@Omindu We have generated the key pair providing 'localhost' as the domain name and we are going to ship this key pair OOTB with the default pack. So any user can use this key pair for testing. If they want to configure it for different domain name, they have to generate a new key pair for that domain.
@Harsha reCaptcha requires internet connection, since the user validation depend on communication between Google. But we will make the filter more generic, so that we can add CAPTCHA as a connector. Thanks, On Wed, Jun 8, 2016 at 1:44 AM, Harsha Thirimanna <[email protected]> wrote: > Any plan to support *CAPTCHA *in IS without having internet connection ? > Because previous version of *CAPTCHA* is OOB service and now we are going > to use google service. Do we have way to install google service plugin or > something in offline within product ? > > > *Harsha Thirimanna* > Associate Tech Lead; WSO2, Inc.; http://wso2.com > * <http://www.apache.org/>* > *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 * > *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* > *harshathirimannlinked-in: **http: > <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 > <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* > > *Lean . Enterprise . Middleware* > > > On Wed, Jun 8, 2016 at 1:38 AM, Omindu Rathnaweera <[email protected]> > wrote: > >> First we need to register at [2] and create an API key pair for the >>> required domain. >> >> >> Should a product user generate their own key pair and configure the >> product prior to using reCaptcha ? >> >> Regards, >> Omindu. >> >> >> On Tue, Jun 7, 2016 at 11:33 PM, Thanuja Jayasinghe <[email protected]> >> wrote: >> >>> Hi All, >>> >>> I'm working on $subject. >>> >>> *Why reCaptcha?* >>> >>> *"reCAPTCHA is a free service that protects your website from spam and >>> abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive >>> CAPTCHAs to keep automated software from engaging in abusive activities on >>> your site. It does this while letting your valid users pass through with >>> ease." -Google[1]* >>> >>> >>> *How does reCaptcha works?* >>> >>> First we need to register at [2] and create an API key pair for the >>> required domain. The key pair consists of a site key and secret. The site >>> key used when we display reCaptcha widget on a page. After verification, >>> new parameter called 'g-recaptcha-response' will be available in the >>> form which user submits. From the server side we can verify that reCaptcha >>> response calling the Google API with the secret key. >>> >>> >>> *Where we're going to use reCaptcha?* >>> >>> Basically any place which can be vulnerable to Bots attack, >>> >>> 1. SSO login flow >>> 2. User recovery flows >>> 3. User registration flow >>> >>> >>> *Implementation* >>> >>> Conditions to enable reCaptcha is different from one scenario to >>> another. As an example user registration may enable reCaptcha by default, >>> but SSO login page may enable it after n failed attempts from a single >>> user. Also reCaptcha requirements may be different from one tenant to >>> another. >>> >>> So we have introduced filter called "ReCaptchaFilter" to intercept >>> requests and pass them to a reCaptcha connector which can handle a >>> particular scenario. Connector will provide following information to the >>> filter, >>> >>> - Whether the connector can handle the request >>> - Priority of the connector >>> - Whether the reCapatha verification is needed for the current >>> request >>> - Whether that attempt is a successful or not >>> >>> Based on above information filter will select a connector which can >>> handle the incoming request and will validate reCaptcha if needed. >>> >>> Also to keep this in a state less manner, IS will do following, >>> >>> - Will evaluate the need for reCaptcha at the server side >>> - Will inform and provide necessary data to the pages if server is >>> expecting reCaptha validation >>> >>> >>> *OOTB Connectors* >>> >>> IS will provide two reCpatcha connectors OOTB as " >>> SSOLoginReCaptchaConnector" and "PathBasedReCaptchaConnector", which >>> implement "ReCaptchaConnector" interface. These connectors also >>> implement "IdentityGovernanceConnector" to enable UI based >>> configuration management. >>> >>> SSOLoginReCaptchaConnector - Can enable reCaptcha after n number of >>> failed attempts form a single user. This connector does not depend on the >>> user agent and will take the sum of failed attempts from any agent. >>> PathBasedReCaptchaConnector - Can validate reCaptcha for a request >>> path. This will always validate reCaptcha for a given request path. >>> >>> >>> Appreciate your input. >>> >>> [1] - https://developers.google.com/recaptcha/intro >>> [2] - https://www.google.com/recaptcha/admin >>> >>> Thanks, >>> Thanuja >>> -- >>> *Thanuja Lakmal* >>> Senior Software Engineer >>> WSO2 Inc. http://wso2.com/ >>> *lean.enterprise.middleware* >>> Mobile: +94715979891 +94758009992 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
