/0.7.0/
> > > > >>> >> >> > > > > > > > > > >> > > config_preauth_sso_provider.md
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > For an example of typical
> > content
> > > > and
> > > > >>> >> format.
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > Here is how that example
> > renders:
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > >
> > > > >>> >> >> > >
> > > > >>> >> >> >
> > > > >>> >> >>
> > > > >>> >>
> > > > >>>
> > > >
> > >
> >
> http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > You'll need to tie it into the
> > > rest
> > > > >>> of the
> > > > >>> >> >> book
> > > > >>> >> >> > -
> > > > >>> >> >> > > > just
> > > > >>> >> >> > > > > > > grep
> > > > >>> >> >> > > > > > > > > for
> > > > >>> >> >> > > > > > > > > > >> where
> > > > >>> >> >> > > > > > > > > > >> > > > that
> > > > >>> >> >> > > > > > > > > > >> > > > > filename is referenced.
> > > > >>> >> >> > > > > > > > > > >> > > > > To test how it renders build
> the
> > > > site
> > > > >>> with:
> > > > >>> >> >> > "ant"
> > > > >>> >> >> > > > and
> > > > >>> >> >> > > > > > note
> > > > >>> >> >> > > > > > > > the
> > > > >>> >> >> > > > > > > > > > >> url to
> > > > >>> >> >> > > > > > > > > > >> > > the
> > > > >>> >> >> > > > > > > > > > >> > > > > 0.7.0 book.
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > > On Wed, Dec 2, 2015 at 12:12
> PM,
> > > > >>> Jérôme
> > > > >>> >> LELEU
> > > > >>> >> >> <
> > > > >>> >> >> > > > > > > > > lel...@gmail.com
> > > > >>> >> >> > > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > >> > > wrote:
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> Hi,
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> Why it doesn't work for pac4j
> > > while
> > > > >>> it
> > > > >>> >> works
> > > > >>> >> >> > for
> > > > >>> >> >> > > > > others
> > > > >>> >> >> > > > > > > is
> > > > >>> >> >> > > > > > > > a
> > > > >>> >> >> > > > > > > > > > bit
> > > > >>> >> >> > > > > > > > > > >> > > strange
> > > > >>> >> >> > > > > > > > > > >> > > > >> to
> > > > >>> >> >> > > > > > > > > > >> > > > >> me, but if you have the patch
> > in
> > > > >>> front of
> > > > >>> >> >> your
> > > > >>> >> >> > > > eyes,
> > > > >>> >> >> > > > > > I'd
> > > > >>> >> >> > > > > > > > > rather
> > > > >>> >> >> > > > > > > > > > >> > prefer
> > > > >>> >> >> > > > > > > > > > >> > > > you
> > > > >>> >> >> > > > > > > > > > >> > > > >> to commit it. In all cases,
> > I'll
> > > > >>> sync with
> > > > >>> >> >> the
> > > > >>> >> >> > > > > master.
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> There was one question you
> > didn't
> > > > >>> answer
> > > > >>> >> >> > > > previously:
> > > > >>> >> >> > > > > is
> > > > >>> >> >> > > > > > > the
> > > > >>> >> >> > > > > > > > > > >> password
> > > > >>> >> >> > > > > > > > > > >> > > > >> generated for the pac4j
> > provider
> > > > the
> > > > >>> same
> > > > >>> >> >> > across
> > > > >>> >> >> > > > all
> > > > >>> >> >> > > > > > > > gateway
> > > > >>> >> >> > > > > > > > > > >> > > instances?
> > > > >>> >> >> > > > > > > > > > >> > > > >> Because I expect to have the
> > same
> > > > >>> value
> > > > >>> >> as I
> > > > >>> >> >> > use
> > > > >>> >> >> > > it
> > > > >>> >> >> > > > > to
> > > > >>> >> >> > > > > > > > > encrypt
> > > > >>> >> >> > > > > > > > > > /
> > > > >>> >> >> > > > > > > > > > >> > > decrypt
> > > > >>> >> >> > > > > > > > > > >> > > > >> data.
