[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17426665#comment-17426665 ] Larry McCay commented on KNOX-1355: --- Due to upcoming release of 1.6.0 and the need for an incompatible change coming up for log4j migration, we are moving this out to the 2.0.0 release. As of now, 1.6.0 will be the last 1.x.x release due to the incompatible change. If there is a critical need for this in 1.6.0 please feel free to move the fixVersion back to 1.6.0 with a note of justification. > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 2.0.0 > > Attachments: KNOX-1355.patch, knox_fix_for_dp_keycloak.patch, > knoxsso.xml, sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pac4j > federation. This is for an SSO scenario and not Knox Gateway proxy. So, > requested to gateway/knoxsso/api/v1/websso?originalUrl=https://service. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://service/) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[
https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16678784#comment-16678784
]
Kevin Risden commented on KNOX-1355:
[~yhemanth] and [~dipayanb] - There are test failures after this is applied:
{code:java}
[[1;34mINFO[m] ---
[[1;34mINFO[m] T E S T S
[[1;34mINFO[m] ---
[[1;34mINFO[m] Running org.apache.knox.gateway.pac4j.[1mPac4jProviderTest[m
log4j:WARN No appenders could be found for logger
(org.pac4j.j2e.filter.CallbackFilter).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more
info.
[[1;31mERROR[m] [1;31mTests [0;1mrun: [0;1m3[m, [1;31mFailures:
[0;1;31m3[m, Errors: 0, Skipped: 0, Time elapsed: 1.44 s[1;31m <<<
FAILURE![m - in org.apache.knox.gateway.pac4j.[1mPac4jProviderTest[m
[[1;31mERROR[m] test(org.apache.knox.gateway.pac4j.Pac4jProviderTest) Time
elapsed: 0.914 s <<< FAILURE!
org.junit.ComparisonFailure:
expected:<0.0.1:8443/gateway/[idp/api/v1/websso?originalUrl=https://127.0.0.1:8443/gateway/]sandox/webhdfs/v1/tm...>
but was:<0.0.1:8443/gateway/[]sandox/webhdfs/v1/tm...>
at
org.apache.knox.gateway.pac4j.Pac4jProviderTest.test(Pac4jProviderTest.java:129)
[[1;31mERROR[m]
testValidIdAttribute(org.apache.knox.gateway.pac4j.Pac4jProviderTest) Time
elapsed: 0.261 s <<< FAILURE!
org.junit.ComparisonFailure:
expected:<0.0.1:8443/gateway/[idp/api/v1/websso?originalUrl=https://127.0.0.1:8443/gateway/]sandox/webhdfs/v1/tm...>
but was:<0.0.1:8443/gateway/[]sandox/webhdfs/v1/tm...>
at
org.apache.knox.gateway.pac4j.Pac4jProviderTest.testValidIdAttribute(Pac4jProviderTest.java:228)
[[1;31mERROR[m]
testInvalidIdAttribute(org.apache.knox.gateway.pac4j.Pac4jProviderTest) Time
elapsed: 0.262 s <<< FAILURE!
org.junit.ComparisonFailure:
expected:<0.0.1:8443/gateway/[idp/api/v1/websso?originalUrl=https://127.0.0.1:8443/gateway/]sandox/webhdfs/v1/tm...>
but was:<0.0.1:8443/gateway/[]sandox/webhdfs/v1/tm...>
at
org.apache.knox.gateway.pac4j.Pac4jProviderTest.testInvalidIdAttribute(Pac4jProviderTest.java:326)
{code}
I haven't looked into why but it would be good to understand this before
merging.
> Knox not honoring originalUrl when pac4j federation is used
> ---
>
> Key: KNOX-1355
> URL: https://issues.apache.org/jira/browse/KNOX-1355
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
>Reporter: DIPAYAN BHOWMICK
>Priority: Major
> Fix For: 1.3.0
>
> Attachments: KNOX-1355.patch, knox_fix_for_dp_keycloak.patch,
> knoxsso.xml, sequence_diagram.txt
>
>
> I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j
> federation in Dataplane. This is for an SSO scenario and not Knox Gateway
> proxy. So, requested to
> gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane.
