You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by bhaisaab <gi...@git.apache.org> on 2016/01/28 13:08:23 UTC
[GitHub] cloudstack pull request: user-authenticators/saml2: Remove unused ...
GitHub user bhaisaab opened a pull request:
https://github.com/apache/cloudstack/pull/1380
user-authenticators/saml2: Remove unused dependency
Removes Spring security saml extension as it is not needed or used by the
SAML plugin.
cc @DaanHoogland
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/shapeblue/cloudstack 4.7-saml-removedep
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1380.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1380
----
commit 942222607be4e433d393ab16baf350368791780e
Author: Rohit Yadav <ro...@shapeblue.com>
Date: 2016-01-28T12:06:08Z
user-authenticators/saml2: Remove unused dependency
Removes Spring security saml extension as it is not needed or used by the
SAML plugin.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-180483422
Since this is again maven related changes, will close this PR and move the commit to https://github.com/apache/cloudstack/pull/1397 's branch
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by DaanHoogland <gi...@git.apache.org>.
Github user DaanHoogland commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-176781714
great LGTM. It is only removing an unused dep from the pom.xml
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by DaanHoogland <gi...@git.apache.org>.
Github user DaanHoogland commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-176645627
loks good but now jenkins complains about these:
GetServiceProviderMetaDataCmdTest.testAuthenticate:96 » NoClassDefFound org/w3...
SAML2LoginAPIAuthenticatorCmdTest.testAuthenticate:186 » NoClassDefFound org/a...
SAML2LogoutAPIAuthenticatorCmdTest.testAuthenticate:76 » NoClassDefFound org/a...
SAML2AuthManagerImplTest.testStart:63 » NoClassDefFound org/apache/xerces/dom/...
Any idea why this fails, @bhaisaab ? seems the tests use the old dependency.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab closed the pull request at:
https://github.com/apache/cloudstack/pull/1380
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-176291448
@DaanHoogland upgraded my local 4.7.0 cloudstack to 4.7.1 without the spring-saml ext dependency and logged in as a SAML user. Log:
2016-01-28 18:16:32,085 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) (logid:) Starting SAML IDP Metadata Refresh Task
2016-01-28 18:16:32,085 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) (logid:) Adding IdP to the list of discovered IdPs: https://idp.scaleninja.com/idp/shibboleth
2016-01-28 18:16:32,088 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) (logid:) Finished refreshing SAML Metadata and expiring old auth tokens
2016-01-28 18:22:41,287 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Module Hierarchy: saml2
2016-01-28 18:22:56,876 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-plugin-user-authenticator-saml2-4.7.1.jar!/META-INF/cloudstack/saml2/spring-saml2-context.xml]
2016-01-28 18:22:56,876 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml]
2016-01-28 18:22:56,876 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/core/spring-core-lifecycle-core-context-inheritable.xml]
2016-01-28 18:22:56,876 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/system/spring-core-system-context-inheritable.xml]
2016-01-28 18:22:56,877 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-framework-config-4.7.1.jar!/META-INF/cloudstack/system/spring-framework-config-system-context-inheritable.xml]
2016-01-28 18:22:56,877 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-plugin-network-contrail-4.7.1.jar!/META-INF/cloudstack/system/spring-contrail-system-context-inheritable.xml]
