Hi, Is there a web service method to get the tenant domain by providing the user name?
The scenario is the jaggery application might be deployed within a separate carbon container rather than the IS as described in above mails. Therefore calling the PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain() will not provide the correct answer. Regards, Venura On Thu, Oct 10, 2013 at 2:38 PM, Dulanja Liyanage <[email protected]> wrote: > Hi Venura, > > Yes you are correct. I've had a misunderstanding. Thanks. > > Regards > Dulanja. > > > On Thu, Oct 10, 2013 at 12:36 PM, Venura Kahawala <[email protected]> wrote: > >> Hi Dulanja, >> >> AFAIK if we use TLS, message will be encrypted and only the server will >> be able to decrypt the message since TLS key is shared between only the >> client (browser) and server. This is because at the time of symmetric key >> exchange, client encrypt the key with the server's public key and send that >> to the server . Anyway we are not going to use request redirection but a >> POST request. >> >> >> Regards, >> Venura >> >> >> On Thu, Oct 10, 2013 at 11:56 AM, Dulanja Liyanage <[email protected]>wrote: >> >>> Ah, but i guess the jaggery app and the Authentication Framework would >>> be in the same machine, then this won't be a prob if we use LAN address for >>> the POST >>> >>> >>> On Thu, Oct 10, 2013 at 11:51 AM, Dulanja Liyanage <[email protected]>wrote: >>> >>>> The problem of sending a POST outside of the internal network is anyone >>>> can grab the credentials during wire transfer (if not secured with HTTPS) >>>> or at transits (even if secured with HTTPS). Then we need to consider about >>>> encryption. >>>> >>>> >>>> On Wed, Oct 9, 2013 at 10:09 PM, Johann Nallathamby <[email protected]>wrote: >>>> >>>>> Hi Venura, >>>>> >>>>> This should be done using the application authentication framework we >>>>> have. As we will be migrating our carbon authenticators also to this it is >>>>> best to use this framework. >>>>> >>>>> All you need to do is get the username and password of the user (if >>>>> you are using Basic Authentication) and do a POST to the commonauth >>>>> servlet. This way the authentication mechanism is independent from your >>>>> webapp. Only thing is currently we don't have an authenticator that calls >>>>> the IS webservice APIs for authentication. This could be easily done by >>>>> writing a new authenticator. Curently we have a Basic Auth authenticator >>>>> which authenticates with the underlying user store and a SAML SSO >>>>> authenticator for doing Single-Sign-On. >>>>> >>>>> >>>>> On Wed, Oct 9, 2013 at 7:32 PM, Venura Kahawala <[email protected]>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I'm now implementing the log in functionality for the My-Identity >>>>>> app. As per my understanding current user management functionality >>>>>> implemented within jaggery uses OSGI services. This is correct if the >>>>>> mentioned application is only deployed within the IS server and therefore >>>>>> my-identity app is connected to the same user store as the IS. But if we >>>>>> deploy the application within an AS, the scenario might be different. >>>>>> >>>>>> This is also acceptable if the AS and IS both connects to the same >>>>>> user store. But in some scenarios these two server might not be >>>>>> connected >>>>>> to the same user store. >>>>>> For example, IS and user store is located within the internal network >>>>>> while AS is located outside the internal network and AS is not connected >>>>>> to >>>>>> the internal user store. But still we need to deploy the my-identity app >>>>>> within the AS since this application is exposed to the end users. >>>>>> >>>>>> If we need our application to cater above requirement we need to >>>>>> implement the log in functionality using web services. >>>>>> >>>>>> Please correct me if I'm wrong. >>>>>> >>>>>> Regards, >>>>>> Venura >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Sep 24, 2013 at 11:39 AM, Venura Kahawala <[email protected]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> We are in the process of moving the below UI features out from the >>>>>>> IS management console. >>>>>>> >>>>>>> 1. My Profiles >>>>>>> 2. Account Recovery >>>>>>> 3. My Authorized apps >>>>>>> 4. OpenID >>>>>>> 5. My SCIM Providers >>>>>>> 6. Multifactor Authentication >>>>>>> 7. Sign-up >>>>>>> >>>>>>> >>>>>>> A jaggery application will be implemented with the above mentioned >>>>>>> features and deployed within IS server. This application can be accessed >>>>>>> via a different port. High level architecture diagram can be seen here >>>>>>> [1]. >>>>>>> >>>>>>> Jaggery application will be implemented ad-hearing to the caramel >>>>>>> framework. >>>>>>> >>>>>>> [1] >>>>>>> https://docs.google.com/a/wso2.com/drawings/d/1jQsKbSVnH3cHCKkNjaLqr9cBARk0pD04RLPGgid4R7M/edit?usp=sharing >>>>>>> >>>>>>> Please share your thoughts. >>>>>>> >>>>>>> Regards, >>>>>>> Venura >>>>>>> >>>>>>> -- >>>>>>> Senior Software Engineer >>>>>>> >>>>>>> Mobile: +94 71 82 300 20 >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Senior Software Engineer >>>>>> >>>>>> Mobile: +94 71 82 300 20 >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Senior Software Engineer >>>>> Integration Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+94777776950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Dulanja Liyanage >>>> Senior Software Engineer - WSO2 Inc. >>>> M: +94776764717 >>>> >>> >>> >>> >>> -- >>> Dulanja Liyanage >>> Senior Software Engineer - WSO2 Inc. >>> M: +94776764717 >>> >> >> >> >> -- >> Senior Software Engineer >> >> Mobile: +94 71 82 300 20 >> >> > > > -- > Dulanja Liyanage > Senior Software Engineer - WSO2 Inc. > M: +94776764717 > -- Senior Software Engineer Mobile: +94 71 82 300 20
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
