Hi Dmitry, This feature is already done and we ship this with APIM 1.8. Sorry for not updating this thread.
Regarding the scenarios, We have provided facility to add custom workflow extension. Currently we ship UserSignUpWSWorkflowExecutor which also has a user approval process [1]. We can also create custom workflow extension to suit the scenario mentioned and plug them in. We can also deploy scenario as a business process in WSO2 BPS and connect using our UserSignUpWSWorkflowExecutor. [1] https://docs.wso2.com/display/AM170/Adding+a+User+Signup+Workflow Thanks, Chamila. On Thu, Oct 2, 2014 at 3:05 AM, Dmitry Sotnikov <[email protected]> wrote: > Any update on that? > > What is the ETA for the feature? > > Is there something we can review yet? > > Were you able to satisfy all the end-user experience requirements? > > Dmitry > > On Fri, Sep 5, 2014 at 10:09 AM, Dmitry Sotnikov <[email protected]> wrote: > >> Thanks Chamila! >> >> Here is the workflow that I would like to see in the API Cloud: >> >> Scenario A: User Self Sign-Up: >> >> 1. Plato is an app developer and wants to develop an app for the >> population of the Atlantis island to track the water level and notify when >> the island goes under the sea. He finds that gods have set up a website >> with the developer program: apis.atlantisisland.gr and goes to the site >> to read about the APIs. >> 2. When browsing the API Store at some point Plato tries to access >> functionality which requires authentication (e.g. Subscribe to an API), >> 3. Plato is presented to choice to log in or sign-up, >> 4. If Plato clicks Sign Up, he is asked provide his email address. >> 5. Plato provides his gmail address, >> 6. He gets an email inviting him to join the Atlatis developer program >> with a one-time link that takes him to the Store, asks him to specify and >> confirm new password. >> 7. Plato is now logged into the Atlastic API Store, and can perform all >> activity there. >> 8. Plato has Subscriber role - so he cannot actually go to Atlatis API >> Publisher, etc. >> >> Possible variations of that: >> >> Scenario B: Approval is required: Zeus is the administrator of the API >> program and gets a request to approve Plato's membership. In this case, >> this needs to be properly communicated to both Zeus and Plato, so they know >> what is going on, what is expected of them, current status, etc. >> >> Scenario C: Zeus actually wants to invite Plato to the development >> program: Zeus goes to the corresponding UI, provides Plato's email address, >> and Plato receives email with the invitation and one-time link (obviously >> approvals are not required in this case.) >> >> Scenario D: >> 1. Homer decides to also write an Atlatis app, and wants to sign-up. >> 2. When he tries to sign-up he gets notified that he already has an >> account from WSO2 which he used for his Trojan app and which he can reuse. >> >> All the emails that get sent need to be brandable by the tenant >> administrators so when Troy have their API program, Trojan emails look >> different from the ones for Atlantis. >> >> I understand that some of these steps will be different in the cloud and >> in on-premise API Manager because of the custom authentication. You will >> need to discuss with the cloud team to make sure that the implementation is >> compatible, etc. >> >> I hope this helps. :) >> >> Dmitry >> >> >> On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake < >> [email protected]> wrote: >> >>> looping Dmitry to the thread >>> >>> >>> On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake < >>> [email protected]> wrote: >>> >>>> Hi all, >>>> >>>> The current user signup method (jsFunction_addUser() [1]) in API >>>> manager uses addUser method in UserRegistrationService[2] (through >>>> UserRegistrationAdminService from APIM) to register the user and suggested >>>> to use that same method for tenant user signup as well (Shariq has modified >>>> this so that tenant-wise roles can be taken from the registry and assign >>>> them to the tenant user ). But with that modification, This method cannot >>>> be used for tenant signup with the current user signup workflow in the api >>>> manager. >>>> >>>> When signing up an user to super user store, first add a