Hi all, Giving a short update on $subject.
We are planning to incorporate this functionality to the next milestone of IS 5.3.0. Recently released Carbon Kernel v4.4.6 contains necessary fixes to make ClaimManager implementation pluggable. Finally there will be three claim manager implementations. - DefaultClaimManager : Existing claim manager which will be deprecated eventually - InMemoryClaimManager : New simple claim manager which will be used across the platform - DefaultClaimMetadataStore : Advanced claim manager which will be used only required products Default behaviour will be to use DefaultClaimManager and as mentioned by Madhuranga, setting the property "initializeNewClaimManager" in the user-mgt.xml allows to pick ClaimManager in this pluggable way. Implementation associated with DefaultClaimMetadataStore, will have features such as, - Only Claims in WSO2 dialect\Local Claims have mapping to user store attributes - Any claim in non WSO2 dialect\External Claim have a mapping to a claim in WSO2 dialect - Claims in WSO2 dialect\Local Claims can have multiple properties defines WIP implementation can be found in : https://github.com/darshanasbg/carbon-identity-framework/tree/IDENTITY-3486 Thanks, On Tue, May 31, 2016 at 11:12 PM, Darshana Gunawardana <[email protected]> wrote: > Hi, > > Currently ClaimManagerFactory[1] have following method, > > ClaimManager createClaimManager(int tenantId); > > Wouldn't it better to have the tenantDomain as the parameter of above > method instead of tenantId? > > [1] > https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/claim/ClaimManagerFactory.java#L29 > > Thanks, > > On Thu, Mar 10, 2016 at 4:45 PM, Maduranga Siriwardena <[email protected] > > wrote: > >> Hi, >> >> We want to add this feature to an upcoming kernel 4.4.x release. >> Following are the reasons: >> >> 1. Current claim management design is becoming more and more problematic >> for us. Users are finding lot of issues in configuring claim mappings for >> service providers. >> 2. This new implementation will be part of C5 based identity-framework >> which will be used by other products releasing this year on C5. >> >> Obviously since this needs some kernel changes we did a test to see if we >> can add this to kernel 4.4.x without breaking backward compatibility. In >> the process we had to do following two changes. >> >> - We have added setter methods for ClaimManager in DefaultRealm and >> UserStoreManager. These methods had to be public, however these will only >> be invoked from inside user.core. Since these are method additions they >> should be backward compatible. >> - We have added a backward compatible property to user-mgt.xml and >> based on this property ClaimManager will be initialized to the new >> implementation or the previous implementation in DefaultRealm. Only IS >> will >> go with this property set to true. Other products can remain as they are. >> >> We are looking forward for a positive response. >> >> On Thu, Aug 13, 2015 at 3:35 PM, Chanuka Dissanayake <[email protected]> >> wrote: >> >>> >>> Hi All, >>> >>> I have completed the implementations on $subject and the following >>> content contains the details about it. >>> >>> Target Version: IS 5.2.0 >>> >>> >>> *Problems* >>> >>> >>> - >>> >>> Right now we must define mapped attribute for each non-wso2 claim in >>> order to work. Ideally when we say claim mappings, the relationship must >>> be >>> between 2 claims - wso2 and non-wso2. Mapped attributes should be defined >>> only for wso2 claim, and transitively it becomes the mapped attribute for >>> non-wso2 claims. >>> >>> >>> >>> - >>> >>> Custom meta data cannot be added for the claim. Only default meta >>> data are available for every claim. Which are, >>> - >>> >>> Display Name >>> - >>> >>> Description >>> - >>> >>> Regular Expression >>> - >>> >>> Display Order >>> - >>> >>> Supported by Default >>> - >>> >>> Required >>> - >>> >>> Read-only >>> >>> *Objectives* >>> >>> >>> - >>> >>> Remove the attribute/claim mapping for non-wso2 dialects. Only WSO2 >>> dialect will have the attribute mapping. Rest of the dialects will refer >>> the WSO2 claim dialect When creating a new dialect or new claims, wso2 >>> claim should be selected as the mapped attribute for that claim.Therefore >>> we can have claim-to-claim mappings between wso2 dialect and other >>> dialects. >>> - >>> >>> Allow custom