Hi all, If terms of WSO2 Cloud then I think we have to think in terms of the CloudApp as well. For example. Firstly tenants sign up to the cloud. And are they again suppose to sign up to the API Store?
In the CloudMgt App we have three selections - Integration Cloud - App Cloud - API Cloud So if a person ticks API cloud all of these things should happen. thanks, dimuthu On Thu, Jan 23, 2014 at 12:36 AM, Lalaji Sureshika <[email protected]> wrote: > Hi, > > > On Wed, Jan 22, 2014 at 10:34 PM, Chamath Gunawardana > <[email protected]>wrote: > >> >> >> >> On Wed, Jan 22, 2014 at 7:29 PM, Lalaji Sureshika <[email protected]>wrote: >> >>> Hi, >>> >>> >>> On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> If this is per tenant - you cannot do it via a configuration in the >>>> identity.xml... >>>> >>>> Ideally the tenant admin should have an option in the UI to >>>> enable/disable SelfSignUp and if it is enabled he should be able to specify >>>> the default role or the role list. >>>> >>> >>> If I understood correctly,with current approach SelfSignUp function >>> through UserSelfRegistrationService, is enabled for each tenant and it >>> picks same custom defined role in identity.xml for each tenant. If we are >>> going to support the use-case of ability to configure self signup and its >>> assigning custom roles per tenant basis,we have to move the self-signup >>> config from identity.xml used in "UserSelfRegistrationService" to a >>> registry config. >>> >> In IS next release (4.7.0) we are planning to save configuration (email >> templates) tenant wise. Actually it will be the contents of >> email-admin-config.xml will be saved tenant wise and provide an view in >> management console for editing. So I think you can extend it to save the >> identity.xml based on tenants in the registry as well. >> > > > If going to make identity.xml as tenant awared,it will be relatively > big change as it uses by different IS components.What I meant was,only the > <SelfSignUp> config to move for registry as a separate file..And one more > point I forgot from my previous comment is that we have to have ability of > defining custom permissions for the created custom role from this > <SelfSignup> config as well..Reason for that is,previously we do create the > custom role from APIM during server startup and tenant initialization with > our custom permissions,before a user trigger signup function from APIStore. > But since we are going to move this <selfsignup> dynamically configurable > via registry,we don't have the control to explicitly create changing roles > dynamically from a separate code,before trigger signup function. > > Thanks; > > > >> >> >>> Then the tenant admin can change that config file accordingly from >>> management console which is similar to the tiers.xml usage in APIM. >>> Is there any other better approach of doing this? Else shall we proceed >>> with above change in IS self-signup related code? >>> >>> Thanks; >> >>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>> On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]>wrote: >>>> >>>>> >>>>> >>>>> >>>>> On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika <[email protected]>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I checked the code and found below configuration need to be added to >>>>>> identity.xml,in-order to configure the self signup user's assigning role. >>>>>> >>>>>> <SelfSignUp> >>>>>> <SignUpRole> >>>>>> <Name>test</Name> >>>>>> <External>true</External> >>>>>> </SignUpRole> >>>>>> </SelfSignUp> >>>>>> >>>>>> Addition to configuring custom roles for self registration >>>>>> function,is there a config element to enable/disable self signup >>>>>> functionality? As I found there's no such config.It's based on the >>>>>> users-store read-only mode/not. >>>>>> I'm asking this because, ,in api-manager.xml file also we are keeping >>>>>> a a <selfsignup> section as below.That api-manager.xml contains one >>>>>> additional attribute to enable/disable self signup functionality in >>>>>> running >>>>>> server ,which is not available in the config of identity.xml. If there >>>>>> is a >>>>>> similar config attribute in identity.xml,we can totally deprecate the use >>>>>> of <SelfSignUp> in api-manager.xml and stick only to