Yes , we can secure whatever REST API that is exposed within IS. *Harsha Thirimanna* Associate Tech Lead | WSO2
Email: [email protected] Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://wso2.com/signature> On Thu, Oct 20, 2016 at 10:54 PM, Gayan Gunawardana <[email protected]> wrote: > Can we secure SCIM endpoints with Generic Authentication Mechanism ? > > On Thu, Oct 20, 2016 at 9:38 PM, Isura Karunaratne <[email protected]> wrote: > >> Hi, >> >> >> On Thu, Oct 20, 2016 at 1:19 AM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> If there any REST API that already secured within itself the feature, >>> then we have to remove it and use this. As ex : DCR. in DCR we expect user >>> in request payload for now and that APIs are not secured. After apply this >>> we can remove the user from request payload and rely on this. And same as >>> we may have to check other REST APIs whether those are rely on any other >>> secure mechanism. >>> >>> @Isura, Can you please confirm in identity management REST API like >>> inforecovery ? >>> >> Yes. We need to secure recovery APIs and self-registration APIs ( >> *api/identity/recovery* and *api/identity/user*). >> >> Thanks >> Isura >> >>> >>> @Ayesha, >>> Ishara already test the DCR and you can fix that removing user in >>> payload, apply this and test. >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> Hi Ayesha, >>>> >>>> This feature provide a authentication layer in front of any unsecured >>>> REST APIs. So do we need to test this with all the REST APIs ? >>>> >>>> -Ishara >>>> >>>> >>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I have started testing the"Generic Authentication Mechanism to all the >>>>> REST APIs" feature [1] in IS-5.3.0. >>>>> Please mention details on REST APIs in IS services which needs to be >>>>> secured, so that I can test those APIs with this feature. >>>>> >>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>> >>>>> Thanks! >>>>> -Ayesha >>>>> >>>>> -- >>>>> *Ayesha Dissanayaka* >>>>> Software Engineer, >>>>> WSO2, Inc : http://wso2.com >>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>> 20, Palmgrove Avenue, Colombo 3 >>>>> E-Mail: [email protected] <[email protected]> >>>>> >>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>> >> > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
