Hi All, I think it's quite acceptable if the users of the newly added userstore are not being able to login within a timeframe (like 5 min in production) . So what if we send the LoadTenant Cluster messages to the worker nodes after a new userstore is being added, after the worker nodes have loaded the tenants within that time frame, the users will be able to login.
Thanks, -Suresh On Thu, Sep 26, 2013 at 7:17 PM, Pushpalanka Jayawardhana <[email protected]>wrote: > > Thanks, > > Pushpalanka Jayawardhana > > Software Engineer > > WSO2 Lanka (pvt) Ltd > [image: > Facebook]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.facebook.com%2Fpushpalanka> > [image: > Twitter]<http://s.wisestamp.com/links?url=http%3A%2F%2Ftwitter.com%2FPushpalanka> > [image: > LinkedIn]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D75175642%26trk%3Dtab_pro> > [image: > Blogger]<http://s.wisestamp.com/links?url=http%3A%2F%2Fpushpalankajaya.blogspot.com%2F> > [image: > SlideShare]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.slideshare.net%2FPushpalanka> > Mobile: +94779716248 > > > On Thu, Sep 26, 2013 at 5:26 PM, Prabath Siriwardena <[email protected]>wrote: > >> +1 for that.. Only downside - tenant is loaded not on demand.. >> >> Another approach is.. >> >> Currently the tenant is loaded by looking at the URL.. say for example - >> if the url says - /t/wso2.com - this will make wso2.com to be loaded if >> it is not loaded already. >> >> The issue with authentication is - we do not know the tenant of the user >> from the URL. >> >> But client (say the UI which accepts user credentials) knows the tenant >> of the user - by the user name (but the backend cannot derive it - as the >> user names comes in different places in different scenarios).. >> >> So - what client can do is - in authentication calls - we send the tenant >> domain of the user in an http header - say tenat_domain. >> >> Now - the interceptor will look in to the URL (most of the cases) and if >> no tenant info not there will look in to the tenat_domain http header and >> load the corresponding tenant.. >> > > Thanks a lot for the ideas.. > Won't it be late to load the tenant at this moment? As the changes needs > to be checked out from the repo , for authentication to be successful, are > we to hold the decision using some mechanism till the check out completes? > >> >> Thanks & regards, >> -Prabath >> >> >> On Thu, Sep 26, 2013 at 5:10 PM, Afkham Azeez <[email protected]> wrote: >> >>> Hmm... very interesting problem :) >>> >>> What we could do is this... >>> >>> We can implement a LoadTenant Cluster message. When that is received, >>> all nodes would load the tenants. We can get depsync to follow. That way, >>> every node will properly load the new user stores. IS can send this message. >>> >>> Azeez >>> >>> >>> On Thu, Sep 26, 2013 at 4:56 PM, Pushpalanka Jayawardhana < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> This with regard to the issue [1], which is a known issue in IS 4.5.0. >>>> >>>> Issue reproduced with following steps. >>>> Set up cluster with two IS nodes (Depsync enabled). >>>> Create a tenant(wso2.com) >>>> Wait till the tenant is unloaded in the worker node >>>> Add a secondary user store in master node >>>> Add a user(user1) to secondary user store in master node >>>> Try to login from master node, it allows >>>> Try to login from this user([email protected]) in worker node, it fails >>>> Login as tenant admin and then try to login as user. it allows >>>> >>>> >>>> So as the tenant is unloaded in the worker node, it does not check out >>>> the added user store configuration from the SVN repo, hence users in that >>>> user store can not login at worker node. >>>> >>>> Following log can be seen in worker node, >>>> {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >>>> Received [SynchronizeRepositoryRequest{tenantId=3, tenantDomain=' >>>> win.com', messageId=203837d4-576b-4929-a0a1-e5efccf15b01} >>>> INFO {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >>>> Tenant is not loaded. >>>> >>>> Is there a possibility to load the tenant at this cluster message >>>> receipt (if we can check whether it's to sync user stores, to avoid loading >>>> tenant at each receipt of cluster message), so that user stores will be >>>> checked out at a fair cost? >>>> >>>> Great to know any better ways to handle this and know your ideas. >>>> >>>> >>>> [1] - https://wso2.org/jira/browse/IDENTITY-1824 >>>> >>>> Thanks, >>>> >>>> Pushpalanka Jayawardhana >>>> >>>> Software Engineer >>>> >>>> WSO2 Lanka (pvt) Ltd >>>> [image: >>>> Facebook]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.facebook.com%2Fpushpalanka> >>>> [image: >>>> Twitter]<http://s.wisestamp.com/links?url=http%3A%2F%2Ftwitter.com%2FPushpalanka> >>>> [image: >>>> LinkedIn]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D75175642%26trk%3Dtab_pro> >>>> [image: >>>> Blogger]<http://s.wisestamp.com/links?url=http%3A%2F%2Fpushpalankajaya.blogspot.com%2F> >>>> [image: >>>> SlideShare]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.slideshare.net%2FPushpalanka> >>>> Mobile: +94779716248 >>>> >>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Suresh Attanayake Senior Software Engineer; WSO2 Inc. http://wso2.com/ Blog : http://sureshatt.blogspot.com/ Web : http://www.ssoarcade.com/ Facebook : https://www.facebook.com/IdentityWorld Twitter : https://twitter.com/sureshatt LinkedIn : http://lk.linkedin.com/in/sureshatt Mobile : +94755012060 Mobile : +01-616-617-1172
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