meta data to defined for each claim other than the >>> default metadata. >>> - >>> >>> Keep only file based claim mapping on the user.core side and >>> decouple the database claim mapping from user.core and move to >>> identity.claim.mgt side. Only identity.claim.mgt will be aware about the >>> metadata info. >>> - >>> >>> Improve claim management UI for user store based claims. >>> >>> >>> ImplementationClaim Manager implementation. >>> >>> [image: Class Diagram - ClaimManager.jpg] >>> >>> >>> >>> - >>> >>> ClaimManagerFactory will register as an osgi service and >>> ClaimManagerFactory will return a separate ClaimManager instance for each >>> tenant. >>> - >>> >>> user.core will check whether there are any ClaimManagerFactory >>> services registered, if not it will return a new DefaultClaimManager, >>> otherwise it will return an IdentityMgtClaimManager for each tenant. >>> >>> >>> >>> >>> [image: Factory class.png] >>> >>> >>> >>> - >>> >>> From user.core, the dao functionalities will be removed and moved to >>> Identity claim management. >>> - >>> >>> The user.core claims will be stored in memory. DefaultClaimManager >>> will be a file based claim manager. >>> - >>> >>> Reading the claim-config.xml and parsing it as claimConfig object >>> will be done by the user.core. >>> - >>> >>> All the CRUD operations with the database will be handled by the >>> identity.claim.mgt. >>> - >>> >>> Once the claims are received from the user.core, Identity claim >>> manager will categorize the claims (local and additional claims) and >>> prepare claim mappings. >>> >>> >>> Database level changes >>> >>> - >>> >>> UM_CLAIM table normalized into four tables >>> >>> >>> [image: 1.png] >>> >>> >>> - >>> >>> UM_CLAIM >>> >>> >>> [image: 2.png] >>> >>> >>> - >>> >>> UM_CLAIM_MAPPING, will hold the relationship between local claims >>> and other claims >>> >>> >>> [image: 3.png] >>> >>> >>> >>> >>> - >>> >>> UM_CLAIM_MAPPED_ATTRIBUTE, will hold the mapped attributes of local >>> claims >>> >>> >>> [image: 4.png] >>> >>> >>> - >>> >>> UM_CLAIM_META_DATA , will hold the metadata information of claims >>> >>> >>> [image: 5.png] >>> >>> user.api changes >>> >>> - >>> >>> Claim (C)- only contains claimUri to uniquely identify a given claim >>> and the value of the claim. Which previously contains, >>> >>> >>> >>> - private String *claimUri*; >>> - private boolean readOnly; >>> - private boolean checkedAttribute; >>> - private String displayTag; >>> - private String description; >>> - private boolean supportedByDefault; >>> - private boolean required; >>> - private String regEx; >>> - private String dialectURI; >>> - private String *value*; >>> - private int displayOrder; >>> >>> >>> >>> >>> - ClaimManager (I)- Some methods are removed which were involved >>> with dialects and meta data retrieval. Which are, >>> >>> >>> - ClaimMapping[] getAllRequiredClaimMappings(). >>> - ClaimMapping[] getAllSupportClaimMappingsByDefault(). >>> - ClaimMapping[] getAllClaimMappings(String dialectUri) >>> >>> user.core changes >>> >>> + FileBasedClaimbuilder (C) - read claimConfig.xml and prepare >>> claimConfig objects with claim and meta data information. >>> >>> + ClaimManagerFactory (I) - to return tenant-specific claim manager >>> object. >>> >>> + ClaimConfig (C) - to hold the claim and meta data info. >>> identtity.claim.mgt.ui >>> >>> - >>> >>> When creating a new dialect or new(non-wso2) claim, a wso2(local) >>> claim needs to be selected from the list. >>> >>> >>> >>> [image: 6.png] >>> >>> >>> >>> - >>> >>> Improved claim management UI for user store based claims. >>> >>> >>> [image: Untitled-2 copy1.jpg] >>> >>> Thanks and Regards, Chanuka. >>> -- >>> Chanuka Dissanayake >>> *Software Engineer | **WSO2 Inc.*; http://wso2.com >>> >>> Mobile: +94 71 33 63 596 >>> Email: [email protected] >>> >>> -- >>> Chanuka Dissanayake >>> *Software Engineer | **WSO2 Inc.*; http://wso2.com >>> >>> Mobile: +94 71 33 63 596 >>> Email: [email protected] >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Maduranga Siriwardena >> Software Engineer >> WSO2 Inc. >> >> email: [email protected] >> mobile: +94718990591 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: [email protected] <[email protected]>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > -- Regards, *Darshana Gunawardana*Associate Technical Lead WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