2016-01-28 18:22:56,877 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loading module context [saml2] from URL [jar:file:/usr/share/cloudstack-management/webapps/client/WEB-INF/lib/cloud-core-4.7.1.jar!/META-INF/cloudstack/bootstrap/spring-bootstrap-context-inheritable.xml]
2016-01-28 18:22:56,991 DEBUG [o.a.c.f.c.i.ConfigDepotImpl] (main:null) (logid:) Retrieving keys from SAML2AuthManagerImpl
2016-01-28 18:22:57,012 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) (logid:) Registering extension [SAML2] in [User Authenticators Registry]
2016-01-28 18:22:57,012 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) (logid:) Registered org.apache.cloudstack.saml.SAML2UserAuthenticator@573410b6
2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) (logid:) Registering extension [SAML2Auth] in [Pluggable A P I Authenticators Registry]
2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) (logid:) Registered org.apache.cloudstack.saml.SAML2AuthManagerImpl@3a678371
2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) (logid:) Registering extension [SAML2] in [User Password Encoders Registry]
2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) (logid:) Registered org.apache.cloudstack.saml.SAML2UserAuthenticator@573410b6
2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.ExtensionRegistry] (main:null) (logid:) Registering extension [SAML2Auth] in [Api Commands Registry]
2016-01-28 18:22:57,014 DEBUG [o.a.c.s.l.r.RegistryLifecycle] (main:null) (logid:) Registered org.apache.cloudstack.saml.SAML2AuthManagerImpl@3a678371
2016-01-28 18:22:57,017 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Loaded module context [saml2] in 141 ms
2016-01-28 18:23:02,673 DEBUG [c.c.a.ApiServer] (main:null) (logid:) Discovered plugin SAML2AuthManagerImpl
2016-01-28 18:23:02,712 INFO [o.a.c.s.l.r.DumpRegistry] (main:null) (logid:) Registry [User Authenticators Registry] contains [PBKDF2, SHA256SALT, MD5, LDAP, SAML2]
2016-01-28 18:23:02,713 INFO [o.a.c.s.l.r.DumpRegistry] (main:null) (logid:) Registry [Pluggable A P I Authenticators Registry] contains [SAML2Auth]
2016-01-28 18:23:02,713 INFO [o.a.c.s.l.r.DumpRegistry] (main:null) (logid:) Registry [User Password Encoders Registry] contains [PBKDF2, SHA256SALT, SAML2]
2016-01-28 18:23:02,715 DEBUG [o.a.c.d.ApiDiscoveryServiceImpl] (main:null) (logid:) getting api commands of service: org.apache.cloudstack.saml.SAML2AuthManagerImpl
2016-01-28 18:23:02,941 INFO [o.a.c.s.m.m.i.DefaultModuleDefinitionSet] (main:null) (logid:) Starting module [saml2]
2016-01-28 18:23:02,942 INFO [o.a.c.s.SAML2AuthManagerImpl] (main:null) (logid:) SAML auth plugin loaded
2016-01-28 18:23:03,747 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (main:null) (logid:) Provided Metadata is not a URL, trying to read metadata file from local path: /etc/cloudstack/management/idpmetadata.xml
2016-01-28 18:23:03,806 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) (logid:) Starting SAML IDP Metadata Refresh Task
2016-01-28 18:23:03,806 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) (logid:) Adding IdP to the list of discovered IdPs: https://idp.scaleninja.com/idp/shibboleth
2016-01-28 18:23:04,092 DEBUG [o.a.c.s.SAML2AuthManagerImpl] (Timer-5:null) (logid:) Finished refreshing SAML Metadata and expiring old auth tokens
2016-01-28 18:23:11,774 DEBUG [c.c.a.ApiServlet] (catalina-exec-21:ctx-6aab7eca) (logid:f93cf9a1) ===START=== 192.168.1.12 -- GET command=listAndSwitchSamlAccount&response=json&_=1454001791786
2016-01-28 18:23:11,781 DEBUG [c.c.a.ApiServlet] (catalina-exec-21:ctx-6aab7eca) (logid:f93cf9a1) Authentication failure: {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only authenticated saml users can request this API"}}
2016-01-28 18:23:11,782 DEBUG [c.c.a.ApiServlet] (catalina-exec-21:ctx-6aab7eca) (logid:f93cf9a1) ===END=== 192.168.1.12 -- GET command=listAndSwitchSamlAccount&response=json&_=1454001791786
2016-01-28 18:23:24,598 DEBUG [c.c.a.ApiServlet] (catalina-exec-10:ctx-b9e7ced4) (logid:114f0db8) ===START=== 192.168.1.12 -- GET command=samlSso&idpid=https://idp.scaleninja.com/idp/shibboleth&response=json
2016-01-28 18:23:24,623 DEBUG [o.a.c.a.c.SAML2LoginAPIAuthenticatorCmd] (catalina-exec-10:ctx-b9e7ced4) (logid:114f0db8) Sending SAMLRequest id=82g5fbvlve8eg4irbfv15i6ku6h626ah
2016-01-28 18:23:24,854 DEBUG [c.c.a.ApiServlet] (catalina-exec-10:ctx-b9e7ced4) (logid:114f0db8) ===END=== 192.168.1.12 -- GET command=samlSso&idpid=https://idp.scaleninja.com/idp/shibboleth&response=json
2016-01-28 18:23:32,746 DEBUG [c.c.a.ApiServlet] (catalina-exec-6:ctx-30dd9192) (logid:9a27f021) ===START=== 192.168.1.12 -- POST command=samlSso
2016-01-28 18:23:32,868 DEBUG [o.a.c.a.c.SAML2LoginAPIAuthenticatorCmd] (catalina-exec-6:ctx-30dd9192) (logid:9a27f021) Received SAMLResponse in response to id=82g5fbvlve8eg4irbfv15i6ku6h626ah
2016-01-28 18:23:33,021 DEBUG [o.a.c.s.SAMLUtils] (catalina-exec-6:ctx-30dd9192) (logid:9a27f021) SAML attribute name: urn:oid:0.9.2342.19200300.100.1.1 friendly-name:uid value:bhaisaab
2016-01-28 18:23:33,027 DEBUG [o.a.c.s.SAML2UserAuthenticator] (catalina-exec-6:ctx-30dd9192) (logid:9a27f021) Trying SAML2 auth for user: bhaisaab
2016-01-28 18:23:33,075 DEBUG [c.c.a.ApiServlet] (catalina-exec-6:ctx-30dd9192) (logid:9a27f021) ===END=== 192.168.1.12 -- POST command=samlSso
2016-01-28 18:23:33,647 DEBUG [c.c.a.ApiServlet] (catalina-exec-16:ctx-dfd79bf5) (logid:f01ab9f9) ===START=== 192.168.1.12 -- GET command=listAndSwitchSamlAccount&response=json&_=1454001813660
2016-01-28 18:23:33,654 DEBUG [c.c.a.ApiServlet] (catalina-exec-16:ctx-dfd79bf5) (logid:f01ab9f9) ===END=== 192.168.1.12 -- GET command=listAndSwitchSamlAccount&response=json&_=1454001813660
2016-01-28 18:23:38,410 DEBUG [c.c.a.ApiServlet] (catalina-exec-11:ctx-b53034c3) (logid:106746c7) ===START=== 192.168.1.12 -- POST command=listAndSwitchSamlAccount&response=json
2016-01-28 18:23:38,418 DEBUG [c.c.a.ApiServlet] (catalina-exec-11:ctx-b53034c3) (logid:106746c7) Authentication failure: {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":431,"errortext":"User account is not allowed to switch to the requested account"}}
2016-01-28 18:23:38,418 DEBUG [c.c.a.ApiServlet] (catalina-exec-11:ctx-b53034c3) (logid:106746c7) ===END=== 192.168.1.12 -- POST command=listAndSwitchSamlAccount&response=json
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-176780479
@DaanHoogland env issue seems, had to include a new test scope dependency to fix it.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by DaanHoogland <gi...@git.apache.org>.
Github user DaanHoogland commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-176157606
looks good but needs testing, right? might be a runtime issue.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: [4.7+] user-authenticators/saml2: Remove ...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack/pull/1380#issuecomment-176170704
@DaanHoogland sure. There are no imports (git grep org.springframework.security to check) from any part of the codebase and since I had put it in I know for sure it's not at least used by the SAML plugin (which only uses OpenSAML lib). I can help run manual runtime tests since that requires a IdP server next week or later.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---