[
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15057995#comment-15057995
]
Jérôme Leleu commented on KNOX-641:
-----------------------------------
1. OK. I will remove the @author tag. But I can keep the @since tag, cannot I?
2. OK. Let's have a `pac4j.callbackUrl`.
3. I had the same question, but wasn't sure of the possible use cases. oK. So I
could extract the getDomainName from the WebSSOResource into the Urls utility
class and use it in the pac4j gateway provider, right?
4. Right, there are no unit tests. I will improve this, but the logic in Knox
strongly relies on the j2e-pac4j library so I don't want to somehow double-test
the same things.
5. Did you close / re-open your browser? The pac4j authenticated user is saved
into a cookie, that explains why the user identity did not change even if you
change your configuration. This problem will be easily fixed by removing the
pac4j identity when the Knox identity is created (all pac4j information are
cleaned by pac4j except the authenticated user of course). I will fix this
weakness.
6. The `testBasicAuth` is meant to help people to test the pac4j provider when
they don't have any remote identity provider (for developments). It could be
used by an evil admin, but if we go that far, the evil admin can also setup a
local CAS server with login = pwd. I think the main point here is to clean the
pac4j identity as soon as it becomes a Knox one, not to be able to reuse it
after the changing the topology -> 5)
> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> -----------------------------------------------------------
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
> Issue Type: New Feature
> Reporter: Jérôme Leleu
> Assignee: Jérôme Leleu
> Fix For: 0.7.0
>
> Attachments: KNOX-641.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