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> I will add the Javadoc. After
> > > that,
> > > > >>> you
> > > > >>> >> can
> > > > >>> >> >> > > review
> > > > >>> >> >> > > > > the
> > > > >>> >> >> > > > > > > pull
> > > > >>> >> >> > > > > > > > > > >> request
> > > > >>> >> >> > > > > > > > > > >> > > more
> > > > >>> >> >> > > > > > > > > > >> > > > >> completely.
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> What do you expect for the
> > > > >>> documentation?
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> Notice that pac4j
> dependencies
> > > are
> > > > >>> still
> > > > >>> >> >> > > snapshots,
> > > > >>> >> >> > > > > but
> > > > >>> >> >> > > > > > > > they
> > > > >>> >> >> > > > > > > > > > >> will be
> > > > >>> >> >> > > > > > > > > > >> > > > >> released in a week or two.
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> Thanks.
> > > > >>> >> >> > > > > > > > > > >> > > > >> Best regards,
> > > > >>> >> >> > > > > > > > > > >> > > > >> Jérôme
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> 2015-12-02 17:51 GMT+01:00
> > larry
> > > > >>> mccay <
> > > > >>> >> >> > > > > > > > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > > > > >:
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > Jérôme -
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > If you would like to add
> that
> > > > >>> change as
> > > > >>> >> >> part
> > > > >>> >> >> > of
> > > > >>> >> >> > > > > your
> > > > >>> >> >> > > > > > > > patch
> > > > >>> >> >> > > > > > > > > or
> > > > >>> >> >> > > > > > > > > > >> as a
> > > > >>> >> >> > > > > > > > > > >> > > > >> > separately filed JIRA to
> fix
> > a
> > > > bug
> > > > >>> that
> > > > >>> >> >> would
> > > > >>> >> >> > > > > > certainly
> > > > >>> >> >> > > > > > > > be
> > > > >>> >> >> > > > > > > > > > >> > welcomed.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > Otherwise, I can do it.
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > Let me know.
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > thanks,
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > --larry
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > On Wed, Dec 2, 2015 at
> 11:44
> > > AM,
> > > > >>> larry
> > > > >>> >> >> mccay
> > > > >>> >> >> > <
> > > > >>> >> >> > > > > > > > > > >> > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > wrote:
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > Okay - I had to add an
> > > override
> > > > >>> of
> > > > >>> >> >> > > > > > getUserPrincipal()
> > > > >>> >> >> > > > > > > > to
> > > > >>> >> >> > > > > > > > > > the
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >
> > > > >>> >> IdentityAsserterHttpServletRequestWrapper
> > > > >>> >> >> > and
> > > > >>> >> >> > > > > > return
> > > > >>> >> >> > > > > > > > the
> > > > >>> >> >> > > > > > > > > > >> member
> > > > >>> >> >> > > > > > > > > > >> > > > >> variable
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > username and it works
> like
> > a
> > > > >>> charm.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > Why I haven't seen this
> > same
> > > > >>> behavior
> > > > >>> >> >> with
> > > > >>> >> >> > > > other
> > > > >>> >> >> > > > > > > > > providers
> > > > >>> >> >> > > > > > > > > > >> is a
> > > > >>> >> >> > > > > > > > > > >> > > bit
> > > > >>> >> >> > > > > > > > > > >> > > > >> of a
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > mystery but they must be
> > > adding
> > > > >>> other
> > > > >>> >> >> > > wrappers
> > > > >>> >> >> > > > > that
> > > > >>> >> >> > > > > > > > > handle
> > > > >>> >> >> > > > > > > > > > >> it.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > This is quite cool,
> Jérôme!
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > On Wed, Dec 2, 2015 at
> > 10:41
> > > > AM,
> > > > >>> larry
> > > > >>> >> >> > mccay
> > > > >>> >> >> > > <
> > > > >>> >> >> > > > > > > > > > >> > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > > wrote:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> That was it - thanks!
