Thanks, Pushpalanka Jayawardhana
Software Engineer WSO2 Lanka (pvt) Ltd [image: Facebook]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.facebook.com%2Fpushpalanka> [image: Twitter]<http://s.wisestamp.com/links?url=http%3A%2F%2Ftwitter.com%2FPushpalanka> [image: LinkedIn]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D75175642%26trk%3Dtab_pro> [image: Blogger]<http://s.wisestamp.com/links?url=http%3A%2F%2Fpushpalankajaya.blogspot.com%2F> [image: SlideShare]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.slideshare.net%2FPushpalanka> Mobile: +94779716248 On Thu, Sep 26, 2013 at 5:26 PM, Prabath Siriwardena <[email protected]>wrote: > +1 for that.. Only downside - tenant is loaded not on demand.. > > Another approach is.. > > Currently the tenant is loaded by looking at the URL.. say for example - > if the url says - /t/wso2.com - this will make wso2.com to be loaded if > it is not loaded already. > > The issue with authentication is - we do not know the tenant of the user > from the URL. > > But client (say the UI which accepts user credentials) knows the tenant of > the user - by the user name (but the backend cannot derive it - as the user > names comes in different places in different scenarios).. > > So - what client can do is - in authentication calls - we send the tenant > domain of the user in an http header - say tenat_domain. > > Now - the interceptor will look in to the URL (most of the cases) and if > no tenant info not there will look in to the tenat_domain http header and > load the corresponding tenant.. > Thanks a lot for the ideas.. Won't it be late to load the tenant at this moment? As the changes needs to be checked out from the repo , for authentication to be successful, are we to hold the decision using some mechanism till the check out completes? > > Thanks & regards, > -Prabath > > > On Thu, Sep 26, 2013 at 5:10 PM, Afkham Azeez <[email protected]> wrote: > >> Hmm... very interesting problem :) >> >> What we could do is this... >> >> We can implement a LoadTenant Cluster message. When that is received, all >> nodes would load the tenants. We can get depsync to follow. That way, every >> node will properly load the new user stores. IS can send this message. >> >> Azeez >> >> >> On Thu, Sep 26, 2013 at 4:56 PM, Pushpalanka Jayawardhana <[email protected] >> > wrote: >> >>> Hi, >>> >>> This with regard to the issue [1], which is a known issue in IS 4.5.0. >>> >>> Issue reproduced with following steps. >>> Set up cluster with two IS nodes (Depsync enabled). >>> Create a tenant(wso2.com) >>> Wait till the tenant is unloaded in the worker node >>> Add a secondary user store in master node >>> Add a user(user1) to secondary user store in master node >>> Try to login from master node, it allows >>> Try to login from this user([email protected]) in worker node, it fails >>> Login as tenant admin and then try to login as user. it allows >>> >>> >>> So as the tenant is unloaded in the worker node, it does not check out >>> the added user store configuration from the SVN repo, hence users in that >>> user store can not login at worker node. >>> >>> Following log can be seen in worker node, >>> {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >>> Received [SynchronizeRepositoryRequest{tenantId=3, tenantDomain='win.com', >>> messageId=203837d4-576b-4929-a0a1-e5efccf15b01} >>> INFO {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >>> Tenant is not loaded. >>> >>> Is there a possibility to load the tenant at this cluster message >>> receipt (if we can check whether it's to sync user stores, to avoid loading >>> tenant at each receipt of cluster message), so that user stores will be >>> checked out at a fair cost? >>> >>> Great to know any better ways to handle this and know your ideas. >>> >>> >>> [1] - https://wso2.org/jira/browse/IDENTITY-1824 >>> >>> Thanks, >>> >>> Pushpalanka Jayawardhana >>> >>> Software Engineer >>> >>> WSO2 Lanka (pvt) Ltd >>> [image: >>> Facebook]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.facebook.com%2Fpushpalanka> >>> [image: >>> Twitter]<http://s.wisestamp.com/links?url=http%3A%2F%2Ftwitter.com%2FPushpalanka> >>> [image: >>> LinkedIn]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D75175642%26trk%3Dtab_pro> >>> [image: >>> Blogger]<http://s.wisestamp.com/links?url=http%3A%2F%2Fpushpalankajaya.blogspot.com%2F> >>> [image: >>> SlideShare]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.slideshare.net%2FPushpalanka> >>> Mobile: +94779716248 >>> >> >> >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>** >> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
