+1 Thanks & regards, -Prabath
On Wed, Jan 22, 2014 at 7:29 PM, Lalaji Sureshika <[email protected]> wrote: > Hi, > > > On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena <[email protected]>wrote: > >> If this is per tenant - you cannot do it via a configuration in the >> identity.xml... >> >> Ideally the tenant admin should have an option in the UI to >> enable/disable SelfSignUp and if it is enabled he should be able to specify >> the default role or the role list. >> > > If I understood correctly,with current approach SelfSignUp function > through UserSelfRegistrationService, is enabled for each tenant and it > picks same custom defined role in identity.xml for each tenant. If we are > going to support the use-case of ability to configure self signup and its > assigning custom roles per tenant basis,we have to move the self-signup > config from identity.xml used in "UserSelfRegistrationService" to a > registry config. > Then the tenant admin can change that config file accordingly from > management console which is similar to the tiers.xml usage in APIM. > Is there any other better approach of doing this? Else shall we proceed > with above change in IS self-signup related code? > > Thanks; > >> >> Thanks & regards, >> -Prabath >> >> >> On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]> wrote: >> >>> >>> >>> >>> On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> I checked the code and found below configuration need to be added to >>>> identity.xml,in-order to configure the self signup user's assigning role. >>>> >>>> <SelfSignUp> >>>> <SignUpRole> >>>> <Name>test</Name> >>>> <External>true</External> >>>> </SignUpRole> >>>> </SelfSignUp> >>>> >>>> Addition to configuring custom roles for self registration function,is >>>> there a config element to enable/disable self signup functionality? As I >>>> found there's no such config.It's based on the users-store read-only >>>> mode/not. >>>> I'm asking this because, ,in api-manager.xml file also we are keeping a >>>> a <selfsignup> section as below.That api-manager.xml contains one >>>> additional attribute to enable/disable self signup functionality in running >>>> server ,which is not available in the config of identity.xml. If there is a >>>> similar config attribute in identity.xml,we can totally deprecate the use >>>> of <SelfSignUp> in api-manager.xml and stick only to identity.xml config.. >>>> >>>> <SelfSignUp> >>>> <Enabled>true</Enabled> >>>> <SubscriberRoleName>subscriber1</SubscriberRoleName> >>>> >>>> </SelfSignUp> >>>> >>>> If there's no such config element available in identity.xml,shall we >>>> add such property to <SelfSignUp> config in identity.xml and improve the >>>> code of self-signup service based on it,as I feel it's a useful improvement >>>> from IS side as well.. Appreciate thoughts on this.. >>>> >>> >>> +1. It is better to have a property to enable/disable in the >>> identity.xml. I o not think we can configure multiple roles (multiple >>> SignUpRole elements) , If not, we can fix it as well >>> >>> Thanks. >>> Asela. >>> >>> >>>> >>>> Thanks; >>>> >>>> >>>> >>>> >>>> >>>> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena <[email protected] >>>>> > wrote: >>>>> >>>>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>>>> will add users to the Identity role by default. But, if you want to add >>>>>> the >>>>>> user to the subscriber role, you can make it configurable. >>>>>> >>>>> Thanks for pointing it. Wasn't aware that the default role for add >>>>> users from "UserSelfRegistrationService" service is >>>>> configurable.Will follow this approach without using a separate listener >>>>> class. >>>>> >>>>> Thanks; >>>>> >>>>>> >>>>>> Also - with UserSelfRegistrationService - you can specify to which >>>>>> user stores you need to add users. >>>>>> >>>>>> Thanks & regards, >>>>>> -Prabath >>>>>> >>>>>> >>>>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> With current WSO2 APIStore self signup functionality,we do support >>>>>>> only for super tenant APIStore. We are planning to extend it to support >>>>>>> for >>>>>>> tenant users as well. >>>>>>> >>>>>>> With current signup approach, we do two web service calls as; >>>>>>> 1) call "UserSelfRegistrationService" to add the user >>>>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>>>> >>>>>>> With above approach,for the 2) call,we need to authenticate and thus >>>>>>> need to have admin credentials predefined.But in tenant mode,to do >>>>>>> above 2) >>>>>>> we cannot keep tenant admin credentials predefined in a config file and >>>>>>> use. >>>>>>> >>>>>>> Thus without doing above 2) web service call,we are going to achieve >>>>>>> the role assignment from writing a custom user store listener >>>>>>> implementation and do the role-assignment as a PreAddUser operation.This >>>>>>> way,it'll not required to keep tenant admin/super admin credentials and >>>>>>> will only do one web service call for signup. >>>>>>> >>>>>>> Appreciate your feedback on this. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks; >>>>>>> >>>>>>> -- >>>>>>> Lalaji Sureshika >>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>> email: [email protected]; >>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Twitter : @prabath >>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>> >>>>>> Mobile : +94 71 809 6732 >>>>>> >>>>>> http://blog.facilelogin.com >>>>>> http://blog.api-security.org >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Lalaji Sureshika >>>>> WSO2, Inc.; http://wso2.com/ >>>>> email: [email protected]; cell: +94 71 608 6811 >>>>> blog: http://lalajisureshika.blogspot.com >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Lalaji Sureshika >>>> WSO2, Inc.; http://wso2.com/ >>>> email: [email protected]; cell: +94 71 608 6811 >>>> blog: http://lalajisureshika.blogspot.com >>>> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Asela >>> >>> ATL >>> Mobile : +94 777 625 933 >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Lalaji Sureshika > WSO2, Inc.; http://wso2.com/ > email: [email protected]; cell: +94 71 608 6811 > blog: http://lalajisureshika.blogspot.com > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
