[jira] [Comment Edited] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16183173#comment-16183173 ] Jeff Storck edited comment on KNOX-970 at 9/27/17 8:03 PM: --- Newest complete patch

[jira] [Issue Comment Deleted] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Comment: was deleted (was: [^KNOX-970-PR-9.patch]) > Add support for proxying NiFi >

[jira] [Updated] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Attachment: (was: KNOX-970-PR-9.patch) > Add support for proxying NiFi > -

[jira] [Issue Comment Deleted] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Comment: was deleted (was: [^KNOX-970-PR-9-updated-full.patch] is the updated patch with full two-way SSL

[jira] [Updated] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Status: Patch Available (was: Open) Newest complete patch (includes removing the hadoop-jwt token from the

[jira] [Updated] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Attachment: (was: KNOX-970-PR-9-updated-full.patch) > Add support for proxying NiFi >

[jira] [Created] (KNOX-1070) Drop support for Java 7 in Apache Knox 0.14.0/1.0.0

Sandeep More created KNOX-1070: -- Summary: Drop support for Java 7 in Apache Knox 0.14.0/1.0.0 Key: KNOX-1070 URL: https://issues.apache.org/jira/browse/KNOX-1070 Project: Apache Knox Issue

[jira] [Updated] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Status: Open (was: Patch Available) > Add support for proxying NiFi > - > >

[jira] [Updated] (KNOX-970) Add support for proxying NiFi

[ https://issues.apache.org/jira/browse/KNOX-970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Storck updated KNOX-970: - Attachment: KNOX-970-PR-9-full.patch > Add support for proxying NiFi > - > >

Re: [DISCUSS] Drop support for Java 7 in Apache Knox 0.14.0/1.0.0

Yup, you are right. I will open a JIRA for it. On Wed, Sep 27, 2017 at 3:12 PM, Philip Zampino wrote: > I believe there was agreement on this matter, so +1 > > On Wed, Sep 27, 2017 at 3:03 PM, Sandeep More > wrote: > >> Looks like master branch

[jira] [Commented] (KNOX-998) Rename class packages to org.apache.knox.gateway

[ https://issues.apache.org/jira/browse/KNOX-998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16183130#comment-16183130 ] ASF subversion and git services commented on KNOX-998: -- Commit

Re: [DISCUSS] Drop support for Java 7 in Apache Knox 0.14.0/1.0.0

I believe there was agreement on this matter, so +1 On Wed, Sep 27, 2017 at 3:03 PM, Sandeep More wrote: > Looks like master branch requires Java 8, builds are failing when compiled > against Java 7. > We should make is more "official" by using Java version in the main >

[jira] [Comment Edited] (KNOX-1014) Service Discovery and Topology Generation Framework

[ https://issues.apache.org/jira/browse/KNOX-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182980#comment-16182980 ] Phil Zampino edited comment on KNOX-1014 at 9/27/17 7:11 PM: - {quote} 1. hive

[jira] [Comment Edited] (KNOX-1014) Service Discovery and Topology Generation Framework

[ https://issues.apache.org/jira/browse/KNOX-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182980#comment-16182980 ] Phil Zampino edited comment on KNOX-1014 at 9/27/17 7:10 PM: - {quote} 1. hive

Re: [DISCUSS] Drop support for Java 7 in Apache Knox 0.14.0/1.0.0

Looks like master branch requires Java 8, builds are failing when compiled against Java 7. We should make is more "official" by using Java version in the main pom.xml IMO. Best, Sandeep On Mon, Sep 18, 2017 at 1:47 PM, Sandeep More wrote: > That's a good point Larry ! I

[jira] [Commented] (KNOX-1014) Service Discovery and Topology Generation Framework

[ https://issues.apache.org/jira/browse/KNOX-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182980#comment-16182980 ] Phil Zampino commented on KNOX-1014: {quote} 1. hive protocol scheme 2. deployment fail for missing

[jira] [Updated] (KNOX-1039) Add Support For Simple Descriptors and Policy Config to Knox Admin API

