On Thu, Sep 26, 2013 at 5:26 PM, Prabath Siriwardena <[email protected]>wrote:
> +1 for that.. Only downside - tenant is loaded not on demand.. > That message has to be used with care. Should only send that message during adding user stores. It should not be sent for other cases for which the tenant not being loaded is not a problem. > > Another approach is.. > > Currently the tenant is loaded by looking at the URL.. say for example - > if the url says - /t/wso2.com - this will make wso2.com to be loaded if > it is not loaded already. > > The issue with authentication is - we do not know the tenant of the user > from the URL. > > But client (say the UI which accepts user credentials) knows the tenant of > the user - by the user name (but the backend cannot derive it - as the user > names comes in different places in different scenarios).. > > So - what client can do is - in authentication calls - we send the tenant > domain of the user in an http header - say tenat_domain. > > Now - the interceptor will look in to the URL (most of the cases) and if > no tenant info not there will look in to the tenat_domain http header and > load the corresponding tenant.. > > Thanks & regards, > -Prabath > > > On Thu, Sep 26, 2013 at 5:10 PM, Afkham Azeez <[email protected]> wrote: > >> Hmm... very interesting problem :) >> >> What we could do is this... >> >> We can implement a LoadTenant Cluster message. When that is received, all >> nodes would load the tenants. We can get depsync to follow. That way, every >> node will properly load the new user stores. IS can send this message. >> >> Azeez >> >> >> On Thu, Sep 26, 2013 at 4:56 PM, Pushpalanka Jayawardhana <[email protected] >> > wrote: >> >>> Hi, >>> >>> This with regard to the issue [1], which is a known issue in IS 4.5.0. >>> >>> Issue reproduced with following steps. >>> Set up cluster with two IS nodes (Depsync enabled). >>> Create a tenant(wso2.com) >>> Wait till the tenant is unloaded in the worker node >>> Add a secondary user store in master node >>> Add a user(user1) to secondary user store in master node >>> Try to login from master node, it allows >>> Try to login from this user([email protected]) in worker node, it fails >>> Login as tenant admin and then try to login as user. it allows >>> >>> >>> So as the tenant is unloaded in the worker node, it does not check out >>> the added user store configuration from the SVN repo, hence users in that >>> user store can not login at worker node. >>> >>> Following log can be seen in worker node, >>> {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >>> Received [SynchronizeRepositoryRequest{tenantId=3, tenantDomain='win.com', >>> messageId=203837d4-576b-4929-a0a1-e5efccf15b01} >>> INFO {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >>> Tenant is not loaded. >>> >>> Is there a possibility to load the tenant at this cluster message >>> receipt (if we can check whether it's to sync user stores, to avoid loading >>> tenant at each receipt of cluster message), so that user stores will be >>> checked out at a fair cost? >>> >>> Great to know any better ways to handle this and know your ideas. >>> >>> >>> [1] - https://wso2.org/jira/browse/IDENTITY-1824 >>> >>> Thanks, >>> >>> Pushpalanka Jayawardhana >>> >>> Software Engineer >>> >>> WSO2 Lanka (pvt) Ltd >>> [image: >>> Facebook]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.facebook.com%2Fpushpalanka> >>> [image: >>> Twitter]<http://s.wisestamp.com/links?url=http%3A%2F%2Ftwitter.com%2FPushpalanka> >>> [image: >>> LinkedIn]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D75175642%26trk%3Dtab_pro> >>> [image: >>> Blogger]<http://s.wisestamp.com/links?url=http%3A%2F%2Fpushpalankajaya.blogspot.com%2F> >>> [image: >>> SlideShare]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.slideshare.net%2FPushpalanka> >>> Mobile: +94779716248 >>> >> >> >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>** >> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>** email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