identity.xml >>>>>> config.. >>>>>> >>>>>> <SelfSignUp> >>>>>> <Enabled>true</Enabled> >>>>>> <SubscriberRoleName>subscriber1</SubscriberRoleName> >>>>>> >>>>>> </SelfSignUp> >>>>>> >>>>>> If there's no such config element available in identity.xml,shall we >>>>>> add such property to <SelfSignUp> config in identity.xml and improve the >>>>>> code of self-signup service based on it,as I feel it's a useful >>>>>> improvement >>>>>> from IS side as well.. Appreciate thoughts on this.. >>>>>> >>>>> >>>>> +1. It is better to have a property to enable/disable in the >>>>> identity.xml. I o not think we can configure multiple roles (multiple >>>>> SignUpRole elements) , If not, we can fix it as well >>>>> >>>>> Thanks. >>>>> Asela. >>>>> >>>>> >>>>>> >>>>>> Thanks; >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika <[email protected]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>>>>>> will add users to the Identity role by default. But, if you want to >>>>>>>> add the >>>>>>>> user to the subscriber role, you can make it configurable. >>>>>>>> >>>>>>> Thanks for pointing it. Wasn't aware that the default role for add >>>>>>> users from "UserSelfRegistrationService" service is >>>>>>> configurable.Will follow this approach without using a separate listener >>>>>>> class. >>>>>>> >>>>>>> Thanks; >>>>>>> >>>>>>>> >>>>>>>> Also - with UserSelfRegistrationService - you can specify to which >>>>>>>> user stores you need to add users. >>>>>>>> >>>>>>>> Thanks & regards, >>>>>>>> -Prabath >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> With current WSO2 APIStore self signup functionality,we do support >>>>>>>>> only for super tenant APIStore. We are planning to extend it to >>>>>>>>> support for >>>>>>>>> tenant users as well. >>>>>>>>> >>>>>>>>> With current signup approach, we do two web service calls as; >>>>>>>>> 1) call "UserSelfRegistrationService" to add the user >>>>>>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>>>>>> >>>>>>>>> With above approach,for the 2) call,we need to authenticate and >>>>>>>>> thus need to have admin credentials predefined.But in tenant mode,to >>>>>>>>> do >>>>>>>>> above 2) we cannot keep tenant admin credentials predefined in a >>>>>>>>> config >>>>>>>>> file and use. >>>>>>>>> >>>>>>>>> Thus without doing above 2) web service call,we are going to >>>>>>>>> achieve the role assignment from writing a custom user store listener >>>>>>>>> implementation and do the role-assignment as a PreAddUser >>>>>>>>> operation.This >>>>>>>>> way,it'll not required to keep tenant admin/super admin credentials >>>>>>>>> and >>>>>>>>> will only do one web service call for signup. >>>>>>>>> >>>>>>>>> Appreciate your feedback on this. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks; >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Lalaji Sureshika >>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>> email: [email protected]; >>>>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks & Regards, >>>>>>>> Prabath >>>>>>>> >>>>>>>> Twitter : @prabath >>>>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>>>> >>>>>>>> Mobile : +94 71 809 6732 >>>>>>>> >>>>>>>> http://blog.facilelogin.com >>>>>>>> http://blog.api-security.org >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Lalaji Sureshika >>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Lalaji Sureshika >>>>>> WSO2, Inc.; http://wso2.com/ >>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>> blog: http://lalajisureshika.blogspot.com >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Asela >>>>> >>>>> ATL >>>>> Mobile : +94 777 625 933 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://blog.api-security.org >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Lalaji Sureshika >>> WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; cell: +94 71 608 6811 >>> blog: http://lalajisureshika.blogspot.com >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Best Regards, >> Chamath Gunawardana >> Technical Lead; WSO2 Inc. >> Mobile : +94776322240 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Lalaji Sureshika > WSO2, Inc.; http://wso2.com/ > email: [email protected]; cell: +94 71 608 6811 > blog: http://lalajisureshika.blogspot.com > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
