Hi Malaka, This is the common module [1] for the authenticators. I will release to the nexus by Monday.
[1] - https://github.com/wso2-extensions/identity-extension-utils Thanks, Kathees On Fri, Nov 4, 2016 at 9:41 AM, Malaka Silva <[email protected]> wrote: > Hi Kathees, > > Did we release this? If not please update once done.. > > On Sat, Oct 8, 2016 at 6:51 AM, Malaka Silva <[email protected]> wrote: > >> My understanding here is what we try to do here is getting generic >> methods (Utils) to a common module. Nothing more. >> >> Dynamic sequence is something that should be supported from IS product >> framework in the future. >> >> On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> This is kind of dynamic sequence bases on different factors like per >>> user , per group , right ? >>> Do you guys have concrete plan for this ? Then shall we discuss this >>> design before jump to the code ? >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Fri, Oct 7, 2016 at 12:10 PM, Kathees Rajendram <[email protected]> >>> wrote: >>> >>>> Thanks for the comments and suggestions. >>>> >>>> The subject may be mislead. We need to create a utility component with >>>> common use cases. Basically we are providing generalized component and the >>>> common use cases are applicable for most of authenticators. >>>> >>>> As you said, alternative authentication flow is not in authenticator >>>> level and a use case for IS framework is, if we configure a >>>> authenticator flow for particular SP, that will be applicable for all >>>> users. Based on the user role or the policy, we need to have the a >>>> authentication access model. For example:- For particular user group, we >>>> need to enable two factor authenticator (Basic + SMS OTP), for other user >>>> group, we need to have Basic + other factor (Basic + RSA or Token2) and >>>> for some other user group, we need basic or social login. This should be >>>> configurable. >>>> >>>> We are building common use cases for the authenticators [1]. Please add >>>> if anything, we can include in authentication level. >>>> >>>> [1] - https://store.wso2.com/store/assets/isconnector/list >>>> >>>> Thanks, >>>> Kathees >>>> >>>> On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna <[email protected]> >>>> wrote: >>>> >>>>> Hi Malaka. >>>>> >>>>> On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Malaka. >>>>>>> >>>>>>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Ishara, >>>>>>>> >>>>>>>> I guess the subject is bit misleading. What we are trying >>>>>>>> to achieve here is to put common functionalities used by all / most of >>>>>>>> the >>>>>>>> IS extensions. >>>>>>>> >>>>>>>> For example we have done a improvement to totp to support multi >>>>>>>> tenancy. These logic's are built into totp and that is wrong. So we are >>>>>>>> planning to have these in this module. >>>>>>>> >>>>>>> I think here you are trying to implement utility component to be >>>>>>> used in authenticates. >>>>>>> >>>>>> yes >>>>>> >>>>>> >>>>> Then +1 for have utility component with common usecases. >>>>> >>>>>> >>>>>>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi kathees, >>>>>>>>> >>>>>>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> I am working on creating common extension framework for IS >>>>>>>>>> authenticators. >>>>>>>>>> >>>>>>>>> Can you explain more on this. What is the existing problem and how >>>>>>>>> its going to fix this framework. >>>>>>>>> >>>>>>>>> At the moment we have authentication framework where we mainly >>>>>>>>> handle the authentication related operations and Authenticators >>>>>>>>> are one of the connectors that can be plugged in to authentication >>>>>>>>> framework. >>>>>>>>> So why do we need another framework for authenticates. >>>>>>>>> >>>>>>>>> And I think following items also more specific to authenticates >>>>>>>>> and I don't think we can use them in all authenticates. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Ishara >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> In extension common framework, I am planing to add the following >>>>>>>>>> features which can be reused in authenticators. >>>>>>>>>> >>>>>>>>>> - Federated authenticator support - Currently, two-factor >>>>>>>>>> authenticator supports basic authenticator in the first step and >>>>>>>>>> federated >>>>>>>>>> authentication in first factor supports only in TOTP >>>>>>>>>> authenticator. I am >>>>>>>>>> planing to add this federated authenticator support in common >>>>>>>>>> framework so >>>>>>>>>> we can reuse in all two factor authenticators. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> - Account Lock/Unlock - Currently, we don't have any limit >>>>>>>>>> for applying the code in two factor authenticator authentication. >>>>>>>>>> I am >>>>>>>>>> planing to add Lock a user account functionality [1] when >>>>>>>>>> configurable >>>>>>>>>> number of applying code attempts are exceeded in second step of >>>>>>>>>> authentication. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> - Alternative authentication steps >>>>>>>>>> >>>>>>>>>> Backup Phone no - Add backup phone so user can >>>>>>>>>> still sign in if user lose phone and add alternative step as backup >>>>>>>>>> phone >>>>>>>>>> no. >>>>>>>>>> Backup codes - These printable one-off pass codes >>>>>>>>>> allow you to sign in when away from your phone, like when you’re >>>>>>>>>> traveling. >>>>>>>>>> Currently We have >>>>>>>>>> similar functionality in SMS OTP authenticator,We will move to IS >>>>>>>>>> authenticator common framework which can be used in other >>>>>>>>>> authenticators. >>>>>>>>>> >>>>>>>>> Is this specific to a authinticator? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Yes I think above listed stuff are specific to each authenticators. >>>>>>> For example if you think of Alternative authentication step, That >>>>>>> alternative mechanism should have some relation with the >>>>>>> the configured authenticators. >>>>>>> Actually if should not be a functionality of the authenticator this >>>>>>> is something we should implement introducing policy base >>>>>>> dynamic authentication flows. Then we should be able to configures >>>>>>> authenticates, alternative authenticates, Security levels etc. >>>>>>> with a policy. >>>>>>> >>>>>>>> >>>>>>>>>> - HOTP and TOTP algorithm based code generation - We can >>>>>>>>>> reuse OTP code generation in SMS [2] and Email OTP [3], TOTP [4] >>>>>>>>>> authenticators. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Supporting muti tenancy should be added. >>>>>>>> >>>>>>>> >>>>>>> Normally we associate an authenticator to a SP in a given tenant so >>>>>>> do we need to handle tenancy in a authenticator level ? >>>>>>> >>>>>> No issues is how can we keep configuration bound to a tenant in >>>>>> local authinticators. >>>>>> >>>>>> Eg:- Keep configs for the super teanant in local file and per tenant >>>>>> in registry. >>>>>> >>>>> Yes this is some thing you can put in to your component. And better to >>>>> put general requirements only to that. >>>>> >>>>> -Ishara >>>>> >>>>>> >>>>>>> Thanks, >>>>>>> Ishara >>>>>>> >>>>>>> >>>>>>>> Please let me know if you have any concerns. >>>>>>>>>> >>>>>>>>>> [1] - https://docs.wso2.com/display/ >>>>>>>>>> IS520/User+Account+Locking+and+Account+Disabling >>>>>>>>>> >>>>>>>>>> [2] - https://docs.wso2.com/display/ >>>>>>>>>> ISCONNECTORS/Configuring+SMSOTP+Authenticator >>>>>>>>>> >>>>>>>>>> [3] - https://docs.wso2.com/display/ >>>>>>>>>> ISCONNECTORS/Configuring+EmailOTP+Authenticator >>>>>>>>>> >>>>>>>>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>>>>>>>> P+Authenticator >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Kathees >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Kathees >>>>>>>>>> Software Engineer, >>>>>>>>>> email: [email protected] >>>>>>>>>> mobile: +94772596173 >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Ishara Karunarathna >>>>>>>>> Associate Technical Lead >>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>> >>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>>> mobile: +94717996791 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Best Regards, >>>>>>>> >>>>>>>> Malaka Silva >>>>>>>> Senior Technical Lead >>>>>>>> M: +94 777 219 791 >>>>>>>> Tel : 94 11 214 5345 >>>>>>>> Fax :94 11 2145300 >>>>>>>> Skype : malaka.sampath.silva >>>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>>> >>>>>>>> WSO2, Inc. >>>>>>>> lean . enterprise . middleware >>>>>>>> https://wso2.com/signature >>>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>>> https://store.wso2.com/store/ >>>>>>>> >>>>>>>> Don't make Trees rare, we should keep them with care >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ishara Karunarathna >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>> >>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>> mobile: +94717996791 >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Best Regards, >>>>>> >>>>>> Malaka Silva >>>>>> Senior Technical Lead >>>>>> M: +94 777 219 791 >>>>>> Tel : 94 11 214 5345 >>>>>> Fax :94 11 2145300 >>>>>> Skype : malaka.sampath.silva >>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>> >>>>>> WSO2, Inc. >>>>>> lean . enterprise . middleware >>>>>> https://wso2.com/signature >>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>> https://store.wso2.com/store/ >>>>>> >>>>>> Don't make Trees rare, we should keep them with care >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Associate Technical Lead >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Kathees >>>> Software Engineer, >>>> email: [email protected] >>>> mobile: +94772596173 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Technical Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> https://wso2.com/signature >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> https://store.wso2.com/store/ >> >> Don't make Trees rare, we should keep them with care >> > > > > -- > > Best Regards, > > Malaka Silva > Senior Technical Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
