Currently Identity Server has no such config in identity.xml There are no customers using this feature with tenants.. so very less migration cost...
Thanks & regards, -Prabath On Wed, Jan 22, 2014 at 9:09 PM, Sumedha Rubasinghe <[email protected]>wrote: > Prabath, > Is there any other planned way of supporting self sign up(and associated > role)? > For example is this the same way agreed for social features we are going > to add to UES? > > If we move this element from identity.xml into registry as Lalaji > suggested, what will be the migration impliction for existing customers? > On Jan 22, 2014 7:46 PM, "Prabath Siriwardena" <[email protected]> wrote: > >> +1 >> >> Thanks & regards, >> -Prabath >> >> >> On Wed, Jan 22, 2014 at 7:29 PM, Lalaji Sureshika <[email protected]>wrote: >> >>> Hi, >>> >>> >>> On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> If this is per tenant - you cannot do it via a configuration in the >>>> identity.xml... >>>> >>>> Ideally the tenant admin should have an option in the UI to >>>> enable/disable SelfSignUp and if it is enabled he should be able to specify >>>> the default role or the role list. >>>> >>> >>> If I understood correctly,with current approach SelfSignUp function >>> through UserSelfRegistrationService, is enabled for each tenant and it >>> picks same custom defined role in identity.xml for each tenant. If we are >>> going to support the use-case of ability to configure self signup and its >>> assigning custom roles per tenant basis,we have to move the self-signup >>> config from identity.xml used in "UserSelfRegistrationService" to a >>> registry config. >>> Then the tenant admin can change that config file accordingly from >>> management console which is similar to the tiers.xml usage in APIM. >>> Is there any other better approach of doing this? Else shall we proceed >>> with above change in IS self-signup related code? >>> >>> Thanks; >>> >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>> On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]>wrote: >>>> >>>>> >>>>> >>>>> >>>>> On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika <[email protected]>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I checked the code and found below configuration need to be added to >>>>>> identity.xml,in-order to configure the self signup user's assigning role. >>>>>> >>>>>> <SelfSignUp> >>>>>> <SignUpRole> >>>>>> <Name>test</Name> >>>>>> <External>true</External> >>>>>> </SignUpRole> >>>>>> </SelfSignUp> >>>>>> >>>>>> Addition to configuring custom roles for self registration >>>>>> function,is there a config element to enable/disable self signup >>>>>> functionality? As I found there's no such config.It's based on the >>>>>> users-store read-only mode/not. >>>>>> I'm asking this because, ,in api-manager.xml file also we are keeping >>>>>> a a <selfsignup> section as below.That api-manager.xml contains one >>>>>> additional attribute to enable/disable self signup functionality in >>>>>> running >>>>>> server ,which is not available in the config of identity.xml. If there >>>>>> is a >>>>>> similar config attribute in identity.xml,we can totally deprecate the use >>>>>> of <SelfSignUp> in api-manager.xml and stick only to identity.xml >>>>>> config.. >>>>>> >>>>>> <SelfSignUp> >>>>>> <Enabled>true</Enabled> >>>>>> <SubscriberRoleName>subscriber1</SubscriberRoleName> >>>>>> >>>>>> </SelfSignUp> >>>>>> >>>>>> If there's no such config element available in identity.xml,shall we >>>>>> add such property to <SelfSignUp> config in identity.xml and improve the >>>>>> code of self-signup service based on it,as I feel it's a useful >>>>>> improvement >>>>>> from IS side as well.. Appreciate thoughts on this.. >>>>>> >>>>> >>>>> +1. It is better to have a property to enable/disable in the >>>>> identity.xml. I o not think we can configure multiple roles (multiple >>>>> SignUpRole elements) , If not, we can fix it as well >>>>> >>>>> Thanks. >>>>> Asela. >>>>> >>>>> >>>>>> >>>>>> Thanks; >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika <[email protected]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>>>>>> will add users to the Identity role by default. But, if you want to >>>>>>>> add the >>>>>>>> user to the subscriber role, you can make it configurable. >>>>>>>> >>>>>>> Thanks for pointing it. Wasn't aware that the default role for add >>>>>>> users from "UserSelfRegistrationService" service is >>>>>>> configurable.Will follow this approach without using a separate listener >>>>>>> class. >>>>>>> >>>>>>> Thanks; >>>>>>> >>>>>>>> >>>>>>>> Also - with UserSelfRegistrationService - you can specify to which >>>>>>>> user stores you need to add users. >>>>>>>> >>>>>>>> Thanks & regards, >>>>>>>> -Prabath >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> With current WSO2 APIStore self signup functionality,we do support >>>>>>>>> only for super tenant APIStore. We are planning to extend it to >>>>>>>>> support for >>>>>>>>> tenant users as well. >>>>>>>>> >>>>>>>>> With current signup approach, we do two web service calls as; >>>>>>>>> 1) call "UserSelfRegistrationService" to add the user >>>>>>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>>>>>> >>>>>>>>> With above approach,for the 2) call,we need to authenticate and >>>>>>>>> thus need to have admin credentials predefined.But in tenant mode,to >>>>>>>>> do >>>>>>>>> above 2) we cannot keep tenant admin credentials predefined in a >>>>>>>>> config >>>>>>>>> file and use. >>>>>>>>> >>>>>>>>> Thus without doing above 2) web service call,we are going to >>>>>>>>> achieve the role assignment from writing a custom user store listener >>>>>>>>> implementation and do the role-assignment as a PreAddUser >>>>>>>>> operation.This >>>>>>>>> way,it'll not required to keep tenant admin/super admin credentials >>>>>>>>> and >>>>>>>>> will only do one web service call for signup. >>>>>>>>> >>>>>>>>> Appreciate your feedback on this. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks; >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Lalaji Sureshika >>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>> email: [email protected]; >>>>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks & Regards, >>>>>>>> Prabath >>>>>>>> >>>>>>>> Twitter : @prabath >>>>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>>>> >>>>>>>> Mobile : +94 71 809 6732 >>>>>>>> >>>>>>>> http://blog.facilelogin.com >>>>>>>> http://blog.api-security.org >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Lalaji Sureshika >>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Lalaji Sureshika >>>>>> WSO2, Inc.; http://wso2.com/ >>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>> blog: http://lalajisureshika.blogspot.com >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Asela >>>>> >>>>> ATL >>>>> Mobile : +94 777 625 933 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://blog.api-security.org >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Lalaji Sureshika >>> WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; cell: +94 71 608 6811 >>> blog: http://lalajisureshika.blogspot.com >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