[ https://issues.apache.org/jira/browse/KNOX-1039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1039: --- Attachment: KNOX-1039-001.patch I discovered the functional tests for the admin API, so I've added

Re: PAC4J TLS configuration

Hi, Yes, unfortunately, there are breaking changes between major versions: 1.8, 1.9, 2.0 and 3.0. So, for a drop/replace action, you should stick to the same streamline, which is certainly less interesting. That's why we need a real upgrade after the upgrade to Java 8 on Knox side. Thanks. Best

[jira] [Commented] (KNOX-1068) Knox returns HTTP 405 Method Not Allowed error with HTTP HEAD method

[ https://issues.apache.org/jira/browse/KNOX-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182622#comment-16182622 ] ASF subversion and git services commented on KNOX-1068: --- Commit

[jira] [Commented] (KNOX-998) Rename class packages to org.apache.knox.gateway

[ https://issues.apache.org/jira/browse/KNOX-998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182624#comment-16182624 ] ASF subversion and git services commented on KNOX-998: -- Commit

[jira] [Commented] (KNOX-998) Rename class packages to org.apache.knox.gateway

[ https://issues.apache.org/jira/browse/KNOX-998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182623#comment-16182623 ] ASF subversion and git services commented on KNOX-998: -- Commit

[jira] [Commented] (KNOX-998) Rename class packages to org.apache.knox.gateway

[ https://issues.apache.org/jira/browse/KNOX-998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16182620#comment-16182620 ] ASF subversion and git services commented on KNOX-998: -- Commit

[jira] [Created] (KNOX-1069) KnoxSSO token audience config should trim values

Jeff Storck created KNOX-1069: - Summary: KnoxSSO token audience config should trim values Key: KNOX-1069 URL: https://issues.apache.org/jira/browse/KNOX-1069 Project: Apache Knox Issue Type:

Re: PAC4J TLS configuration

Oh - for your original question, we use the default truststore for the JVM - cacerts. We also have the ability to add a custom truststore for client-certs via configuration in gateway-site.xml. http://knox.apache.org/books/knox-0-13-0/user-guide.html#Gateway+Server+Configuration On Wed, Sep 27,

Re: PAC4J TLS configuration

FYI - since we are officially dropping Java 7 support in 0.14.0/1.0.0 we can upgrade our pac4j library. If you are playing around with that then it may be interesting to drop in the new version. I do suspect it will require some changes though. On Wed, Sep 27, 2017 at 8:11 AM, Colm O

Re: Use of Random

Feel free though it is not really necessary. The use of random in this case does not require anything close to true randomness. On Wed, Sep 27, 2017 at 8:24 AM, Philip Zampino wrote: > +1 > > On Wed, Sep 27, 2017 at 6:57 AM, Colm O hEigeartaigh >

Re: Use of Random

+1 On Wed, Sep 27, 2017 at 6:57 AM, Colm O hEigeartaigh wrote: > DefaultServiceRegistryService and DefaultAliasService both use > java.util.Random to generate keystore passwords. It's probably better to > use SecureRandom here instead, and objections if I make this change?

Re: PAC4J TLS configuration

Nevermind on this one, I can just use the http URL instead for the discovery doc and it works fine. Colm. On Wed, Sep 27, 2017 at 12:57 PM, Colm O hEigeartaigh wrote: > Hi all, > > I'm playing around with using PAC4J to secure KnoxSSO, talking to an OIDC > IdP. I'm getting

PAC4J TLS configuration

Hi all, I'm playing around with using PAC4J to secure KnoxSSO, talking to an OIDC IdP. I'm getting a TLS handshake error when trying to retrieve the OIDC configuration as specified by the "oidc.discoveryUri" parameter: Caused by: org.pac4j.core.exception.TechnicalException:

Use of Random

DefaultServiceRegistryService and DefaultAliasService both use java.util.Random to generate keystore passwords. It's probably better to use SecureRandom here instead, and objections if I make this change? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com