Nevermind - I had to add ?client_name=SAML2Client to the end of the sso url in okta and in the topology.
Now, I am running into a mismatch of audience expectations. I set the audience in the okta application to be KnoxSSO. I guess there is a parameter in the topology to sync up with that? On Fri, Jan 15, 2016 at 10:38 AM, larry mccay <[email protected]> wrote: > Hi Jérôme - > > Thanks for the updated docs - I will take a look today. > > I am currently still trying to test okta and stuck in a redirect loop. > Did you have to change anything in order to get the > request.getParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER) > set for the callbacks from okta? It is null in my environment and therefore > it moves on to the following: > > // otherwise just apply security and requires authentication > > // apply RequiresAuthenticationFilter > > requiresAuthenticationFilter.doFilter(servletRequest, > servletResponse, filterChain); > > which obviously results in the redirect loop. > > Curious whether you ran into that... > > thanks, > > --larry > > On Fri, Jan 15, 2016 at 4:00 AM, Jérôme LELEU <[email protected]> wrote: > >> Hi, >> >> I just uploaded a new patch for the documentation with the links pointing >> to the pac4j wiki. It should be clearer. >> >> Thanks. >> Best regards, >> Jérôme >> >> >> 2016-01-14 13:20 GMT+01:00 larry mccay <[email protected]>: >> >> > That sounds pretty reasonable. >> > I will likely document a few of the integrations that are possible in >> > blogs/tutorials anyway. >> > >> > I don't want testing of Knox at release time to have to jump around to >> much >> > in order to be able to test. >> > I think we can make that all good though. >> > >> > I will see what I can do with okta today. >> > >> > On Thu, Jan 14, 2016 at 5:00 AM, Jérôme LELEU <[email protected]> wrote: >> > >> > > Hi, >> > > >> > > Yes, the documentation is a bit too light. But you guessed it right: >> we >> > > need to have a keystore for encryption. >> > > >> > > The saml.identityProviderMetadataPath can point to a local resource or >> > to a >> > > remote one, using the right prefix: resource:, file: or an url (by >> > default, >> > > it is a file path). This must be documented though. >> > > >> > > With Okta, I used the defined url (Single Sign On URL = Recipient URL >> = >> > > Destination URL) for the serviceProviderEntityId, but I think it may >> > > depends on IdP as well. Reading the spec, it must be an URI, but I'm >> not >> > > sure if the SP metadata should be really available on this url. For >> Okta, >> > > it doesn't matter. >> > > >> > > According to your SAML configuration, the SP metadata will be >> generated >> > > somewhere and this somewhere can be defined via the >> > > serviceProviderMetadataPath parameter. You generally need to update >> your >> > > metadata to the IdP (not required for Okta though). Both the SP and >> IdP >> > > must know each other. >> > > >> > > When writing the documentation, I went fast on these parameters with >> the >> > > feeling they were regular ones, but indeed, the description in the >> Knox >> > > manual is not enough. This is somehow a bit normal as the real >> > > documentation for SAML is on the SAML wiki: >> > > https://github.com/pac4j/pac4j/wiki/Clients#details-for-saml-support >> > > >> > > So I propose to keep the Knox documentation mostly "as is", but add >> links >> > > to the pac4j wiki (where I could more easily made updates). All pac4j >> > > integrations need this documentation so it's better to centralize it, >> > from >> > > my point of view. What do you think? >> > > >> > > Thanks. >> > > Best regards, >> > > Jérôme >> > > >> > > >> > > >> > > 2016-01-13 19:37 GMT+01:00 larry mccay <[email protected]>: >> > > >> > > > Hi Jérôme - >> > > > >> > > > I'm trying to configure the pac4j provider for an okta "application" >> > > that I >> > > > created. >> > > > The following (from KNOX-642 docs patch) isn't quite enough to make >> it >> > > > clear to me how to go about doing so: >> > > > >> > > > +saml.keystorePassword | Password of the keystore >> (storepass) >> > > > +saml.privateKeyPassword | Password for the private key >> > > (keypass) >> > > > +saml.keystorePath | Path of the keystore >> > > > +saml.identityProviderMetadataPath | Path of the identity >> > > > provider metadata >> > > > +saml.maximumAuthenticationLifetime | Maximum lifetime for >> > > > authentication >> > > > +saml.serviceProviderEntityId | Identifier of the service >> > > > provider >> > > > +saml.serviceProviderMetadataPath | Path of the service >> > > provider >> > > > metadata >> > > > >> > > > I assume that I can use the gateway.jks keystore and the >> > gateway-identity >> > > > keypair to do the request signing and that that information is what >> is >> > > > needed for the first 3 params. Unfortunately, I don't see any use of >> > > > gateway services to get the master secret therefore it needs to be >> in >> > > clear >> > > > text here. This won't work - but may not be a show stopper for >> > committing >> > > > to master as long as we follow up with a fix. >> > > > >> > > > Can saml.identityProviderMetadataPath point to a remote location or >> > does >> > > it >> > > > have to be local to the SP application. This would likely require >> it to >> > > be >> > > > on the local filesystem, provisioned by the contributor into the >> > > generated >> > > > web app or in some central location via NFS or something like that. >> > > > >> > > > The okta application that I created is called KnoxSSO - is that the >> > value >> > > > for saml.serviceProviderEntityId? >> > > > >> > > > The saml.serviceProviderMetadataPath has the same questions as the >> > > metadata >> > > > for the IDP. In addition, is there a sample metadata file that we >> can >> > > > provide for the use of pac4j with KnoxSSO? >> > > > >> > > > I think that getting this working and clean (no clear text >> passwords) >> > > will >> > > > make a great feature and blog for featuring pac4j provider and the >> > 0.8.0 >> > > > release. So, let's try and iron this out clearly. >> > > > >> > > > I would really like to get this working and committed in the next >> > couple >> > > > days to free us up for follow up items. In particular we need time >> to >> > > > figure out whether the identity assertion providers that we >> currently >> > > have >> > > > will suffice for an apache release that is featuring this new >> > > > functionality. >> > > > >> > > > I will also add the above comments/questions to the JIRA for >> > visibility. >> > > > >> > > > thanks, >> > > > >> > > > --larry >> > > > >> > > > On Fri, Jan 8, 2016 at 12:40 PM, larry mccay <[email protected]> >> > wrote: >> > > > >> > > > > Jérôme - >> > > > > >> > > > > My testing of OpenID Connect is blocked. >> > > > > Can you see the comments in KNOX-641? >> > > > > >> > > > > thanks, >> > > > > >> > > > > --larry >> > > > > >> > > > > On Wed, Jan 6, 2016 at 2:30 PM, larry mccay < >> [email protected]> >> > > > wrote: >> > > > > >> > > > >> Jérôme - >> > > > >> >> > > > >> Please see the comments on KNOX-641. >> > > > >> >> > > > >> thanks, >> > > > >> >> > > > >> --larry >> > > > >> >> > > > >> On Wed, Jan 6, 2016 at 11:24 AM, Kevin Minder < >> > > > >> [email protected]> wrote: >> > > > >> >> > > > >>> I can certainly appreciate the issue of including external >> > resources >> > > in >> > > > >>> automated