Hi, We have one callback url (the KnoxSSO url) and multiple identity providers so to distinguish between all clients, pac4j uses the callback url + the client_name parameter (Clients.DEFAULT_CLIENT_NAME_PARAMETER).
The redirection url generated to the identity provider has this client_name parameter: this is why it works well with the CAS server which redirects the user (after a successfull url) to the originally provided url. For Okta, on server side, the redirection relies on the defined url. *So you must define the callback url in Okta as your KnoxSSO url + the client_name parameter = SAML2Client*. I myself have https://127.0.0.1:8443/gateway/idp/api/v1/websso?client_name=SAML2Client for my Okta app. And the logic of the pac4j gateway provider is based on this client_name parameter to know if it's a callback or an access call. Hence the infinite loop in your case. I guess we need to add a warning in the documentation for that. Just let met know how you want to proceed. Thanks. Best regards, Jérôme 2016-01-15 16:38 GMT+01:00 larry mccay <lmc...@apache.org>: > Hi Jérôme - > > Thanks for the updated docs - I will take a look today. > > I am currently still trying to test okta and stuck in a redirect loop. > Did you have to change anything in order to get the > request.getParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER) > set for the callbacks from okta? It is null in my environment and therefore > it moves on to the following: > > // otherwise just apply security and requires authentication > > // apply RequiresAuthenticationFilter > > requiresAuthenticationFilter.doFilter(servletRequest, > servletResponse, filterChain); > > which obviously results in the redirect loop. > > Curious whether you ran into that... > > thanks, > > --larry > > On Fri, Jan 15, 2016 at 4:00 AM, Jérôme LELEU <lel...@gmail.com> wrote: > > > Hi, > > > > I just uploaded a new patch for the documentation with the links pointing > > to the pac4j wiki. It should be clearer. > > > > Thanks. > > Best regards, > > Jérôme > > > > > > 2016-01-14 13:20 GMT+01:00 larry mccay <lmc...@apache.org>: > > > > > That sounds pretty reasonable. > > > I will likely document a few of the integrations that are possible in > > > blogs/tutorials anyway. > > > > > > I don't want testing of Knox at release time to have to jump around to > > much > > > in order to be able to test. > > > I think we can make that all good though. > > > > > > I will see what I can do with okta today. > > > > > > On Thu, Jan 14, 2016 at 5:00 AM, Jérôme LELEU <lel...@gmail.com> > wrote: > > > > > > > Hi, > > > > > > > > Yes, the documentation is a bit too light. But you guessed it right: > we > > > > need to have a keystore for encryption. > > > > > > > > The saml.identityProviderMetadataPath can point to a local resource > or > > > to a > > > > remote one, using the right prefix: resource:, file: or an url (by > > > default, > > > > it is a file path). This must be documented though. > > > > > > > > With Okta, I used the defined url (Single Sign On URL = Recipient > URL = > > > > Destination URL) for the serviceProviderEntityId, but I think it may > > > > depends on IdP as well. Reading the spec, it must be an URI, but I'm > > not > > > > sure if the SP metadata should be really available on this url. For > > Okta, > > > > it doesn't matter. > > > > > > > > According to your SAML configuration, the SP metadata will be > generated > > > > somewhere and this somewhere can be defined via the > > > > serviceProviderMetadataPath parameter. You generally need to update > > your > > > > metadata to the IdP (not required for Okta though). Both the SP and > IdP > > > > must know each other. > > > > > > > > When writing the documentation, I went fast on these parameters with > > the > > > > feeling they were regular ones, but indeed, the description in the > Knox > > > > manual is not enough. This is somehow a bit normal as the real > > > > documentation for SAML is on the SAML wiki: > > > > https://github.com/pac4j/pac4j/wiki/Clients#details-for-saml-support > > > > > > > > So I propose to keep the Knox documentation mostly "as is", but add > > links > > > > to the pac4j wiki (where I could more easily made updates). All pac4j > > > > integrations need this documentation so it's better to centralize it, > > > from > > > > my point of view. What do you think? > > > > > > > > Thanks. > > > > Best regards, > > > > Jérôme > > > > > > > > > > > > > > > > 2016-01-13 19:37 GMT+01:00 larry mccay <lmc...@apache.org>: > > > > > > > > > Hi Jérôme - > > > > > > > > > > I'm trying to configure the pac4j provider for an okta > "application" > > > > that I > > > > > created. > > > > > The following (from KNOX-642 docs patch) isn't quite enough to make > > it > > > > > clear to me how to go about doing so: > > > > > > > > > > +saml.keystorePassword | Password of the keystore > > (storepass) > > > > > +saml.privateKeyPassword | Password for the private key > > > > (keypass) > > > > > +saml.keystorePath | Path of the keystore > > > > > +saml.identityProviderMetadataPath | Path of the identity > > > > > provider metadata > > > > > +saml.maximumAuthenticationLifetime | Maximum lifetime > for > > > > > authentication > > > > > +saml.serviceProviderEntityId | Identifier of the service > > > > > provider > > > > > +saml.serviceProviderMetadataPath | Path of the service > > > > provider > > > > > metadata > > > > > > > > > > I assume that I can use the gateway.jks keystore and the > > > gateway-identity > > > > > keypair to do the request signing and that that information is what > > is > > > > > needed for the first 3 params. Unfortunately, I don't see any use > of > > > > > gateway services to get the master secret therefore it needs to be > in > > > > clear > > > > > text here. This won't work - but may not be a show stopper for > > > committing > > > > > to master as long as we follow up with a fix. > > > > > > > > > > Can saml.identityProviderMetadataPath point to a remote location or > > > does > > > > it > > > > > have to be local to the SP application. This would likely require > it > > to > > > > be > > > > > on the local filesystem, provisioned by the contributor into the > > > > generated > > > > > web app or in some central location via NFS or something like that. > > > > > > > > > > The okta application that I created is called KnoxSSO - is that the > > > value > > > > > for saml.serviceProviderEntityId? > > > > > > > > > > The saml.serviceProviderMetadataPath has the same questions as the > > > > metadata > > > > > for the IDP. In addition, is there a sample metadata file that we > can > > > > > provide for the use of pac4j with KnoxSSO? > > > > > > > > > > I think that getting this working and clean (no clear text > passwords) > > > > will > > > > > make a great feature and blog for featuring pac4j provider and the > > > 0.8.0 > > > > > release. So, let's try and iron this out clearly. > > > > > > > > > > I would really like to get this working and committed in the next > > > couple > > > > > days to free us up for follow up items. In particular we need time > to > > > > > figure out whether the identity assertion providers that we > currently > > > > have > > > > > will suffice for an apache release that is featuring this new > > > > > functionality. > > > > > > > > > > I will also add the above comments/questions to the JIRA for > > > visibility. > > > > > > > > > > thanks, > > > > > > > > > > --larry > > > > > > > > > > On Fri, Jan 8, 2016 at 12:40 PM, larry mccay <lmc...