> After, the redirection happens to Keycloak and successful authentication knox
> rather than returning to the requested original URL, it is redirecting to the
> original requestedURL (ie.
> gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane)
> The complete Sequence diagram is attached. [^sequence_diagram.txt]
> Also, knoxsso.xml is attached as an example. [^knoxsso.xml]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16658971#comment-16658971 ] Kevin Risden commented on KNOX-1355: Updated patch to have missing httpcore/httpclient dependencies. > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 1.2.0 > > Attachments: KNOX-1355.patch, knox_fix_for_dp_keycloak.patch, > knoxsso.xml, sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j > federation in Dataplane. This is for an SSO scenario and not Knox Gateway > proxy. So, requested to > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16657690#comment-16657690 ] Kevin Risden commented on KNOX-1355: Updated patch to use current pac4j sessionStore and fix the checkstyle issues. Patch has correct naming now too. > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 1.2.0 > > Attachments: KNOX-1355.patch, knox_fix_for_dp_keycloak.patch, > knoxsso.xml, sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j > federation in Dataplane. This is for an SSO scenario and not Knox Gateway > proxy. So, requested to > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16657678#comment-16657678 ] Kevin Risden commented on KNOX-1355: Reapplied patch with correct naming. This looks like it applies cleanly. Running through tests. It will require some more testing before merge though. > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 1.2.0 > > Attachments: KNOX-1355.patch, knox_fix_for_dp_keycloak.patch, > knoxsso.xml, sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j > federation in Dataplane. This is for an SSO scenario and not Knox Gateway > proxy. So, requested to > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16623411#comment-16623411 ] Hemanth Yamijala commented on KNOX-1355: [~lmccay] - would it be possible to merge this into the next release of Knox if you are fine with [~dipayanb]'s patch? We would like this for extending the way in which we use Knox in our application. > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 1.2.0 > > Attachments: knox_fix_for_dp_keycloak.patch, knoxsso.xml, > sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j > federation in Dataplane. This is for an SSO scenario and not Knox Gateway > proxy. So, requested to > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16531483#comment-16531483 ] Larry McCay commented on KNOX-1355: --- Moving this out to 1.2.0 because I do not want to destabilize 1.1.0 release at this point. Feel free to ask for it to be pulled back in if it is needed desperately. > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 1.2.0 > > Attachments: knox_fix_for_dp_keycloak.patch, knoxsso.xml, > sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j > federation in Dataplane. This is for an SSO scenario and not Knox Gateway > proxy. So, requested to > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1355) Knox not honoring originalUrl when pac4j federation is used
[ https://issues.apache.org/jira/browse/KNOX-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16510692#comment-16510692 ] DIPAYAN BHOWMICK commented on KNOX-1355: I did some digging around the knox code and its integration with pac4j, I found that the DefaultCallbackStrategy was not overloaded for this scenario to work. The defaultCallbackStrategy will work if knox is used as a gateway. I was able to fix the redirection issue by patching the code. Patch is attached. [^knox_fix_for_dp_keycloak.patch] > Knox not honoring originalUrl when pac4j federation is used > --- > > Key: KNOX-1355 > URL: https://issues.apache.org/jira/browse/KNOX-1355 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: DIPAYAN BHOWMICK >Priority: Major > Fix For: 1.1.0 > > Attachments: knox_fix_for_dp_keycloak.patch, knoxsso.xml, > sequence_diagram.txt > > > I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j > federation in Dataplane. This is for an SSO scenario and not Knox Gateway > proxy. So, requested to > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane. > After, the redirection happens to Keycloak and successful authentication knox > rather than returning to the requested original URL, it is redirecting to the > original requestedURL (ie. > gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane) > The complete Sequence diagram is attached. [^sequence_diagram.txt] > Also, knoxsso.xml is attached as an example. [^knoxsso.xml] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
