Jérôme - My testing of OpenID Connect is blocked. Can you see the comments in KNOX-641?
thanks, --larry On Wed, Jan 6, 2016 at 2:30 PM, larry mccay <[email protected]> wrote: > Jérôme - > > Please see the comments on KNOX-641. > > thanks, > > --larry > > On Wed, Jan 6, 2016 at 11:24 AM, Kevin Minder < > [email protected]> wrote: > >> I can certainly appreciate the issue of including external resources in >> automated tests. Nothing has driven me more crazy over the years. The >> flip side of this of course is not finding out about a breakage until >> someone is willing to go through the manual testing which will typically >> happen just before a release. Also the implication is that these testing >> procedures must be very will documented so that they can be continue to be >> run once any of us are no longer active in the project. >> >> >> >> On 1/6/16, 2:12 AM, "Jérôme LELEU" <[email protected]> wrote: >> >> >Hi, >> > >> >Yes, you can hit the CAS server at Heroku. Notice it's a Heroku free >> server >> >so it needs to be re-activated first (it takes a couple of seconds). So >> for >> >a UI test, you should first hit it, wait 30 seconds and then perform the >> >test. >> > >> >Just my 2 cents: >> >Using automated UI tests was my first strategy for pac4j but I finally >> >gave up because public providers change very often, at least enough to >> make >> >the maintenance tests a nightmare. Currently, I'm using manual tests (the >> >same for all demos), it takes me around 5 minutes to play them all by >> hand >> >(for a demo) and I launched manually the UI tests I have for every major >> >pac4j release. Just to say UI tests are not that easy. For a CAS server, >> >it's fairly feasible as the CAS server and protocol change rarely. >> >That's why for Knox, I did some compromise with a simulated web test >> (based >> >on the basic auth). See: >> > >> https://github.com/apache/knox/pull/2/files#diff-d0c880ca71b310dbe57975c577535e97R47 >> > >> >Thanks. >> >Best regards, >> >Jérôme >> > >> > >> > >> >2016-01-05 21:20 GMT+01:00 Kevin Minder <[email protected]>: >> > >> >> From my perspective it would be ideal if there were some automatable >> >> functional tests for this. I’m not advocating that these be something >> >> included in “mvn clean install” as that is running too long as it is. >> >> Given that I don’t have as much context as Larry, I have some questions >> >> about what this would take. Lets say we had permission to hit >> >> https://casserverpac4j.herokuapp.com/login as part of some low >> frequency >> >> automated tests (e.g. Once nighty). What static credentials and other >> test >> >> automation infrastructure would need to be implemented in support of >> this? >> >> I understand that the test suite would require at a minimum >> >> 1) a test driver >> >> 2) a protected mock UI and >> >> 3) an appropriately configured Knox >> >> 4) a profile enabled maven module >> >> 5) an Apache jenkins job >> >> but I’m sure I’m missing other things. I’m certainly willing to help >> >> setup the skeleton infrastructure (e.g. test driver, mock UI, maven >> module, >> >> jenkins job) >> >> >> >> >> >> >> >> On 1/5/16, 2:54 PM, "larry mccay" <[email protected]> wrote: >> >> >> >> >Okay, very good. >> >> >I've used TestShib for the picketlink provider - thanks for the >> pointers! >> >> > >> >> >On Tue, Jan 5, 2016 at 1:38 PM, Jérôme LELEU <[email protected]> >> wrote: >> >> > >> >> >> The online CAS server (https://casserverpac4j.herokuapp.com/login) >> uses >> >> >> the >> >> >> CAS protocol. SAML support can be tested using some online IdP like >> >> Okta, >> >> >> TestShib, OpenFeide, Ssocircle... >> >> >> >> >> >> >> >> >> 2016-01-05 17:32 GMT+01:00 larry mccay <[email protected]>: >> >> >> >> >> >> > Great - thanks for that pointer! >> >> >> > >> >> >> > I will take a look at that and help drive the release related >> testing. >> >> >> > Merge testing will be gated on CAS server (is this SAML or CAS >> >> protocol?) >> >> >> > and testBasicAuth. >> >> >> > >> >> >> > On Tue, Jan 5, 2016 at 10:52 AM, Jérôme LELEU <[email protected]> >> >> wrote: >> >> >> > >> >> >> > > Hi, >> >> >> > > >> >> >> > > Glad to hear back from you! >> >> >> > > >> >> >> > > The core pac4j project is fully tested by unit tests (and some >> >> >> > integration >> >> >> > > tests I run for major version), then all pac4j implementations >> are >> >> each >> >> >> > > tested by the appropriate demo: j2e-pac4j-demo tests j2e-pac4j, >> >> >> > > spring-webmvc-pac4j-demo tests spring-webmvc-pac4j, etc. >> >> >> > > >> >> >> > > So if you take a look at: >> >> >> > > >> >> >> > > >> >> >> > >> >> >> >> >> >> https://github.com/pac4j/j2e-pac4j-demo/blob/master/src/main/java/org/pac4j/demo/j2e/config/DemoConfigFactory.java#L27 >> >> >> > > (for example), you have all the required information to test. >> >> >> > > >> >> >> > > I can do that on my own, but it can be good for the Knox >> community >> >> to >> >> >> > start >> >> >> > > working / testing the pac4j support. It's up to yoy. >> >> >> > > >> >> >> > > Thanks. >> >> >> > > Best regards, >> >> >> > > Jérôme >> >> >> > > >> >> >> > > >> >> >> > > 2016-01-05 16:11 GMT+01:00 larry mccay <[email protected]>: >> >> >> > > >> >> >> > > > Hello Jérôme - >> >> >> > > > >> >> >> > > > Happy New Year! >> >> >> > > > >> >> >> > > > I am going to start reviewing your updates today, hopefully. >> >> >> > > > I was thinking that we need to start discussions on what the >> key >> >> >> > usecases >> >> >> > > > are and how to go about testing them. >> >> >> > > > We can certainly test the testBasicAuth and against the >> hosted CAS >> >> >> > server >> >> >> > > > but what about FB, openid, OAuth, etc? >> >> >> > > > >> >> >> > > > I'm not sure that FB would be a key feature but OpenID >> Connect and >> >> >> > OAuth >> >> >> > > > would be - as is SAML. >> >> >> > > > I think CAS buys us SAML testing - assuming that the >> >> configuration of >> >> >> > the >> >> >> > > > hosted server is actually a SAML 2 instance. >> >> >> > > > >> >> >> > > > What about the others? >> >> >> > > > >> >> >> > > > I don't know that we need to be able to test them all before >> merge >> >> >> but >> >> >> > > some >> >> >> > > > sort of manual verification would be great. >> >> >> > > > We would need to be able to test them before the next release >> >> which >> >> >> > would >> >> >> > > > be featuring the pac4j functionality. >> >> >> > > > >> >> >> > > > Maybe you can describe how you go about testing such things >> for >> >> the >> >> >> > pac4j >> >> >> > > > project itself? >> >> >> > > > >> >> >> > > > thanks, >> >> >> > > > >> >> >> > > > --larry >> >> >> > > > >> >> >> > > > >> >> >> > > > On Tue, Jan 5, 2016 at 9:55 AM, Jérôme LELEU < >> [email protected]> >> >> >> wrote: >> >> >> > > > >> >> >> > > > > Hi, >> >> >> > > > > >> >> >> > > > > Happy new year! >> >> >> > > > > >> >> >> > > > > A few days ago, I updated my patch of the pac4j gateway >> provider >> >> >> > > > according >> >> >> > > > > to all comments on >> >> https://issues.apache.org/jira/browse/KNOX-641 >> >> >> as >> >> >> > > > well >> >> >> > > > > as the documentation on KNOX-642. >> >> >> > > > > >> >> >> > > > > Is everything ok for the merge? >> >> >> > > > > >> >> >> > > > > Thanks. >> >> >> > > > > Best regards, >> >> >> > > > > Jérôme >> >> >> > > > > >> >> >> > > > > >> >> >> > > > > 2015-12-14 15:28 GMT+01:00 larry mccay < >> [email protected]>: >> >> >> > > > > >> >> >> > > > > > Hi Jérôme - >> >> >> > > > > > >> >> >> > > > > > Not sure if you saw but I added review comments to >> KNOX-641. >> >> >> > > > > > >> >> >> > > > > > I think that we need to determine whether we want the >> >> >> testBasicAuth >> >> >> > > in >> >> >> > > > > the >> >> >> > > > > > provider itself. >> >> >> > > > > > >> >> >> > > > > > Let's follow up on the JIRA. >> >> >> > > > > > >> >> >> > > > > > thanks, >> >> >> > > > > > >> >> >> > > > > > --larry >> >> >> > > > > > >> >> >> > > > > > On Fri, Dec 11, 2015 at 8:44 AM, Jérôme LELEU < >> >> [email protected]> >> >> >> > > > wrote: >> >> >> > > > > > >> >> >> > > > > > > Hi, >> >> >> > > > > > > >> >> >> > > > > > > No problem. It can go into a version 0.8.0 if needed. >> The >> >> truth >> >> >> > is >> >> >> > > > that >> >> >> > > > > > > there is only one change outside the new pac4j module, >> so I >> >> >> think >> >> >> > > > risks >> >> >> > > > > > are >> >> >> > > > > > > extremly limited. >> >> >> > > > > > > >> >> >> > > > > > > Just let met know. >> >> >> > > > > > > >> >> >> > > > > > > Thanks. >> >> >> > > > > > > Best regards, >> >> >> > > > > > > Jérôme >> >> >> > > > > > > >> >> >> > > > > > > >> >> >> > > > > > > 2015-12-11 14:23 GMT+01:00 larry mccay < >> >> [email protected] >> >> >> >: >> >> >> > > > > > > >> >> >> > > > > > > > Hi Jérôme - >> >> >> > > > > > > > >> >> >> > > > > > > > I have unfortunately not had a chance to pull, review >> and >> >> >> test >> >> >> > it >> >> >> > > > yet >> >> >> > > > > > and >> >> >> > > > > > > > have intended to do that today. >> >> >> > > > > > > > I apologize for the delay. >> >> >> > > > > > > > >> >> >> > > > > > > > I was actually thinking that this would go into a >> follow >> >> up >> >> >> > > release >> >> >> > > > > > that >> >> >> > > > > > > we >> >> >> > > > > > > > would try and get done rapidly after the 0.7.0 release >> >> but we >> >> >> > can >> >> >> > > > > > discuss >> >> >> > > > > > > > the target and its chances of destabilizing 0.7.0. >> >> >> > > > > > > > >> >> >> > > > > > > > I believe that it is rather self-contained with only >> a few >> >> >> > > changes >> >> >> > > > to >> >> >> > > > > > > > external modules. >> >> >> > > > > > > > >> >> >> > > > > > > > Opening the JIRAs is perfect and I was going to do >> that >> >> once >> >> >> I >> >> >> > > > > started >> >> >> > > > > > > the >> >> >> > > > > > > > review. >> >> >> > > > > > > > >> >> >> > > > > > > > Let's continue review comments and collaboration on >> those >> >> >> > JIRAs. >> >> >> > > > > > > > I will add you to the contributors list so that we can >> >> assign >> >> >> > > them >> >> >> > > > to >> >> >> > > > > > > you. >> >> >> > > > > > > > >> >> >> > > > > > > > Thank you for your contributions and your patience, >> >> Jérôme! >> >> >> > > > > > > > >> >> >> > > > > > > > --larry >> >> >> > > > > > > > >> >> >> > > > > > > > On Fri, Dec 11, 2015 at 3:00 AM, Jérôme LELEU < >> >> >> > [email protected]> >> >> >> > > > > > wrote: >> >> >> > > > > > > > >> >> >> > > > > > > > > Hi, >> >> >> > > > > > > > > >> >> >> > > > > > > > > I didn't get any new feedback on the pull request >> so I >> >> >> assume >> >> >> > > > > > > everything >> >> >> > > > > > > > is >> >> >> > > > > > > > > ok from your point of view. >> >> >> > > > > > > > > >> >> >> > > > > > > > > I released pac4j v1.8.1 and j2e-pac4j v1.2.1 so I >> >> updated >> >> >> the >> >> >> > > > pull >> >> >> > > > > > > > request >> >> >> > > > > > > > > to use them and successfully re-tested everything. >> >> >> > > > > > > > > >> >> >> > > > > > > > > I opened KNOX-641 and submitted the corresponding >> patch. >> >> >> > > > > > > > > >> >> >> > > > > > > > > I also wrote the documentation, opened KNOX-642 and >> >> >> submitted >> >> >> > > the >> >> >> > > > > > > > > corresponding patch (just to let you know that it >> >> doesn't >> >> >> > work >> >> >> > > > out >> >> >> > > > > of >> >> >> > > > > > > the >> >> >> > > > > > > > > box in Windows, I had to replace mvn.bat by mvn.cmd >> to >> >> make >> >> >> > ant >> >> >> > > > > > work). >> >> >> > > > > > > > > >> >> >> > > > > > > > > Even if the branch 0.7.0 has already been created, I >> >> >> assumed >> >> >> > > this >> >> >> > > > > new >> >> >> > > > > > > > pac4j >> >> >> > > > > > > > > provider will go into this version 0.7.0 >> (dependency on >> >> the >> >> >> > > > > > > > 0.7.0-SNAPSHOT >> >> >> > > > > > > > > parent version). >> >> >> > > > > > > > > >> >> >> > > > > > > > > Just let me know if everything is ok and when it's >> >> goind to >> >> >> > be >> >> >> > > > > > merged. >> >> >> > > > > > > > > >> >> >> > > > > > > > > Thanks. >> >> >> > > > > > > > > Best regards, >> >> >> > > > > > > > > Jérôme >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > 2015-12-04 14:20 GMT+01:00 larry mccay < >> >> >> > [email protected] >> >> >> > > >: >> >> >> > > > > > > > > >> >> >> > > > > > > > > > That ability to configure multiple mechanisms >> based on >> >> >> > > > clientName >> >> >> > > > > > is >> >> >> > > > > > > > > really >> >> >> > > > > > > > > > interesting for Knox. >> >> >> > > > > > > > > > Currently, we require separate topologies per >> >> >> > authentication >> >> >> > > > > > > mechanism. >> >> >> > > > > > > > > > The ability to configure them all in one is really >> >> great. >> >> >> > > > > > > > > > >> >> >> > > > > > > > > > We would need to think through the best way to >> provide >> >> >> the >> >> >> > > > > > clientName >> >> >> > > > > > > > > > parameter. >> >> >> > > > > > > > > > Since this is targeting KnoxSSO it can actually be >> >> added >> >> >> to >> >> >> > > the >> >> >> > > > > > > > > providerURL >> >> >> > > > > > > > > > used to redirect from the participating >> application. >> >> >> > > > > > > > > > Regardless of the authentication mechanism used >> each >> >> >> > > > application >> >> >> > > > > > will >> >> >> > > > > > > > > still >> >> >> > > > > > > > > > get the same JWT based cookie. >> >> >> > > > > > > > > > >> >> >> > > > > > > > > > I think that should work really nicely. >> >> >> > > > > > > > > > >> >> >> > > > > > > > > > >> >> >> > > > > > > > > > On Fri, Dec 4, 2015 at 7:17 AM, larry mccay < >> >> >> > > > > [email protected] >> >> >> > > > > > > >> >> >> > > > > > > > > wrote: >> >> >> > > > > > > > > > >> >> >> > > > > > > > > > > Excellent, Jérôme. >> >> >> > > > > > > > > > > Thanks! >> >> >> > > > > > > > > > > >> >> >> > > > > > > > > > > On Fri, Dec 4, 2015 at 2:40 AM, Jérôme LELEU < >> >> >> > > > [email protected] >> >> >> > > > > > >> >> >> > > > > > > > wrote: >> >> >> > > > > > > > > > > >> >> >> > > > > > > > > > >> Hi, >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> I will write how to configure the pac4j >> provider in >> >> >> the >> >> >> > > > > > > > documentation, >> >> >> > > > > > > > > > but >> >> >> > > > > > > > > > >> I can already give you some insights. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> My main goal is always to respect the key >> design >> >> >> > > principles >> >> >> > > > of >> >> >> > > > > > > pac4j >> >> >> > > > > > > > > > >> whatever the environment / framework in which >> it is >> >> >> > > > > implemented. >> >> >> > > > > > > For >> >> >> > > > > > > > > > Knox, >> >> >> > > > > > > > > > >> I'm pretty happy with the use of the j2e-pac4j >> >> >> library, >> >> >> > > > which >> >> >> > > > > > > means >> >> >> > > > > > > > > that >> >> >> > > > > > > > > > >> almost all the pac4j features are available, >> >> >> especially >> >> >> > > both >> >> >> > > > > > > direct >> >> >> > > > > > > > > and >> >> >> > > > > > > > > > >> indirect clients. So it can do what Shiro >> already >> >> does >> >> >> > but >> >> >> > > > > also, >> >> >> > > > > > > as >> >> >> > > > > > > > we >> >> >> > > > > > > > > > >> agreed together, supports remote >> authentications. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> It is only limited by what you can currently >> >> >> configure. >> >> >> > > And >> >> >> > > > > even >> >> >> > > > > > > > > > >> configuration is a pac4j feature as the CAS >> server >> >> has >> >> >> > the >> >> >> > > > > same >> >> >> > > > > > > > need. >> >> >> > > > > > > > > > >> Everything happens in this class: >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > >> >> >> > > > > > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> >> >> >> https://github.com/pac4j/pac4j/blob/master/pac4j-config/src/main/java/org/pac4j/config/client/ConfigPropertiesFactory.java >> >> >> > > > > > > > > > >> , >> >> >> > > > > > > > > > >> which allows you to configure Facebook, >> Twitter, a >> >> CAS >> >> >> > > > > server, a >> >> >> > > > > > > > SAML >> >> >> > > > > > > > > > IdP >> >> >> > > > > > > > > > >> or an OpenID Connect provider. All the provided >> >> >> > parameters >> >> >> > > > to >> >> >> > > > > > the >> >> >> > > > > > > > > pac4j >> >> >> > > > > > > > > > >> provider are put into a Map and the >> >> >> > > ConfigPropertiesFactory >> >> >> > > > is >> >> >> > > > > > > built >> >> >> > > > > > > > > > with >> >> >> > > > > > > > > > >> this Map to return the built client (= >> >> authentication >> >> >> > > > > > mechanism). >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> You have one more specific option for Knox as a >> >> basic >> >> >> > > > > > > authentication >> >> >> > > > > > > > > > popup >> >> >> > > > > > > > > > >> where the username must match the password, >> you can >> >> >> > define >> >> >> > > > > that >> >> >> > > > > > > by: >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> <param> >> >> >> > > > > > > > > > >> <name>clientName</name> >> >> >> > > > > > > > > > >> <value>testBasicAuth</value> >> >> >> > > > > > > > > > >> </param> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> It's for testing only. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> For a CAS server: >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> <param> >> >> >> > > > > > > > > > >> <name>cas.loginUrl</name> >> >> >> > > > > > > > > > >> <value> >> >> https://casserverpac4j.herokuapp.com/login >> >> >> > > </value> >> >> >> > > > > > > > > > >> </param> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> Here are all the properties available for >> building >> >> >> > clients >> >> >> > > > > > (their >> >> >> > > > > > > > > > meaning >> >> >> > > > > > > > > > >> is obvious): >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> facebook.id >> >> >> > > > > > > > > > >> facebook.secret >> >> >> > > > > > > > > > >> facebook.scope >> >> >> > > > > > > > > > >> facebook.fields >> >> >> > > > > > > > > > >> twitter.id >> >> >> > > > > > > > > > >> twitter.secret >> >> >> > > > > > > > > > >> saml.keystorePassword >> >> >> > > > > > > > > > >> saml.privateKeyPassword >> >> >> > > > > > > > > > >> saml.keystorePath >> >> >> > > > > > > > > > >> saml.identityProviderMetadataPath >> >> >> > > > > > > > > > >> saml.maximumAuthenticationLifetime >> >> >> > > > > > > > > > >> saml.serviceProviderEntityId >> >> >> > > > > > > > > > >> saml.serviceProviderMetadataPath >> >> >> > > > > > > > > > >> cas.loginUrl >> >> >> > > > > > > > > > >> cas.protocol >> >> >> > > > > > > > > > >> oidc.id >> >> >> > > > > > > > > > >> oidc.secret >> >> >> > > > > > > > > > >> oidc.discoveryUri >> >> >> > > > > > > > > > >> oidc.customParamKey1 >> >> >> > > > > > > > > > >> oidc.customParamValue1 >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> If you define multiple clients, the first one >> will >> >> be >> >> >> > used >> >> >> > > > for >> >> >> > > > > > > > > > >> authentication, but you can explicitly choose >> the >> >> >> client >> >> >> > > you >> >> >> > > > > > want >> >> >> > > > > > > to >> >> >> > > > > > > > > use >> >> >> > > > > > > > > > >> via the clientName parameter, assuming you >> want to >> >> >> > switch >> >> >> > > > from >> >> >> > > > > > > > client >> >> >> > > > > > > > > > >> depending on environment for example. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> So if you want to add some new authentication >> >> >> mechanism, >> >> >> > > you >> >> >> > > > > > must >> >> >> > > > > > > > > first >> >> >> > > > > > > > > > >> check that it is available in pac4j (if it's >> not, >> >> it's >> >> >> > > > another >> >> >> > > > > > > > > > discussion, >> >> >> > > > > > > > > > >> but generally, it is). Then, you'll need to >> upgrade >> >> >> the >> >> >> > > > > > > > > > >> ConfigPropertiesFactory by submitting a new >> pull >> >> >> request >> >> >> > > to >> >> >> > > > > the >> >> >> > > > > > > > pac4j >> >> >> > > > > > > > > > >> project (I can do it myself, but I'm sure you >> >> could do >> >> >> > > that >> >> >> > > > > > > easily), >> >> >> > > > > > > > > > >> finally wait for the new pac4j release and >> switch >> >> >> pac4j >> >> >> > > > > versions >> >> >> > > > > > > in >> >> >> > > > > > > > > Knox >> >> >> > > > > > > > > > >> to >> >> >> > > > > > > > > > >> benefit from the new feature. >> >> >> > > > > > > > > > >> The good thing is that if someone related to >> the >> >> CAS >> >> >> > > server >> >> >> > > > > does >> >> >> > > > > > > the >> >> >> > > > > > > > > > same >> >> >> > > > > > > > > > >> thing for CAS (in pac4j), you will >> automatically >> >> get >> >> >> it >> >> >> > > when >> >> >> > > > > > > you'll >> >> >> > > > > > > > > > >> upgrade >> >> >> > > > > > > > > > >> pac4j. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> To go even further, replacing LDAP Shiro >> >> >> authentication >> >> >> > is >> >> >> > > > > just >> >> >> > > > > > a >> >> >> > > > > > > > > matter >> >> >> > > > > > > > > > >> of >> >> >> > > > > > > > > > >> making pac4j LDAP authentication available via >> >> >> > > configuration >> >> >> > > > > > > > > parameters. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> I hope it was clear enough. >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> Thanks. >> >> >> > > > > > > > > > >> Best regards, >> >> >> > > > > > > > > > >> Jérôme >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> 2015-12-03 20:45 GMT+01:00 larry mccay < >> >> >> > > > [email protected] >> >> >> > > > > >: >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> > Excellent! >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > I will carve out some time to do code review. >> >> >> > > > > > > > > > >> > We will need to get some insights into how >> to go >> >> >> about >> >> >> > > > > > testing: >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > * is the CAS server going to be available for >> >> >> testing? >> >> >> > > > > > > > > > >> > * what are the specific and generic/standard >> (if >> >> >> any) >> >> >> > > > > > > > authentication >> >> >> > > > > > > > > > >> > mechanisms available - for instance: >> >> >> > > > > > > > > > >> > - Facebook, Google, LinkedIn and CAS are >> >> >> specifics >> >> >> > > > > > > > > > >> > - OAuth 2, OpenID Connect, SAML are >> >> >> > > generic/standards >> >> >> > > > - >> >> >> > > > > > that >> >> >> > > > > > > > may >> >> >> > > > > > > > > > be >> >> >> > > > > > > > > > >> > used for the above specifics... >> >> >> > > > > > > > > > >> > * how do we test things other than CAS - in >> >> terms of >> >> >> > > > getting >> >> >> > > > > > > > > > >> credentials, >> >> >> > > > > > > > > > >> > configuration, etc >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > We could certainly do this is phases as well. >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > If you can enumerate the things that should >> work >> >> and >> >> >> > > > provide >> >> >> > > > > > > some >> >> >> > > > > > > > > > >> testing >> >> >> > > > > > > > > > >> > details for CAS or as many as possible and >> OpenID >> >> >> > > Connect >> >> >> > > > > then >> >> >> > > > > > > we >> >> >> > > > > > > > > can >> >> >> > > > > > > > > > >> test >> >> >> > > > > > > > > > >> > the specific implementations that you >> provide and >> >> >> > enable >> >> >> > > > the >> >> >> > > > > > > > testing >> >> >> > > > > > > > > > of >> >> >> > > > > > > > > > >> > another OpenID Connect effort that is in the >> >> works >> >> >> in >> >> >> > > the >> >> >> > > > > > > > community. >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > I'm not sure whether we want to commit >> >> contributions >> >> >> > > that >> >> >> > > > > are >> >> >> > > > > > > > > > dependent >> >> >> > > > > > > > > > >> on >> >> >> > > > > > > > > > >> > snapshots - we certainly can't release with >> any >> >> such >> >> >> > > > > > > dependencies. >> >> >> > > > > > > > > > >> > I would hate to add a cleanup task to a >> release >> >> to >> >> >> > make >> >> >> > > > sure >> >> >> > > > > > > there >> >> >> > > > > > > > > are >> >> >> > > > > > > > > > >> no >> >> >> > > > > > > > > > >> > snapshots in there. >> >> >> > > > > > > > > > >> > We will probably wait until after the pac4j >> >> releases >> >> >> > to >> >> >> > > > > > commit. >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > I am really happy that this integration is >> >> happening >> >> >> > and >> >> >> > > > > that >> >> >> > > > > > it >> >> >> > > > > > > > > went >> >> >> > > > > > > > > > >> > rather smoothly. >> >> >> > > > > > > > > > >> > These sorts of authentication protocols are >> >> complex >> >> >> > and >> >> >> > > I >> >> >> > > > > > think >> >> >> > > > > > > we >> >> >> > > > > > > > > > >> lined up >> >> >> > > > > > > > > > >> > pretty well overall. >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > Thanks for your work! >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > On Thu, Dec 3, 2015 at 2:28 PM, Jérôme LELEU >> < >> >> >> > > > > > [email protected]> >> >> >> > > > > > > > > > wrote: >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > > Hi, >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > I just sync'ed with master, cleaned >> >> dependencies >> >> >> and >> >> >> > > > added >> >> >> > > > > > > > missing >> >> >> > > > > > > > > > >> > > Javadocs. Everything works correctly now. >> Many >> >> >> > thanks. >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > The pull request is ready for a full code >> >> review: >> >> >> > > > > > > > > > >> > > https://github.com/apache/knox/pull/2 >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > I'll write the documentation after the >> pac4j >> >> >> > releases >> >> >> > > (I >> >> >> > > > > > hope >> >> >> > > > > > > > next >> >> >> > > > > > > > > > >> week). >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > Thanks. >> >> >> > > > > > > > > > >> > > Best