The common module is released with federated authenticator support in multi factor authentication, locking user while applying wrong code in other steps and tenant based configuration for application authentication xml file.
Thanks, Kathees On Fri, Nov 4, 2016 at 7:43 PM, Kathees Rajendram <[email protected]> wrote: > Hi Malaka, > > This is the common module [1] for the authenticators. I will release to > the nexus by Monday. > > [1] - https://github.com/wso2-extensions/identity-extension-utils > > Thanks, > Kathees > > On Fri, Nov 4, 2016 at 9:41 AM, Malaka Silva <[email protected]> wrote: > >> Hi Kathees, >> >> Did we release this? If not please update once done.. >> >> On Sat, Oct 8, 2016 at 6:51 AM, Malaka Silva <[email protected]> wrote: >> >>> My understanding here is what we try to do here is getting generic >>> methods (Utils) to a common module. Nothing more. >>> >>> Dynamic sequence is something that should be supported from IS product >>> framework in the future. >>> >>> On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna <[email protected]> >>> wrote: >>> >>>> This is kind of dynamic sequence bases on different factors like per >>>> user , per group , right ? >>>> Do you guys have concrete plan for this ? Then shall we discuss this >>>> design before jump to the code ? >>>> >>>> *Harsha Thirimanna* >>>> Associate Tech Lead | WSO2 >>>> >>>> Email: [email protected] >>>> Mob: +94715186770 >>>> Blog: http://harshathirimanna.blogspot.com/ >>>> Twitter: http://twitter.com/harshathirimann >>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>> rsha-thirimanna/10/ab8/122 >>>> <http://wso2.com/signature> >>>> >>>> On Fri, Oct 7, 2016 at 12:10 PM, Kathees Rajendram <[email protected]> >>>> wrote: >>>> >>>>> Thanks for the comments and suggestions. >>>>> >>>>> The subject may be mislead. We need to create a utility component with >>>>> common use cases. Basically we are providing generalized component and the >>>>> common use cases are applicable for most of authenticators. >>>>> >>>>> As you said, alternative authentication flow is not in authenticator >>>>> level and a use case for IS framework is, if we configure a >>>>> authenticator flow for particular SP, that will be applicable for all >>>>> users. Based on the user role or the policy, we need to have the a >>>>> authentication access model. For example:- For particular user group, we >>>>> need to enable two factor authenticator (Basic + SMS OTP), for other user >>>>> group, we need to have Basic + other factor (Basic + RSA or Token2) and >>>>> for some other user group, we need basic or social login. This should be >>>>> configurable. >>>>> >>>>> We are building common use cases for the authenticators [1]. Please >>>>> add if anything, we can include in authentication level. >>>>> >>>>> [1] - https://store.wso2.com/store/assets/isconnector/list >>>>> >>>>> Thanks, >>>>> Kathees >>>>> >>>>> On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Malaka. >>>>>> >>>>>> On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Malaka. >>>>>>>> >>>>>>>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Ishara, >>>>>>>>> >>>>>>>>> I guess the subject is bit misleading. What we are trying >>>>>>>>> to achieve here is to put common functionalities used by all / most >>>>>>>>> of the >>>>>>>>> IS extensions. >>>>>>>>> >>>>>>>>> For example we have done a improvement to totp to support multi >>>>>>>>> tenancy. These logic's are built into totp and that is wrong. So we >>>>>>>>> are >>>>>>>>> planning to have these in this module. >>>>>>>>> >>>>>>>> I think here you are trying to implement utility component to be >>>>>>>> used in authenticates. >>>>>>>> >>>>>>> yes >>>>>>> >>>>>>> >>>>>> Then +1 for have utility component with common usecases. >>>>>> >>>>>>> >>>>>>>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi kathees, >>>>>>>>>> >>>>>>>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> I am working on creating common extension framework for IS >>>>>>>>>>> authenticators. >>>>>>>>>>> >>>>>>>>>> Can you explain more on this. What is the existing problem and >>>>>>>>>> how its going to fix this framework. >>>>>>>>>> >>>>>>>>>> At the moment we have authentication framework where we mainly >>>>>>>>>> handle the authentication related operations and Authenticators >>>>>>>>>> are one of the connectors that can be plugged in to >>>>>>>>>> authentication framework. >>>>>>>>>> So why do we need another framework for authenticates. >>>>>>>>>> >>>>>>>>>> And I think following items also more specific to authenticates >>>>>>>>>> and I don't think we can use them in all authenticates. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Ishara >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> In extension common framework, I am planing to add the >>>>>>>>>>> following features which can be reused in authenticators. >>>>>>>>>>> >>>>>>>>>>> - Federated authenticator support - Currently, two-factor >>>>>>>>>>> authenticator supports basic authenticator in the first step and >>>>>>>>>>> federated >>>>>>>>>>> authentication in first factor supports only in TOTP >>>>>>>>>>> authenticator. I am >>>>>>>>>>> planing to add this federated authenticator support in common >>>>>>>>>>> framework so >>>>>>>>>>> we can reuse in all two factor authenticators. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> - Account Lock/Unlock - Currently, we don't have any limit >>>>>>>>>>> for applying the code in two factor authenticator >>>>>>>>>>> authentication. I am >>>>>>>>>>> planing to add Lock a user account functionality [1] when >>>>>>>>>>> configurable >>>>>>>>>>> number of applying code attempts are exceeded in second step of >>>>>>>>>>> authentication. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> - Alternative authentication steps >>>>>>>>>>> >>>>>>>>>>> Backup Phone no - Add backup phone so user can >>>>>>>>>>> still sign in if user lose phone and add alternative step as backup >>>>>>>>>>> phone >>>>>>>>>>> no. >>>>>>>>>>> Backup codes - These printable one-off pass codes >>>>>>>>>>> allow you to sign in when away from your phone, like when you’re >>>>>>>>>>> traveling. >>>>>>>>>>> Currently We have >>>>>>>>>>> similar functionality in SMS OTP authenticator,We will move to IS >>>>>>>>>>> authenticator common framework which can be used in other >>>>>>>>>>> authenticators. >>>>>>>>>>> >>>>>>>>>> Is this specific to a authinticator? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Yes I think above listed stuff are specific to each authenticators. >>>>>>>> For example if you think of Alternative authentication step, That >>>>>>>> alternative mechanism should have some relation with the >>>>>>>> the configured authenticators. >>>>>>>> Actually if should not be a functionality of the authenticator >>>>>>>> this is something we should implement introducing policy base >>>>>>>> dynamic authentication flows. Then we should be able to configures >>>>>>>> authenticates, alternative authenticates, Security levels etc. >>>>>>>> with a policy. >>>>>>>> >>>>>>>>> >>>>>>>>>>> - HOTP and TOTP algorithm based code generation - We can >>>>>>>>>>> reuse OTP code generation in SMS [2] and Email OTP [3], TOTP [4] >>>>>>>>>>> authenticators. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Supporting muti tenancy should be added. >>>>>>>>> >>>>>>>>> >>>>>>>> Normally we associate an authenticator to a SP in a given tenant so >>>>>>>> do we need to handle tenancy in a authenticator level ? >>>>>>>> >>>>>>> No issues is how can we keep configuration bound to a tenant in >>>>>>> local authinticators. >>>>>>> >>>>>>> Eg:- Keep configs for the super teanant in local file and per >>>>>>> tenant in registry. >>>>>>> >>>>>> Yes this is some thing you can put in to your component. And better >>>>>> to put general requirements only to that. >>>>>> >>>>>> -Ishara >>>>>> >>>>>>> >>>>>>>> Thanks, >>>>>>>> Ishara >>>>>>>> >>>>>>>> >>>>>>>>> Please let me know if you have any concerns. >>>>>>>>>>> >>>>>>>>>>> [1] - https://docs.wso2.com/display/ >>>>>>>>>>> IS520/User+Account+Locking+and+Account+Disabling >>>>>>>>>>> >>>>>>>>>>> [2] - https://docs.wso2.com/display/ >>>>>>>>>>> ISCONNECTORS/Configuring+SMSOTP+Authenticator >>>>>>>>>>> >>>>>>>>>>> [3] - https://docs.wso2.com/display/ >>>>>>>>>>> ISCONNECTORS/Configuring+EmailOTP+Authenticator >>>>>>>>>>> >>>>>>>>>>> [4] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOT >>>>>>>>>>> P+Authenticator >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Kathees >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Kathees >>>>>>>>>>> Software Engineer, >>>>>>>>>>> email: [email protected] >>>>>>>>>>> mobile: +94772596173 >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Ishara Karunarathna >>>>>>>>>> Associate Technical Lead >>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>> >>>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>>>> mobile: +94717996791 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Best Regards, >>>>>>>>> >>>>>>>>> Malaka Silva >>>>>>>>> Senior Technical Lead >>>>>>>>> M: +94 777 219 791 >>>>>>>>> Tel : 94 11 214 5345 >>>>>>>>> Fax :94 11 2145300 >>>>>>>>> Skype : malaka.sampath.silva >>>>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>>>> >>>>>>>>> WSO2, Inc. >>>>>>>>> lean . enterprise . middleware >>>>>>>>> https://wso2.com/signature >>>>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>>>> https://store.wso2.com/store/ >>>>>>>>> >>>>>>>>> Don't make Trees rare, we should keep them with care >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Ishara Karunarathna >>>>>>>> Associate Technical Lead >>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>> >>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>> mobile: +94717996791 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Best Regards, >>>>>>> >>>>>>> Malaka Silva >>>>>>> Senior Technical Lead >>>>>>> M: +94 777 219 791 >>>>>>> Tel : 94 11 214 5345 >>>>>>> Fax :94 11 2145300 >>>>>>> Skype : malaka.sampath.silva >>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>> >>>>>>> WSO2, Inc. >>>>>>> lean . enterprise . middleware >>>>>>> https://wso2.com/signature >>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>> https://store.wso2.com/store/ >>>>>>> >>>>>>> Don't make Trees rare, we should keep them with care >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ishara Karunarathna >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>> >>>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>>> +94717996791 >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Kathees >>>>> Software Engineer, >>>>> email: [email protected] >>>>> mobile: +94772596173 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> Best Regards, >>> >>> Malaka Silva >>> Senior Technical Lead >>> M: +94 777 219 791 >>> Tel : 94 11 214 5345 >>> Fax :94 11 2145300 >>> Skype : malaka.sampath.silva >>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>> Blog : http://mrmalakasilva.blogspot.com/ >>> >>> WSO2, Inc. >>> lean . enterprise . middleware >>> https://wso2.com/signature >>> http://www.wso2.com/about/team/malaka-silva/ >>> <http://wso2.com/about/team/malaka-silva/> >>> https://store.wso2.com/store/ >>> >>> Don't make Trees rare, we should keep them with care >>> >> >> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Technical Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> https://wso2.com/signature >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> https://store.wso2.com/store/ >> >> Don't make Trees rare, we should keep them with care >> > > > > -- > Kathees > Software Engineer, > email: [email protected] > mobile: +94772596173 > -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