@apache.org> > > > wrote: > > > > > > > > > > > Jérôme - > > > > > > > > > > > > My testing of OpenID Connect is blocked. > > > > > > Can you see the comments in KNOX-641? > > > > > > > > > > > > thanks, > > > > > > > > > > > > --larry > > > > > > > > > > > > On Wed, Jan 6, 2016 at 2:30 PM, larry mccay < > larry.mc...@gmail.com > > > > > > > > wrote: > > > > > > > > > > > >> Jérôme - > > > > > >> > > > > > >> Please see the comments on KNOX-641. > > > > > >> > > > > > >> thanks, > > > > > >> > > > > > >> --larry > > > > > >> > > > > > >> On Wed, Jan 6, 2016 at 11:24 AM, Kevin Minder < > > > > > >> kevin.min...@hortonworks.com> wrote: > > > > > >> > > > > > >>> I can certainly appreciate the issue of including external > > > resources > > > > in > > > > > >>> automated tests. Nothing has driven me more crazy over the > > years. > > > > The > > > > > >>> flip side of this of course is not finding out about a breakage > > > until > > > > > >>> someone is willing to go through the manual testing which will > > > > > typically > > > > > >>> happen just before a release. Also the implication is that > these > > > > > testing > > > > > >>> procedures must be very will documented so that they can be > > > continue > > > > > to be > > > > > >>> run once any of us are no longer active in the project. > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> On 1/6/16, 2:12 AM, "Jérôme LELEU" <lel...@gmail.com> wrote: > > > > > >>> > > > > > >>> >Hi, > > > > > >>> > > > > > > >>> >Yes, you can hit the CAS server at Heroku. Notice it's a > Heroku > > > free > > > > > >>> server > > > > > >>> >so it needs to be re-activated first (it takes a couple of > > > seconds). > > > > > So > > > > > >>> for > > > > > >>> >a UI test, you should first hit it, wait 30 seconds and then > > > perform > > > > > the > > > > > >>> >test. > > > > > >>> > > > > > > >>> >Just my 2 cents: > > > > > >>> >Using automated UI tests was my first strategy for pac4j but > I > > > > > finally > > > > > >>> >gave up because public providers change very often, at least > > > enough > > > > to > > > > > >>> make > > > > > >>> >the maintenance tests a nightmare. Currently, I'm using manual > > > tests > > > > > >>> (the > > > > > >>> >same for all demos), it takes me around 5 minutes to play them > > all > > > > by > > > > > >>> hand > > > > > >>> >(for a demo) and I launched manually the UI tests I have for > > every > > > > > major > > > > > >>> >pac4j release. Just to say UI tests are not that easy. For a > CAS > > > > > server, > > > > > >>> >it's fairly feasible as the CAS server and protocol change > > rarely. > > > > > >>> >That's why for Knox, I did some compromise with a simulated > web > > > test > > > > > >>> (based > > > > > >>> >on the basic auth). See: > > > > > >>> > > > > > > >>> > > > > > > > > > > > > > > > https://github.com/apache/knox/pull/2/files#diff-d0c880ca71b310dbe57975c577535e97R47 > > > > > >>> > > > > > > >>> >Thanks. > > > > > >>> >Best regards, > > > > > >>> >Jérôme > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> >2016-01-05 21:20 GMT+01:00 Kevin Minder < > > > > kevin.min...@hortonworks.com > > > > > >: > > > > > >>> > > > > > > >>> >> From my perspective it would be ideal if there were some > > > > automatable > > > > > >>> >> functional tests for this. I’m not advocating that these be > > > > > something > > > > > >>> >> included in “mvn clean install” as that is running too long > as > > > it > > > > > is. > > > > > >>> >> Given that I don’t have as much context as Larry, I have > some > > > > > >>> questions > > > > > >>> >> about what this would take. Lets say we had permission to > hit > > > > > >>> >> https://casserverpac4j.herokuapp.com/login as part of some > > low > > > > > >>> frequency > > > > > >>> >> automated tests (e.g. Once nighty). What static credentials > > and > > > > > >>> other test > > > > > >>> >> automation infrastructure would need to be implemented in > > > support > > > > of > > > > > >>> this? > > > > > >>> >> I understand that the test suite would require at a minimum > > > > > >>> >> 1) a test driver > > > > > >>> >> 2) a protected mock UI and > > > > > >>> >> 3) an appropriately configured Knox > > > > > >>> >> 4) a profile enabled maven module > > > > > >>> >> 5) an Apache jenkins job > > > > > >>> >> but I’m sure I’m missing other things. I’m certainly > willing > > to > > > > > help > > > > > >>> >> setup the skeleton infrastructure (e.g. test driver, mock > UI, > > > > maven > > > > > >>> module, > > > > > >>> >> jenkins job) > > > > > >>> >> > > > > > >>> >> > > > > > >>> >> > > > > > >>> >> On 1/5/16, 2:54 PM, "larry mccay" <larry.mc...@gmail.com> > > > wrote: > > > > > >>> >> > > > > > >>> >> >Okay, very good. > > > > > >>> >> >I've used TestShib for the picketlink provider - thanks for > > the > > > > > >>> pointers! > > > > > >>> >> > > > > > > >>> >> >On Tue, Jan 5, 2016 at 1:38 PM, Jérôme LELEU < > > lel...@gmail.com > > > > > > > > > >>> wrote: > > > > > >>> >> > > > > > > >>> >> >> The online CAS server ( > > > > > https://casserverpac4j.herokuapp.com/login) > > > > > >>> uses > > > > > >>> >> >> the > > > > > >>> >> >> CAS protocol. SAML support can be tested using some > online > > > IdP > > > > > like > > > > > >>> >> Okta, > > > > > >>> >> >> TestShib, OpenFeide, Ssocircle... > > > > > >>> >> >> > > > > > >>> >> >> > > > > > >>> >> >> 2016-01-05 17:32 GMT+01:00 larry mccay < > > > larry.mc...@gmail.com > > > > >: > > > > > >>> >> >> > > > > > >>> >> >> > Great - thanks for that pointer! > > > > > >>> >> >> > > > > > > >>> >> >> > I will take a look at that and help drive the release > > > related > > > > > >>> testing. > > > > > >>> >> >> > Merge testing will be gated on CAS server (is this SAML > > or > > > > CAS > > > > > >>> >> protocol?) > > > > > >>> >> >> > and testBasicAuth. > > > > > >>> >> >> > > > > > > >>> >> >> > On Tue, Jan 5, 2016 at 10:52 AM, Jérôme LELEU < > > > > > lel...@gmail.com> > > > > > >>> >> wrote: > > > > > >>> >> >> > > > > > > >>> >> >> > > Hi, > > > > > >>> >> >> > > > > > > > >>> >> >> > > Glad to hear back from you! > > > > > >>> >> >> > > > > > > > >>> >> >> > > The core pac4j project is fully tested by unit tests > > (and > > > > > some > > > > > >>> >> >> > integration > > > > > >>> >> >> > > tests I run for major version), then all pac4j > > > > > implementations > > > > > >>> are > > > > > >>> >> each > > > > > >>> >> >> > > tested by the appropriate demo: j2e-pac4j-demo tests > > > > > j2e-pac4j, > > > > > >>> >> >> > > spring-webmvc-pac4j-demo tests spring-webmvc-pac4j, > > etc. > > > > > >>> >> >> > > > > > > > >>> >> >> > > So if you take a look at: > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > >>> >> >> > > > > > >>> >> > > > > > >>> > > > > > > > > > > > > > > > https://github.com/pac4j/j2e-pac4j-demo/blob/master/src/main/java/org/pac4j/demo/j2e/config/DemoConfigFactory.java#L27 > > > > > >>> >> >> > > (for example), you have all the required information > to > > > > test. > > > > > >>> >> >> > > > > > > > >>> >> >> > > I can do that on my own, but it can be good for the > > Knox > > > > > >>> community > > > > > >>> >> to > > > > > >>> >> >> > start > > > > > >>> >> >> > > working / testing the pac4j support. It's up to yoy. > > > > > >>> >> >> > > > > > > > >>> >> >> > > Thanks. > > > > > >>> >> >> > > Best regards, > > > > > >>> >> >> > > Jérôme > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > 2016-01-05 16:11 GMT+01:00 larry mccay < > > > > > larry.mc...