Hi, This is an update on this idea :
Currently I have progressed with this in the following manner. As per discussions with several other colleagues, we have determined that it would be prudent to proceed with introducing a unique identifier for users. This unique identifier (call it uid - not to be confused with the LDAP username attribute uid) will be mapped to each user, by their full qualified user name ( username, tenant id, userstore domain name all together). This mapping will be stored in a new table in the internal H2 Database with the name UM_UID_USER. To manage this, I have created a default claim in the wso2 default claim dialect for the attribute 'uid'. And in both ReadWriteLDAPUserStoreManager and JDBCUserStoreManager classes, I have implemented checks to see if the users are trying to set this claim a new value. And if so, the usernames will be updated accordingly in the back end. The UserOperationsEventListener that I created, will then be running postSetUserClaimValues methods to update the internal database on the change of the mapping. It will also run a postAddUser method with creating a new entry in the internal database mapping table. Furthermore, any feature or external party looking to refer to the same user will have to use the said unique identifier value instead of the username. Any comments regarding this will be highly appreciated. On Wed, May 20, 2015 at 9:13 PM, Damith Senanayake <[email protected]> wrote: > Something is wrong with the images. Please find the attached in order for > the above mail.. > > On Wed, May 20, 2015 at 9:09 PM, Damith Senanayake <[email protected]> > wrote: > >> sure Dulanja, >> >> I'm not sure if I am phrasing it correctly. Think of it this way, for the >> purposes within the IDP (in this case the IS) we always draw user >> information from the data-stores. Other than the caches, the persistent >> information about users are linked to the key of the user identifier >> (currently the user name). So suppose you want to get a certain default >> claim value (for example), you refer to that information by the username. >> So if the username changes, still, you're referring to the same entry, as >> the reference within the IDP has changed. >> >> However, if there is an identity client who tries to access the user >> information, after storing it with themselves, and the username changes >> from the end of the IDP, the client now has no way of knowing that the >> username is changed. Therefore the next time the client tries to refer to >> the same user's information through the IDP, the IDP will not know what the >> ID Client is asking about as it is now no longer the reference for that >> user. >> >> Needless to say, I dived in to the code fairly recently, and this is the >> idea that I got, do correct me if I am wrong. :) >> >> >> >> >> The above diagram shows the current scenario. So if the username changes >> in the IDP, the client doesn't get to call on the information, right? >> >> So what we're trying to do is this... >> >> So this uid to/from username mapping is the one that we have to implement >> (I think). Is there any better way to go about it? >> >> >> >> >> On Wed, May 20, 2015 at 4:34 PM, Dulanja Liyanage <[email protected]> >> wrote: >> >>> Hi Damith, >>> >>> Can you please clarify what are "internal references" and "external >>> references"? An example would be helpful. >>> >>> Thanks, >>> Dulanja >>> >>> On Wed, May 20, 2015 at 4:17 PM, Damith Senanayake <[email protected]> >>> wrote: >>> >>>> Hi everyone, >>>> >>>> Currently the User Management aspects of the WSO2 Carbon platform >>>> doesn't provide the ability to rename the existing users. Currently all >>>> internal and external references to a user entry in a User Store is done by >>>> accessing the user entry by its "UserName" attribute. Therefore, the issue >>>> arises, when the UserName attribute is changed, although it may not affect >>>> internal references, the external references will not be able to map to the >>>> same user. >>>> >>>> I am currently implementing a feature to be able to change the username >>>> of a user. With this, the references to a user shall be done externally >>>> using a unique user identifier ("uid") and for internal references, the >>>> same username attribute can be used without an issue. >>>> >>>> I would be grateful for any comments and guidelines regarding the >>>> matter, as I wish to implement this as my training project. >>>> >>>> Thanks, >>>> >>>> -- >>>> *-Damith Senanayake-* >>>> +94712205272 >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Dulanja Liyanage >>> WSO2 Inc. >>> M: +94776764717 >>> >> >> >> >> -- >> *-Damith Senanayake-* >> +94712205272 >> > > > > -- > *-Damith Senanayake-* > +94712205272 > -- *-Damith Senanayake-* +94712205272
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
