Hi,
Sorry if this isn't worthy of the developers list but I believe that it is appropriate. We are trying to stand up a highly-available Maven repository that is protected by an SSO solution using Basic Auth over SSL. The architecture is as follows: 1.) Maven clients connect over the internet to the repository using maven.example.com 2.) maven.example.com is a hardware load balancer DNS alias that uses HTTP 301 to redirect to repo.example.com 3.) repo.example.com uses HTTP 302 to redirect the request to login.example.com 4.) login.example.com sends back HTTP 401 to require authentication 5.) The client returns the request with the Authorization header and login.example.com uses HTTP 302 to redirect the request back to repo.example.com with the proper Authorization header and retrieve the artifact. We define the repository in settings.xml with a url of https://maven.example.com. The problem we are running into is that the Maven HTTP Wagon code is setting the AuthScope based on the Repository URL's host (and port, if supplied). Credentials creds = new UsernamePasswordCredentials( username, password ); String host = getRepository().getHost(); int port = getRepository().getPort() > -1 ? getRepository().getPort() : AuthScope.ANY_PORT; credentialsProvider.setCredentials( new AuthScope( host, port ), creds ); As such, the AuthScope is created with "maven.example.com" and "-1" (i.e., AuthScope.ANY_PORT). This causes the Authorization header to not be returned in response to the HTTP 401 challenge and Maven simply moves on to try to retrieve the artifact from Maven Central (but the artifact isn't there.). >From reading the code, there doesn't appear to be any way of telling Maven to >set the AuthScope realm to a value that we specify (and the AuthScope host to >AuthScope.ANY_HOST). Are we missing something obvious or, as we believe, do >we need to enhance Maven to support this type of configuration? We really need for this to work so what do you suggest? We had this mostly working with the org.sonatype.maven:wagon-ahc:1.2.1 wagon but we were running into an issue where Maven was dropping the Authorization header when fetching the artifact's checksum file, which made that solution unworkable. Thanks, Robert -- Robert Patrick <HYPERLINK "mailto:robert.patr...@oracle.com"robert.patr...@oracle.com> VP, FMW Platform Engineering, Oracle Corporation 7460 Warren Pkwy, Ste. 300 Office: +1.972.963.2872 Frisco, TX 75034, USA Mobile: +1.469.556.9450 HYPERLINK "http://www.amazon.com/Professional-Oracle-WebLogic-Server-Patrick/dp/0470484306/"Professional Oracle WebLogic Server by Robert Patrick, Gregory Nyberg, and Philip Aston with Josh Bregman and Paul Done Book Home Page: HYPERLINK "http://www.wrox.com/WileyCDA/WroxTitle/Professional-Oracle-WebLogic-Server.productCd-0470484306.html"http://www.wrox.com/ Kindle Version: HYPERLINK "http://www.amazon.com/Professional-Oracle-WebLogic-Server-ebook/dp/B004HD69J2/"http://www.amazon.com/
