Can we secure SCIM endpoints with Generic Authentication Mechanism ? On Thu, Oct 20, 2016 at 9:38 PM, Isura Karunaratne <[email protected]> wrote:
> Hi, > > > On Thu, Oct 20, 2016 at 1:19 AM, Harsha Thirimanna <[email protected]> > wrote: > >> If there any REST API that already secured within itself the feature, >> then we have to remove it and use this. As ex : DCR. in DCR we expect user >> in request payload for now and that APIs are not secured. After apply this >> we can remove the user from request payload and rely on this. And same as >> we may have to check other REST APIs whether those are rely on any other >> secure mechanism. >> >> @Isura, Can you please confirm in identity management REST API like >> inforecovery ? >> > Yes. We need to secure recovery APIs and self-registration APIs ( > *api/identity/recovery* and *api/identity/user*). > > Thanks > Isura > >> >> @Ayesha, >> Ishara already test the DCR and you can fix that removing user in >> payload, apply this and test. >> >> *Harsha Thirimanna* >> Associate Tech Lead | WSO2 >> >> Email: [email protected] >> Mob: +94715186770 >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> >> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi Ayesha, >>> >>> This feature provide a authentication layer in front of any unsecured >>> REST APIs. So do we need to test this with all the REST APIs ? >>> >>> -Ishara >>> >>> >>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> I have started testing the"Generic Authentication Mechanism to all the >>>> REST APIs" feature [1] in IS-5.3.0. >>>> Please mention details on REST APIs in IS services which needs to be >>>> secured, so that I can test those APIs with this feature. >>>> >>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>> >>>> Thanks! >>>> -Ayesha >>>> >>>> -- >>>> *Ayesha Dissanayaka* >>>> Software Engineer, >>>> WSO2, Inc : http://wso2.com >>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>> 20, Palmgrove Avenue, Colombo 3 >>>> E-Mail: [email protected] <[email protected]> >>>> >>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >> > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