user by >>>> calling adduser method (from this method, user is assigned with default >>>> internal/identity role from UserRegistrationService) and then follow the >>>> signup workflow and finally add the role to that user. In the signup >>>> workflow, user approval process is managed and till then the user cannot >>>> log in. But when addUser method is called for tenant signup, a tenant user >>>> is created and all his roles are assigned to him at the creation point. As >>>> a result, second point (approval process) cannot be done. (user can log in >>>> before the approval process is done). As a result, method to assign roles >>>> by using '/_system/governance/repository/identity/sign-up-config' >>>> (mentioned in 'User roles for tenants' in my first mail ) cannot be used in >>>> this case. >>>> >>>> *Modified method to add user roles for tenants* >>>> >>>> As a result of above mentioned problem, a registry entry in >>>> /_system/governance/repository/identity/sign-up-config won't be created as >>>> mentioned in the first mail. Without this config, all the tenants created >>>> using addUser method will have default internal/identity role. Registry >>>> resource similar to 'sign-up-config' is created in seperate registry >>>> location and this entry can be used to add roles to the tenant during the >>>> final step. as a result approval process can be carried out during the >>>> second step. >>>> >>>> >>>> [1] >>>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/apimgt/org.wso2.carbon.apimgt.hostobjects/1.2.3/src/main/java/org/wso2/carbon/apimgt/hostobjects/APIStoreHostObject.java >>>> [2] >>>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.user.registration/4.2.2/src/main/java/org/wso2/carbon/identity/user/registration/UserRegistrationService.java >>>> >>>> >>>> Thanks, >>>> Chamila. >>>> >>>> >>>> On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva <[email protected]> >>>> wrote: >>>> >>>>> Hi Chamila, >>>>> >>>>> I think you have to start the TenantFlow and set the ID for the tenant >>>>> correctly before fetching the configuration. In the method >>>>> jsFunction_resumeWorkflow, this is done by calling >>>>> PrivilegedCarbonContext.startTenantFlow(); >>>>> >>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, >>>>> true); >>>>> >>>>> >>>>> >>>>> On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake < >>>>> [email protected]> wrote: >>>>> >>>>>> Actually the tasks are created with that executor for other tenants >>>>>> as well. but not inside the correct tenant domain in the BPS. They are >>>>>> created in carbon.super tenant domain and the related task can be viewed >>>>>> in >>>>>> workflow-admin ui only by login as super user. >>>>>> >>>>>> following is the reason I think that causes this. >>>>>> >>>>>> In the method jsFunction_addUser() in APIStoreHostObject following >>>>>> code is there to create the workflow >>>>>> >>>>>> WorkflowExecutor userSignUpWFExecutor = >>>>>> WorkflowExecutorFactory.getInstance() >>>>>> >>>>>> .getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP); >>>>>> >>>>>> This WorkflowExecutor is created using carbon.super user >>>>>> configuration information in the registry. In the >>>>>> 'getWorkflowConfigurations()' method in WorkflowExecutorFactory class >>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); >>>>>> is >>>>>> used to get the domain name. (aslo tenant id). So even though there is a >>>>>> different tenant domain, these values do not change. So superuser conf is >>>>>> used and the request is sent to the carbon.super tenant in BPS. not to >>>>>> the >>>>>> tenant's one. So I'm working on passing the correct domain info to this >>>>>> >>>>>> >>>>>> On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias <[email protected]> wrote: >>>>>> >>>>>>> On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> I'm creating user self signup feature for tenant store in API >>>>>>>> Manager. Current api manager provides only self signup facility for >>>>>>>> carbon.super store. To add tenant users, tenant admin has to manually >>>>>>>> add >>>>>>>> it through the carbon console. >>>>>>>> >>>>>>>> Following parts will be implemented >>>>>>>> >>>>>>>> *UI changes* (see attached images) >>>>>>>> >>>>>>>> 1. enable the