Hi,
On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena <[email protected]>wrote: > If this is per tenant - you cannot do it via a configuration in the > identity.xml... > > Ideally the tenant admin should have an option in the UI to enable/disable > SelfSignUp and if it is enabled he should be able to specify the default > role or the role list. > If I understood correctly,with current approach SelfSignUp function through UserSelfRegistrationService, is enabled for each tenant and it picks same custom defined role in identity.xml for each tenant. If we are going to support the use-case of ability to configure self signup and its assigning custom roles per tenant basis,we have to move the self-signup config from identity.xml used in "UserSelfRegistrationService" to a registry config. Then the tenant admin can change that config file accordingly from management console which is similar to the tiers.xml usage in APIM. Is there any other better approach of doing this? Else shall we proceed with above change in IS self-signup related code? Thanks; > > Thanks & regards, > -Prabath > > > On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]> wrote: > >> >> >> >> On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika <[email protected]>wrote: >> >>> Hi, >>> >>> I checked the code and found below configuration need to be added to >>> identity.xml,in-order to configure the self signup user's assigning role. >>> >>> <SelfSignUp> >>> <SignUpRole> >>> <Name>test</Name> >>> <External>true</External> >>> </SignUpRole> >>> </SelfSignUp> >>> >>> Addition to configuring custom roles for self registration function,is >>> there a config element to enable/disable self signup functionality? As I >>> found there's no such config.It's based on the users-store read-only >>> mode/not. >>> I'm asking this because, ,in api-manager.xml file also we are keeping a >>> a <selfsignup> section as below.That api-manager.xml contains one >>> additional attribute to enable/disable self signup functionality in running >>> server ,which is not available in the config of identity.xml. If there is a >>> similar config attribute in identity.xml,we can totally deprecate the use >>> of <SelfSignUp> in api-manager.xml and stick only to identity.xml config.. >>> >>> <SelfSignUp> >>> <Enabled>true</Enabled> >>> <SubscriberRoleName>subscriber1</SubscriberRoleName> >>> >>> </SelfSignUp> >>> >>> If there's no such config element available in identity.xml,shall we add >>> such property to <SelfSignUp> config in identity.xml and improve the code >>> of self-signup service based on it,as I feel it's a useful improvement from >>> IS side as well.. Appreciate thoughts on this.. >>> >> >> +1. It is better to have a property to enable/disable in the >> identity.xml. I o not think we can configure multiple roles (multiple >> SignUpRole elements) , If not, we can fix it as well >> >> Thanks. >> Asela. >> >> >>> >>> Thanks; >>> >>> >>> >>> >>> >>> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena >>>> <[email protected]>wrote: >>>> >>>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>>> will add users to the Identity role by default. But, if you want to add >>>>> the >>>>> user to the subscriber role, you can make it configurable. >>>>> >>>> Thanks for pointing it. Wasn't aware that the default role for add >>>> users from "UserSelfRegistrationService" service is configurable.Will >>>> follow this approach without using a separate listener class. >>>> >>>> Thanks; >>>> >>>>> >>>>> Also - with UserSelfRegistrationService - you can specify to which >>>>> user stores you need to add users. >>>>> >>>>> Thanks & regards, >>>>> -Prabath >>>>> >>>>> >>>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika <[email protected]>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> With current WSO2 APIStore self signup functionality,we do support >>>>>> only for super tenant APIStore. We are planning to extend it to support >>>>>> for >>>>>> tenant users as well. >>>>>> >>>>>> With current signup approach, we do two web service calls as; >>>>>> 1) call "UserSelfRegistrationService" to add the user >>>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>>> >>>>>> With above approach,for the 2) call,we need to authenticate and thus >>>>>> need to have admin credentials predefined.But in tenant mode,to do above >>>>>> 2) >>>>>> we cannot keep tenant admin credentials predefined in a config file and >>>>>> use. >>>>>> >>>>>> Thus without doing above 2) web service call,we are going to achieve >>>>>> the role assignment from writing a custom user store listener >>>>>> implementation and do the role-assignment as a PreAddUser operation.This >>>>>> way,it'll not required to keep tenant admin/super admin credentials and >>>>>> will only do one web service call for signup. >>>>>> >>>>>> Appreciate your feedback on this. >>>>>> >>>>>> >>>>>> >>>>>> Thanks; >>>>>> >>>>>> -- >>>>>> Lalaji Sureshika >>>>>> WSO2, Inc.; http://wso2.com/ >>>>>> email: [email protected]; >>>>>> blog: http://lalajisureshika.blogspot.com >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Prabath >>>>> >>>>> Twitter : @prabath >>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>> >>>>> Mobile : +94 71 809 6732 >>>>> >>>>> http://blog.facilelogin.com >>>>> http://blog.api-security.org >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Lalaji Sureshika >>>> WSO2, Inc.; http://wso2.com/ >>>> email: [email protected]; cell: +94 71 608 6811 >>>> blog: http://lalajisureshika.blogspot.com >>>> >>>> >>>> >>> >>> >>> -- >>> Lalaji Sureshika >>> WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; cell: +94 71 608 6811 >>> blog: http://lalajisureshika.blogspot.com >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://blog.api-security.org > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Lalaji Sureshika WSO2, Inc.; http://wso2.com/ email: [email protected]; cell: +94 71 608 6811 blog: http://lalajisureshika.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
