+1 We need to think about what needs to be in identity.xml too... Thanks & regards, -Prabath
On Wed, Jan 22, 2014 at 10:34 PM, Chamath Gunawardana <[email protected]>wrote: > > > > On Wed, Jan 22, 2014 at 7:29 PM, Lalaji Sureshika <[email protected]> wrote: > >> Hi, >> >> >> On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena <[email protected]>wrote: >> >>> If this is per tenant - you cannot do it via a configuration in the >>> identity.xml... >>> >>> Ideally the tenant admin should have an option in the UI to >>> enable/disable SelfSignUp and if it is enabled he should be able to specify >>> the default role or the role list. >>> >> >> If I understood correctly,with current approach SelfSignUp function >> through UserSelfRegistrationService, is enabled for each tenant and it >> picks same custom defined role in identity.xml for each tenant. If we are >> going to support the use-case of ability to configure self signup and its >> assigning custom roles per tenant basis,we have to move the self-signup >> config from identity.xml used in "UserSelfRegistrationService" to a >> registry config. >> > In IS next release (4.7.0) we are planning to save configuration (email > templates) tenant wise. Actually it will be the contents of > email-admin-config.xml will be saved tenant wise and provide an view in > management console for editing. So I think you can extend it to save the > identity.xml based on tenants in the registry as well. > > >> Then the tenant admin can change that config file accordingly from >> management console which is similar to the tiers.xml usage in APIM. >> Is there any other better approach of doing this? Else shall we proceed >> with above change in IS self-signup related code? >> >> Thanks; > >> >>> Thanks & regards, >>> -Prabath >>> >>> >>> On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]>wrote: >>> >>>> >>>> >>>> >>>> On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> I checked the code and found below configuration need to be added to >>>>> identity.xml,in-order to configure the self signup user's assigning role. >>>>> >>>>> <SelfSignUp> >>>>> <SignUpRole> >>>>> <Name>test</Name> >>>>> <External>true</External> >>>>> </SignUpRole> >>>>> </SelfSignUp> >>>>> >>>>> Addition to configuring custom roles for self registration function,is >>>>> there a config element to enable/disable self signup functionality? As I >>>>> found there's no such config.It's based on the users-store read-only >>>>> mode/not. >>>>> I'm asking this because, ,in api-manager.xml file also we are keeping >>>>> a a <selfsignup> section as below.That api-manager.xml contains one >>>>> additional attribute to enable/disable self signup functionality in >>>>> running >>>>> server ,which is not available in the config of identity.xml. If there is >>>>> a >>>>> similar config attribute in identity.xml,we can totally deprecate the use >>>>> of <SelfSignUp> in api-manager.xml and stick only to identity.xml config.. >>>>> >>>>> <SelfSignUp> >>>>> <Enabled>true</Enabled> >>>>> <SubscriberRoleName>subscriber1</SubscriberRoleName> >>>>> >>>>> </SelfSignUp> >>>>> >>>>> If there's no such config element available in identity.xml,shall we >>>>> add such property to <SelfSignUp> config in identity.xml and improve the >>>>> code of self-signup service based on it,as I feel it's a useful >>>>> improvement >>>>> from IS side as well.. Appreciate thoughts on this.. >>>>> >>>> >>>> +1. It is better to have a property to enable/disable in the >>>> identity.xml. I o not think we can configure multiple roles (multiple >>>> SignUpRole elements) , If not, we can fix it as well >>>> >>>> Thanks. >>>> Asela. >>>> >>>> >>>>> >>>>> Thanks; >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika <[email protected]>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>>>>> will add users to the Identity role by default. But, if you want to add >>>>>>> the >>>>>>> user to the subscriber role, you can make it configurable. >>>>>>> >>>>>> Thanks for pointing it. Wasn't aware that the default role for add >>>>>> users from "UserSelfRegistrationService" service is >>>>>> configurable.Will follow this approach without using a separate listener >>>>>> class. >>>>>> >>>>>> Thanks; >>>>>> >>>>>>> >>>>>>> Also - with UserSelfRegistrationService - you can specify to which >>>>>>> user stores you need to add users. >>>>>>> >>>>>>> Thanks & regards, >>>>>>> -Prabath >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika >>>>>>> <[email protected]>wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> With current WSO2 APIStore self signup functionality,we do support >>>>>>>> only for super tenant APIStore. We are planning to extend it to >>>>>>>> support for >>>>>>>> tenant users as well. >>>>>>>> >>>>>>>> With current signup approach, we do two web service calls as; >>>>>>>> 1) call "UserSelfRegistrationService" to add the user >>>>>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>>>>> >>>>>>>> With above approach,for the 2) call,we need to authenticate and >>>>>>>> thus need to have admin credentials predefined.But in tenant mode,to do >>>>>>>> above 2) we cannot keep tenant admin credentials predefined in a config >>>>>>>> file and use. >>>>>>>> >>>>>>>> Thus without doing above 2) web service call,we are going to >>>>>>>> achieve the role assignment from writing a custom user store listener >>>>>>>> implementation and do the role-assignment as a PreAddUser >>>>>>>> operation.This >>>>>>>> way,it'll not required to keep tenant admin/super admin credentials and >>>>>>>> will only do one web service call for signup. >>>>>>>> >>>>>>>> Appreciate your feedback on this. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks; >>>>>>>> >>>>>>>> -- >>>>>>>> Lalaji Sureshika >>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>> email: [email protected]; >>>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> Prabath >>>>>>> >>>>>>> Twitter : @prabath >>>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>>> >>>>>>> Mobile : +94 71 809 6732 >>>>>>> >>>>>>> http://blog.facilelogin.com >>>>>>> http://blog.api-security.org >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Lalaji Sureshika >>>>>> WSO2, Inc.; http://wso2.com/ >>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>> blog: http://lalajisureshika.blogspot.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Lalaji Sureshika >>>>> WSO2, Inc.; http://wso2.com/ >>>>> email: [email protected]; cell: +94 71 608 6811 >>>>> blog: http://lalajisureshika.blogspot.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Asela >>>> >>>> ATL >>>> Mobile : +94 777 625 933 >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Lalaji Sureshika >> WSO2, Inc.; http://wso2.com/ >> email: [email protected]; cell: +94 71 608 6811 >> blog: http://lalajisureshika.blogspot.com >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Best Regards, > Chamath Gunawardana > Technical Lead; WSO2 Inc. > Mobile : +94776322240 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