regards, >> >> >> > > > > > > > > > >> > > Jérôme >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > 2015-12-02 19:18 GMT+01:00 larry mccay < >> >> >> > > > > > [email protected] >> >> >> > > > > > > >: >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > > > Fixed in >> >> >> > > > https://issues.apache.org/jira/browse/KNOX-636 >> >> >> > > > > . >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > > On Wed, Dec 2, 2015 at 12:42 PM, larry >> mccay >> >> < >> >> >> > > > > > > > > > [email protected] >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> > > > wrote: >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > > > Sure - I can file a JIRA and commit a >> fix. >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > The secret generation should be done >> in one >> >> >> > > instance >> >> >> > > > > and >> >> >> > > > > > > > > > >> replicated >> >> >> > > > > > > > > > >> > > > across >> >> >> > > > > > > > > > >> > > > > others. >> >> >> > > > > > > > > > >> > > > > This replication/management of the >> >> credential >> >> >> > > stores >> >> >> > > > > is >> >> >> > > > > > > > > outside >> >> >> > > > > > > > > > of >> >> >> > > > > > > > > > >> > the >> >> >> > > > > > > > > > >> > > > > scope of Knox itself as of now. >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > Documentation is done in markdown and >> is >> >> >> > > > contributing >> >> >> > > > > > > > details >> >> >> > > > > > > > > > are >> >> >> > > > > > > > > > >> > > > > available at: >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > >> >> >> > > > > > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> >> >> >> https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > Which should give you a general idea. >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > Find an example like: >> ./trunk/books/0.7.0/ >> >> >> > > > > > > > > > >> > > config_preauth_sso_provider.md >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > For an example of typical content and >> >> format. >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > Here is how that example renders: >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > >> >> >> > > > > > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> >> >> >> http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > You'll need to tie it into the rest of >> the >> >> >> book >> >> >> > - >> >> >> > > > just >> >> >> > > > > > > grep >> >> >> > > > > > > > > for >> >> >> > > > > > > > > > >> where >> >> >> > > > > > > > > > >> > > > that >> >> >> > > > > > > > > > >> > > > > filename is referenced. >> >> >> > > > > > > > > > >> > > > > To test how it renders build the site >> with: >> >> >> > "ant" >> >> >> > > > and >> >> >> > > > > > note >> >> >> > > > > > > > the >> >> >> > > > > > > > > > >> url to >> >> >> > > > > > > > > > >> > > the >> >> >> > > > > > > > > > >> > > > > 0.7.0 book. >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > On Wed, Dec 2, 2015 at 12:12 PM, Jérôme >> >> LELEU >> >> >> < >> >> >> > > > > > > > > [email protected] >> >> >> > > > > > > > > > > >> >> >> > > > > > > > > > >> > > wrote: >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > >> Hi, >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> Why it doesn't work for pac4j while it >> >> works >> >> >> > for >> >> >> > > > > others >> >> >> > > > > > > is >> >> >> > > > > > > > a >> >> >> > > > > > > > > > bit >> >> >> > > > > > > > > > >> > > strange >> >> >> > > > > > > > > > >> > > > >> to >> >> >> > > > > > > > > > >> > > > >> me, but if you have the patch in >> front of >> >> >> your >> >> >> > > > eyes, >> >> >> > > > > > I'd >> >> >> > > > > > > > > rather >> >> >> > > > > > > > > > >> > prefer >> >> >> > > > > > > > > > >> > > > you >> >> >> > > > > > > > > > >> > > > >> to commit it. In all cases, I'll sync >> with >> >> >> the >> >> >> > > > > master. >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> There was one question you didn't >> answer >> >> >> > > > previously: >> >> >> > > > > is >> >> >> > > > > > > the >> >> >> > > > > > > > > > >> password >> >> >> > > > > > > > > > >> > > > >> generated for the pac4j provider the >> same >> >> >> > across >> >> >> > > > all >> >> >> > > > > > > > gateway >> >> >> > > > > > > > > > >> > > instances? >> >> >> > > > > > > > > > >> > > > >> Because I expect to have the same >> value >> >> as I >> >> >> > use >> >> >> > > it >> >> >> > > > > to >> >> >> > > > > > > > > encrypt >> >> >> > > > > > > > > > / >> >> >> > > > > > > > > > >> > > decrypt >> >> >> > > > > > > > > > >> > > > >> data. >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> I will add the Javadoc. After that, >> you >> >> can >> >> >> > > review >> >> >> > > > > the >> >> >> > > > > > > pull >> >> >> > > > > > > > > > >> request >> >> >> > > > > > > > > > >> > > more >> >> >> > > > > > > > > > >> > > > >> completely. >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> What do you expect for the >> documentation? >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> Notice that pac4j dependencies are >> still >> >> >> > > snapshots, >> >> >> > > > > but >> >> >> > > > > > > > they >> >> >> > > > > > > > > > >> will be >> >> >> > > > > > > > > > >> > > > >> released in a week or two. >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> Thanks. >> >> >> > > > > > > > > > >> > > > >> Best regards, >> >> >> > > > > > > > > > >> > > > >> Jérôme >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> 2015-12-02 17:51 GMT+01:00 larry >> mccay < >> >> >> > > > > > > > > [email protected] >> >> >> > > > > > > > > > >: >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> > Jérôme - >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> > If you would like to add that >> change as >> >> >> part >> >> >> > of >> >> >> > > > > your >> >> >> > > > > > > > patch >> >> >> > > > > > > > > or >> >> >> > > > > > > > > > >> as a >> >> >> > > > > > > > > > >> > > > >> > separately filed JIRA to fix a bug >> that >> >> >> would >> >> >> > > > > > certainly >> >> >> > > > > > > > be >> >> >> > > > > > > > > > >> > welcomed. >> >> >> > > > > > > > > > >> > > > >> > Otherwise, I can do it. >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> > Let me know. >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> > thanks, >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> > --larry >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> > On Wed, Dec 2, 2015 at 11:44 AM, >> larry >> >> >> mccay >> >> >> > < >> >> >> > > > > > > > > > >> > [email protected] >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > > >> > wrote: >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> > > Okay - I had to add an override of >> >> >> > > > > > getUserPrincipal() >> >> >> > > > > > > > to >> >> >> > > > > > > > > > the >> >> >> > > > > > > > > > >> > > > >> > > >> >> IdentityAsserterHttpServletRequestWrapper >> >> >> > and >> >> >> > > > > > return >> >> >> > > > > > > > the >> >> >> > > > > > > > > > >> member >> >> >> > > > > > > > > > >> > > > >> variable >> >> >> > > > > > > > > > >> > > > >> > > username and it works like a >> charm. >> >> >> > > > > > > > > > >> > > > >> > > >> >> >> > > > > > > > > > >> > > > >> > > Why I haven't seen this same >> behavior >> >> >> with >> >> >> > > > other >> >> >> > > > > > > > > providers >> >> >> > > > > > > > > > >> is a >> >> >> > > > > > > > > > >> > > bit >> >> >> > > > > > > > > > >> > > > >> of a >> >> >> > > > > > > > > > >> > > > >> > > mystery but they must be adding >> other >> >> >> > > wrappers >> >> >> > > > > that >> >> >> > > > > > > > > handle >> >> >> > > > > > > > > > >> it. >> >> >> > > > > > > > > > >> > > > >> > > This is quite cool, Jérôme! >> >> >> > > > > > > > > > >> > > > >> > > >> >> >> > > > > > > > > > >> > > > >> > > On Wed, Dec 2, 2015 at 10:41 AM, >> larry >> >> >> > mccay >> >> >> > > < >> >> >> > > > > > > > > > >> > > [email protected] >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > >> > > wrote: >> >> >> > > > > > > > > > >> > > > >> > > >> >> >> > > > > > > > > > >> > > > >> > >> That was it - thanks! >> >> >> > > > > > > > > > >> > > > >> > >> >> >> >> > > > > > > > > > >> > > > >> > >> On Wed, Dec 2, 2015 at 10:20 AM, >> >> Jérôme >> >> >> > > LELEU >> >> >> > > > < >> >> >> > > > > > > > > > >> > [email protected]> >> >> >> > > > > > > > > > >> > > > >> wrote: >> >> >> > > > > > > > > > >> > > > >> > >> >> >> >> > > > > > > > > > >> > > > >> > >>> This is my exact command line: >> mvn >> >> >> > > -Prelease >> >> >> > > > > > clean >> >> >> > > > > > > > > > install >> >> >> > > > > > > > > > >> > > > >> -DskipTests >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >>> You use an internal Maven >> >> repository to >> >> >> > > fetch >> >> >> > > > > > > > > > dependencies >> >> >> > > > > > > > > > >> > from >> >> >> > > > > > > > > > >> > > > >> > internet: >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > >> >> >> > > >> http://nexus-private.hortonworks.com/nexus/content/groups/public/ >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >>> Does this repository have >> access to >> >> the >> >> >> > > > remote >> >> >> > > > > > > > > Snapshots >> >> >> > > > > > > > > > >> > > Sonatype >> >> >> > > > > > > > > > >> > > > >> repo? >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >>> 2015-12-02 16:16 GMT+01:00 larry >> >> mccay >> >> >> < >> >> >> > > > > > > > > > >> [email protected] >> >> >> > > > > > > > > > >> > >: >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >>> > hmmm - I used: >> >> >> > > > > > > > > > >> > > > >> > >>> > >> >> >> > > > > > > > > > >> > > > >> > >>> > mvn clean install >> -DskipTests=true >> >> >> > > > -Prelease >> >> >> > > > > > > > > > >> > > > >> > >>> > >> >> >> > > > > > > > > > >> > > > >> > >>> > The repository entry is in >> there >> >> >> > already. >> >> >> > > > > > > > > > >> > > > >> > >>> > No worky. >> >> >> > > > > > > > > > >> > > > >> > >>> > >> >> >> > > > > > > > > > >> > > > >> > >>> > On Wed, Dec 2, 2015 at 10:12 >> AM, >> >> >> Jérôme >> >> >> > > > > LELEU < >> >> >> > > > > > > > > > >> > > [email protected] >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > >> > >>> wrote: >> >> >> > > > > > > > > > >> > > > >> > >>> > >> >> >> > > > > > > > > > >> > > > >> > >>> > > Hi, >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > You need the j2e-pac4j >> >> dependencies >> >> >> > as >> >> >> > > > well >> >> >> > > > > > as >> >> >> > > > > > > > the >> >> >> > > > > > > > > > >> pac4j-* >> >> >> > > > > > > > > > >> > > > >> > >>> dependencies, >> >> >> > > > > > > > > > >> > > > >> > >>> > > but you don't need to build >> them >> >> >> > > locally >> >> >> > > > > > > > > (hopefully). >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > But you need a dependency >> on the >> >> >> > > Sonatype >> >> >> > > > > > > > snapshots >> >> >> > > > > > > > > > >> > > repository >> >> >> > > > > > > > > > >> > > > >> > >>> (where the >> >> >> > > > > > > > > > >> > > > >> > >>> > > snapshot versions are >> hosted), >> >> >> which >> >> >> > is >> >> >> > > > > added >> >> >> > > > > > > for >> >> >> > > > > > > > > > >> Maven in >> >> >> > > > > > > > > > >> > > the >> >> >> > > > > > > > > > >> > > > >> root >> >> >> > > > > > > > > > >> > > > >> > >>> > > pom.xml: >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > >> >> >> > > > > > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> >> >> >> https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123 >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > If you use Ant for the >> build, >> >> there >> >> >> > is >> >> >> > > > > maybe >> >> >> > > > > > a >> >> >> > > > > > > > > glitch >> >> >> > > > > > > > > > >> to >> >> >> > > > > > > > > > >> > > find >> >> >> > > > > > > > > > >> > > > >> the >> >> >> > > > > > > > > > >> > > > >> > >>> > Sonatype >> >> >> > > > > > > > > > >> > > > >> > >>> > > Maven repo. >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > Thanks. >> >> >> > > > > > > > > > >> > > > >> > >>> > > Best regards, >> >> >> > > > > > > > > > >> > > > >> > >>> > > Jérôme >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > 2015-12-02 16:06 GMT+01:00 >> larry >> >> >> > mccay >> >> >> > > < >> >> >> > > > > > > > > > >> > > [email protected] >> >> >> > > > > > > > > > >> > > > >: >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > > Oh - do I need to build >> >> j2e-pac4 >> >> >> > > > locally >> >> >> > > > > in >> >> >> > > > > > > > order >> >> >> > > > > > > > > > to >> >> >> > > > > > > > > > >> > > resolve >> >> >> > > > > > > > > > >> > > > >> the >> >> >> > > > > > > > > > >> > > > >> > >>> > > > dependencies? >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > > [ERROR] Failed to execute >> >> goal on >> >> >> > > > project >> >> >> > > > > > > > > > >> > > > >> > >>> > > >> gateway-provider-security-pac4j: >> >> >> > > > > > > > > > >> > > > >> > >>> > > > Could not resolve >> dependencies >> >> >> for >> >> >> > > > > project >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> >> >> > > > > >> >> org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT: >> >> >> > > > > > > > > > >> > > > >> The >> >> >> > > > > > > > > > >> > > > >> > >>> > > > following artifacts could >> not >> >> be >> >> >> > > > > resolved: >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT, >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT, >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT: >> >> >> > > > > > > > Could >> >> >> > > > > > > > > > not >> >> >> > > > > > > > > > >> > find >> >> >> > > > > > > > > > >> > > > >> > artifact >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT >> >> >> > > > in >> >> >> > > > > > > > public >> >> >> > > > > > > > > ( >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> >> >> >> > > > > > >> >> >> http://nexus-private.hortonworks.com/nexus/content/groups/public/ >> >> >> > > > > > > > > > >> > ) >> >> >> > > > > > > > > > >> > > > >> > >>> -> >> >> >> > > > > > > > > > >> > > > >> > >>> > > > [Help >> >> >> > > > > > > > > > >> > > > >> > >>> > > > 1] >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > > On Wed, Dec 2, 2015 at >> 10:05 >> >> AM, >> >> >> > > larry >> >> >> > > > > > mccay >> >> >> > > > > > > < >> >> >> > > > > > > > > > >> > > > >> > >>> [email protected]> >> >> >> > > > > > > > > > >> > > > >> > >>> > > > wrote: >> >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> gateway-provider-security-pac4j >> >> >> > > > doesn't >> >> >> > > > > > > > build - >> >> >> > > > > > > > > > do >> >> >> > > > > > > > > > >> you >> >> >> > > > > > > > > > >> > > > have >> >> >> > > > > > > > > > >> > > > >> a >> >> >> > > > > > > > > > >> > > > >> > >>> pending >> >> >> > > > > > > > > > >> > > > >> > >>> > > > > change for your pom.xml >> or >> >> >> > > something? >> >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> >> > > > > > > > > > >> > > > >> > >>> > >> >> >> > > > > > > > > > >> > > > >> > >>> >> >> >> > > > > > > > > > >> > > > >> > >> >> >> >> > > > > > > > > > >> > > > >> > >> >> >> >> > > > > > > > > > >> > > > >> > > >> >> >> > > > > > > > > > >> > > > >> > >> >> >> > > > > > > > > > >> > > > >> >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > > >> >> >> > > > > > > > > > >> > > > >> >> >> > > > > > > > > > >> > > >> >> >> > > > > > > > > > >> > >> >> >> > > > > > > > > > >> >> >> >> > > > > > > > > > > >> >> >> > > > > > > > > > > >> >> >> > > > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > >> >> >> > > > > > > >> >> >> > > > > > >> >> >> > > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> >> >> >> > >
