Any update on that? What is the ETA for the feature?
Is there something we can review yet? Were you able to satisfy all the end-user experience requirements? Dmitry On Fri, Sep 5, 2014 at 10:09 AM, Dmitry Sotnikov <[email protected]> wrote: > Thanks Chamila! > > Here is the workflow that I would like to see in the API Cloud: > > Scenario A: User Self Sign-Up: > > 1. Plato is an app developer and wants to develop an app for the > population of the Atlantis island to track the water level and notify when > the island goes under the sea. He finds that gods have set up a website > with the developer program: apis.atlantisisland.gr and goes to the site > to read about the APIs. > 2. When browsing the API Store at some point Plato tries to access > functionality which requires authentication (e.g. Subscribe to an API), > 3. Plato is presented to choice to log in or sign-up, > 4. If Plato clicks Sign Up, he is asked provide his email address. > 5. Plato provides his gmail address, > 6. He gets an email inviting him to join the Atlatis developer program > with a one-time link that takes him to the Store, asks him to specify and > confirm new password. > 7. Plato is now logged into the Atlastic API Store, and can perform all > activity there. > 8. Plato has Subscriber role - so he cannot actually go to Atlatis API > Publisher, etc. > > Possible variations of that: > > Scenario B: Approval is required: Zeus is the administrator of the API > program and gets a request to approve Plato's membership. In this case, > this needs to be properly communicated to both Zeus and Plato, so they know > what is going on, what is expected of them, current status, etc. > > Scenario C: Zeus actually wants to invite Plato to the development > program: Zeus goes to the corresponding UI, provides Plato's email address, > and Plato receives email with the invitation and one-time link (obviously > approvals are not required in this case.) > > Scenario D: > 1. Homer decides to also write an Atlatis app, and wants to sign-up. > 2. When he tries to sign-up he gets notified that he already has an > account from WSO2 which he used for his Trojan app and which he can reuse. > > All the emails that get sent need to be brandable by the tenant > administrators so when Troy have their API program, Trojan emails look > different from the ones for Atlantis. > > I understand that some of these steps will be different in the cloud and > in on-premise API Manager because of the custom authentication. You will > need to discuss with the cloud team to make sure that the implementation is > compatible, etc. > > I hope this helps. :) > > Dmitry > > > On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake <[email protected] > > wrote: > >> looping Dmitry to the thread >> >> >> On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake < >> [email protected]> wrote: >> >>> Hi all, >>> >>> The current user signup method (jsFunction_addUser() [1]) in API manager >>> uses addUser method in UserRegistrationService[2] (through >>> UserRegistrationAdminService from APIM) to register the user and suggested >>> to use that same method for tenant user signup as well (Shariq has modified >>> this so that tenant-wise roles can be taken from the registry and assign >>> them to the tenant user ). But with that modification, This method cannot >>> be used for tenant signup with the current user signup workflow in the api >>> manager. >>> >>> When signing up an user to super user store, first add a user by calling >>> adduser method (from this method, user is assigned with default >>> internal/identity role from UserRegistrationService) and then follow the >>> signup workflow and finally add the role to that user. In the signup >>> workflow, user approval process is managed and till then the user cannot >>> log in. But when addUser method is called for tenant signup, a tenant user >>> is created and all his roles are assigned to him at the creation point. As >>> a result, second point (approval process) cannot be done. (user can log in >>> before the approval process is done). As a result, method to assign roles >>> by using '/_system/governance/repository/identity/sign-up-config' >>> (mentioned in 'User roles for tenants' in my first mail ) cannot be used in >>> this case. >>> >>> *Modified method to add user roles for tenants* >>> >>> As a result of above mentioned problem, a registry entry in >>> /_system/governance/repository/identity/sign-up-config won't be created as >>> mentioned in the first mail. Without this config, all the tenants created >>> using addUser method will have default internal/identity role. Registry >>> resource similar to 'sign-up-config' is created in seperate registry >>> location and this entry can be used to add roles to the tenant during the >>> final step. as a result approval process can be carried out during the >>> second step. >>> >>> >>> [1] >>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/apimgt/org.wso2.carbon.apimgt.hostobjects/1.2.3/src/main/java/org/wso2/carbon/apimgt/hostobjects/APIStoreHostObject.java >>> [2] >>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.user.registration/4.2.2/src/main/java/org/wso2/carbon/identity/user/registration/UserRegistrationService.java >>> >>> >>> Thanks, >>> Chamila. >>> >>> >>> On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva <[email protected]> wrote: >>> >>>> Hi Chamila, >>>> >>>> I think you have to start the TenantFlow and set the ID for the tenant >>>> correctly before fetching the configuration. In the method >>>> jsFunction_resumeWorkflow, this is done by calling >>>> PrivilegedCarbonContext.startTenantFlow(); >>>> >>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, >>>> true); >>>> >>>> >>>> >>>> On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake < >>>> [email