Community
Participate
Working Groups
CFT only supports username & password authentication using local UAA accounts or LDAP - CloudFoundry's one time passcode mechanism (used in SAML setups) can not be used to login. This issue was raised before (https://github.com/cloudfoundry/eclipse-integration-cloudfoundry/issues/36) and is very critical for enterprise customers (with SAML setups). This requires extending the underlying cf-java-client with support for SSO passcode auth; we already created a PR for it (https://github.com/cloudfoundry/cf-java-client/pull/317), but it was not accepted since the maintainers were planning to include it in their future v2 anyway. At the moment, we are using a CFT fork which we extended with the SSO functionality: https://github.com/pecko/cft This uses the forked cf-java-client, so it can not be directly merged; but it can serve as a starting point to integrate. Is supporting this mechanism planned for the future? Can we support you, i.e. by extending the underlying cf-java-client or CFT directly?
Thanks for raising this issue. The current version of CFT 1.0 uses a modified v1 version of cf-java-client that we maintain separately here: https://github.com/nierajsingh/cf-java-client/commits/cft-1.0.0-java-client-1.1.4-patch For CFT 1.0, we will not be updating to v2 version of the client until after Eclipse Neon is released. That said, it may still be possible to accept your changes for SAML support into this "patched" v1 client referenced above, as well the Eclipse-side changes in CFT, but unfortunately there is one major obstacle that I mention below. CFT is part of the Eclipse Simultaneous Release, and our release schedule is aligned with that of Eclipse, as listed here in our project page plan: https://projects.eclipse.org/projects/ecd.cft/releases/1.0-neon/plan Unfortunately, we are approaching the end of the Neon release cycle, and the legal work for accepting external party contribution into CFT 1.0 has already been completed, as it requires review from the Eclipse legal department ahead of time. I need to inquire if it is possible to accept a late contribution from an external party, especially if the contribution is substantial. Chances are unfortunately that we may have to wait until after Eclipse Neon/CFT 1.0 is released on 2016/06/22 before we can accept your contributions. I did briefly see your own fork of CFT (the ssologin branch) and it seems that you have already done the work, both on the client and CFT sides. If it is fine, before starting on a newer, revised Pull Request for CFT with the SAML support for the current release 1.0, if you can wait until I'll inquire if it is still possible to accept this for CFT 1.0. I hope to let you know within a week. If not, would it be fine if we wait until after CFT 1.0 is released? Thank you for the work that you have done so far, and for your patience with this.
I have some additional information on accepting SAML/One Time passcode support into CFT. Due to CFT 1.0 now being at the end of the Eclipse Neon release schedule, unfortunately we won't be able to accept large changes anymore until after CFT 1.0 and Eclipse Neon are released on June 22, 2016. We are now in final stages to complete any last remaining work for CFT and there may not be enough time to get large external contributions into CFT, especially with legal review required as well. That said, it seems that SAML/One Time passcode will be added to the v2 CF Java client by or before the time when CFT 1.0 is released on June 22. Consequently there are two options to explore to add this feature into CFT after 1.0 is released: 1. Wait until CFT adopts v2 CF Java client. It will happen sometime after June 22, and by then One Time passcode support should be in v2 client. However, because of the heavy work required on the CFT side to adopt v2, we do not have a concrete date or timeframe when v2 will be adopted by CFT. 2. Since we know v2 will have One Time passcode support sooner than later, for the time being, while we wait to transition from v1 to v2 on the CFT side, we can accept SAML/One Time support into the customized v1 CF Java client that CFT uses: https://github.com/nierajsingh/cf-java-client/commits/cft-1.0.0-java-client-1.1.4-patch We would be able to patch our v1 client with One Time support right after June 22. That way we can have SAML support in CFT sooner without having to wait for v2 to be adopted by CFT, and we shouldn't need to worry about losing support for SAML/One Time passcode when we transition to v2 later in the future, since by then v2 will also have this feature. Please let us know which option you like to pursue. Thank you for your patience.
Thanks for the additional info. We would like to pursue the second option; this way, we can integrate our changes into the mainline as soon as possible.
We have now completed all the work for CFT 1.0 Neon and will soon be opening our master branch for new "post-Neon" contributions on June 13. We have an "IFIX" release of CFT 1.0, that contains some critical changes not included in Neon, scheduled for June 22. Deadline to include new feature for this "IFIX" is June 20. Although the IFIX release cycle is very short, this would be the first new opportunity to include new features that did not make it into CFT 1.0 Neon release. Please let us know if you'd like to aim to include SAML support for the June 20 deadline. If it's not enough time, we will have further milestones available after June 22 but prior to Neon SR1, so there will be other upcoming opportunities to include this feature into CFT without having to wait too long for Neon SR1.
Unfortunately, this is not enough time. Can you tell us the next deadline so we can plan accordingly? I assume the integration would consist of this tasks on our side: 1.) Pull Request with passcode support for this branch of the library: https://github.com/nierajsingh/cf-java-client/tree/cft-1.0.0-java-client-1.1.4-patch 2.) Pull Request with passcode support for eclipse/cft. Which branch/tag should we make the PR against?
We are currently in the process of evaluating both pieces to see if it is easy enough for us to include both of them on the June 22 ifix release. If that all goes well, then you don't have to create a new PR on that. We'll just do the work based on your previous PR. We'll keep you informed to see how it goes.
Hi Matthias, thanks for your contributions! We adopted the CF Java Client code changes with this pull request earlier today (https://github.com/nierajsingh/cf-java-client/commit/eaeda65ca26496503a08094e36a51b92f19ff714). I am now working on integrating the Eclipse CFT (UI and Core) contributions, which will be partially based on the pre-existing Github fork mentioned in comment 1. Can you confirm the email address you used for Eclipse CLA (contributor license agreement) is the same as your Bugzilla email? (eg your first and last name, m.w@swisscom.com).
Hi Jonathan This is great news, thanks for your effort! I can confirm that the bugzilla email address is the same I used for the Eclipse CLA. -Matthias
Created attachment 262540 [details] Matthias' Initial Eclipse CFT contribution
GitHub Pull Request 22 created by [jgwest] https://github.com/eclipse/cft/pull/22
We've pushed this new feature to CFT master branch, and it has also been published in 1.0.1.M2. Update site for 1.0.1.M2 is: http://download.eclipse.org/cft/1.0.1.M2/ Its also available from the CFT nightly build. http://download.eclipse.org/cft/nightly/ If there are any bugs or changes to make, please raise new bugzilla tickets. Thanks for doing the initial work.