sign-up button for tenant user store >>>>>>>> 2. add the domain name extension for the user name field in the >>>>>>>> user registration form. (this is appended to the user name) >>>>>>>> >>>>>>>> *User roles for tenants * >>>>>>>> >>>>>>>> Tenant signup configuration will be moved to the registry location >>>>>>>> '/_system/governance/repository/identity/sign-up-config'. This part is >>>>>>>> already implemented by Shariq for a IS component(See discussion in the >>>>>>>> thread "Provide support for self signup for tenants' APIStores" for >>>>>>>> more >>>>>>>> info on the configuration). But this resource needed to be created >>>>>>>> manually. So as a part of the implementation, This resource will be >>>>>>>> added >>>>>>>> with default values when creating a tenant. Default value will be >>>>>>>> >>>>>>>> <SelfSignUp> >>>>>>>> <SignUpDomain>PRIMARY</SignUpDomain> >>>>>>>> <SignUpRole> >>>>>>>> <RoleName>subscriber</RoleName> >>>>>>>> <IsExternalRole>false</IsExternalRole> >>>>>>>> </SignUpRole> >>>>>>>> </SelfSignUp> >>>>>>>> >>>>>>>> >>>>>>>> *Modification to current work-flow for tenant sign-up. * >>>>>>>> >>>>>>>> The current implemented method does not work when >>>>>>>> UserSignUpWSWorkflowExecutor is used in the work-flow. this can be only >>>>>>>> used with tenants signups for superuser. Existing code uses >>>>>>>> configuration >>>>>>>> in the carbon super user's registry entry >>>>>>>> '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' >>>>>>>> for >>>>>>>> tenants as well ( see jsFunction_addUser() in >>>>>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When >>>>>>>> registering a tenant user for different tenant, configuration in the >>>>>>>> tenant's workflow-extensions.xml needed to be used. >>>>>>>> >>>>>>>> I have implemented basic functionality[1] as requested by AmilaM >>>>>>>> (Users can signup for tenant stores. But Tenant admin has to manually >>>>>>>> add >>>>>>>> the registry entry with user roles to the given location. If this >>>>>>>> entry is >>>>>>>> not there, a default 'identity' user role is assigned to the user. >>>>>>>> Only >>>>>>>> UserSignUpSimpleWorkflowExecutor for the workflow can be used with >>>>>>>> this. If >>>>>>>> UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant >>>>>>>> approval tasks are not created properly) >>>>>>>> >>>>>>> >>>>>>> Do we know the reason for the tasks of the BPS not being created >>>>>>> when the UserSignUpWSWorkflowExecutor is used? We will need to dig into >>>>>>> that IMO. >>>>>>> >>>>>>>> >>>>>>>> [1] https://wso2.org/jira/browse/APIMANAGER-2785 >>>>>>>> >>>>>>>> Comments are highly appreciated >>>>>>>> Thanks, >>>>>>>> Chamila. >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> Chamila Adhikarinayake >>>>>>>> Software Engineer >>>>>>>> WSO2, Inc. >>>>>>>> Mobile - +94712346437 >>>>>>>> Email - [email protected] >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Nuwan Dias >>>>>>> >>>>>>> Associate Tech Lead - WSO2, Inc. http://wso2.com >>>>>>> email : [email protected] >>>>>>> Phone : +94 777 775 729 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Chamila Adhikarinayake >>>>>> Software Engineer >>>>>> WSO2, Inc. >>>>>> Mobile - +94712346437 >>>>>> Email - [email protected] >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Amila De Silva* >>>>> >>>>> WSO2 Inc. >>>>> mobile :(+94) 775119302 >>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Chamila Adhikarinayake >>>> Software Engineer >>>> WSO2, Inc. >>>> Mobile - +94712346437 >>>> Email - [email protected] >>>> >>> >>> >>> >>> -- >>> Regards, >>> Chamila Adhikarinayake >>> Software Engineer >>> WSO2, Inc. >>> Mobile - +94712346437 >>> Email - [email protected] >>> >> >> >> >> -- >> Dmitry Sotnikov >> VP of Cloud; WSO2, Inc.; http://wso2.com/ >> email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov >> Lean . Enterprise . Middleware >> >> <http://wso2.com/events/> >> > > > > -- > Dmitry Sotnikov > VP of Cloud; WSO2, Inc.; http://wso2.com/ > email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov > Lean . Enterprise . Middleware > > <http://wso2.com/events/> > -- Regards, Chamila Adhikarinayake Software Engineer WSO2, Inc. Mobile - +94712346437 Email - [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