@gmail.com > > > > > >>> >: > > > > > >>> >> >> > > > > > > > >>> >> >> > > > Hello Jérôme - > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > Happy New Year! > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > I am going to start reviewing your updates today, > > > > > hopefully. > > > > > >>> >> >> > > > I was thinking that we need to start discussions on > > > what > > > > > the > > > > > >>> key > > > > > >>> >> >> > usecases > > > > > >>> >> >> > > > are and how to go about testing them. > > > > > >>> >> >> > > > We can certainly test the testBasicAuth and against > > the > > > > > >>> hosted CAS > > > > > >>> >> >> > server > > > > > >>> >> >> > > > but what about FB, openid, OAuth, etc? > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > I'm not sure that FB would be a key feature but > > OpenID > > > > > >>> Connect and > > > > > >>> >> >> > OAuth > > > > > >>> >> >> > > > would be - as is SAML. > > > > > >>> >> >> > > > I think CAS buys us SAML testing - assuming that > the > > > > > >>> >> configuration of > > > > > >>> >> >> > the > > > > > >>> >> >> > > > hosted server is actually a SAML 2 instance. > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > What about the others? > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > I don't know that we need to be able to test them > all > > > > > before > > > > > >>> merge > > > > > >>> >> >> but > > > > > >>> >> >> > > some > > > > > >>> >> >> > > > sort of manual verification would be great. > > > > > >>> >> >> > > > We would need to be able to test them before the > next > > > > > release > > > > > >>> >> which > > > > > >>> >> >> > would > > > > > >>> >> >> > > > be featuring the pac4j functionality. > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > Maybe you can describe how you go about testing > such > > > > things > > > > > >>> for > > > > > >>> >> the > > > > > >>> >> >> > pac4j > > > > > >>> >> >> > > > project itself? > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > thanks, > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > --larry > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > On Tue, Jan 5, 2016 at 9:55 AM, Jérôme LELEU < > > > > > >>> lel...@gmail.com> > > > > > >>> >> >> wrote: > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > Hi, > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > Happy new year! > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > A few days ago, I updated my patch of the pac4j > > > gateway > > > > > >>> provider > > > > > >>> >> >> > > > according > > > > > >>> >> >> > > > > to all comments on > > > > > >>> >> https://issues.apache.org/jira/browse/KNOX-641 > > > > > >>> >> >> as > > > > > >>> >> >> > > > well > > > > > >>> >> >> > > > > as the documentation on KNOX-642. > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > Is everything ok for the merge? > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > Thanks. > > > > > >>> >> >> > > > > Best regards, > > > > > >>> >> >> > > > > Jérôme > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > 2015-12-14 15:28 GMT+01:00 larry mccay < > > > > > >>> larry.mc...@gmail.com>: > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > Hi Jérôme - > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > Not sure if you saw but I added review comments > > to > > > > > >>> KNOX-641. > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > I think that we need to determine whether we > want > > > the > > > > > >>> >> >> testBasicAuth > > > > > >>> >> >> > > in > > > > > >>> >> >> > > > > the > > > > > >>> >> >> > > > > > provider itself. > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > Let's follow up on the JIRA. > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > thanks, > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > --larry > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > On Fri, Dec 11, 2015 at 8:44 AM, Jérôme LELEU < > > > > > >>> >> lel...@gmail.com> > > > > > >>> >> >> > > > wrote: > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > Hi, > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > No problem. It can go into a version 0.8.0 if > > > > needed. > > > > > >>> The > > > > > >>> >> truth > > > > > >>> >> >> > is > > > > > >>> >> >> > > > that > > > > > >>> >> >> > > > > > > there is only one change outside the new > pac4j > > > > > module, > > > > > >>> so I > > > > > >>> >> >> think > > > > > >>> >> >> > > > risks > > > > > >>> >> >> > > > > > are > > > > > >>> >> >> > > > > > > extremly limited. > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > Just let met know. > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > Thanks. > > > > > >>> >> >> > > > > > > Best regards, > > > > > >>> >> >> > > > > > > Jérôme > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > 2015-12-11 14:23 GMT+01:00 larry mccay < > > > > > >>> >> larry.mc...@gmail.com > > > > > >>> >> >> >: > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > Hi Jérôme - > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > I have unfortunately not had a chance to > > pull, > > > > > >>> review and > > > > > >>> >> >> test > > > > > >>> >> >> > it > > > > > >>> >> >> > > > yet > > > > > >>> >> >> > > > > > and > > > > > >>> >> >> > > > > > > > have intended to do that today. > > > > > >>> >> >> > > > > > > > I apologize for the delay. > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > I was actually thinking that this would go > > > into a > > > > > >>> follow > > > > > >>> >> up > > > > > >>> >> >> > > release > > > > > >>> >> >> > > > > > that > > > > > >>> >> >> > > > > > > we > > > > > >>> >> >> > > > > > > > would try and get done rapidly after the > > 0.7.0 > > > > > >>> release > > > > > >>> >> but we > > > > > >>> >> >> > can > > > > > >>> >> >> > > > > > discuss > > > > > >>> >> >> > > > > > > > the target and its chances of destabilizing > > > > 0.7.0. > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > I believe that it is rather self-contained > > with > > > > > only > > > > > >>> a few > > > > > >>> >> >> > > changes > > > > > >>> >> >> > > > to > > > > > >>> >> >> > > > > > > > external modules. > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > Opening the JIRAs is perfect and I was > going > > to > > > > do > > > > > >>> that > > > > > >>> >> once > > > > > >>> >> >> I > > > > > >>> >> >> > > > > started > > > > > >>> >> >> > > > > > > the > > > > > >>> >> >> > > > > > > > review. > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > Let's continue review comments and > > > collaboration > > > > on > > > > > >>> those > > > > > >>> >> >> > JIRAs. > > > > > >>> >> >> > > > > > > > I will add you to the contributors list so > > that > > > > we > > > > > >>> can > > > > > >>> >> assign > > > > > >>> >> >> > > them > > > > > >>> >> >> > > > to > > > > > >>> >> >> > > > > > > you. > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > Thank you for your contributions and your > > > > patience, > > > > > >>> >> Jérôme! > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > --larry > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > On Fri, Dec 11, 2015 at 3:00 AM, Jérôme > > LELEU < > > > > > >>> >> >> > lel...