Hi Sumedha,
On Thu, Jan 23, 2014 at 10:31 AM, Sumedha Rubasinghe <[email protected]>wrote: > For external users this is part of single story. The fact that these > components are coming from different projects is irrelevant. > > So it needs to happen like how you have mentioned. > > We can make CloudApp the starting point and execute this logic in there. > Yes. I was proposing to do it in CloudApp. And one step further - do it in CloudApp only. That is how we plan to handle user-mgt and etc .. for AF. So when AF is deployed in a MT scenario, it goes with the CloudApp. thanks, dimuthu > > > On Thu, Jan 23, 2014 at 9:49 AM, Dimuthu Leelarathne <[email protected]>wrote: > >> Hi all, >> >> If terms of WSO2 Cloud then I think we have to think in terms of the >> CloudApp as well. For example. Firstly tenants sign up to the cloud. And >> are they again suppose to sign up to the API Store? >> >> In the CloudMgt App we have three selections >> >> - Integration Cloud >> - App Cloud >> - API Cloud >> >> So if a person ticks API cloud all of these things should happen. >> >> thanks, >> dimuthu >> >> >> >> >> >> On Thu, Jan 23, 2014 at 12:36 AM, Lalaji Sureshika <[email protected]>wrote: >> >>> Hi, >>> >>> >>> On Wed, Jan 22, 2014 at 10:34 PM, Chamath Gunawardana <[email protected] >>> > wrote: >>> >>>> >>>> >>>> >>>> On Wed, Jan 22, 2014 at 7:29 PM, Lalaji Sureshika <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> >>>>> On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena <[email protected] >>>>> > wrote: >>>>> >>>>>> If this is per tenant - you cannot do it via a configuration in the >>>>>> identity.xml... >>>>>> >>>>>> Ideally the tenant admin should have an option in the UI to >>>>>> enable/disable SelfSignUp and if it is enabled he should be able to >>>>>> specify >>>>>> the default role or the role list. >>>>>> >>>>> >>>>> If I understood correctly,with current approach SelfSignUp >>>>> function through UserSelfRegistrationService, is enabled for each >>>>> tenant and it picks same custom defined role in identity.xml for each >>>>> tenant. If we are going to support the use-case of ability to configure >>>>> self signup and its assigning custom roles per tenant basis,we have to >>>>> move >>>>> the self-signup config from identity.xml used in " >>>>> UserSelfRegistrationService" to a registry config. >>>>> >>>> In IS next release (4.7.0) we are planning to save configuration (email >>>> templates) tenant wise. Actually it will be the contents of >>>> email-admin-config.xml will be saved tenant wise and provide an view in >>>> management console for editing. So I think you can extend it to save the >>>> identity.xml based on tenants in the registry as well. >>>> >>> >>> >>> If going to make identity.xml as tenant awared,it will be relatively >>> big change as it uses by different IS components.What I meant was,only the >>> <SelfSignUp> config to move for registry as a separate file..And one more >>> point I forgot from my previous comment is that we have to have ability of >>> defining custom permissions for the created custom role from this >>> <SelfSignup> config as well..Reason for that is,previously we do create the >>> custom role from APIM during server startup and tenant initialization with >>> our custom permissions,before a user trigger signup function from APIStore. >>> But since we are going to move this <selfsignup> dynamically configurable >>> via registry,we don't have the control to explicitly create changing roles >>> dynamically from a separate code,before trigger signup function. >>> >>> Thanks; >>> >>> >>> >>>> >>>> >>>>> Then the tenant admin can change that config file accordingly from >>>>> management console which is similar to the tiers.xml usage in APIM. >>>>> Is there any other better approach of doing this? Else shall we >>>>> proceed with above change in IS self-signup related code? >>>>> >>>>> Thanks; >>>> >>>>> >>>>>> Thanks & regards, >>>>>> -Prabath >>>>>> >>>>>> >>>>>> On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]>wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika >>>>>>> <[email protected]>wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I checked the code and found below configuration need to be added >>>>>>>> to identity.xml,in-order to configure the self signup user's assigning >>>>>>>> role. >>>>>>>> >>>>>>>> <SelfSignUp> >>>>>>>> <SignUpRole> >>>>>>>> <Name>test</Name> >>>>>>>> <External>true</External> >>>>>>>> </SignUpRole> >>>>>>>> </SelfSignUp> >>>>>>>> >>>>>>>> Addition to configuring custom roles for self registration >>>>>>>> function,is there a config element to enable/disable self signup >>>>>>>> functionality? As I found there's no such config.It's based on the >>>>>>>> users-store read-only mode/not. >>>>>>>> I'm asking this because, ,in api-manager.xml file also we are >>>>>>>> keeping a a <selfsignup> section as below.That api-manager.xml >>>>>>>> contains one >>>>>>>> additional attribute to enable/disable self signup functionality in >>>>>>>> running >>>>>>>> server ,which is not available in the config of identity.xml. If there >>>>>>>> is a >>>>>>>> similar config attribute