protected]> wrote: >>>> >>>>> Actually the tasks are created with that executor for other tenants as >>>>> well. but not inside the correct tenant domain in the BPS. They are >>>>> created >>>>> in carbon.super tenant domain and the related task can be viewed in >>>>> workflow-admin ui only by login as super user. >>>>> >>>>> following is the reason I think that causes this. >>>>> >>>>> In the method jsFunction_addUser() in APIStoreHostObject following >>>>> code is there to create the workflow >>>>> >>>>> WorkflowExecutor userSignUpWFExecutor = >>>>> WorkflowExecutorFactory.getInstance() >>>>> >>>>> .getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP); >>>>> >>>>> This WorkflowExecutor is created using carbon.super user configuration >>>>> information in the registry. In the 'getWorkflowConfigurations()' method >>>>> in >>>>> WorkflowExecutorFactory class >>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); >>>>> is >>>>> used to get the domain name. (aslo tenant id). So even though there is a >>>>> different tenant domain, these values do not change. So superuser conf is >>>>> used and the request is sent to the carbon.super tenant in BPS. not to >>>>> the >>>>> tenant's one. So I'm working on passing the correct domain info to this >>>>> >>>>> >>>>> On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias <[email protected]> wrote: >>>>> >>>>>> On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> I'm creating user self signup feature for tenant store in API >>>>>>> Manager. Current api manager provides only self signup facility for >>>>>>> carbon.super store. To add tenant users, tenant admin has to manually >>>>>>> add >>>>>>> it through the carbon console. >>>>>>> >>>>>>> Following parts will be implemented >>>>>>> >>>>>>> *UI changes* (see attached images) >>>>>>> >>>>>>> 1. enable the sign-up button for tenant user store >>>>>>> 2. add the domain name extension for the user name field in the user >>>>>>> registration form. (this is appended to the user name) >>>>>>> >>>>>>> *User roles for tenants * >>>>>>> >>>>>>> Tenant signup configuration will be moved to the registry location >>>>>>> '/_system/governance/repository/identity/sign-up-config'. This part is >>>>>>> already implemented by Shariq for a IS component(See discussion in the >>>>>>> thread "Provide support for self signup for tenants' APIStores" for more >>>>>>> info on the configuration). But this resource needed to be created >>>>>>> manually. So as a part of the implementation, This resource will be >>>>>>> added >>>>>>> with default values when creating a tenant. Default value will be >>>>>>> >>>>>>> <SelfSignUp> >>>>>>> <SignUpDomain>PRIMARY</SignUpDomain> >>>>>>> <SignUpRole> >>>>>>> <RoleName>subscriber</RoleName> >>>>>>> <IsExternalRole>false</IsExternalRole> >>>>>>> </SignUpRole> >>>>>>> </SelfSignUp> >>>>>>> >>>>>>> >>>>>>> *Modification to current work-flow for tenant sign-up. * >>>>>>> >>>>>>> The current implemented method does not work when >>>>>>> UserSignUpWSWorkflowExecutor is used in the work-flow. this can be only >>>>>>> used with tenants signups for superuser. Existing code uses >>>>>>> configuration >>>>>>> in the carbon super user's registry entry >>>>>>> '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' for >>>>>>> tenants as well ( see jsFunction_addUser() in >>>>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When >>>>>>> registering a tenant user for different tenant, configuration in the >>>>>>> tenant's workflow-extensions.xml needed to be used. >>>>>>> >>>>>>> I have implemented basic functionality[1] as requested by AmilaM >>>>>>> (Users can signup for tenant stores. But Tenant admin has to manually >>>>>>> add >>>>>>> the registry entry with user roles to the given location. If this entry >>>>>>> is >>>>>>> not there, a default 'identity' user role is assigned to the user. Only >>>>>>> UserSignUpSimpleWorkflowExecutor for the workflow can be used with >>>>>>> this. If >>>>>>> UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant >>>>>>> approval tasks are not created properly) >>>>>>> >>>>>> >>>>>> Do we know the reason for the tasks of the BPS not being created when >>>>>> the UserSignUpWSWorkflowExecutor is used? We will need to dig into that >>>>>> IMO. >>>>>> >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/APIMANAGER-2785 >>>>>>> >>>>>>> Comments are highly appreciated >>>>>>> Thanks, >>>>>>> Chamila. >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Chamila Adhikarinayake >>>>>>> Software Engineer >>>>>>> WSO2, Inc. >>>>>>> Mobile - +94712346437 >>>>>>> Email - [email protected] >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Nuwan Dias >>>>>> >>>>>> Associate Tech Lead - WSO2, Inc. http://wso2.com >>>>>> email : [email protected] >>>>>> Phone : +94 777 775 729 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Chamila Adhikarinayake >>>>> Software Engineer >>>>> WSO2, Inc. >>>>> Mobile - +94712346437 >>>>> Email - [email protected] >>>>> >>>> >>>> >>>> >>>> -- >>>> *Amila De Silva* >>>> >>>> WSO2 Inc. >>>> mobile :(+94) 775119302 >>>> >>>> >>> >>> >>> -- >>> Regards, >>> Chamila Adhikarinayake >>> Software Engineer >>> WSO2, Inc. >>> Mobile - +94712346437 >>> Email - [email protected] >>> >> >> >> >> -- >> Regards, >> Chamila Adhikarinayake >> Software Engineer >> WSO2, Inc. >> Mobile - +94712346437 >> Email - [email protected] >> > > > > -- > Dmitry Sotnikov > VP of Cloud; WSO2, Inc.; http://wso2.com/ > email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov > Lean . Enterprise . Middleware > > <http://wso2.com/events/> > -- Dmitry Sotnikov VP of Cloud; WSO2, Inc.; http://wso2.com/ email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov Lean . Enterprise . Middleware <http://wso2.com/events/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