@gmail.com> > > > > > >>> >> >> > > > > > wrote: > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > > Hi, > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > I didn't get any new feedback on the pull > > > > request > > > > > >>> so I > > > > > >>> >> >> assume > > > > > >>> >> >> > > > > > > everything > > > > > >>> >> >> > > > > > > > is > > > > > >>> >> >> > > > > > > > > ok from your point of view. > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > I released pac4j v1.8.1 and j2e-pac4j > > v1.2.1 > > > > so I > > > > > >>> >> updated > > > > > >>> >> >> the > > > > > >>> >> >> > > > pull > > > > > >>> >> >> > > > > > > > request > > > > > >>> >> >> > > > > > > > > to use them and successfully re-tested > > > > > everything. > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > I opened KNOX-641 and submitted the > > > > corresponding > > > > > >>> patch. > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > I also wrote the documentation, opened > > > KNOX-642 > > > > > and > > > > > >>> >> >> submitted > > > > > >>> >> >> > > the > > > > > >>> >> >> > > > > > > > > corresponding patch (just to let you know > > > that > > > > it > > > > > >>> >> doesn't > > > > > >>> >> >> > work > > > > > >>> >> >> > > > out > > > > > >>> >> >> > > > > of > > > > > >>> >> >> > > > > > > the > > > > > >>> >> >> > > > > > > > > box in Windows, I had to replace mvn.bat > by > > > > > >>> mvn.cmd to > > > > > >>> >> make > > > > > >>> >> >> > ant > > > > > >>> >> >> > > > > > work). > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > Even if the branch 0.7.0 has already been > > > > > created, > > > > > >>> I > > > > > >>> >> >> assumed > > > > > >>> >> >> > > this > > > > > >>> >> >> > > > > new > > > > > >>> >> >> > > > > > > > pac4j > > > > > >>> >> >> > > > > > > > > provider will go into this version 0.7.0 > > > > > >>> (dependency on > > > > > >>> >> the > > > > > >>> >> >> > > > > > > > 0.7.0-SNAPSHOT > > > > > >>> >> >> > > > > > > > > parent version). > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > Just let me know if everything is ok and > > when > > > > > it's > > > > > >>> >> goind to > > > > > >>> >> >> > be > > > > > >>> >> >> > > > > > merged. > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > Thanks. > > > > > >>> >> >> > > > > > > > > Best regards, > > > > > >>> >> >> > > > > > > > > Jérôme > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > 2015-12-04 14:20 GMT+01:00 larry mccay < > > > > > >>> >> >> > larry.mc...@gmail.com > > > > > >>> >> >> > > >: > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > That ability to configure multiple > > > mechanisms > > > > > >>> based on > > > > > >>> >> >> > > > clientName > > > > > >>> >> >> > > > > > is > > > > > >>> >> >> > > > > > > > > really > > > > > >>> >> >> > > > > > > > > > interesting for Knox. > > > > > >>> >> >> > > > > > > > > > Currently, we require separate > topologies > > > per > > > > > >>> >> >> > authentication > > > > > >>> >> >> > > > > > > mechanism. > > > > > >>> >> >> > > > > > > > > > The ability to configure them all in > one > > is > > > > > >>> really > > > > > >>> >> great. > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > We would need to think through the best > > way > > > > to > > > > > >>> provide > > > > > >>> >> >> the > > > > > >>> >> >> > > > > > clientName > > > > > >>> >> >> > > > > > > > > > parameter. > > > > > >>> >> >> > > > > > > > > > Since this is targeting KnoxSSO it can > > > > actually > > > > > >>> be > > > > > >>> >> added > > > > > >>> >> >> to > > > > > >>> >> >> > > the > > > > > >>> >> >> > > > > > > > > providerURL > > > > > >>> >> >> > > > > > > > > > used to redirect from the participating > > > > > >>> application. > > > > > >>> >> >> > > > > > > > > > Regardless of the authentication > > mechanism > > > > used > > > > > >>> each > > > > > >>> >> >> > > > application > > > > > >>> >> >> > > > > > will > > > > > >>> >> >> > > > > > > > > still > > > > > >>> >> >> > > > > > > > > > get the same JWT based cookie. > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > I think that should work really nicely. > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > On Fri, Dec 4, 2015 at 7:17 AM, larry > > > mccay < > > > > > >>> >> >> > > > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > wrote: > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > Excellent, Jérôme. > > > > > >>> >> >> > > > > > > > > > > Thanks! > > > > > >>> >> >> > > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > On Fri, Dec 4, 2015 at 2:40 AM, > Jérôme > > > > LELEU > > > > > < > > > > > >>> >> >> > > > lel...@gmail.com > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > > wrote: > > > > > >>> >> >> > > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > >> Hi, > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> I will write how to configure the > > pac4j > > > > > >>> provider in > > > > > >>> >> >> the > > > > > >>> >> >> > > > > > > > documentation, > > > > > >>> >> >> > > > > > > > > > but > > > > > >>> >> >> > > > > > > > > > >> I can already give you some > insights. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> My main goal is always to respect > the > > > key > > > > > >>> design > > > > > >>> >> >> > > principles > > > > > >>> >> >> > > > of > > > > > >>> >> >> > > > > > > pac4j > > > > > >>> >> >> > > > > > > > > > >> whatever the environment / framework > > in > > > > > which > > > > > >>> it is > > > > > >>> >> >> > > > > implemented. > > > > > >>> >> >> > > > > > > For > > > > > >>> >> >> > > > > > > > > > Knox, > > > > > >>> >> >> > > > > > > > > > >> I'm pretty happy with the use of the > > > > > j2e-pac4j > > > > > >>> >> >> library, > > > > > >>> >> >> > > > which > > > > > >>> >> >> > > > > > > means > > > > > >>> >> >> > > > > > > > > that > > > > > >>> >> >> > > > > > > > > > >> almost all the pac4j features are > > > > available, > > > > > >>> >> >> especially > > > > > >>> >> >> > > both > > > > > >>> >> >> > > > > > > direct > > > > > >>> >> >> > > > > > > > > and > > > > > >>> >> >> > > > > > > > > > >> indirect clients. So it can do what > > > Shiro > > > > > >>> already > > > > > >>> >> does > > > > > >>> >> >> > but > > > > > >>> >> >> > > > > also, > > > > > >>> >> >> > > > > > > as > > > > > >>> >> >> > > > > > > > we > > > > > >>> >> >> > > > > > > > > > >> agreed together, supports remote > > > > > >>> authentications. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> It is only limited by what you can > > > > currently > > > > > >>> >> >> configure. > > > > > >>> >> >> > > And > > > > > >>> >> >> > > > > even > > > > > >>> >> >> > > > > > > > > > >> configuration is a pac4j feature as > > the > > > > CAS > > > > > >>> server > > > > > >>> >> has > > > > > >>> >> >> > the > > > > > >>> >> >> > > > > same > > > > > >>> >> >> > > > > > > > need. > > > > > >>> >> >> > > > > > > > > > >> Everything happens in this class: > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > >>> >> >> > > > > > >>> >> > > > > > >>> > > > > > > > > > > > > > > > https://github.com/pac4j/pac4j/blob/master/pac4j-config/src/main/java/org/pac4j/config/client/ConfigPropertiesFactory.java > > > > > >>> >> >> > > > > > > > > > >> , > > > > > >>> >> >> > > > > > > > > > >> which allows you to configure > > Facebook, > > > > > >>> Twitter, a > > > > > >>> >> CAS > > > > > >>> >> >> > > > > server, a > > > > > >>> >> >> > > > > > > > SAML > > > > > >>> >> >> > > > > > > > > > IdP > > > > > >>> >> >> > > > > > > > > > >> or an OpenID Connect provider. All > the > > > > > >>> provided > > > > > >>> >> >> > parameters > > > > > >>> >> >> > > > to > > > > > >>> >> >> > > > > > the > > > > > >>> >> >> > > > > > > > > pac4j > > > > > >>> >> >> > > > > > > > > > >> provider are put into a Map and the > > > > > >>> >> >> > > ConfigPropertiesFactory > > > > > >>> >> >> > > > is > > > > > >>> >> >> > > > > > > built > > > > > >>> >> >> > > > > > > > > > with > > > > > >>> >> >> > > > > > > > > > >> this Map to return the built client > (= > > > > > >>> >> authentication > > > > > >>> >> >> > > > > > mechanism). > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> You have one more specific option > for > > > Knox > > > > > as > > > > > >>> a > > > > > >>> >> basic > > > > > >>> >> >> > > > > > > authentication > > > > > >>> >> >> > > > > > > > > > popup > > > > > >>> >> >> > > > > > > > > > >> where the username must match the > > > > password, > > > > > >>> you can > > > > > >>> >> >> > define > > > > > >>> >> >> > > > > that > > > > > >>> >> >> > > > > > > by: > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> <param> > > > > > >>> >> >> > > > > > > > > > >> <name>clientName</name> > > > > > >>> >> >> > > > > > > > > > >> <value>testBasicAuth</value> > > > > > >>> >> >> > > > > > > > > > >> </param> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> It's for testing only. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> For a CAS server: > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> <param> > > > > > >>> >> >> > > > > > > > > > >> <name>cas.loginUrl</name> > > > > > >>> >> >> > > > > > > > > > >> <value> > > > > > >>> >> https://casserverpac4j.herokuapp.com/login > > > > > >>> >> >> > > </value> > > > > > >>> >> >> > > > > > > > > > >> </param> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> Here are all the properties > available > > > for > > > > > >>> building > > > > > >>> >> >> > clients > > > > > >>> >> >> > > > > > (their > > > > > >>> >> >> > > > > > > > > > meaning > > > > > >>> >> >> > > > > > > > > > >> is obvious): > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> facebook.id > > > > > >>> >> >> > > > > > > > > > >> facebook.secret > > > > > >>> >> >> > > > > > > > > > >> facebook.scope > > > > > >>> >> >> > > > > > > > > > >> facebook.fields > > > > > >>> >> >> > > > > > > > > > >> twitter.id > > > > > >>> >> >> > > > > > > > > > >> twitter.secret > > > > > >>> >> >> > > > > > > > > > >> saml.keystorePassword > > > > > >>> >> >> > > > > > > > > > >> saml.privateKeyPassword > > > > > >>> >> >> > > > > > > > > > >> saml.keystorePath > > > > > >>> >> >> > > > > > > > > > >> saml.identityProviderMetadataPath > > > > > >>> >> >> > > > > > > > > > >> saml.maximumAuthenticationLifetime > > > > > >>> >> >> > > > > > > > > > >> saml.serviceProviderEntityId > > > > > >>> >> >> > > > > > > > > > >> saml.serviceProviderMetadataPath > > > > > >>> >> >> > > > > > > > > > >> cas.loginUrl > > > > > >>> >> >> > > > > > > > > > >> cas.protocol > > > > > >>> >> >> > > > > > > > > > >> oidc.id > > > > > >>> >> >> > > > > > > > > > >> oidc.secret > > > > > >>> >> >> > > > > > > > > > >> oidc.discoveryUri > > > > > >>> >> >> > > > > > > > > > >> oidc.customParamKey1 > > > > > >>> >> >> > > > > > > > > > >> oidc.customParamValue1 > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> If you define multiple clients, the > > > first > > > > > one > > > > > >>> will > > > > > >>> >> be > > > > > >>> >> >> > used > > > > > >>> >> >> > > > for > > > > > >>> >> >> > > > > > > > > > >> authentication, but you can > explicitly > > > > > choose > > > > > >>> the > > > > > >>> >> >> client > > > > > >>> >> >> > > you > > > > > >>> >> >> > > > > > want > > > > > >>> >> >> > > > > > > to > > > > > >>> >> >> > > > > > > > > use > > > > > >>> >> >> > > > > > > > > > >> via the clientName parameter, > assuming > > > you > > > > > >>> want to > > > > > >>> >> >> > switch > > > > > >>> >> >> > > > from > > > > > >>> >> >> > > > > > > > client > > > > > >>> >> >> > > > > > > > > > >> depending on environment for > example. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> So if you want to add some new > > > > > authentication > > > > > >>> >> >> mechanism, > > > > > >>> >> >> > > you > > > > > >>> >> >> > > > > > must > > > > > >>> >> >> > > > > > > > > first > > > > > >>> >> >> > > > > > > > > > >> check that it is available in pac4j > > (if > > > > it's > > > > > >>> not, > > > > > >>> >> it's > > > > > >>> >> >> > > > another > > > > > >>> >> >> > > > > > > > > > discussion, > > > > > >>> >> >> > > > > > > > > > >> but generally, it is). Then, you'll > > need > > > > to > > > > > >>> upgrade > > > > > >>> >> >> the > > > > > >>> >> >> > > > > > > > > > >> ConfigPropertiesFactory by > submitting > > a > > > > new > > > > > >>> pull > > > > > >>> >> >> request > > > > > >>> >> >> > > to > > > > > >>> >> >> > > > > the > > > > > >>> >> >> > > > > > > > pac4j > > > > > >>> >> >> > > > > > > > > > >> project (I can do it myself, but I'm > > > sure > > > > > you > > > > > >>> >> could do > > > > > >>> >> >> > > that > > > > > >>> >> >> > > > > > > easily), > > > > > >>> >> >> > > > > > > > > > >> finally wait for the new pac4j > release > > > and > > > > > >>> switch > > > > > >>> >> >> pac4j > > > > > >>> >> >> > > > > versions > > > > > >>> >> >> > > > > > > in > > > > > >>> >> >> > > > > > > > > Knox > > > > > >>> >> >> > > > > > > > > > >> to > > > > > >>> >> >> > > > > > > > > > >> benefit from the new feature. > > > > > >>> >> >> > > > > > > > > > >> The good thing is that if someone > > > related > > > > to > > > > > >>> the > > > > > >>> >> CAS > > > > > >>> >> >> > > server > > > > > >>> >> >> > > > > does > > > > > >>> >> >> > > > > > > the > > > > > >>> >> >> > > > > > > > > > same > > > > > >>> >> >> > > > > > > > > > >> thing for CAS (in pac4j), you will > > > > > >>> automatically > > > > > >>> >> get > > > > > >>> >> >> it > > > > > >>> >> >> > > when > > > > > >>> >> >> > > > > > > you'll > > > > > >>> >> >> > > > > > > > > > >> upgrade > > > > > >>> >> >> > > > > > > > > > >> pac4j. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> To go even further, replacing LDAP > > Shiro > > > > > >>> >> >> authentication > > > > > >>> >> >> > is > > > > > >>> >> >> > > > > just > > > > > >>> >> >> > > > > > a > > > > > >>> >> >> > > > > > > > > matter > > > > > >>> >> >> > > > > > > > > > >> of > > > > > >>> >> >> > > > > > > > > > >> making pac4j LDAP authentication > > > available > > > > > via > > > > > >>> >> >> > > configuration > > > > > >>> >> >> > > > > > > > > parameters. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> I hope it was clear enough. > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> Thanks. > > > > > >>> >> >> > > > > > > > > > >> Best regards, > > > > > >>> >> >> > > > > > > > > > >> Jérôme > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> 2015-12-03 20:45 GMT+01:00 larry > > mccay < > > > > > >>> >> >> > > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > >: > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > >> > Excellent! > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > I will carve out some time to do > > code > > > > > >>> review. > > > > > >>> >> >> > > > > > > > > > >> > We will need to get some insights > > into > > > > how > > > > > >>> to go > > > > > >>> >> >> about > > > > > >>> >> >> > > > > > testing: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > * is the CAS server going to be > > > > available > > > > > >>> for > > > > > >>> >> >> testing? > > > > > >>> >> >> > > > > > > > > > >> > * what are the specific and > > > > > >>> generic/standard (if > > > > > >>> >> >> any) > > > > > >>> >> >> > > > > > > > authentication > > > > > >>> >> >> > > > > > > > > > >> > mechanisms available - for > instance: > > > > > >>> >> >> > > > > > > > > > >> > - Facebook, Google, LinkedIn > and > > > CAS > > > > > are > > > > > >>> >> >> specifics > > > > > >>> >> >> > > > > > > > > > >> > - OAuth 2, OpenID Connect, > SAML > > > are > > > > > >>> >> >> > > generic/standards > > > > > >>> >> >> > > > - > > > > > >>> >> >> > > > > > that > > > > > >>> >> >> > > > > > > > may > > > > > >>> >> >> > > > > > > > > > be > > > > > >>> >> >> > > > > > > > > > >> > used for the above specifics... > > > > > >>> >> >> > > > > > > > > > >> > * how do we test things other than > > > CAS - > > > > > in > > > > > >>> >> terms of > > > > > >>> >> >> > > > getting > > > > > >>> >> >> > > > > > > > > > >> credentials, > > > > > >>> >> >> > > > > > > > > > >> > configuration, etc > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > We could certainly do this is > phases > > > as > > > > > >>> well. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > If you can enumerate the things > that > > > > > should > > > > > >>> work > > > > > >>> >> and > > > > > >>> >> >> > > > provide > > > > > >>> >> >> > > > > > > some > > > > > >>> >> >> > > > > > > > > > >> testing > > > > > >>> >> >> > > > > > > > > > >> > details for CAS or as many as > > possible > > > > and > > > > > >>> OpenID > > > > > >>> >> >> > > Connect > > > > > >>> >> >> > > > > then > > > > > >>> >> >> > > > > > > we > > > > > >>> >> >> > > > > > > > > can > > > > > >>> >> >> > > > > > > > > > >> test > > > > > >>> >> >> > > > > > > > > > >> > the specific implementations that > > you > > > > > >>> provide and > > > > > >>> >> >> > enable > > > > > >>> >> >> > > > the > > > > > >>> >> >> > > > > > > > testing > > > > > >>> >> >> > > > > > > > > > of > > > > > >>> >> >> > > > > > > > > > >> > another OpenID Connect effort that > > is > > > in > > > > > the > > > > > >>> >> works > > > > > >>> >> >> in > > > > > >>> >> >> > > the > > > > > >>> >> >> > > > > > > > community. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > I'm not sure whether we want to > > commit > > > > > >>> >> contributions > > > > > >>> >> >> > > that > > > > > >>> >> >> > > > > are > > > > > >>> >> >> > > > > > > > > > dependent > > > > > >>> >> >> > > > > > > > > > >> on > > > > > >>> >> >> > > > > > > > > > >> > snapshots - we certainly can't > > release > > > > > with > > > > > >>> any > > > > > >>> >> such > > > > > >>> >> >> > > > > > > dependencies. > > > > > >>> >> >> > > > > > > > > > >> > I would hate to add a cleanup task > > to > > > a > > > > > >>> release > > > > > >>> >> to > > > > > >>> >> >> > make > > > > > >>> >> >> > > > sure > > > > > >>> >> >> > > > > > > there > > > > > >>> >> >> > > > > > > > > are > > > > > >>> >> >> > > > > > > > > > >> no > > > > > >>> >> >> > > > > > > > > > >> > snapshots in there. > > > > > >>> >> >> > > > > > > > > > >> > We will probably wait until after > > the > > > > > pac4j > > > > > >>> >> releases > > > > > >>> >> >> > to > > > > > >>> >> >> > > > > > commit. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > I am really happy that this > > > integration > > > > is > > > > > >>> >> happening > > > > > >>> >> >> > and > > > > > >>> >> >> > > > > that > > > > > >>> >> >> > > > > > it > > > > > >>> >> >> > > > > > > > > went > > > > > >>> >> >> > > > > > > > > > >> > rather smoothly. > > > > > >>> >> >> > > > > > > > > > >> > These sorts of authentication > > > protocols > > > > > are > > > > > >>> >> complex > > > > > >>> >> >> > and > > > > > >>> >> >> > > I > > > > > >>> >> >> > > > > > think > > > > > >>> >> >> > > > > > > we > > > > > >>> >> >> > > > > > > > > > >> lined up > > > > > >>> >> >> > > > > > > > > > >> > pretty well overall. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > Thanks for your work! > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > On Thu, Dec 3, 2015 at 2:28 PM, > > Jérôme > > > > > >>> LELEU < > > > > > >>> >> >> > > > > > lel...@gmail.com> > > > > > >>> >> >> > > > > > > > > > wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > Hi, > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > I just sync'ed with master, > > cleaned > > > > > >>> >> dependencies > > > > > >>> >> >> and > > > > > >>> >> >> > > > added > > > > > >>> >> >> > > > > > > > missing > > > > > >>> >> >> > > > > > > > > > >> > > Javadocs. Everything works > > correctly > > > > > now. > > > > > >>> Many > > > > > >>> >> >> > thanks. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > The pull request is ready for a > > full > > > > > code > > > > > >>> >> review: > > > > > >>> >> >> > > > > > > > > > >> > > > > > https://github.com/apache/knox/pull/2 > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > I'll write the documentation > after > > > the > > > > > >>> pac4j > > > > > >>> >> >> > releases > > > > > >>> >> >> > > (I > > > > > >>> >> >> > > > > > hope > > > > > >>> >> >> > > > > > > > next > > > > > >>> >> >> > > > > > > > > > >> week). > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > Thanks. > > > > > >>> >> >> > > > > > > > > > >> > > Best regards, > > > > > >>> >> >> > > > > > > > > > >> > > Jérôme > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > 2015-12-02 19:18 GMT+01:00 larry > > > > mccay < > > > > > >>> >> >> > > > > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > >: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > Fixed in > > > > > >>> >> >> > > > https://issues.apache.org/jira/browse/KNOX-636 > > > > > >>> >> >> > > > > . > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > On Wed, Dec 2, 2015 at 12:42 > PM, > > > > larry > > > > > >>> mccay > > > > > >>> >> < > > > > > >>> >> >> > > > > > > > > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > Sure - I can file a JIRA and > > > > commit > > > > > a > > > > > >>> fix. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > The secret generation should > > be > > > > done > > > > > >>> in one > > > > > >>> >> >> > > instance > > > > > >>> >> >> > > > > and > > > > > >>> >> >> > > > > > > > > > >> replicated > > > > > >>> >> >> > > > > > > > > > >> > > > across > > > > > >>> >> >> > > > > > > > > > >> > > > > others. > > > > > >>> >> >> > > > > > > > > > >> > > > > This replication/management > of > > > the > > > > > >>> >> credential > > > > > >>> >> >> > > stores > > > > > >>> >> >> > > > > is > > > > > >>> >> >> > > > > > > > > outside > > > > > >>> >> >> > > > > > > > > > of > > > > > >>> >> >> > > > > > > > > > >> > the > > > > > >>> >> >> > > > > > > > > > >> > > > > scope of Knox itself as of > > now. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > Documentation is done in > > > markdown > > > > > and > > > > > >>> is > > > > > >>> >> >> > > > contributing > > > > > >>> >> >> > > > > > > > details > > > > > >>> >> >> > > > > > > > > > are > > > > > >>> >> >> > > > > > > > > > >> > > > > available at: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > >>> >> >> > > > > > >>> >> > > > > > >>> > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > Which should give you a > > general > > > > > idea. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > Find an example like: > > > > > >>> ./trunk/books/0.7.0/ > > > > > >>> >> >> > > > > > > > > > >> > > config_preauth_sso_provider.md > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > For an example of typical > > > content > > > > > and > > > > > >>> >> format. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > Here is how that example > > > renders: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > >>> >> >> > > > > > >>> >> > > > > > >>> > > > > > > > > > > > > > > > http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > You'll need to tie it into > the > > > > rest > > > > > >>> of the > > > > > >>> >> >> book > > > > > >>> >> >> > - > > > > > >>> >> >> > > > just > > > > > >>> >> >> > > > > > > grep > > > > > >>> >> >> > > > > > > > > for > > > > > >>> >> >> > > > > > > > > > >> where > > > > > >>> >> >> > > > > > > > > > >> > > > that > > > > > >>> >> >> > > > > > > > > > >> > > > > filename is referenced. > > > > > >>> >> >> > > > > > > > > > >> > > > > To test how it renders build > > the > > > > > site > > > > > >>> with: > > > > > >>> >> >> > "ant" > > > > > >>> >> >> > > > and > > > > > >>> >> >> > > > > > note > > > > > >>> >> >> > > > > > > > the > > > > > >>> >> >> > > > > > > > > > >> url to > > > > > >>> >> >> > > > > > > > > > >> > > the > > > > > >>> >> >> > > > > > > > > > >> > > > > 0.7.0 book. > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > On Wed, Dec 2, 2015 at 12:12 > > PM, > > > > > >>> Jérôme > > > > > >>> >> LELEU > > > > > >>> >> >> < > > > > > >>> >> >> > > > > > > > > lel...@gmail.com > > > > > >>> >> >> > > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > >> > > wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> Hi, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> Why it doesn't work for > pac4j > > > > while > > > > > >>> it > > > > > >>> >> works > > > > > >>> >> >> > for > > > > > >>> >> >> > > > > others > > > > > >>> >> >> > > > > > > is > > > > > >>> >> >> > > > > > > > a > > > > > >>> >> >> > > > > > > > > > bit > > > > > >>> >> >> > > > > > > > > > >> > > strange > > > > > >>> >> >> > > > > > > > > > >> > > > >> to > > > > > >>> >> >> > > > > > > > > > >> > > > >> me, but if you have the > patch > > > in > > > > > >>> front of > > > > > >>> >> >> your > > > > > >>> >> >> > > > eyes, > > > > > >>> >> >> > > > > > I'd > > > > > >>> >> >> > > > > > > > > rather > > > > > >>> >> >> > > > > > > > > > >> > prefer > > > > > >>> >> >> > > > > > > > > > >> > > > you > > > > > >>> >> >> > > > > > > > > > >> > > > >> to commit it. In all cases, > > > I'll > > > > > >>> sync with > > > > > >>> >> >> the > > > > > >>> >> >> > > > > master. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> There was one question you > > > didn't > > > > > >>> answer > > > > > >>> >> >> > > > previously: > > > > > >>> >> >> > > > > is > > > > > >>> >> >> > > > > > > the > > > > > >>> >> >> > > > > > > > > > >> password > > > > > >>> >> >> > > > > > > > > > >> > > > >> generated for the pac4j > > > provider > > > > > the > > > > > >>> same > > > > > >>> >> >> > across > > > > > >>> >> >> > > > all > > > > > >>> >> >> > > > > > > > gateway > > > > > >>> >> >> > > > > > > > > > >> > > instances? > > > > > >>> >> >> > > > > > > > > > >> > > > >> Because I expect to have > the > > > same > > > > > >>> value > > > > > >>> >> as I > > > > > >>> >> >> > use > > > > > >>> >> >> > > it > > > > > >>> >> >> > > > > to > > > > > >>> >> >> > > > > > > > > encrypt > > > > > >>> >> >> > > > > > > > > > / > > > > > >>> >> >> > > > > > > > > > >> > > decrypt > > > > > >>> >> >> > > > > > > > > > >> > > > >> data. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> I will add the Javadoc. > After > > > > that, > > > > > >>> you > > > > > >>> >> can > > > > > >>> >> >> > > review > > > > > >>> >> >> > > > > the > > > > > >>> >> >> > > > > > > pull > > > > > >>> >> >> > > > > > > > > > >> request > > > > > >>> >> >> > > > > > > > > > >> > > more > > > > > >>> >> >> > > > > > > > > > >> > > > >> completely. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> What do you expect for the > > > > > >>> documentation? > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> Notice that pac4j > > dependencies > > > > are > > > > > >>> still > > > > > >>> >> >> > > snapshots, > > > > > >>> >> >> > > > > but > > > > > >>> >> >> > > > > > > > they > > > > > >>> >> >> > > > > > > > > > >> will be > > > > > >>> >> >> > > > > > > > > > >> > > > >> released in a week or two. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> Thanks. > > > > > >>> >> >> > > > > > > > > > >> > > > >> Best regards, > > > > > >>> >> >> > > > > > > > > > >> > > > >> Jérôme > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> 2015-12-02 17:51 GMT+01:00 > > > larry > > > > > >>> mccay < > > > > > >>> >> >> > > > > > > > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > >: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > Jérôme - > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > If you would like to add > > that > > > > > >>> change as > > > > > >>> >> >> part > > > > > >>> >> >> > of > > > > > >>> >> >> > > > > your > > > > > >>> >> >> > > > > > > > patch > > > > > >>> >> >> > > > > > > > > or > > > > > >>> >> >> > > > > > > > > > >> as a > > > > > >>> >> >> > > > > > > > > > >> > > > >> > separately filed JIRA to > > fix > > > a > > > > > bug > > > > > >>> that > > > > > >>> >> >> would > > > > > >>> >> >> > > > > > certainly > > > > > >>> >> >> > > > > > > > be > > > > > >>> >> >> > > > > > > > > > >> > welcomed. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > Otherwise, I can do it. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > Let me know. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > thanks, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > --larry > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > On Wed, Dec 2, 2015 at > > 11:44 > > > > AM, > > > > > >>> larry > > > > > >>> >> >> mccay > > > > > >>> >> >> > < > > > > > >>> >> >> > > > > > > > > > >> > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > Okay - I had to add an > > > > override > > > > > >>> of > > > > > >>> >> >> > > > > > getUserPrincipal() > > > > > >>> >> >> > > > > > > > to > > > > > >>> >> >> > > > > > > > > > the > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > > >>> >> IdentityAsserterHttpServletRequestWrapper > > > > > >>> >> >> > and > > > > > >>> >> >> > > > > > return > > > > > >>> >> >> > > > > > > > the > > > > > >>> >> >> > > > > > > > > > >> member > > > > > >>> >> >> > > > > > > > > > >> > > > >> variable > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > username and it works > > like > > > a > > > > > >>> charm. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > Why I haven't seen this > > > same > > > > > >>> behavior > > > > > >>> >> >> with > > > > > >>> >> >> > > > other > > > > > >>> >> >> > > > > > > > > providers > > > > > >>> >> >> > > > > > > > > > >> is a > > > > > >>> >> >> > > > > > > > > > >> > > bit > > > > > >>> >> >> > > > > > > > > > >> > > > >> of a > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > mystery but they must > be > > > > adding > > > > > >>> other > > > > > >>> >> >> > > wrappers > > > > > >>> >> >> > > > > that > > > > > >>> >> >> > > > > > > > > handle > > > > > >>> >> >> > > > > > > > > > >> it. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > This is quite cool, > > Jérôme! > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > On Wed, Dec 2, 2015 at > > > 10:41 > > > > > AM, > > > > > >>> larry > > > > > >>> >> >> > mccay > > > > > >>> >> >> > > < > > > > > >>> >> >> > > > > > > > > > >> > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >> That was it - thanks! > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >> On Wed, Dec 2, 2015 at > > > 10:20 > > > > > AM, > > > > > >>> >> Jérôme > > > > > >>> >> >> > > LELEU > > > > > >>> >> >> > > > < > > > > > >>> >> >> > > > > > > > > > >> > lel...