tests. Nothing has driven me more crazy over the >> years. >> > > The >> > > > >>> flip side of this of course is not finding out about a breakage >> > until >> > > > >>> someone is willing to go through the manual testing which will >> > > > typically >> > > > >>> happen just before a release. Also the implication is that >> these >> > > > testing >> > > > >>> procedures must be very will documented so that they can be >> > continue >> > > > to be >> > > > >>> run once any of us are no longer active in the project. >> > > > >>> >> > > > >>> >> > > > >>> >> > > > >>> On 1/6/16, 2:12 AM, "Jérôme LELEU" <[email protected]> wrote: >> > > > >>> >> > > > >>> >Hi, >> > > > >>> > >> > > > >>> >Yes, you can hit the CAS server at Heroku. Notice it's a Heroku >> > free >> > > > >>> server >> > > > >>> >so it needs to be re-activated first (it takes a couple of >> > seconds). >> > > > So >> > > > >>> for >> > > > >>> >a UI test, you should first hit it, wait 30 seconds and then >> > perform >> > > > the >> > > > >>> >test. >> > > > >>> > >> > > > >>> >Just my 2 cents: >> > > > >>> >Using automated UI tests was my first strategy for pac4j but I >> > > > finally >> > > > >>> >gave up because public providers change very often, at least >> > enough >> > > to >> > > > >>> make >> > > > >>> >the maintenance tests a nightmare. Currently, I'm using manual >> > tests >> > > > >>> (the >> > > > >>> >same for all demos), it takes me around 5 minutes to play them >> all >> > > by >> > > > >>> hand >> > > > >>> >(for a demo) and I launched manually the UI tests I have for >> every >> > > > major >> > > > >>> >pac4j release. Just to say UI tests are not that easy. For a >> CAS >> > > > server, >> > > > >>> >it's fairly feasible as the CAS server and protocol change >> rarely. >> > > > >>> >That's why for Knox, I did some compromise with a simulated web >> > test >> > > > >>> (based >> > > > >>> >on the basic auth). See: >> > > > >>> > >> > > > >>> >> > > > >> > > >> > >> https://github.com/apache/knox/pull/2/files#diff-d0c880ca71b310dbe57975c577535e97R47 >> > > > >>> > >> > > > >>> >Thanks. >> > > > >>> >Best regards, >> > > > >>> >Jérôme >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> >2016-01-05 21:20 GMT+01:00 Kevin Minder < >> > > [email protected] >> > > > >: >> > > > >>> > >> > > > >>> >> From my perspective it would be ideal if there were some >> > > automatable >> > > > >>> >> functional tests for this. I’m not advocating that these be >> > > > something >> > > > >>> >> included in “mvn clean install” as that is running too long >> as >> > it >> > > > is. >> > > > >>> >> Given that I don’t have as much context as Larry, I have some >> > > > >>> questions >> > > > >>> >> about what this would take. Lets say we had permission to >> hit >> > > > >>> >> https://casserverpac4j.herokuapp.com/login as part of some >> low >> > > > >>> frequency >> > > > >>> >> automated tests (e.g. Once nighty). What static credentials >> and >> > > > >>> other test >> > > > >>> >> automation infrastructure would need to be implemented in >> > support >> > > of >> > > > >>> this? >> > > > >>> >> I understand that the test suite would require at a minimum >> > > > >>> >> 1) a test driver >> > > > >>> >> 2) a protected mock UI and >> > > > >>> >> 3) an appropriately configured Knox >> > > > >>> >> 4) a profile enabled maven module >> > > > >>> >> 5) an Apache jenkins job >> > > > >>> >> but I’m sure I’m missing other things. I’m certainly >> willing to >> > > > help >> > > > >>> >> setup the skeleton infrastructure (e.g. test driver, mock UI, >> > > maven >> > > > >>> module, >> > > > >>> >> jenkins job) >> > > > >>> >> >> > > > >>> >> >> > > > >>> >> >> > > > >>> >> On 1/5/16, 2:54 PM, "larry mccay" <[email protected]> >> > wrote: >> > > > >>> >> >> > > > >>> >> >Okay, very good. >> > > > >>> >> >I've used TestShib for the picketlink provider - thanks for >> the >> > > > >>> pointers! >> > > > >>> >> > >> > > > >>> >> >On Tue, Jan 5, 2016 at 1:38 PM, Jérôme LELEU < >> [email protected] >> > > >> > > > >>> wrote: >> > > > >>> >> > >> > > > >>> >> >> The online CAS server ( >> > > > https://casserverpac4j.herokuapp.com/login) >> > > > >>> uses >> > > > >>> >> >> the >> > > > >>> >> >> CAS protocol. SAML support can be tested using some online >> > IdP >> > > > like >> > > > >>> >> Okta, >> > > > >>> >> >> TestShib, OpenFeide, Ssocircle... >> > > > >>> >> >> >> > > > >>> >> >> >> > > > >>> >> >> 2016-01-05 17:32 GMT+01:00 larry mccay < >> > [email protected] >> > > >: >> > > > >>> >> >> >> > > > >>> >> >> > Great - thanks for that pointer! >> > > > >>> >> >> > >> > > > >>> >> >> > I will take a look at that and help drive the release >> > related >> > > > >>> testing. >> > > > >>> >> >> > Merge testing will be gated on CAS server (is this SAML >> or >> > > CAS >> > > > >>> >> protocol?) >> > > > >>> >> >> > and testBasicAuth. >> > > > >>> >> >> > >> > > > >>> >> >> > On Tue, Jan 5, 2016 at 10:52 AM, Jérôme LELEU < >> > > > [email protected]> >> > > > >>> >> wrote: >> > > > >>> >> >> > >> > > > >>> >> >> > > Hi, >> > > > >>> >> >> > > >> > > > >>> >> >> > > Glad to hear back from you! >> > > > >>> >> >> > > >> > > > >>> >> >> > > The core pac4j project is fully tested by unit tests >> (and >> > > > some >> > > > >>> >> >> > integration >> > > > >>> >> >> > > tests I run for major version), then all pac4j >> > > > implementations >> > > > >>> are >> > > > >>> >> each >> > > > >>> >> >> > > tested by the appropriate demo: j2e-pac4j-demo tests >> > > > j2e-pac4j, >> > > > >>> >> >> > > spring-webmvc-pac4j-demo tests spring-webmvc-pac4j, >> etc. >> > > > >>> >> >> > > >> > > > >>> >> >> > > So if you take a look at: >> > > > >>> >> >> > > >> > > > >>> >> >> > > >> > > > >>> >> >> > >> > > > >>> >> >> >> > > > >>> >> >> > > > >>> >> > > > >> > > >> > >> https://github.com/pac4j/j2e-pac4j-demo/blob/master/src/main/java/org/pac4j/demo/j2e/config/DemoConfigFactory.java#L27 >> > > > >>> >> >> > > (for example), you have all the required information >> to >> > > test. >> > > > >>> >> >> > > >> > > > >>> >> >> > > I can do that on my own, but it can be good for the >> Knox >> > > > >>> community >> > > > >>> >> to >> > > > >>> >> >> > start >> > > > >>> >> >> > > working / testing the pac4j support. It's up to yoy. >> > > > >>> >> >> > > >> > > > >>> >> >> > > Thanks. >> > > > >>> >> >> > > Best regards, >> > > > >>> >> >> > > Jérôme >> > > > >>> >> >> > > >> > > > >>> >> >> > > >> > > > >>> >> >> > > 2016-01-05 16:11 GMT+01:00 larry mccay < >> > > > [email protected] >> > > > >>> >: >> > > > >>> >> >> > > >> > > > >>> >> >> > > > Hello Jérôme - >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > Happy New Year! >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > I am going to start reviewing your updates today, >> > > > hopefully. >> > > > >>> >> >> > > > I was thinking that we need to start discussions on >> > what >> > > > the >> > > > >>> key >> > > > >>> >> >> > usecases >> > > > >>> >> >> > > > are and how to go about testing them. >> > > > >>> >> >> > > > We can certainly test the testBasicAuth and against >> the >> > > > >>> hosted CAS >> > > > >>> >> >> > server >> > > > >>> >> >> > > > but what about FB, openid, OAuth, etc? >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > I'm not sure that FB would be a key feature but >> OpenID >> > > > >>> Connect and >> > > > >>> >> >> > OAuth >> > > > >>> >> >> > > > would be - as is SAML. >> > > > >>> >> >> > > > I think CAS buys us SAML testing - assuming that the >> > > > >>> >> configuration of >> > > > >>> >> >> > the >> > > > >>> >> >> > > > hosted server is actually a SAML 2 instance. >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > What about the others? >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > I don't know that we need to be able to test them >> all >> > > > before >> > > > >>> merge >> > > > >>> >> >> but >> > > > >>> >> >> > > some >> > > > >>> >> >> > > > sort of manual verification would be great. >> > > > >>> >> >> > > > We would need to be able to test them before the >> next >> > > > release >> > > > >>> >> which >> > > > >>> >> >> > would >> > > > >>> >> >> > > > be featuring the pac4j functionality. >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > Maybe you can describe how you go about testing such >> > > things >> > > > >>> for >> > > > >>> >> the >> > > > >>> >> >> > pac4j >> > > > >>> >> >> > > > project itself? >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > thanks, >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > --larry >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > On Tue, Jan 5, 2016 at 9:55 AM, Jérôme LELEU < >> > > > >>> [email protected]> >> > > > >>> >> >> wrote: >> > > > >>> >> >> > > > >> > > > >>> >> >> > > > > Hi, >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > Happy new year! >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > A few days ago, I updated my patch of the pac4j >> > gateway >> > > > >>> provider >> > > > >>> >> >> > > > according >> > > > >>> >> >> > > > > to all comments on >> > > > >>> >> https://issues.apache.org/jira/browse/KNOX-641 >> > > > >>> >> >> as >> > > > >>> >> >> > > > well >> > > > >>> >> >> > > > > as the documentation on KNOX-642. >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > Is everything ok for the merge? >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > Thanks. >> > > > >>> >> >> > > > > Best regards, >> > > > >>> >> >> > > > > Jérôme >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > 2015-12-14 15:28 GMT+01:00 larry mccay < >> > > > >>> [email protected]>: >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > > > Hi Jérôme - >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > Not sure if you saw but I added review comments >> to >> > > > >>> KNOX-641. >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > I think that we need to determine whether we >> want >> > the >> > > > >>> >> >> testBasicAuth >> > > > >>> >> >> > > in >> > > > >>> >> >> > > > > the >> > > > >>> >> >> > > > > > provider itself. >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > Let's follow up on the JIRA. >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > thanks, >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > --larry >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > On Fri, Dec 11, 2015 at 8:44 AM, Jérôme LELEU < >> > > > >>> >> [email protected]> >> > > > >>> >> >> > > > wrote: >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > > Hi, >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > No problem. It can go into a version 0.8.0 if >> > > needed. >> > > > >>> The >> > > > >>> >> truth >> > > > >>> >> >> > is >> > > > >>> >> >> > > > that >> > > > >>> >> >> > > > > > > there is only one change outside the new pac4j >> > > > module, >> > > > >>> so I >> > > > >>> >> >> think >> > > > >>> >> >> > > > risks >> > > > >>> >> >> > > > > > are >> > > > >>> >> >> > > > > > > extremly limited. >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > Just let met know. >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > Thanks. >> > > > >>> >> >> > > > > > > Best regards, >> > > > >>> >> >> > > > > > > Jérôme >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > 2015-12-11 14:23 GMT+01:00 larry mccay < >> > > > >>> >> [email protected] >> > > > >>> >> >> >: >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > > Hi Jérôme - >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > I have unfortunately not had a chance to >> pull, >> > > > >>> review and >> > > > >>> >> >> test >> > > > >>> >> >> > it >> > > > >>> >> >> > > > yet >> > > > >>> >> >> > > > > > and >> > > > >>> >> >> > > > > > > > have intended to do that today. >> > > > >>> >> >> > > > > > > > I apologize for the delay. >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > I was actually thinking that this would go >> > into a >> > > > >>> follow >> > > > >>> >> up >> > > > >>> >> >> > > release >> > > > >>> >> >> > > > > > that >> > > > >>> >> >> > > > > > > we >> > > > >>> >> >> > > > > > > > would try and get done rapidly after the >> 0.7.0 >> > > > >>> release >> > > > >>> >> but we >> > > > >>> >> >> > can >> > > > >>> >> >> > > > > > discuss >> > > > >>> >> >> > > > > > > > the target and its chances of destabilizing >> > > 0.7.0. >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > I believe that it is rather self-contained >> with >> > > > only >> > > > >>> a few >> > > > >>> >> >> > > changes >> > > > >>> >> >> > > > to >> > > > >>> >> >> > > > > > > > external modules. >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > Opening the JIRAs is perfect and I was >> going to >> > > do >> > > > >>> that >> > > > >>> >> once >> > > > >>> >> >> I >> > > > >>> >> >> > > > > started >> > > > >>> >> >> > > > > > > the >> > > > >>> >> >> > > > > > > > review. >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > Let's continue review comments and >> > collaboration >> > > on >> > > > >>> those >> > > > >>> >> >> > JIRAs. >> > > > >>> >> >> > > > > > > > I will add you to the contributors list so >> that >> > > we >> > > > >>> can >> > > > >>> >> assign >> > > > >>> >> >> > > them >> > > > >>> >> >> > > > to >> > > > >>> >> >> > > > > > > you. >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > Thank you for your contributions and your >> > > patience, >> > > > >>> >> Jérôme! >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > --larry >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > On Fri, Dec 11, 2015 at 3:00 AM, Jérôme >> LELEU < >> > > > >>> >> >> > [email protected]> >> > > > >>> >> >> > > > > > wrote: >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > > > Hi, >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > I didn't get any new feedback on the pull >> > > request >> > > > >>> so I >> > > > >>> >> >> assume >> > > > >>> >> >> > > > > > > everything >> > > > >>> >> >> > > > > > > > is >> > > > >>> >> >> > > > > > > > > ok from your point of view. >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > I released pac4j v1.8.1 and j2e-pac4j >> v1.2.1 >> > > so I >> > > > >>> >> updated >> > > > >>> >> >> the >> > > > >>> >> >> > > > pull >> > > > >>> >> >> > > > > > > > request >> > > > >>> >> >> > > > > > > > > to use them and successfully re-tested >> > > > everything. >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > I opened KNOX-641 and submitted the >> > > corresponding >> > > > >>> patch. >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > I also wrote the documentation, opened >> > KNOX-642 >> > > > and >> > > > >>> >> >> submitted >> > > > >>> >> >> > > the >> > > > >>> >> >> > > > > > > > > corresponding patch (just to let you know >> > that >> > > it >> > > > >>> >> doesn't >> > > > >>> >> >> > work >> > > > >>> >> >> > > > out >> > > > >>> >> >> > > > > of >> > > > >>> >> >> > > > > > > the >> > > > >>> >> >> > > > > > > > > box in Windows, I had to replace mvn.bat >> by >> > > > >>> mvn.cmd to >> > > > >>> >> make >> > > > >>> >> >> > ant >> > > > >>> >> >> > > > > > work). >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > Even if the branch 0.7.0 has already been >> > > > created, >> > > > >>> I >> > > > >>> >> >> assumed >> > > > >>> >> >> > > this >> > > > >>> >> >> > > > > new >> > > > >>> >> >> > > > > > > > pac4j >> > > > >>> >> >> > > > > > > > > provider will go into this version 0.7.0 >> > > > >>> (dependency on >> > > > >>> >> the >> > > > >>> >> >> > > > > > > > 0.7.0-SNAPSHOT >> > > > >>> >> >> > > > > > > > > parent version). >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > Just let me know if everything is ok and >> when >> > > > it's >> > > > >>> >> goind to >> > > > >>> >> >> > be >> > > > >>> >> >> > > > > > merged. >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > Thanks. >> > > > >>> >> >> > > > > > > > > Best regards, >> > > > >>> >> >> > > > > > > > > Jérôme >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > 2015-12-04 14:20 GMT+01:00 larry mccay < >> > > > >>> >> >> > [email protected] >> > > > >>> >> >> > > >: >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > > > That ability to configure multiple >> > mechanisms >> > > > >>> based on >> > > > >>> >> >> > > > clientName >> > > > >>> >> >> > > > > > is >> > > > >>> >> >> > > > > > > > > really >> > > > >>> >> >> > > > > > > > > > interesting for Knox. >> > > > >>> >> >> > > > > > > > > > Currently, we require separate >> topologies >> > per >> > > > >>> >> >> > authentication >> > > > >>> >> >> > > > > > > mechanism. >> > > > >>> >> >> > > > > > > > > > The ability to configure them all in >> one is >> > > > >>> really >> > > > >>> >> great. >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > We would need to think through the best >> way >> > > to >> > > > >>> provide >> > > > >>> >> >> the >> > > > >>> >> >> > > > > > clientName >> > > > >>> >> >> > > > > > > > > > parameter. >> > > > >>> >> >> > > > > > > > > > Since this is targeting KnoxSSO it can >> > > actually >> > > > >>> be >> > > > >>> >> added >> > > > >>> >> >> to >> > > > >>> >> >> > > the >> > > > >>> >> >> > > > > > > > > providerURL >> > > > >>> >> >> > > > > > > > > > used to redirect from the participating >> > > > >>> application. >> > > > >>> >> >> > > > > > > > > > Regardless of the authentication >> mechanism >> > > used >> > > > >>> each >> > > > >>> >> >> > > > application >> > > > >>> >> >> > > > > > will >> > > > >>> >> >> > > > > > > > > still >> > > > >>> >> >> > > > > > > > > > get the same JWT based cookie. >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > I think that should work really nicely. >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > On Fri, Dec 4, 2015 at 7:17 AM, larry >> > mccay < >> > > > >>> >> >> > > > > [email protected] >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > > > > wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > > Excellent, Jérôme. >> > > > >>> >> >> > > > > > > > > > > Thanks! >> > > > >>> >> >> > > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > > On Fri, Dec 4, 2015 at 2:40 AM, Jérôme >> > > LELEU >> > > > < >> > > > >>> >> >> > > > [email protected] >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > > > > wrote: >> > > > >>> >> >> > > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > >> Hi, >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> I will write how to configure the >> pac4j >> > > > >>> provider in >> > > > >>> >> >> the >> > > > >>> >> >> > > > > > > > documentation, >> > > > >>> >> >> > > > > > > > > > but >> > > > >>> >> >> > > > > > > > > > >> I can already give you some insights. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> My main goal is always to respect the >> > key >> > > > >>> design >> > > > >>> >> >> > > principles >> > > > >>> >> >> > > > of >> > > > >>> >> >> > > > > > > pac4j >> > > > >>> >> >> > > > > > > > > > >> whatever the environment / framework >> in >> > > > which >> > > > >>> it is >> > > > >>> >> >> > > > > implemented. >> > > > >>> >> >> > > > > > > For >> > > > >>> >> >> > > > > > > > > > Knox, >> > > > >>> >> >> > > > > > > > > > >> I'm pretty happy with the use of the >> > > > j2e-pac4j >> > > > >>> >> >> library, >> > > > >>> >> >> > > > which >> > > > >>> >> >> > > > > > > means >> > > > >>> >> >> > > > > > > > > that >> > > > >>> >> >> > > > > > > > > > >> almost all the pac4j features are >> > > available, >> > > > >>> >> >> especially >> > > > >>> >> >> > > both >> > > > >>> >> >> > > > > > > direct >> > > > >>> >> >> > > > > > > > > and >> > > > >>> >> >> > > > > > > > > > >> indirect clients. So it can do what >> > Shiro >> > > > >>> already >> > > > >>> >> does >> > > > >>> >> >> > but >> > > > >>> >> >> > > > > also, >> > > > >>> >> >> > > > > > > as >> > > > >>> >> >> > > > > > > > we >> > > > >>> >> >> > > > > > > > > > >> agreed together, supports remote >> > > > >>> authentications. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> It is only limited by what you can >> > > currently >> > > > >>> >> >> configure. >> > > > >>> >> >> > > And >> > > > >>> >> >> > > > > even >> > > > >>> >> >> > > > > > > > > > >> configuration is a pac4j feature as >> the >> > > CAS >> > > > >>> server >> > > > >>> >> has >> > > > >>> >> >> > the >> > > > >>> >> >> > > > > same >> > > > >>> >> >> > > > > > > > need. >> > > > >>> >> >> > > > > > > > > > >> Everything happens in this class: >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > >> > > > >>> >> >> > > >> > > > >>> >> >> > >> > > > >>> >> >> >> > > > >>> >> >> > > > >>> >> > > > >> > > >> > >> https://github.com/pac4j/pac4j/blob/master/pac4j-config/src/main/java/org/pac4j/config/client/ConfigPropertiesFactory.java >> > > > >>> >> >> > > > > > > > > > >> , >> > > > >>> >> >> > > > > > > > > > >> which allows you to configure >> Facebook, >> > > > >>> Twitter, a >> > > > >>> >> CAS >> > > > >>> >> >> > > > > server, a >> > > > >>> >> >> > > > > > > > SAML >> > > > >>> >> >> > > > > > > > > > IdP >> > > > >>> >> >> > > > > > > > > > >> or an OpenID Connect provider. All >> the >> > > > >>> provided >> > > > >>> >> >> > parameters >> > > > >>> >> >> > > > to >> > > > >>> >> >> > > > > > the >> > > > >>> >> >> > > > > > > > > pac4j >> > > > >>> >> >> > > > > > > > > > >> provider are put into a Map and the >> > > > >>> >> >> > > ConfigPropertiesFactory >> > > > >>> >> >> > > > is >> > > > >>> >> >> > > > > > > built >> > > > >>> >> >> > > > > > > > > > with >> > > > >>> >> >> > > > > > > > > > >> this Map to return the built client >> (= >> > > > >>> >> authentication >> > > > >>> >> >> > > > > > mechanism). >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> You have one more specific option for >> > Knox >> > > > as >> > > > >>> a >> > > > >>> >> basic >> > > > >>> >> >> > > > > > > authentication >> > > > >>> >> >> > > > > > > > > > popup >> > > > >>> >> >> > > > > > > > > > >> where the username must match the >> > > password, >> > > > >>> you can >> > > > >>> >> >> > define >> > > > >>> >> >> > > > > that >> > > > >>> >> >> > > > > > > by: >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> <param> >> > > > >>> >> >> > > > > > > > > > >> <name>clientName</name> >> > > > >>> >> >> > > > > > > > > > >> <value>testBasicAuth</value> >> > > > >>> >> >> > > > > > > > > > >> </param> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> It's for testing only. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> For a CAS server: >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> <param> >> > > > >>> >> >> > > > > > > > > > >> <name>cas.loginUrl</name> >> > > > >>> >> >> > > > > > > > > > >> <value> >> > > > >>> >> https://casserverpac4j.herokuapp.com/login >> > > > >>> >> >> > > </value> >> > > > >>> >> >> > > > > > > > > > >> </param> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> Here are all the properties available >> > for >> > > > >>> building >> > > > >>> >> >> > clients >> > > > >>> >> >> > > > > > (their >> > > > >>> >> >> > > > > > > > > > meaning >> > > > >>> >> >> > > > > > > > > > >> is obvious): >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> facebook.id >> > > > >>> >> >> > > > > > > > > > >> facebook.secret >> > > > >>> >> >> > > > > > > > > > >> facebook.scope >> > > > >>> >> >> > > > > > > > > > >> facebook.fields >> > > > >>> >> >> > > > > > > > > > >> twitter.id >> > > > >>> >> >> > > > > > > > > > >> twitter.secret >> > > > >>> >> >> > > > > > > > > > >> saml.keystorePassword >> > > > >>> >> >> > > > > > > > > > >> saml.privateKeyPassword >> > > > >>> >> >> > > > > > > > > > >> saml.keystorePath >> > > > >>> >> >> > > > > > > > > > >> saml.identityProviderMetadataPath >> > > > >>> >> >> > > > > > > > > > >> saml.maximumAuthenticationLifetime >> > > > >>> >> >> > > > > > > > > > >> saml.serviceProviderEntityId >> > > > >>> >> >> > > > > > > > > > >> saml.serviceProviderMetadataPath >> > > > >>> >> >> > > > > > > > > > >> cas.loginUrl >> > > > >>> >> >> > > > > > > > > > >> cas.protocol >> > > > >>> >> >> > > > > > > > > > >> oidc.id >> > > > >>> >> >> > > > > > > > > > >> oidc.secret >> > > > >>> >> >> > > > > > > > > > >> oidc.discoveryUri >> > > > >>> >> >> > > > > > > > > > >> oidc.customParamKey1 >> > > > >>> >> >> > > > > > > > > > >> oidc.customParamValue1 >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> If you define multiple clients, the >> > first >> > > > one >> > > > >>> will >> > > > >>> >> be >> > > > >>> >> >> > used >> > > > >>> >> >> > > > for >> > > > >>> >> >> > > > > > > > > > >> authentication, but you can >> explicitly >> > > > choose >> > > > >>> the >> > > > >>> >> >> client >> > > > >>> >> >> > > you >> > > > >>> >> >> > > > > > want >> > > > >>> >> >> > > > > > > to >> > > > >>> >> >> > > > > > > > > use >> > > > >>> >> >> > > > > > > > > > >> via the clientName parameter, >> assuming >> > you >> > > > >>> want to >> > > > >>> >> >> > switch >> > > > >>> >> >> > > > from >> > > > >>> >> >> > > > > > > > client >> > > > >>> >> >> > > > > > > > > > >> depending on environment for example. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> So if you want to add some new >> > > > authentication >> > > > >>> >> >> mechanism, >> > > > >>> >> >> > > you >> > > > >>> >> >> > > > > > must >> > > > >>> >> >> > > > > > > > > first >> > > > >>> >> >> > > > > > > > > > >> check that it is available in pac4j >> (if >> > > it's >> > > > >>> not, >> > > > >>> >> it's >> > > > >>> >> >> > > > another >> > > > >>> >> >> > > > > > > > > > discussion, >> > > > >>> >> >> > > > > > > > > > >> but generally, it is). Then, you'll >> need >> > > to >> > > > >>> upgrade >> > > > >>> >> >> the >> > > > >>> >> >> > > > > > > > > > >> ConfigPropertiesFactory by >> submitting a >> > > new >> > > > >>> pull >> > > > >>> >> >> request >> > > > >>> >> >> > > to >> > > > >>> >> >> > > > > the >> > > > >>> >> >> > > > > > > > pac4j >> > > > >>> >> >> > > > > > > > > > >> project (I can do it myself, but I'm >> > sure >> > > > you >> > > > >>> >> could do >> > > > >>> >> >> > > that >> > > > >>> >> >> > > > > > > easily), >> > > > >>> >> >> > > > > > > > > > >> finally wait for the new pac4j >> release >> > and >> > > > >>> switch >> > > > >>> >> >> pac4j >> > > > >>> >> >> > > > > versions >> > > > >>> >> >> > > > > > > in >> > > > >>> >> >> > > > > > > > > Knox >> > > > >>> >> >> > > > > > > > > > >> to >> > > > >>> >> >> > > > > > > > > > >> benefit from the new feature. >> > > > >>> >> >> > > > > > > > > > >> The good thing is that if someone >> > related >> > > to >> > > > >>> the >> > > > >>> >> CAS >> > > > >>> >> >> > > server >> > > > >>> >> >> > > > > does >> > > > >>> >> >> > > > > > > the >> > > > >>> >> >> > > > > > > > > > same >> > > > >>> >> >> > > > > > > > > > >> thing for CAS (in pac4j), you will >> > > > >>> automatically >> > > > >>> >> get >> > > > >>> >> >> it >> > > > >>> >> >> > > when >> > > > >>> >> >> > > > > > > you'll >> > > > >>> >> >> > > > > > > > > > >> upgrade >> > > > >>> >> >> > > > > > > > > > >> pac4j. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> To go even further, replacing LDAP >> Shiro >> > > > >>> >> >> authentication >> > > > >>> >> >> > is >> > > > >>> >> >> > > > > just >> > > > >>> >> >> > > > > > a >> > > > >>> >> >> > > > > > > > > matter >> > > > >>> >> >> > > > > > > > > > >> of >> > > > >>> >> >> > > > > > > > > > >> making pac4j LDAP authentication >> > available >> > > > via >> > > > >>> >> >> > > configuration >> > > > >>> >> >> > > > > > > > > parameters. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> I hope it was clear enough. >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> Thanks. >> > > > >>> >> >> > > > > > > > > > >> Best regards, >> > > > >>> >> >> > > > > > > > > > >> Jérôme >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> 2015-12-03 20:45 GMT+01:00 larry >> mccay < >> > > > >>> >> >> > > > [email protected] >> > > > >>> >> >> > > > > >: >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> > Excellent! >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > I will carve out some time to do >> code >> > > > >>> review. >> > > > >>> >> >> > > > > > > > > > >> > We will need to get some insights >> into >> > > how >> > > > >>> to go >> > > > >>> >> >> about >> > > > >>> >> >> > > > > > testing: >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > * is the CAS server going to be >> > > available >> > > > >>> for >> > > > >>> >> >> testing? >> > > > >>> >> >> > > > > > > > > > >> > * what are the specific and >> > > > >>> generic/standard (if >> > > > >>> >> >> any) >> > > > >>> >> >> > > > > > > > authentication >> > > > >>> >> >> > > > > > > > > > >> > mechanisms available - for >> instance: >> > > > >>> >> >> > > > > > > > > > >> > - Facebook, Google, LinkedIn >> and >> > CAS >> > > > are >> > > > >>> >> >> specifics >> > > > >>> >> >> > > > > > > > > > >> > - OAuth 2, OpenID Connect, SAML >> > are >> > > > >>> >> >> > > generic/standards >> > > > >>> >> >> > > > - >> > > > >>> >> >> > > > > > that >> > > > >>> >> >> > > > > > > > may >> > > > >>> >> >> > > > > > > > > > be >> > > > >>> >> >> > > > > > > > > > >> > used for the above specifics... >> > > > >>> >> >> > > > > > > > > > >> > * how do we test things other than >> > CAS - >> > > > in >> > > > >>> >> terms of >> > > > >>> >> >> > > > getting >> > > > >>> >> >> > > > > > > > > > >> credentials, >> > > > >>> >> >> > > > > > > > > > >> > configuration, etc >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > We could certainly do this is >> phases >> > as >> > > > >>> well. >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > If you can enumerate the things >> that >> > > > should >> > > > >>> work >> > > > >>> >> and >> > > > >>> >> >> > > > provide >> > > > >>> >> >> > > > > > > some >> > > > >>> >> >> > > > > > > > > > >> testing >> > > > >>> >> >> > > > > > > > > > >> > details for CAS or as many as >> possible >> > > and >> > > > >>> OpenID >> > > > >>> >> >> > > Connect >> > > > >>> >> >> > > > > then >> > > > >>> >> >> > > > > > > we >> > > > >>> >> >> > > > > > > > > can >> > > > >>> >> >> > > > > > > > > > >> test >> > > > >>> >> >> > > > > > > > > > >> > the specific implementations that >> you >> > > > >>> provide and >> > > > >>> >> >> > enable >> > > > >>> >> >> > > > the >> > > > >>> >> >> > > > > > > > testing >> > > > >>> >> >> > > > > > > > > > of >> > > > >>> >> >> > > > > > > > > > >> > another OpenID Connect effort that >> is >> > in >> > > > the >> > > > >>> >> works >> > > > >>> >> >> in >> > > > >>> >> >> > > the >> > > > >>> >> >> > > > > > > > community. >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > I'm not sure whether we want to >> commit >> > > > >>> >> contributions >> > > > >>> >> >> > > that >> > > > >>> >> >> > > > > are >> > > > >>> >> >> > > > > > > > > > dependent >> > > > >>> >> >> > > > > > > > > > >> on >> > > > >>> >> >> > > > > > > > > > >> > snapshots - we certainly can't >> release >> > > > with >> > > > >>> any >> > > > >>> >> such >> > > > >>> >> >> > > > > > > dependencies. >> > > > >>> >> >> > > > > > > > > > >> > I would hate to add a cleanup task >> to >> > a >> > > > >>> release >> > > > >>> >> to >> > > > >>> >> >> > make >> > > > >>> >> >> > > > sure >> > > > >>> >> >> > > > > > > there >> > > > >>> >> >> > > > > > > > > are >> > > > >>> >> >> > > > > > > > > > >> no >> > > > >>> >> >> > > > > > > > > > >> > snapshots in there. >> > > > >>> >> >> > > > > > > > > > >> > We will probably wait until after >> the >> > > > pac4j >> > > > >>> >> releases >> > > > >>> >> >> > to >> > > > >>> >> >> > > > > > commit. >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > I am really happy that this >> > integration >> > > is >> > > > >>> >> happening >> > > > >>> >> >> > and >> > > > >>> >> >> > > > > that >> > > > >>> >> >> > > > > > it >> > > > >>> >> >> > > > > > > > > went >> > > > >>> >> >> > > > > > > > > > >> > rather smoothly. >> > > > >>> >> >> > > > > > > > > > >> > These sorts of authentication >> > protocols >> > > > are >> > > > >>> >> complex >> > > > >>> >> >> > and >> > > > >>> >> >> > > I >> > > > >>> >> >> > > > > > think >> > > > >>> >> >> > > > > > > we >> > > > >>> >> >> > > > > > > > > > >> lined up >> > > > >>> >> >> > > > > > > > > > >> > pretty well overall. >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > Thanks for your work! >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > On Thu, Dec 3, 2015 at 2:28 PM, >> Jérôme >> > > > >>> LELEU < >> > > > >>> >> >> > > > > > [email protected]> >> > > > >>> >> >> > > > > > > > > > wrote: >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > Hi, >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > I just sync'ed with master, >> cleaned >> > > > >>> >> dependencies >> > > > >>> >> >> and >> > > > >>> >> >> > > > added >> > > > >>> >> >> > > > > > > > missing >> > > > >>> >> >> > > > > > > > > > >> > > Javadocs. Everything works >> correctly >> > > > now. >> > > > >>> Many >> > > > >>> >> >> > thanks. >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > The pull request is ready for a >> full >> > > > code >> > > > >>> >> review: >> > > > >>> >> >> > > > > > > > > > >> > > >> > https://github.com/apache/knox/pull/2 >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > I'll write the documentation >> after >> > the >> > > > >>> pac4j >> > > > >>> >> >> > releases >> > > > >>> >> >> > > (I >> > > > >>> >> >> > > > > > hope >> > > > >>> >> >> > > > > > > > next >> > > > >>> >> >> > > > > > > > > > >> week). >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > Thanks. >> > > > >>> >> >> > > > > > > > > > >> > > Best regards, >> > > > >>> >> >> > > > > > > > > > >> > > Jérôme >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > 2015-12-02 19:18 GMT+01:00 larry >> > > mccay < >> > > > >>> >> >> > > > > > [email protected] >> > > > >>> >> >> > > > > > > >: >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > > Fixed in >> > > > >>> >> >> > > > https://issues.apache.org/jira/browse/KNOX-636 >> > > > >>> >> >> > > > > . >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > On Wed, Dec 2, 2015 at 12:42 >> PM, >> > > larry >> > > > >>> mccay >> > > > >>> >> < >> > > > >>> >> >> > > > > > > > > > [email protected] >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > Sure - I can file a JIRA and >> > > commit >> > > > a >> > > > >>> fix. >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > The secret generation should >> be >> > > done >> > > > >>> in one >> > > > >>> >> >> > > instance >> > > > >>> >> >> > > > > and >> > > > >>> >> >> > > > > > > > > > >> replicated >> > > > >>> >> >> > > > > > > > > > >> > > > across >> > > > >>> >> >> > > > > > > > > > >> > > > > others. >> > > > >>> >> >> > > > > > > > > > >> > > > > This replication/management >> of >> > the >> > > > >>> >> credential >> > > > >>> >> >> > > stores >> > > > >>> >> >> > > > > is >> > > > >>> >> >> > > > > > > > > outside >> > > > >>> >> >> > > > > > > > > > of >> > > > >>> >> >> > > > > > > > > > >> > the >> > > > >>> >> >> > > > > > > > > > >> > > > > scope of Knox itself as of >> now. >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > Documentation is done in >> > markdown >> > > > and >> > > > >>> is >> > > > >>> >> >> > > > contributing >> > > > >>> >> >> > > > > > > > details >> > > > >>> >> >> > > > > > > > > > are >> > > > >>> >> >> > > > > > > > > > >> > > > > available at: >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > >> > > > >>> >> >> > > >> > > > >>> >> >> > >> > > > >>> >> >> >> > > > >>> >> >> > > > >>> >> > > > >> > > >> > >> https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > Which should give you a >> general >> > > > idea. >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > Find an example like: >> > > > >>> ./trunk/books/0.7.0/ >> > > > >>> >> >> > > > > > > > > > >> > > config_preauth_sso_provider.md >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > For an example of typical >> > content >> > > > and >> > > > >>> >> format. >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > Here is how that example >> > renders: >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > >> > > > >>> >> >> > > >> > > > >>> >> >> > >> > > > >>> >> >> >> > > > >>> >> >> > > > >>> >> > > > >> > > >> > >> http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > You'll need to tie it into >> the >> > > rest >> > > > >>> of the >> > > > >>> >> >> book >> > > > >>> >> >> > - >> > > > >>> >> >> > > > just >> > > > >>> >> >> > > > > > > grep >> > > > >>> >> >> > > > > > > > > for >> > > > >>> >> >> > > > > > > > > > >> where >> > > > >>> >> >> > > > > > > > > > >> > > > that >> > > > >>> >> >> > > > > > > > > > >> > > > > filename is referenced. >> > > > >>> >> >> > > > > > > > > > >> > > > > To test how it renders build >> the >> > > > site >> > > > >>> with: >> > > > >>> >> >> > "ant" >> > > > >>> >> >> > > > and >> > > > >>> >> >> > > > > > note >> > > > >>> >> >> > > > > > > > the >> > > > >>> >> >> > > > > > > > > > >> url to >> > > > >>> >> >> > > > > > > > > > >> > > the >> > > > >>> >> >> > > > > > > > > > >> > > > > 0.7.0 book. >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > On Wed, Dec 2, 2015 at 12:12 >> PM, >> > > > >>> Jérôme >> > > > >>> >> LELEU >> > > > >>> >> >> < >> > > > >>> >> >> > > > > > > > > [email protected] >> > > > >>> >> >> > > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > >> > > wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> Hi, >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> Why it doesn't work for >> pac4j >> > > while >> > > > >>> it >> > > > >>> >> works >> > > > >>> >> >> > for >> > > > >>> >> >> > > > > others >> > > > >>> >> >> > > > > > > is >> > > > >>> >> >> > > > > > > > a >> > > > >>> >> >> > > > > > > > > > bit >> > > > >>> >> >> > > > > > > > > > >> > > strange >> > > > >>> >> >> > > > > > > > > > >> > > > >> to >> > > > >>> >> >> > > > > > > > > > >> > > > >> me, but if you have the >> patch >> > in >> > > > >>> front of >> > > > >>> >> >> your >> > > > >>> >> >> > > > eyes, >> > > > >>> >> >> > > > > > I'd >> > > > >>> >> >> > > > > > > > > rather >> > > > >>> >> >> > > > > > > > > > >> > prefer >> > > > >>> >> >> > > > > > > > > > >> > > > you >> > > > >>> >> >> > > > > > > > > > >> > > > >> to commit it. In all cases, >> > I'll >> > > > >>> sync with >> > > > >>> >> >> the >> > > > >>> >> >> > > > > master. >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> There was one question you >> > didn't >> > > > >>> answer >> > > > >>> >> >> > > > previously: >> > > > >>> >> >> > > > > is >> > > > >>> >> >> > > > > > > the >> > > > >>> >> >> > > > > > > > > > >> password >> > > > >>> >> >> > > > > > > > > > >> > > > >> generated for the pac4j >> > provider >> > > > the >> > > > >>> same >> > > > >>> >> >> > across >> > > > >>> >> >> > > > all >> > > > >>> >> >> > > > > > > > gateway >> > > > >>> >> >> > > > > > > > > > >> > > instances? >> > > > >>> >> >> > > > > > > > > > >> > > > >> Because I expect to have the >> > same >> > > > >>> value >> > > > >>> >> as I >> > > > >>> >> >> > use >> > > > >>> >> >> > > it >> > > > >>> >> >> > > > > to >> > > > >>> >> >> > > > > > > > > encrypt >> > > > >>> >> >> > > > > > > > > > / >> > > > >>> >> >> > > > > > > > > > >> > > decrypt >> > > > >>> >> >> > > > > > > > > > >> > > > >> data. >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> I will add the Javadoc. >> After >> > > that, >> > > > >>> you >> > > > >>> >> can >> > > > >>> >> >> > > review >> > > > >>> >> >> > > > > the >> > > > >>> >> >> > > > > > > pull >> > > > >>> >> >> > > > > > > > > > >> request >> > > > >>> >> >> > > > > > > > > > >> > > more >> > > > >>> >> >> > > > > > > > > > >> > > > >> completely. >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> What do you expect for the >> > > > >>> documentation? >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> Notice that pac4j >> dependencies >> > > are >> > > > >>> still >> > > > >>> >> >> > > snapshots, >> > > > >>> >> >> > > > > but >> > > > >>> >> >> > > > > > > > they >> > > > >>> >> >> > > > > > > > > > >> will be >> > > > >>> >> >> > > > > > > > > > >> > > > >> released in a week or two. >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> Thanks. >> > > > >>> >> >> > > > > > > > > > >> > > > >> Best regards, >> > > > >>> >> >> > > > > > > > > > >> > > > >> Jérôme >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> 2015-12-02 17:51 GMT+01:00 >> > larry >> > > > >>> mccay < >> > > > >>> >> >> > > > > > > > > [email protected] >> > > > >>> >> >> > > > > > > > > > >: >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > Jérôme - >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > If you would like to add >> that >> > > > >>> change as >> > > > >>> >> >> part >> > > > >>> >> >> > of >> > > > >>> >> >> > > > > your >> > > > >>> >> >> > > > > > > > patch >> > > > >>> >> >> > > > > > > > > or >> > > > >>> >> >> > > > > > > > > > >> as a >> > > > >>> >> >> > > > > > > > > > >> > > > >> > separately filed JIRA to >> fix >> > a >> > > > bug >> > > > >>> that >> > > > >>> >> >> would >> > > > >>> >> >> > > > > > certainly >> > > > >>> >> >> > > > > > > > be >> > > > >>> >> >> > > > > > > > > > >> > welcomed. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > Otherwise, I can do it. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > Let me know. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > thanks, >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > --larry >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > On Wed, Dec 2, 2015 at >> 11:44 >> > > AM, >> > > > >>> larry >> > > > >>> >> >> mccay >> > > > >>> >> >> > < >> > > > >>> >> >> > > > > > > > > > >> > [email protected] >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > Okay - I had to add an >> > > override >> > > > >>> of >> > > > >>> >> >> > > > > > getUserPrincipal() >> > > > >>> >> >> > > > > > > > to >> > > > >>> >> >> > > > > > > > > > the >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > >> > > > >>> >> IdentityAsserterHttpServletRequestWrapper >> > > > >>> >> >> > and >> > > > >>> >> >> > > > > > return >> > > > >>> >> >> > > > > > > > the >> > > > >>> >> >> > > > > > > > > > >> member >> > > > >>> >> >> > > > > > > > > > >> > > > >> variable >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > username and it works >> like >> > a >> > > > >>> charm. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > Why I haven't seen this >> > same >> > > > >>> behavior >> > > > >>> >> >> with >> > > > >>> >> >> > > > other >> > > > >>> >> >> > > > > > > > > providers >> > > > >>> >> >> > > > > > > > > > >> is a >> > > > >>> >> >> > > > > > > > > > >> > > bit >> > > > >>> >> >> > > > > > > > > > >> > > > >> of a >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > mystery but they must be >> > > adding >> > > > >>> other >> > > > >>> >> >> > > wrappers >> > > > >>> >> >> > > > > that >> > > > >>> >> >> > > > > > > > > handle >> > > > >>> >> >> > > > > > > > > > >> it. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > This is quite cool, >> Jérôme! >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > On Wed, Dec 2, 2015 at >> > 10:41 >> > > > AM, >> > > > >>> larry >> > > > >>> >> >> > mccay >> > > > >>> >> >> > > < >> > > > >>> >> >> > > > > > > > > > >> > > [email protected] >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> That was it - thanks! >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> On Wed, Dec 2, 2015 at >> > 10:20 >> > > > AM, >> > > > >>> >> Jérôme >> > > > >>> >> >> > > LELEU >> > > > >>> >> >> > > > < >> > > > >>> >> >> > > > > > > > > > >> > [email protected]> >> > > > >>> >> >> > > > > > > > > > >> > > > >> wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> This is my exact >> command >> > > > line: >> > > > >>> mvn >> > > > >>> >> >> > > -Prelease >> > > > >>> >> >> > > > > > clean >> > > > >>> >> >> > > > > > > > > > install >> > > > >>> >> >> > > > > > > > > > >> > > > >> -DskipTests >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> You use an internal >> Maven >> > > > >>> >> repository to >> > > > >>> >> >> > > fetch >> > > > >>> >> >> > > > > > > > > > dependencies >> > > > >>> >> >> > > > > > > > > > >> > from >> > > > >>> >> >> > > > > > > > > > >> > > > >> > internet: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > >> > > > >>> >> http://nexus-private.hortonworks.com/nexus/content/groups/public/ >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> Does this repository >> have >> > > > >>> access to >> > > > >>> >> the >> > > > >>> >> >> > > > remote >> > > > >>> >> >> > > > > > > > > Snapshots >> > > > >>> >> >> > > > > > > > > > >> > > Sonatype >> > > > >>> >> >> > > > > > > > > > >> > > > >> repo? >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> 2015-12-02 16:16 >> > GMT+01:00 >> > > > >>> larry >> > > > >>> >> mccay >> > > > >>> >> >> < >> > > > >>> >> >> > > > > > > > > > >> [email protected] >> > > > >>> >> >> > > > > > > > > > >> > >: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > hmmm - I used: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > mvn clean install >> > > > >>> -DskipTests=true >> > > > >>> >> >> > > > -Prelease >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > The repository >> entry is >> > > in >> > > > >>> there >> > > > >>> >> >> > already. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > No worky. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > On Wed, Dec 2, 2015 >> at >> > > > 10:12 >> > > > >>> AM, >> > > > >>> >> >> Jérôme >> > > > >>> >> >> > > > > LELEU < >> > > > >>> >> >> > > > > > > > > > >> > > [email protected] >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Hi, >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > You need the >> > j2e-pac4j >> > > > >>> >> dependencies >> > > > >>> >> >> > as >> > > > >>> >> >> > > > well >> > > > >>> >> >> > > > > > as >> > > > >>> >> >> > > > > > > > the >> > > > >>> >> >> > > > > > > > > > >> pac4j-* >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> dependencies, >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > but you don't >> need to >> > > > >>> build them >> > > > >>> >> >> > > locally >> > > > >>> >> >> > > > > > > > > (hopefully). >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > But you need a >> > > dependency >> > > > >>> on the >> > > > >>> >> >> > > Sonatype >> > > > >>> >> >> > > > > > > > snapshots >> > > > >>> >> >> > > > > > > > > > >> > > repository >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> (where the >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > snapshot versions >> are >> > > > >>> hosted), >> > > > >>> >> >> which >> > > > >>> >> >> > is >> > > > >>> >> >> > > > > added >> > > > >>> >> >> > > > > > > for >> > > > >>> >> >> > > > > > > > > > >> Maven in >> > > > >>> >> >> > > > > > > > > > >> > > the >> > > > >>> >> >> > > > > > > > > > >> > > > >> root >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > pom.xml: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > >> > > > >>> >> >> > > >> > > > >>> >> >> > >> > > > >>> >> >> >> > > > >>> >> >> > > > >>> >> > > > >> > > >> > >> https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123 >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > If you use Ant for >> > the >> > > > >>> build, >> > > > >>> >> there >> > > > >>> >> >> > is >> > > > >>> >> >> > > > > maybe >> > > > >>> >> >> > > > > > a >> > > > >>> >> >> > > > > > > > > glitch >> > > > >>> >> >> > > > > > > > > > >> to >> > > > >>> >> >> > > > > > > > > > >> > > find >> > > > >>> >> >> > > > > > > > > > >> > > > >> the >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > Sonatype >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Maven repo. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Thanks. >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Best regards, >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Jérôme >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > 2015-12-02 16:06 >> > > > GMT+01:00 >> > > > >>> larry >> > > > >>> >> >> > mccay >> > > > >>> >> >> > > < >> > > > >>> >> >> > > > > > > > > > >> > > [email protected] >> > > > >>> >> >> > > > > > > > > > >> > > > >: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > Oh - do I need >> to >> > > build >> > > > >>> >> j2e-pac4 >> > > > >>> >> >> > > > locally >> > > > >>> >> >> > > > > in >> > > > >>> >> >> > > > > > > > order >> > > > >>> >> >> > > > > > > > > > to >> > > > >>> >> >> > > > > > > > > > >> > > resolve >> > > > >>> >> >> > > > > > > > > > >> > > > >> the >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > dependencies? >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > [ERROR] Failed >> to >> > > > execute >> > > > >>> >> goal on >> > > > >>> >> >> > > > project >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > >> > > > >>> gateway-provider-security-pac4j: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > Could not >> resolve >> > > > >>> dependencies >> > > > >>> >> >> for >> > > > >>> >> >> > > > > project >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT: >> > > > >>> >> >> > > > > > > > > > >> > > > >> The >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > following >> artifacts >> > > > >>> could not >> > > > >>> >> be >> > > > >>> >> >> > > > > resolved: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT, >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT, >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT: >> > > > >>> >> >> > > > > > > > Could >> > > > >>> >> >> > > > > > > > > > not >> > > > >>> >> >> > > > > > > > > > >> > find >> > > > >>> >> >> > > > > > > > > > >> > > > >> > artifact >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT >> > > > >>> >> >> > > > in >> > > > >>> >> >> > > > > > > > public >> > > > >>> >> >> > > > > > > > > ( >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > >> > > > >>> >> >> >> > > > http://nexus-private.hortonworks.com/nexus/content/groups/public/ >> > > > >>> >> >> > > > > > > > > > >> > ) >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> -> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > [Help >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > 1] >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > On Wed, Dec 2, >> 2015 >> > > at >> > > > >>> 10:05 >> > > > >>> >> AM, >> > > > >>> >> >> > > larry >> > > > >>> >> >> > > > > > mccay >> > > > >>> >> >> > > > > > > < >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> [email protected] >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > wrote: >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> > > > >>> >> gateway-provider-security-pac4j >> > > > >>> >> >> > > > doesn't >> > > > >>> >> >> > > > > > > > build - >> > > > >>> >> >> > > > > > > > > > do >> > > > >>> >> >> > > > > > > > > > >> you >> > > > >>> >> >> > > > > > > > > > >> > > > have >> > > > >>> >> >> > > > > > > > > > >> > > > >> a >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> pending >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > change for >> your >> > > > >>> pom.xml or >> > > > >>> >> >> > > something? >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > >>> >> >> > > > > > > > > > >> > > > >> >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >> > > > >>> >> >> > > > > > > > > > >> > > >> > > > >>> >> >> > > > > > > > > > >> > >> > > > >>> >> >> > > > > > > > > > >> >> > > > >>> >> >> > > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > > >> > > > >>> >> >> > > > > > > > > > >> > > > >>> >> >> > > > > > > > > >> > > > >>> >> >> > > > > > > > >> > > > >>> >> >> > > > > > > >> > > > >>> >> >> > > > > > >> > > > >>> >> >> > > > > >> > > > >>> >> >> > > > >> > > > >>> >> >> > > >> > > > >>> >> >> > >> > > > >>> >> >> >> > > > >>> >> >> > > > >>> >> > > > >> >> > > > >> >> > > > > >> > > > >> > > >> > >> > >