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> On Wed, Dec 2, 2015 at
> > 10:20
> > > > AM,
> > > > >>> >> Jérôme
> > > > >>> >> >> > > LELEU
> > > > >>> >> >> > > > <
> > > > >>> >> >> > > > > > > > > > >> > lel...@gmail.com>
> > > > >>> >> >> > > > > > > > > > >> > > > >> wrote:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> This is my exact
> command
> > > > line:
> > > > >>> mvn
> > > > >>> >> >> > > -Prelease
> > > > >>> >> >> > > > > > clean
> > > > >>> >> >> > > > > > > > > > install
> > > > >>> >> >> > > > > > > > > > >> > > > >> -DskipTests
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> You use an internal
> Maven
> > > > >>> >> repository to
> > > > >>> >> >> > > fetch
> > > > >>> >> >> > > > > > > > > > dependencies
> > > > >>> >> >> > > > > > > > > > >> > from
> > > > >>> >> >> > > > > > > > > > >> > > > >> > internet:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > >
> > > > >>>
> http://nexus-private.hortonworks.com/nexus/content/groups/public/
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> Does this repository
> have
> > > > >>> access to
> > > > >>> >> the
> > > > >>> >> >> > > > remote
> > > > >>> >> >> > > > > > > > > Snapshots
> > > > >>> >> >> > > > > > > > > > >> > > Sonatype
> > > > >>> >> >> > > > > > > > > > >> > > > >> repo?
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> 2015-12-02 16:16
> > GMT+01:00
> > > > >>> larry
> > > > >>> >> mccay
> > > > >>> >> >> <
> > > > >>> >> >> > > > > > > > > > >> larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > > > > >> > >:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > hmmm - I used:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > mvn clean install
> > > > >>> -DskipTests=true
> > > > >>> >> >> > > > -Prelease
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > The repository entry
> is
> > > in
> > > > >>> there
> > > > >>> >> >> > already.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > No worky.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > On Wed, Dec 2, 2015
> at
> > > > 10:12
> > > > >>> AM,
> > > > >>> >> >> Jérôme
> > > > >>> >> >> > > > > LELEU <
> > > > >>> >> >> > > > > > > > > > >> > > lel...@gmail.com
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> wrote:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Hi,
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > You need the
> > j2e-pac4j
> > > > >>> >> dependencies
> > > > >>> >> >> > as
> > > > >>> >> >> > > > well
> > > > >>> >> >> > > > > > as
> > > > >>> >> >> > > > > > > > the
> > > > >>> >> >> > > > > > > > > > >> pac4j-*
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> dependencies,
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > but you don't need
> to
> > > > >>> build them
> > > > >>> >> >> > > locally
> > > > >>> >> >> > > > > > > > > (hopefully).
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > But you need a
> > > dependency
> > > > >>> on the
> > > > >>> >> >> > > Sonatype
> > > > >>> >> >> > > > > > > > snapshots
> > > > >>> >> >> > > > > > > > > > >> > > repository
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> (where the
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > snapshot versions
> are
> > > > >>> hosted),
> > > > >>> >> >> which
> > > > >>> >> >> > is
> > > > >>> >> >> > > > > added
> > > > >>> >> >> > > > > > > for
> > > > >>> >> >> > > > > > > > > > >> Maven in
> > > > >>> >> >> > > > > > > > > > >> > > the
> > > > >>> >> >> > > > > > > > > > >> > > > >> root
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > pom.xml:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > >
> > > > >>> >> >> > >
> > > > >>> >> >> >
> > > > >>> >> >>
> > > > >>> >>
> > > > >>>
> > > >
> > >
> >
> https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > If you use Ant for
> > the
> > > > >>> build,
> > > > >>> >> there
> > > > >>> >> >> > is
> > > > >>> >> >> > > > > maybe
> > > > >>> >> >> > > > > > a
> > > > >>> >> >> > > > > > > > > glitch
> > > > >>> >> >> > > > > > > > > > >> to
> > > > >>> >> >> > > > > > > > > > >> > > find
> > > > >>> >> >> > > > > > > > > > >> > > > >> the
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > Sonatype
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Maven repo.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Thanks.