@gmail.com> > > > > > >>> >> >> > > > > > > > > > >> > > > >> wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> This is my exact > > command > > > > > line: > > > > > >>> mvn > > > > > >>> >> >> > > -Prelease > > > > > >>> >> >> > > > > > clean > > > > > >>> >> >> > > > > > > > > > install > > > > > >>> >> >> > > > > > > > > > >> > > > >> -DskipTests > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> You use an internal > > Maven > > > > > >>> >> repository to > > > > > >>> >> >> > > fetch > > > > > >>> >> >> > > > > > > > > > dependencies > > > > > >>> >> >> > > > > > > > > > >> > from > > > > > >>> >> >> > > > > > > > > > >> > > > >> > internet: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > >>> > > http://nexus-private.hortonworks.com/nexus/content/groups/public/ > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> Does this repository > > have > > > > > >>> access to > > > > > >>> >> the > > > > > >>> >> >> > > > remote > > > > > >>> >> >> > > > > > > > > Snapshots > > > > > >>> >> >> > > > > > > > > > >> > > Sonatype > > > > > >>> >> >> > > > > > > > > > >> > > > >> repo? > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> 2015-12-02 16:16 > > > GMT+01:00 > > > > > >>> larry > > > > > >>> >> mccay > > > > > >>> >> >> < > > > > > >>> >> >> > > > > > > > > > >> larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > >> > >: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > hmmm - I used: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > mvn clean install > > > > > >>> -DskipTests=true > > > > > >>> >> >> > > > -Prelease > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > The repository > entry > > is > > > > in > > > > > >>> there > > > > > >>> >> >> > already. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > No worky. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > On Wed, Dec 2, 2015 > > at > > > > > 10:12 > > > > > >>> AM, > > > > > >>> >> >> Jérôme > > > > > >>> >> >> > > > > LELEU < > > > > > >>> >> >> > > > > > > > > > >> > > lel...@gmail.com > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Hi, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > You need the > > > j2e-pac4j > > > > > >>> >> dependencies > > > > > >>> >> >> > as > > > > > >>> >> >> > > > well > > > > > >>> >> >> > > > > > as > > > > > >>> >> >> > > > > > > > the > > > > > >>> >> >> > > > > > > > > > >> pac4j-* > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> dependencies, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > but you don't > need > > to > > > > > >>> build them > > > > > >>> >> >> > > locally > > > > > >>> >> >> > > > > > > > > (hopefully). > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > But you need a > > > > dependency > > > > > >>> on the > > > > > >>> >> >> > > Sonatype > > > > > >>> >> >> > > > > > > > snapshots > > > > > >>> >> >> > > > > > > > > > >> > > repository > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> (where the > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > snapshot versions > > are > > > > > >>> hosted), > > > > > >>> >> >> which > > > > > >>> >> >> > is > > > > > >>> >> >> > > > > added > > > > > >>> >> >> > > > > > > for > > > > > >>> >> >> > > > > > > > > > >> Maven in > > > > > >>> >> >> > > > > > > > > > >> > > the > > > > > >>> >> >> > > > > > > > > > >> > > > >> root > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > pom.xml: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > >>> >> >> > > > > > >>> >> > > > > > >>> > > > > > > > > > > > > > > > https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123 > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > If you use Ant > for > > > the > > > > > >>> build, > > > > > >>> >> there > > > > > >>> >> >> > is > > > > > >>> >> >> > > > > maybe > > > > > >>> >> >> > > > > > a > > > > > >>> >> >> > > > > > > > > glitch > > > > > >>> >> >> > > > > > > > > > >> to > > > > > >>> >> >> > > > > > > > > > >> > > find > > > > > >>> >> >> > > > > > > > > > >> > > > >> the > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > Sonatype > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Maven repo. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Thanks. > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Best regards, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > Jérôme > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > 2015-12-02 16:06 > > > > > GMT+01:00 > > > > > >>> larry > > > > > >>> >> >> > mccay > > > > > >>> >> >> > > < > > > > > >>> >> >> > > > > > > > > > >> > > larry.mc...@gmail.com > > > > > >>> >> >> > > > > > > > > > >> > > > >: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > Oh - do I need > to > > > > build > > > > > >>> >> j2e-pac4 > > > > > >>> >> >> > > > locally > > > > > >>> >> >> > > > > in > > > > > >>> >> >> > > > > > > > order > > > > > >>> >> >> > > > > > > > > > to > > > > > >>> >> >> > > > > > > > > > >> > > resolve > > > > > >>> >> >> > > > > > > > > > >> > > > >> the > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > dependencies? > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > [ERROR] Failed > to > > > > > execute > > > > > >>> >> goal on > > > > > >>> >> >> > > > project > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > >>> gateway-provider-security-pac4j: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > Could not > resolve > > > > > >>> dependencies > > > > > >>> >> >> for > > > > > >>> >> >> > > > > project > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> > > > > org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT: > > > > > >>> >> >> > > > > > > > > > >> > > > >> The > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > following > > artifacts > > > > > >>> could not > > > > > >>> >> be > > > > > >>> >> >> > > > > resolved: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT, > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT: > > > > > >>> >> >> > > > > > > > Could > > > > > >>> >> >> > > > > > > > > > not > > > > > >>> >> >> > > > > > > > > > >> > find > > > > > >>> >> >> > > > > > > > > > >> > > > >> > artifact > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT > > > > > >>> >> >> > > > in > > > > > >>> >> >> > > > > > > > public > > > > > >>> >> >> > > > > > > > > ( > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > http://nexus-private.hortonworks.com/nexus/content/groups/public/ > > > > > >>> >> >> > > > > > > > > > >> > ) > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> -> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > [Help > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > 1] > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > On Wed, Dec 2, > > 2015 > > > > at > > > > > >>> 10:05 > > > > > >>> >> AM, > > > > > >>> >> >> > > larry > > > > > >>> >> >> > > > > > mccay > > > > > >>> >> >> > > > > > > < > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > larry.mc...@gmail.com> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > wrote: > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > > >>> >> gateway-provider-security-pac4j > > > > > >>> >> >> > > > doesn't > > > > > >>> >> >> > > > > > > > build - > > > > > >>> >> >> > > > > > > > > > do > > > > > >>> >> >> > > > > > > > > > >> you > > > > > >>> >> >> > > > > > > > > > >> > > > have > > > > > >>> >> >> > > > > > > > > > >> > > > >> a > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> pending > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > change for > your > > > > > >>> pom.xml or > > > > > >>> >> >> > > something? > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > >> > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > >> > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > > >>> >> >> > > > > > > > > > >> > > > > > > >>> >> >> > > > > > > > > > >> > > > > > >>> >> >> > > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > > >>> >> >> > > > > > > > > > > > >>> >> >> > > > > > > > > > > >>> >> >> > > > > > > > > > >>> >> >> > > > > > > > > >>> >> >> > > > > > > > >>> >> >> > > > > > > >>> >> >> > > > > > >>> >> > > > > > >>> > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > >