You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by GitBox <gi...@apache.org> on 2020/03/31 22:54:02 UTC
[GitHub] [sling-whiteboard] cmrockwell opened a new pull request #51: SAML2
Service Provider Pull Request
cmrockwell opened a new pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51
The intent of this PR is to get it reviewed and provide me with valuable feedback about making it better, and ideally getting direct support from Sling Developers.
It should work with minimal configurations.
**Apache Felix JAAS Configuration Factory**
jaas.controlFlag=sufficient
jaas.ranking=110
jaas.realmName=jackrabbit.oak
jaas.classname=org.apache.sling.auth.saml2.sync.Saml2LoginModule
**Service User & Mapping**
Create a user saml2-user-mgt, and grant the user jcr:all access to /home
Create a Service Mapping
org.apache.sling.auth.saml2:Saml2UserMgtService=saml2-user-mgt
**SAML2 Service Provider (SP) Configuration**
Defaults should be good. But the config does need to be saved
path=http://localhost:8080/
entityID=http://localhost:8080/
saml2userIDAttr=username
saml2userIDAttr=/home/users/saml
saml2groupMembershipAttr=urn:oid:2.16.840.1.113719.1.1.4.1.25
saml2SessionAttr=saml2AuthInfo
saml2IDPDestination=http://localhost:8080/idp/profile/SAML2/Redirect/SSO
saml2SPEnabled=true
**Open Questions that I need help with**
1) Keystore (/resource/SPKeystore.jks) is hard-coded. Can you make any recommendation or refer me to reference projects that would make this configurable?
2) I tried over and over to understand how to make use of Oak's External Identity Provider, External Login Module, and User Sync. If this is really important to do and some developer could help, I would really appreciate it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on issue #51: SAML2 Service
Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-613655389
Thanks, that's kind Robert.
The demo IDP doesn't offer much if any value to end users. If it creates confusion, uncertainty or concern; then there is no reason to push it. As a developer, I can push it as a separate bundle to my localhost if I want.
The demo IDP has been removed, so please take a look if things look a little cleaner now.
Cris
On Tue, Apr 14, 2020 at 3:20 AM, Robert Munteanu<no...@github.com> wrote:
@cmrockwell - if you think the IDP is useful, let's keep it in for now. I am trying to make my review simpler, but if that makes you PR submission harder it does not make sense.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401917612
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
Review comment:
Why do you need to the plugin versions? They should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918649
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+<!-- OpenSAML SOAP-->
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+
+<!-- OpenSAML Dependencies-->
+ <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.59</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ <version>2.3.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ <version>1.7</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/werken-xpath/werken-xpath -->
+ <dependency>
+ <groupId>werken-xpath</groupId>
+ <artifactId>werken-xpath</artifactId>
+ <version>0.9.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xalan/xalan -->
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xml-resolver/xml-resolver -->
+ <dependency>
+ <groupId>xml-resolver</groupId>
+ <artifactId>xml-resolver</artifactId>
+ <version>1.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/jaxen/jaxen -->
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xom/xom -->
+ <dependency>
+ <groupId>xom</groupId>
+ <artifactId>xom</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.joda/joda-convert -->
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-convert</artifactId>
+ <version>2.2.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.relaxng/com.springsource.org.relaxng.datatype -->
+ <dependency>
+ <groupId>org.relaxng</groupId>
+ <artifactId>com.springsource.org.relaxng.datatype</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
+<!-- JavaEE -->
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Sling Dependencies-->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.auth.core</artifactId>
+ <version>1.3.26</version>
+ <scope>provided</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api -->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.16.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.jcr.api</artifactId>
+ <version>2.4.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OAK
+NOTE: Make sure your instance provides this bundle!
+-->
+<!-- https://mvnrepository.com/artifact/org.apache.jackrabbit/oak-auth-external -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-auth-external</artifactId>
+ <version>1.6.1</version>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OSGI Annotations-->
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.annotation</artifactId>
+ <version>6.0.1</version>
Review comment:
This version and scope should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r405729678
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
Review comment:
I made the change to bnd-maven-plugin
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on issue #51: SAML2 Service
Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-611539465
I've been thinking some more about how to make sure the reviews are productive and reduce the time needed to get this into the whiteboard.
The idea I came up with takes two complementary approaches:
1. Simplify testing
1. Reduce the amount of submitted code
For item 1 I suggest that you provide a docker script or docker-compose setup that launches a SAML-enable identity provider. One idea would be [Keycloak with Docker](https://www.keycloak.org/getting-started/getting-started-docker), but I admit I'm not at all familiar with identity providers to offer an informed suggestion.
This would allow you to drop ~400 LOC in the `idp` package and maybe some other parts that are only used from there.
For item 2 item 1 already helps :-) I think you can start with submitting the minimal functionality that works - and I get that is the AuthenticationHandler.
I see code for the ExternalIdentityProvider and LoginModule as well. If that is not needed for the basic login flow, I would suggest submitting them as follow-up PRs once we merge the initial one.
I also see a potential of dropping some code with the TokenStore class. You mention it's derived from the class in the `o.a.s.auth.form` bundle. Maybe that's something we can export, or you can inline the class in this bundle. The code looks quite complex and is large, I think it's a good idea to keep the duplication out of the bundle.
Would that work for you?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404162549
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
Review comment:
Why is this needed?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r405743935
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
Review comment:
After changing to bnd-maven-plugin the noee is gone and everything seems to work with the new bundle.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on issue #51: SAML2 Service
Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-607511880
Thanks for the feedback. I will try to evaluate and respond to your comments about the setup soon.
FYI I'm just now noticing an issue with the tokens and login is not working. So i am trying to analyze this problem which I did not have yesterday...
> 01.04.2020 17:36:02.377 *ERROR* [qtp1839482286-753] org.apache.sling.auth.saml2.TokenStore AuthNCookie value '5772724430d430ef90fe1b5ad3838515042e1c6f@1585791362376@bob' has expired 999985600001ms ago
Meanwhile, I have added a JKS to the file system under sling/keys. It could be used for Jetty https, but I also plan on using this for signing, verifying and encryption/decryption credentials.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918548
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+<!-- OpenSAML SOAP-->
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+
+<!-- OpenSAML Dependencies-->
+ <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.59</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ <version>2.3.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ <version>1.7</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/werken-xpath/werken-xpath -->
+ <dependency>
+ <groupId>werken-xpath</groupId>
+ <artifactId>werken-xpath</artifactId>
+ <version>0.9.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xalan/xalan -->
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xml-resolver/xml-resolver -->
+ <dependency>
+ <groupId>xml-resolver</groupId>
+ <artifactId>xml-resolver</artifactId>
+ <version>1.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/jaxen/jaxen -->
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xom/xom -->
+ <dependency>
+ <groupId>xom</groupId>
+ <artifactId>xom</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.joda/joda-convert -->
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-convert</artifactId>
+ <version>2.2.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.relaxng/com.springsource.org.relaxng.datatype -->
+ <dependency>
+ <groupId>org.relaxng</groupId>
+ <artifactId>com.springsource.org.relaxng.datatype</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
+<!-- JavaEE -->
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Sling Dependencies-->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.auth.core</artifactId>
+ <version>1.3.26</version>
+ <scope>provided</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api -->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.16.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.jcr.api</artifactId>
+ <version>2.4.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OAK
+NOTE: Make sure your instance provides this bundle!
+-->
+<!-- https://mvnrepository.com/artifact/org.apache.jackrabbit/oak-auth-external -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-auth-external</artifactId>
+ <version>1.6.1</version>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OSGI Annotations-->
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
Review comment:
This version and scope should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert edited a comment on issue #51: SAML2
Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert edited a comment on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-613270228
@cmrockwell - if you think the IDP is useful, let's keep it in for now. I am trying to make my review simpler, but if that makes you PR submission harder it does not make sense.
And no, there is no target LOC.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918583
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+<!-- OpenSAML SOAP-->
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+
+<!-- OpenSAML Dependencies-->
+ <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.59</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ <version>2.3.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ <version>1.7</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/werken-xpath/werken-xpath -->
+ <dependency>
+ <groupId>werken-xpath</groupId>
+ <artifactId>werken-xpath</artifactId>
+ <version>0.9.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xalan/xalan -->
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xml-resolver/xml-resolver -->
+ <dependency>
+ <groupId>xml-resolver</groupId>
+ <artifactId>xml-resolver</artifactId>
+ <version>1.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/jaxen/jaxen -->
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xom/xom -->
+ <dependency>
+ <groupId>xom</groupId>
+ <artifactId>xom</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.joda/joda-convert -->
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-convert</artifactId>
+ <version>2.2.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.relaxng/com.springsource.org.relaxng.datatype -->
+ <dependency>
+ <groupId>org.relaxng</groupId>
+ <artifactId>com.springsource.org.relaxng.datatype</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
+<!-- JavaEE -->
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Sling Dependencies-->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.auth.core</artifactId>
+ <version>1.3.26</version>
+ <scope>provided</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api -->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.16.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.jcr.api</artifactId>
+ <version>2.4.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OAK
+NOTE: Make sure your instance provides this bundle!
+-->
+<!-- https://mvnrepository.com/artifact/org.apache.jackrabbit/oak-auth-external -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-auth-external</artifactId>
+ <version>1.6.1</version>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OSGI Annotations-->
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <version>6.0.0</version>
Review comment:
This version and scope should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401917673
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
Review comment:
Why do you need to the plugin versions? They should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r405743109
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
Review comment:
It is a little bit less now at 11MB still heavy. openSAML is not designed for OSGI. If this module advances, I hope to maybe engage the Shibboleth team to create an osgi friendly version in the future, but that is not their priority.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918677
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+<!-- OpenSAML SOAP-->
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+
+<!-- OpenSAML Dependencies-->
+ <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.59</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ <version>2.3.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ <version>1.7</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/werken-xpath/werken-xpath -->
+ <dependency>
+ <groupId>werken-xpath</groupId>
+ <artifactId>werken-xpath</artifactId>
+ <version>0.9.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xalan/xalan -->
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xml-resolver/xml-resolver -->
+ <dependency>
+ <groupId>xml-resolver</groupId>
+ <artifactId>xml-resolver</artifactId>
+ <version>1.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/jaxen/jaxen -->
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xom/xom -->
+ <dependency>
+ <groupId>xom</groupId>
+ <artifactId>xom</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.joda/joda-convert -->
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-convert</artifactId>
+ <version>2.2.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.relaxng/com.springsource.org.relaxng.datatype -->
+ <dependency>
+ <groupId>org.relaxng</groupId>
+ <artifactId>com.springsource.org.relaxng.datatype</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
+<!-- JavaEE -->
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Sling Dependencies-->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.auth.core</artifactId>
+ <version>1.3.26</version>
+ <scope>provided</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api -->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.16.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.jcr.api</artifactId>
+ <version>2.4.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OAK
+NOTE: Make sure your instance provides this bundle!
+-->
+<!-- https://mvnrepository.com/artifact/org.apache.jackrabbit/oak-auth-external -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-auth-external</artifactId>
+ <version>1.6.1</version>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OSGI Annotations-->
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.annotation</artifactId>
+ <version>6.0.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ <version>1.3.0</version>
Review comment:
This version and scope should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404305355
##########
File path: saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
##########
@@ -0,0 +1,661 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.saml2;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.saml2.idp.IDPCredentials;
+import org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl;
+import org.apache.sling.auth.saml2.impl.Saml2Credentials;
+import org.apache.sling.auth.saml2.sp.SPCredentials;
+import org.apache.sling.auth.saml2.sync.Saml2User;
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.*;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.saml.saml2.metadata.Endpoint;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
+import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.wiring.BundleWiring;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import static org.apache.sling.auth.saml2.idp.Saml2IDPServlet.TEST_IDP_ENDPOINT;
+
+
+@Component(
+ service = AuthenticationHandler.class ,
+ name = AuthenticationHandlerSAML2.SERVICE_NAME,
+ configurationPid = "org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl",
+ configurationPolicy = ConfigurationPolicy.REQUIRE,
+ property = {"sling.servlet.methods={GET, POST}",
+ AuthenticationHandler.PATH_PROPERTY+"={}",
+ AuthenticationHandler.TYPE_PROPERTY + "=" + AuthenticationHandlerSAML2.AUTH_TYPE,
+ "service.description=SAML2 Authentication Handler",
+ "service.ranking=42",
Review comment:
Awesome! thanks for the feedback. That makes a big difference, so I think service.ranking should be in the configurations.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404396230
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
Review comment:
I removed the version
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918086
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
Review comment:
You should not need to define the version, it's inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404400439
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
Review comment:
I tried timing it down a bit, but still 16.6MB. Seems the first priority is to go with bnd plugin, and I would really appreciate any help with that I could get. BND seems to have a lot of features that could help reduce the size.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on issue #51: SAML2 Service
Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-612043203
Having a builtin IDP during development was really useful and simplified the setup and testing. I get the point is that there should be another way to test the SP code without the demo IDP. I'm curious whether you tried to test it with the internal IDP. This would be the simplest way.
I thought the mock IDP might potentially help in troubleshooting issues, which is why I considered an enable/disable switch for it. Nevertheless, the internal IDP and Saml2ExternalIdentityProvider can be removed from the PR. It wont work without Saml2LoginModule as it stands today, but let me know what code changes would allow it to work without a login module.
I will keep the internal IDP on a dev branch, because it is so handy. But otherwise could remove some code from the PR. At the same time I still need to add code for a few features.
1. User attribute synchronization: allows setting of user properties like email, given and family names, address, etc based on the data contained in the Assertion.
2. SP metadata provider servlet: this should simply IDP configuration since most IDP's allow
SP's to be registered by inputing the metadata. Without this admins might need to craft the data by hand
There is going to be some code to review because there's a lot involved with implementing a SAML2 Service Provider authentication provider. Do you have a target number for LOC?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r405745042
##########
File path: saml-handler/README.md
##########
@@ -0,0 +1,33 @@
+# Apache Sling SAML2 Handler (NOT FOR PRODUCTION)
+
+This project is intended to be a contribution to the [Apache Sling](https://sling.apache.org) project;
+ it has a SAML2 Service Provider Authentication Handler and the associated SAML2 servlets and utilities.
+It is a work in progress and not production ready!
+
+SP_POST_Request;_IdP_POST_Response
+https://en.wikipedia.org/wiki/SAML_2.0#SP_POST_Request;_IdP_POST_Response
+
+
+
+## This bundle
+- Will allow Sling applications to authenticate users against Identity Providers (idp)
+such as Shibboleth using SAML2 protocols.
+- Will sync of user management based on the SAML2 Assertion and OSGi bundle configs
+ - Sync attributes from the IDP to the User as specified in the bundle OSGi configs
+ - Create the user upon successful IDP authentication
+ - Sync user membership of groups as defined in the OSGi configs
+- Packages
+ - `idp` is a test fixture based on the OpenSAML V3 eBook. It will be useful for minimizing
+ setup for testing purposes. Set to disabled for production.
+ - `sp` is the package for service provider classes, servlets and the
+ Sling authentication handler
+ - `Helpers` static utilities for help using the opensaml library
+
+
+This code is Derivative Works from [webprofile-ref-project-v3](https://bitbucket.org/srasmusson/webprofile-ref-project-v3)
Review comment:
I added a notice file.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401917933
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
Review comment:
These kinds of settings should be available out-of-the-box from the maven-sling-plugin.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401915445
##########
File path: saml-handler/README.md
##########
@@ -0,0 +1,33 @@
+# Apache Sling SAML2 Handler (NOT FOR PRODUCTION)
+
+This project is intended to be a contribution to the [Apache Sling](https://sling.apache.org) project;
+ it has a SAML2 Service Provider Authentication Handler and the associated SAML2 servlets and utilities.
+It is a work in progress and not production ready!
+
+SP_POST_Request;_IdP_POST_Response
+https://en.wikipedia.org/wiki/SAML_2.0#SP_POST_Request;_IdP_POST_Response
+
+
+
+## This bundle
+- Will allow Sling applications to authenticate users against Identity Providers (idp)
+such as Shibboleth using SAML2 protocols.
+- Will sync of user management based on the SAML2 Assertion and OSGi bundle configs
+ - Sync attributes from the IDP to the User as specified in the bundle OSGi configs
+ - Create the user upon successful IDP authentication
+ - Sync user membership of groups as defined in the OSGi configs
+- Packages
+ - `idp` is a test fixture based on the OpenSAML V3 eBook. It will be useful for minimizing
+ setup for testing purposes. Set to disabled for production.
+ - `sp` is the package for service provider classes, servlets and the
+ Sling authentication handler
+ - `Helpers` static utilities for help using the opensaml library
+
+
+This code is Derivative Works from [webprofile-ref-project-v3](https://bitbucket.org/srasmusson/webprofile-ref-project-v3)
Review comment:
Thank you for the note. I am not sure if we need something else, maybe a `NOTICE` file? Something to be discussed on the dev list.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401917111
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
Review comment:
It would be good to note where all of these imports are coming from. I think you're probably embedding too much and need to manually trim the imports. Have you tried using the `Conditional-Package` bnd instruction?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401915926
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
Review comment:
I would suggest moving to the bnd-maven-plugin, as all of Sling is doing that and it makes it simpler for us to maintain and evolve the module.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404161328
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
Review comment:
You don't need to do this _now_, but the bundle is very heavy right now. It's at 18MB in size and embeds 40 jars, including some that should be available as OSGi bundles, e.g. XML parsers, commons-*, guava, metrics. That should be reviewed at some point.
Are the opensaml jars OSGi-aware or is there the potential to make them OSGi-aware?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918716
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+<!-- OpenSAML SOAP-->
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+
+<!-- OpenSAML Dependencies-->
+ <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.59</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ <version>2.3.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ <version>1.7</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/werken-xpath/werken-xpath -->
+ <dependency>
+ <groupId>werken-xpath</groupId>
+ <artifactId>werken-xpath</artifactId>
+ <version>0.9.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xalan/xalan -->
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xml-resolver/xml-resolver -->
+ <dependency>
+ <groupId>xml-resolver</groupId>
+ <artifactId>xml-resolver</artifactId>
+ <version>1.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/jaxen/jaxen -->
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xom/xom -->
+ <dependency>
+ <groupId>xom</groupId>
+ <artifactId>xom</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.joda/joda-convert -->
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-convert</artifactId>
+ <version>2.2.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.relaxng/com.springsource.org.relaxng.datatype -->
+ <dependency>
+ <groupId>org.relaxng</groupId>
+ <artifactId>com.springsource.org.relaxng.datatype</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
+<!-- JavaEE -->
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Sling Dependencies-->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.auth.core</artifactId>
+ <version>1.3.26</version>
+ <scope>provided</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api -->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.16.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.jcr.api</artifactId>
+ <version>2.4.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OAK
+NOTE: Make sure your instance provides this bundle!
+-->
+<!-- https://mvnrepository.com/artifact/org.apache.jackrabbit/oak-auth-external -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-auth-external</artifactId>
+ <version>1.6.1</version>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OSGI Annotations-->
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.annotation</artifactId>
+ <version>6.0.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ <version>1.3.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.metatype.annotations</artifactId>
Review comment:
This version and scope should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401919316
##########
File path: saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
##########
@@ -0,0 +1,661 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.saml2;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.saml2.idp.IDPCredentials;
+import org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl;
+import org.apache.sling.auth.saml2.impl.Saml2Credentials;
+import org.apache.sling.auth.saml2.sp.SPCredentials;
+import org.apache.sling.auth.saml2.sync.Saml2User;
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.*;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.saml.saml2.metadata.Endpoint;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
+import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.wiring.BundleWiring;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import static org.apache.sling.auth.saml2.idp.Saml2IDPServlet.TEST_IDP_ENDPOINT;
+
+
+@Component(
+ service = AuthenticationHandler.class ,
+ name = AuthenticationHandlerSAML2.SERVICE_NAME,
+ configurationPid = "org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl",
+ configurationPolicy = ConfigurationPolicy.REQUIRE,
+ property = {"sling.servlet.methods={GET, POST}",
+ AuthenticationHandler.PATH_PROPERTY+"={}",
+ AuthenticationHandler.TYPE_PROPERTY + "=" + AuthenticationHandlerSAML2.AUTH_TYPE,
+ "service.description=SAML2 Authentication Handler",
+ "service.ranking=42",
Review comment:
Any particular reason for this service.ranking value :-) ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401917432
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
Review comment:
Have you considered adding these entries to the bnd.bnd or pom.xml config of the maven-bundle-plugin?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on issue #51: SAML2 Service
Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-613270228
@cmrockwell - if you think the IDP is useful, let's keep it in for now. I am trying to make my review simpler, but if that makes you PR submission harder it does not make sense.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404399296
##########
File path: saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
##########
@@ -0,0 +1,661 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.saml2;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.saml2.idp.IDPCredentials;
+import org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl;
+import org.apache.sling.auth.saml2.impl.Saml2Credentials;
+import org.apache.sling.auth.saml2.sp.SPCredentials;
+import org.apache.sling.auth.saml2.sync.Saml2User;
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.*;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.saml.saml2.metadata.Endpoint;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
+import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.wiring.BundleWiring;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import static org.apache.sling.auth.saml2.idp.Saml2IDPServlet.TEST_IDP_ENDPOINT;
+
+
+@Component(
+ service = AuthenticationHandler.class ,
+ name = AuthenticationHandlerSAML2.SERVICE_NAME,
+ configurationPid = "org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl",
+ configurationPolicy = ConfigurationPolicy.REQUIRE,
+ property = {"sling.servlet.methods={GET, POST}",
+ AuthenticationHandler.PATH_PROPERTY+"={}",
+ AuthenticationHandler.TYPE_PROPERTY + "=" + AuthenticationHandlerSAML2.AUTH_TYPE,
+ "service.description=SAML2 Authentication Handler",
+ "service.ranking=42",
+ },
+ immediate = true)
Review comment:
If not set to immediate, then after uploading it to /system/console/bundles it is in the 'Installed' state requiring the user to click the Start button to activate the bundle. Either way is fine. I figure if someone is going to upload or install this bundle, then they might want it Active.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401918757
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
+ <Jaas-ModuleClass>org.apache.sling.auth.saml2.sync.Saml2LoginModule</Jaas-ModuleClass>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ <version>2.4.2</version>
+ <configuration>
+ <slingUrl>http://${sling.host}:${sling.port}/system/console</slingUrl>
+ <user>${sling.user}</user>
+ <password>${sling.password}</password>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.rat</groupId>
+ <artifactId>apache-rat-plugin</artifactId>
+ <version>0.13</version>
+ <configuration>
+ <excludes combine.children="append">
+ <exclude>**/dependency-reduced-pom.xml</exclude>
+ <exclude>**/*.vm</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-core</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-xmlsec-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+<!-- OpenSAML SOAP-->
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-soap-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-impl</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+
+
+<!-- OpenSAML Dependencies-->
+ <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.59</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ <version>2.3.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ <version>1.7</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/werken-xpath/werken-xpath -->
+ <dependency>
+ <groupId>werken-xpath</groupId>
+ <artifactId>werken-xpath</artifactId>
+ <version>0.9.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xalan/xalan -->
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xerces/xercesImpl -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xml-resolver/xml-resolver -->
+ <dependency>
+ <groupId>xml-resolver</groupId>
+ <artifactId>xml-resolver</artifactId>
+ <version>1.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/jaxen/jaxen -->
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/xom/xom -->
+ <dependency>
+ <groupId>xom</groupId>
+ <artifactId>xom</artifactId>
+ <version>1.3.4</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.joda/joda-convert -->
+ <dependency>
+ <groupId>org.joda</groupId>
+ <artifactId>joda-convert</artifactId>
+ <version>2.2.1</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.relaxng/com.springsource.org.relaxng.datatype -->
+ <dependency>
+ <groupId>org.relaxng</groupId>
+ <artifactId>com.springsource.org.relaxng.datatype</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
+<!-- JavaEE -->
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- Sling Dependencies-->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.auth.core</artifactId>
+ <version>1.3.26</version>
+ <scope>provided</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api -->
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.api</artifactId>
+ <version>2.16.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>org.apache.sling.jcr.api</artifactId>
+ <version>2.4.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OAK
+NOTE: Make sure your instance provides this bundle!
+-->
+<!-- https://mvnrepository.com/artifact/org.apache.jackrabbit/oak-auth-external -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-auth-external</artifactId>
+ <version>1.6.1</version>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+<!-- OSGI Annotations-->
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.annotation</artifactId>
+ <version>6.0.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ <version>1.3.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.metatype.annotations</artifactId>
+ <version>1.3.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
Review comment:
This version and scope should be inherited from the parent pom.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r405741387
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
+ </instructions>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-sling-plugin</artifactId>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+ <manifestEntries>
Review comment:
I tried taking this suggestion using bnd-maven-plugin without maven-jar-plugin. The doc https://github.com/bndtools/bnd/tree/master/maven/bnd-maven-plugin suggest it is typical to use maven-jar-plugin. I tried removing it but could not make it result in a OSGI bundle. If this is important please provide a little bit more detail. Thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] kwin commented on a change in pull request #51:
SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
kwin commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r403692979
##########
File path: saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
##########
@@ -0,0 +1,661 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.saml2;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.saml2.idp.IDPCredentials;
+import org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl;
+import org.apache.sling.auth.saml2.impl.Saml2Credentials;
+import org.apache.sling.auth.saml2.sp.SPCredentials;
+import org.apache.sling.auth.saml2.sync.Saml2User;
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.*;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.saml.saml2.metadata.Endpoint;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
+import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.wiring.BundleWiring;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import static org.apache.sling.auth.saml2.idp.Saml2IDPServlet.TEST_IDP_ENDPOINT;
+
+
+@Component(
+ service = AuthenticationHandler.class ,
+ name = AuthenticationHandlerSAML2.SERVICE_NAME,
+ configurationPid = "org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl",
+ configurationPolicy = ConfigurationPolicy.REQUIRE,
+ property = {"sling.servlet.methods={GET, POST}",
+ AuthenticationHandler.PATH_PROPERTY+"={}",
+ AuthenticationHandler.TYPE_PROPERTY + "=" + AuthenticationHandlerSAML2.AUTH_TYPE,
+ "service.description=SAML2 Authentication Handler",
+ "service.ranking=42",
Review comment:
`service.ranking` is supposed to be an int! If it is a String is it not effective!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r403347194
##########
File path: saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
##########
@@ -0,0 +1,661 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.saml2;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.saml2.idp.IDPCredentials;
+import org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl;
+import org.apache.sling.auth.saml2.impl.Saml2Credentials;
+import org.apache.sling.auth.saml2.sp.SPCredentials;
+import org.apache.sling.auth.saml2.sync.Saml2User;
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.*;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.saml.saml2.metadata.Endpoint;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
+import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.wiring.BundleWiring;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import static org.apache.sling.auth.saml2.idp.Saml2IDPServlet.TEST_IDP_ENDPOINT;
+
+
+@Component(
+ service = AuthenticationHandler.class ,
+ name = AuthenticationHandlerSAML2.SERVICE_NAME,
+ configurationPid = "org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl",
+ configurationPolicy = ConfigurationPolicy.REQUIRE,
+ property = {"sling.servlet.methods={GET, POST}",
+ AuthenticationHandler.PATH_PROPERTY+"={}",
+ AuthenticationHandler.TYPE_PROPERTY + "=" + AuthenticationHandlerSAML2.AUTH_TYPE,
+ "service.description=SAML2 Authentication Handler",
+ "service.ranking=42",
Review comment:
haha sort of, yeah. When I first started, I could not get Sling to use this authHandler. I tried high and low numbers, but only the form handler would get used. it seems only path length really has an impact in terms of which authentication handler 'wins' Since the service ranking seemed ineffective, I set it to a low but unique number between 0 and 500 lol
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] rombert commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
rombert commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r401919461
##########
File path: saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
##########
@@ -0,0 +1,661 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.saml2;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.saml2.idp.IDPCredentials;
+import org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl;
+import org.apache.sling.auth.saml2.impl.Saml2Credentials;
+import org.apache.sling.auth.saml2.sp.SPCredentials;
+import org.apache.sling.auth.saml2.sync.Saml2User;
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.*;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.saml.saml2.metadata.Endpoint;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
+import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.wiring.BundleWiring;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import static org.apache.sling.auth.saml2.idp.Saml2IDPServlet.TEST_IDP_ENDPOINT;
+
+
+@Component(
+ service = AuthenticationHandler.class ,
+ name = AuthenticationHandlerSAML2.SERVICE_NAME,
+ configurationPid = "org.apache.sling.auth.saml2.impl.SAML2ConfigServiceImpl",
+ configurationPolicy = ConfigurationPolicy.REQUIRE,
+ property = {"sling.servlet.methods={GET, POST}",
+ AuthenticationHandler.PATH_PROPERTY+"={}",
+ AuthenticationHandler.TYPE_PROPERTY + "=" + AuthenticationHandlerSAML2.AUTH_TYPE,
+ "service.description=SAML2 Authentication Handler",
+ "service.ranking=42",
+ },
+ immediate = true)
Review comment:
Why do you need this set to immediate?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell edited a comment on issue #51: SAML2
Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell edited a comment on issue #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-612043203
Having a built-in IDP during development was really useful and simplified the setup and testing. I get the point is that there should be another way to test the SP code without the demo IDP. I'm curious whether you tried to test it with the internal IDP. This would be the simplest way.
I thought the mock IDP might potentially help in troubleshooting issues, which is why I considered an enable/disable switch for it. Nevertheless, the internal IDP and Saml2ExternalIdentityProvider can be removed from the PR. It wont work without Saml2LoginModule as it stands today, but let me know what code changes would allow it to work without a login module.
I will keep the internal IDP on a dev branch, because it is so handy. But otherwise could remove some code from the PR. At the same time I still need to add code for a few features.
1. User attribute synchronization: allows setting of user properties like email, given and family names, address, etc based on the data contained in the Assertion.
2. SP metadata provider servlet: this should simply IDP configuration since most IDP's allow
SP's to be registered by inputing the metadata. Without this admins might need to craft the data by hand
There is going to be some code to review because there's a lot involved with implementing a SAML2 Service Provider authentication handler. Do you have a target number for LOC?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404350338
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
+ !com.sun.msv.*;resolution:=optional,
+ !com.sun.jdmk.comm;resolution:=optional,
+ sun.io.*;resolution:=optional,
+ com.beust.jcommander*;resolution:=optional,
+ com.google.appengine.api.*;resolution:=optional,
+ com.google.apphosting.api.*;resolution:=optional,
+ com.google.appengine.repackaged.*;resolution:=optional,
+ org.apache.log.*;resolution:=optional,
+ org.apache.oro.text.perl.*;resolution:=optional,
+ antlr.*;resolution:=optional,
+ org.apache.tools.ant.*;resolution:=optional,
+ junit.framework.*;resolution:=optional,
+ org.dom4j.*;resolution:=optional,
+ org.jdom.*;resolution:=optional,
+ org.bouncycastle.*;resolution:=optional,
+ com.sun.org.apache.xerces.internal.*;resolution:=optional,
+ *</Import-Package>
+ <_noee>true</_noee>
Review comment:
If I remove the `_noee` directive, I get the error below and the bundle doesn't activate. I'll take a look at your plugin related questions and circle back to this.
06.04.2020 15:51:23.218 *ERROR* [Background Update org.apache.sling.auth.saml2 (179)] org.apache.felix.http.jetty Cannot install or update bundle from /var/folders/ww/vd006cgx4zgdvvxcfk02b5xr0000gp/T/install2386711195585220288.tmp (org.osgi.framework.BundleException: Unable to resolve org.apache.sling.auth.saml2 [179](R 179.190): missing requirement [org.apache.sling.auth.saml2 [179](R 179.190)] osgi.ee; (&(osgi.ee=JavaSE)(version=9.0)) Unresolved requirements: [[org.apache.sling.auth.saml2 [179](R 179.190)] osgi.ee; (&(osgi.ee=JavaSE)(version=9.0))])
org.osgi.framework.BundleException: Unable to resolve org.apache.sling.auth.saml2 [179](R 179.190): missing requirement [org.apache.sling.auth.saml2 [179](R 179.190)] osgi.ee; (&(osgi.ee=JavaSE)(version=9.0)) Unresolved requirements: [[org.apache.sling.auth.saml2 [179](R 179.190)] osgi.ee; (&(osgi.ee=JavaSE)(version=9.0))]
at org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:4133)
at org.apache.felix.framework.Felix.startBundle(Felix.java:2118)
at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:998)
at org.apache.felix.webconsole.internal.core.BaseUpdateInstallHelper.run(BaseUpdateInstallHelper.java:192)
at java.lang.Thread.run(Thread.java:748)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r404400439
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
Review comment:
I tried timing it down a bit, but still 16.6MB. Seems the first priority is to go with bnd plugin, and I would really appreciate any help help with that I could get. BND seems to have a lot of features that could help reduce the size.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [sling-whiteboard] cmrockwell commented on a change in pull request
#51: SAML2 Service Provider Pull Request
Posted by GitBox <gi...@apache.org>.
cmrockwell commented on a change in pull request #51: SAML2 Service Provider Pull Request
URL: https://github.com/apache/sling-whiteboard/pull/51#discussion_r405730868
##########
File path: saml-handler/pom.xml
##########
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>sling</artifactId>
+ <version>37</version>
+ <relativePath />
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.sling.auth</groupId>
+ <artifactId>saml2</artifactId>
+ <version>0.1.0-SNAPSHOT</version>
+ <name>SAML2 Service Provider</name>
+
+ <properties>
+ <opensaml.version>3.4.3</opensaml.version>
+ <sling.host>localhost</sling.host>
+ <sling.port>8080</sling.port>
+ <sling.user>admin</sling.user>
+ <sling.password>admin</sling.password>
+ </properties>
+
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>3.5.0</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>org.apache.sling.auth.saml2.Activator</Bundle-Activator>
+ <Embed-Dependency>*;scope=compile|runtime;</Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Embed-Directory>target/dependency</Embed-Directory>
+ <Embed-StripGroup>true</Embed-StripGroup>
+ <Import-Package>
+ !sun.misc;resolution:=optional,
Review comment:
I could not figure out how to get this bundle to build using Conditional-Package. I made the change to bnd at least.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services