Thanks! Few questions related to the certificate-based handler...
1. Why do we expect username to be passed along with the request and it's a must...? 2. Also, we are not checking whether we have the original certificate - we only rely on the TLS mutual auth validation at the container level - which only checks whether the cert is trusted (signed by a trusted CA). That means anyone having a certificate from a trusted CA can invoke the API. [1]: https://github.com/wso2-extensions/identity-carbon-auth-rest/blob/master/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/handler/impl/ClientCertificateBasedAuthenticationHandler.java Thanks & regards, -Prabath On Thu, Oct 20, 2016 at 7:36 PM, Harsha Thirimanna <[email protected]> wrote: > Here is the git repo for the authentication layer > > https://github.com/wso2-extensions/identity-carbon-auth-rest > > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: [email protected] > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Fri, Oct 21, 2016 at 7:28 AM, Prabath Siriwardana <[email protected]> > wrote: > >> Can you please share the git repo where we have the code for the >> 'authentication layer'....? >> >> Thanks & regards, >> -Prabath >> >> On Thu, Oct 20, 2016 at 12:19 AM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> If there any REST API that already secured within itself the feature, >>> then we have to remove it and use this. As ex : DCR. in DCR we expect user >>> in request payload for now and that APIs are not secured. After apply this >>> we can remove the user from request payload and rely on this. And same as >>> we may have to check other REST APIs whether those are rely on any other >>> secure mechanism. >>> >>> @Isura, Can you please confirm in identity management REST API like >>> inforecovery ? >>> >>> @Ayesha, >>> Ishara already test the DCR and you can fix that removing user in >>> payload, apply this and test. >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> Hi Ayesha, >>>> >>>> This feature provide a authentication layer in front of any unsecured >>>> REST APIs. So do we need to test this with all the REST APIs ? >>>> >>>> -Ishara >>>> >>>> >>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I have started testing the"Generic Authentication Mechanism to all the >>>>> REST APIs" feature [1] in IS-5.3.0. >>>>> Please mention details on REST APIs in IS services which needs to be >>>>> secured, so that I can test those APIs with this feature. >>>>> >>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>> >>>>> Thanks! >>>>> -Ayesha >>>>> >>>>> -- >>>>> *Ayesha Dissanayaka* >>>>> Software Engineer, >>>>> WSO2, Inc : http://wso2.com >>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>> 20, Palmgrove Avenue, Colombo 3 >>>>> E-Mail: [email protected] <[email protected]> >>>>> >>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://facilelogin.com >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://facilelogin.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