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Best regards,
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Jérôme
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > 2015-12-02 16:06
> > > > GMT+01:00
> > > > >>> larry
> > > > >>> >> >> > mccay
> > > > >>> >> >> > > <
> > > > >>> >> >> > > > > > > > > > >> > > larry.mc...@gmail.com
> > > > >>> >> >> > > > > > > > > > >> > > > >:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > Oh - do I need to
> > > build
> > > > >>> >> j2e-pac4
> > > > >>> >> >> > > > locally
> > > > >>> >> >> > > > > in
> > > > >>> >> >> > > > > > > > order
> > > > >>> >> >> > > > > > > > > > to
> > > > >>> >> >> > > > > > > > > > >> > > resolve
> > > > >>> >> >> > > > > > > > > > >> > > > >> the
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > dependencies?
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > [ERROR] Failed to
> > > > execute
> > > > >>> >> goal on
> > > > >>> >> >> > > > project
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >
> > > > >>> gateway-provider-security-pac4j:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > Could not resolve
> > > > >>> dependencies
> > > > >>> >> >> for
> > > > >>> >> >> > > > > project
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > >
> > > > >>> >>
> > > org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT:
> > > > >>> >> >> > > > > > > > > > >> > > > >> The
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > following
> artifacts
> > > > >>> could not
> > > > >>> >> be
> > > > >>> >> >> > > > > resolved:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT,
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT,
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT:
> > > > >>> >> >> > > > > > > > Could
> > > > >>> >> >> > > > > > > > > > not
> > > > >>> >> >> > > > > > > > > > >> > find
> > > > >>> >> >> > > > > > > > > > >> > > > >> > artifact
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT
> > > > >>> >> >> > > > in
> > > > >>> >> >> > > > > > > > public
> > > > >>> >> >> > > > > > > > > (
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > >
> > > > >>> >> >>
> > > > http://nexus-private.hortonworks.com/nexus/content/groups/public/
> > > > >>> >> >> > > > > > > > > > >> > )
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> ->
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > [Help
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > 1]
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > On Wed, Dec 2,
> 2015
> > > at
> > > > >>> 10:05
> > > > >>> >> AM,
> > > > >>> >> >> > > larry
> > > > >>> >> >> > > > > > mccay
> > > > >>> >> >> > > > > > > <
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> larry.mc...@gmail.com>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > wrote:
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >
> > > > >>> >> gateway-provider-security-pac4j
> > > > >>> >> >> > > > doesn't
> > > > >>> >> >> > > > > > > > build -
> > > > >>> >> >> > > > > > > > > > do
> > > > >>> >> >> > > > > > > > > > >> you
> > > > >>> >> >> > > > > > > > > > >> > > > have
> > > > >>> >> >> > > > > > > > > > >> > > > >> a
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> pending
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > change for your
> > > > >>> pom.xml or
> > > > >>> >> >> > > something?
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> > > > >> >
> > > > >>> >> >> > > > > > > > > > >> > > > >>
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > > >
> > > > >>> >> >> > > > > > > > > > >> > > >
> > > > >>> >> >> > > > > > > > > > >> > >
> > > > >>> >> >> > > > > > > > > > >> >
> > > > >>> >> >> > > > > > > > > > >>
> > > > >>> >> >> > > > > > > > > > >
> > > > >>> >> >> > > > > > > > > > >
> > > > >>> >> >> > > > > > > > > >
> > > > >>> >> >> > > > > > > > >
> > > > >>> >> >> > > > > > > >
> > > > >>> >> >> > > > > > >
> > > > >>> >> >> > > > > >
> > > > >>> >> >> > > > >
> > > > >>> >> >> > > >
> > > > >>> >> >> > >
> > > > >>> >> >> >
> > > > >>> >> >>
> > > > >>> >>
> > > > >>>
> > > > >>
> > > > >>
> > > > >
> > > >
> > >
> >
>