in identity.xml,we can totally deprecate the >>>>>>>> use >>>>>>>> of <SelfSignUp> in api-manager.xml and stick only to identity.xml >>>>>>>> config.. >>>>>>>> >>>>>>>> <SelfSignUp> >>>>>>>> <Enabled>true</Enabled> >>>>>>>> <SubscriberRoleName>subscriber1</SubscriberRoleName> >>>>>>>> >>>>>>>> </SelfSignUp> >>>>>>>> >>>>>>>> If there's no such config element available in identity.xml,shall >>>>>>>> we add such property to <SelfSignUp> config in identity.xml and >>>>>>>> improve the >>>>>>>> code of self-signup service based on it,as I feel it's a useful >>>>>>>> improvement >>>>>>>> from IS side as well.. Appreciate thoughts on this.. >>>>>>>> >>>>>>> >>>>>>> +1. It is better to have a property to enable/disable in the >>>>>>> identity.xml. I o not think we can configure multiple roles (multiple >>>>>>> SignUpRole elements) , If not, we can fix it as well >>>>>>> >>>>>>> Thanks. >>>>>>> Asela. >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Thanks; >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika >>>>>>>> <[email protected]>wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>>>>>>>> will add users to the Identity role by default. But, if you want to >>>>>>>>>> add the >>>>>>>>>> user to the subscriber role, you can make it configurable. >>>>>>>>>> >>>>>>>>> Thanks for pointing it. Wasn't aware that the default role for add >>>>>>>>> users from "UserSelfRegistrationService" service is >>>>>>>>> configurable.Will follow this approach without using a separate >>>>>>>>> listener >>>>>>>>> class. >>>>>>>>> >>>>>>>>> Thanks; >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Also - with UserSelfRegistrationService - you can specify to >>>>>>>>>> which user stores you need to add users. >>>>>>>>>> >>>>>>>>>> Thanks & regards, >>>>>>>>>> -Prabath >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> With current WSO2 APIStore self signup functionality,we do >>>>>>>>>>> support only for super tenant APIStore. We are planning to extend >>>>>>>>>>> it to >>>>>>>>>>> support for tenant users as well. >>>>>>>>>>> >>>>>>>>>>> With current signup approach, we do two web service calls as; >>>>>>>>>>> 1) call "UserSelfRegistrationService" to add the user >>>>>>>>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>>>>>>>> >>>>>>>>>>> With above approach,for the 2) call,we need to authenticate and >>>>>>>>>>> thus need to have admin credentials predefined.But in tenant >>>>>>>>>>> mode,to do >>>>>>>>>>> above 2) we cannot keep tenant admin credentials predefined in a >>>>>>>>>>> config >>>>>>>>>>> file and use. >>>>>>>>>>> >>>>>>>>>>> Thus without doing above 2) web service call,we are going to >>>>>>>>>>> achieve the role assignment from writing a custom user store >>>>>>>>>>> listener >>>>>>>>>>> implementation and do the role-assignment as a PreAddUser >>>>>>>>>>> operation.This >>>>>>>>>>> way,it'll not required to keep tenant admin/super admin credentials >>>>>>>>>>> and >>>>>>>>>>> will only do one web service call for signup. >>>>>>>>>>> >>>>>>>>>>> Appreciate your feedback on this. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks; >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Lalaji Sureshika >>>>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>>>> email: [email protected]; >>>>>>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Thanks & Regards, >>>>>>>>>> Prabath >>>>>>>>>> >>>>>>>>>> Twitter : @prabath >>>>>>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>>>>>> >>>>>>>>>> Mobile : +94 71 809 6732 >>>>>>>>>> >>>>>>>>>> http://blog.facilelogin.com >>>>>>>>>> http://blog.api-security.org >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Lalaji Sureshika >>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Lalaji Sureshika >>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>> email: [email protected]; cell: +94 71 608 6811 >>>>>>>> blog: http://lalajisureshika.blogspot.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> Asela >>>>>>> >>>>>>> ATL >>>>>>> Mobile : +94 777 625 933 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Twitter : @prabath >>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>> >>>>>> Mobile : +94 71 809 6732 >>>>>> >>>>>> http://blog.facilelogin.com >>>>>> http://blog.api-security.org >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Lalaji Sureshika >>>>> WSO2, Inc.; http://wso2.com/ >>>>> email: [email protected]; cell: +94 71 608 6811 >>>>> blog: http://lalajisureshika.blogspot.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Best Regards, >>>> Chamath Gunawardana >>>> Technical Lead; WSO2 Inc. >>>> Mobile : +94776322240 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Lalaji Sureshika >>> WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; cell: +94 71 608 6811 >>> blog: http://lalajisureshika.blogspot.com >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Dimuthu Leelarathne >> Architect & Product Lead of App Factory >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile : 0773661935 >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > /sumedha > m: +94 773017743 > b : bit.ly/sumedha > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
