[
https://issues.apache.org/jira/browse/KNOX-3217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042795#comment-18042795
]
ASF subversion and git services commented on KNOX-3217:
-------------------------------------------------------
Commit 6e52400e21432a044309e0c9b23b8755ae5de5fa in knox's branch
refs/heads/master from bonampak
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=6e52400e2 ]
KNOX-3217: Upgrade pac4j to 6.3.0 for JDK17 (#1110)
* KNOX-3217: Upgrade pac4j for JDK17. Upgraded pac4j to 5.7.8 and javaee-pac4j
to 7.1.0.
(Instead of the jee-pac4j artifact, javaee-pac4j needs to be used - then
jakartaee-pac4j if we migrate to Jakarta).
Update opensaml to 4.2.0 and cryptacular to 1.2.5 (from pac4j-saml:5.7.8). Pin
net.shibboleth.utilities:java-support to 8.3.1.
Fix KnoxSessionStore getSessionId and Pac4jIdentityAdapter removeProfiles call.
Corrected Pac4jProviderTest.
Pac4jSetCookieResponseWrapper.addCookie() is probably not needed anymore,
pac4jcsrf is set in Set-Cookie header and is secure by default (goes through
KnoxSessionStore).
* KNOX-3217: fix missing net.shibboleth.utilities:java-support:8.3.1 from
Shibboleth maven repo. Updated shib-release maven repo URL.
* KNOX-3217: Update javaee-pac4j to 8.1.0, pac4j to 6.3.0 and opensaml to
5.1.6. Update cryptacular to 1.2.7 and xmlsec to 4.0.4.
org.pac4j.oidc.client.AzureAdClient was removed for AzureAd2Client;
AzureAdOidcConfiguration to AzureAd2OidcConfiguration.
Pinned managed dependency versions for
org.apache.httpcomponents.client5:httpclient5:5.4.3 and
org.apache.httpcomponents.core5:5.3.6 should work:
org.pac4j:pac4j-saml:jar:6.3.0 would bring in
org.apache.httpcomponents.client5:httpclient5:jar:5.3.1,
plus a dependency convergence error with
org.apache.httpcomponents.core5:httpcore5:jar:5.2.5 and 5.2.4.
* KNOX-3217: Also remove pac4jCsrfTokenExpirationDate and
pac4jPreviousCsrfToken in logout.jsp (added in pac4j 5.0).
* KNOX-3217: hibernate-core exclusion is not needed for opensaml-storage-impl.
* KNOX-3217: remove managed dependency com.nimbusds:lang-tag:1.5 (will be 1.7,
no dependency convergence issues). org.pac4j.pac4j-oidc:6.3.0 needs
com.nimbusds:lang-tag:1.7.
* KNOX-3217: Update nimbus-jose-jwt to 10.5 - dependency convergence -
org.nimbus-jose-jwt:10.5 is needed for org.pac4j:pac4j-oidc:6.3.0.
org.apereo.cas.client:cas-client-core:4.0.4 would need nimbus-jose-jwt:9.37.3
and org.apache.hadoop:hadoop-auth:3.4.1 would need nimbus-jose-jwt:9.37.2.
* KNOX-3217: review findings
> Upgrade pac4j for JDK17
> -----------------------
>
> Key: KNOX-3217
> URL: https://issues.apache.org/jira/browse/KNOX-3217
> Project: Apache Knox
> Issue Type: Task
> Components: Build
> Affects Versions: 3.0.0
> Reporter: Tamás Marcinkovics
> Assignee: Tamás Marcinkovics
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> For JDK 17, we can upgrade pac4j to 6.3 and jee-pac4j to
> javaee-pac4j:8.0.1.
> https://www.pac4j.org/blog/jee_pac4j_vs_pac4j_jee.html
> https://github.com/pac4j/jee-pac4j
> https://github.com/pac4j/jee-pac4j/wiki/Migration-guide#--8x
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
