Yes we should do that. @Kathees - Did we create a redmine for this already?
On Thu, Nov 10, 2016 at 7:27 AM, Harsha Thirimanna <[email protected]> wrote: > Hi all, > Let's consider these common stuff to the connectors as a part of the > framework itself, because now connector team pack this common code module > with each connector and duplicate with each. From C5 onward we can remove > that from connector level and provide it from framework. > WDYT ? > > On Nov 8, 2016 1:50 PM, "Kathees Rajendram" <[email protected]> wrote: > > The common module is released with federated authenticator support in > multi factor authentication, locking user while applying wrong code in > other steps and tenant based configuration for application authentication > xml file. > > > Thanks, > Kathees > > On Fri, Nov 4, 2016 at 7:43 PM, Kathees Rajendram <[email protected]> > wrote: > >> Hi Malaka, >> >> This is the common module [1] for the authenticators. I will release to >> the nexus by Monday. >> >> [1] - https://github.com/wso2-extensions/identity-extension-utils >> >> Thanks, >> Kathees >> >> On Fri, Nov 4, 2016 at 9:41 AM, Malaka Silva <[email protected]> wrote: >> >>> Hi Kathees, >>> >>> Did we release this? If not please update once done.. >>> >>> On Sat, Oct 8, 2016 at 6:51 AM, Malaka Silva <[email protected]> wrote: >>> >>>> My understanding here is what we try to do here is getting generic >>>> methods (Utils) to a common module. Nothing more. >>>> >>>> Dynamic sequence is something that should be supported from IS product >>>> framework in the future. >>>> >>>> On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna <[email protected]> >>>> wrote: >>>> >>>>> This is kind of dynamic sequence bases on different factors like per >>>>> user , per group , right ? >>>>> Do you guys have concrete plan for this ? Then shall we discuss this >>>>> design before jump to the code ? >>>>> >>>>> *Harsha Thirimanna* >>>>> Associate Tech Lead | WSO2 >>>>> >>>>> Email: [email protected] >>>>> Mob: +94715186770 >>>>> Blog: http://harshathirimanna.blogspot.com/ >>>>> Twitter: http://twitter.com/harshathirimann >>>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>>> rsha-thirimanna/10/ab8/122 >>>>> <http://wso2.com/signature> >>>>> >>>>> On Fri, Oct 7, 2016 at 12:10 PM, Kathees Rajendram <[email protected]> >>>>> wrote: >>>>> >>>>>> Thanks for the comments and suggestions. >>>>>> >>>>>> The subject may be mislead. We need to create a utility component >>>>>> with common use cases. Basically we are providing generalized component >>>>>> and >>>>>> the common use cases are applicable for most of authenticators. >>>>>> >>>>>> As you said, alternative authentication flow is not in authenticator >>>>>> level and a use case for IS framework is, if we configure a >>>>>> authenticator flow for particular SP, that will be applicable for all >>>>>> users. Based on the user role or the policy, we need to have the a >>>>>> authentication access model. For example:- For particular user group, we >>>>>> need to enable two factor authenticator (Basic + SMS OTP), for other user >>>>>> group, we need to have Basic + other factor (Basic + RSA or Token2) and >>>>>> for some other user group, we need basic or social login. This should be >>>>>> configurable. >>>>>> >>>>>> We are building common use cases for the authenticators [1]. Please >>>>>> add if anything, we can include in authentication level. >>>>>> >>>>>> [1] - https://store.wso2.com/store/assets/isconnector/list >>>>>> >>>>>> Thanks, >>>>>> Kathees >>>>>> >>>>>> On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi Malaka. >>>>>>> >>>>>>> On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Malaka. >>>>>>>>> >>>>>>>>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi Ishara, >>>>>>>>>> >>>>>>>>>> I guess the subject is bit misleading. What we are trying >>>>>>>>>> to achieve here is to put common functionalities used by all / most >>>>>>>>>> of the >>>>>>>>>> IS extensions. >>>>>>>>>> >>>>>>>>>> For example we have done a improvement to totp to support multi >>>>>>>>>> tenancy. These logic's are built into totp and that is wrong. So we >>>>>>>>>> are >>>>>>>>>> planning to have these in this module. >>>>>>>>>> >>>>>>>>> I think here you are trying to implement utility component to be >>>>>>>>> used in authenticates. >>>>>>>>> >>>>>>>> yes >>>>>>>> >>>>>>>> >>>>>>> Then +1 for have utility component with common usecases. >>>>>>> >>>>>>>> >>>>>>>>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi kathees, >>>>>>>>>>> >>>>>>>>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi All, >>>>>>>>>>>> >>>>>>>>>>>> I am working on creating common extension framework for IS >>>>>>>>>>>> authenticators. >>>>>>>>>>>> >>>>>>>>>>> Can you explain more on this. What is the existing problem and >>>>>>>>>>> how its going to fix this framework. >>>>>>>>>>> >>>>>>>>>>> At the moment we have authentication framework where we mainly >>>>>>>>>>> handle the authentication related operations and Authenticators >>>>>>>>>>> are one of the connectors that can be plugged in to >>>>>>>>>>> authentication framework. >>>>>>>>>>> So why do we need another framework for authenticates. >>>>>>>>>>> >>>>>>>>>>> And I think following items also more specific to authenticates >>>>>>>>>>> and I don't think we can use them in all authenticates. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Ishara >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> In extension common framework, I am planing to add the >>>>>>>>>>>> following features which can be reused in authenticators. >>>>>>>>>>>> >>>>>>>>>>>> - Federated authenticator support - Currently, two-factor >>>>>>>>>>>> authenticator supports basic authenticator in the first step >>>>>>>>>>>> and federated >>>>>>>>>>>> authentication in first factor supports only in TOTP >>>>>>>>>>>> authenticator. I am >>>>>>>>>>>> planing to add this federated authenticator support in common >>>>>>>>>>>> framework so >>>>>>>>>>>> we can reuse in all two factor authenticators. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> - Account Lock/Unlock - Currently, we don't have any limit >>>>>>>>>>>> for applying the code in two factor authenticator >>>>>>>>>>>> authentication. I am >>>>>>>>>>>> planing to add Lock a user account functionality [1] when >>>>>>>>>>>> configurable >>>>>>>>>>>> number of applying code attempts are exceeded in second step of >>>>>>>>>>>> authentication. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> - Alternative authentication steps >>>>>>>>>>>> >>>>>>>>>>>> Backup Phone no - Add backup phone so user can >>>>>>>>>>>> still sign in if user lose phone and add alternative step as >>>>>>>>>>>> backup phone >>>>>>>>>>>> no. >>>>>>>>>>>> Backup codes - These printable one-off pass codes >>>>>>>>>>>> allow you to sign in when away from your phone, like when you’re >>>>>>>>>>>> traveling. >>>>>>>>>>>> Currently We have >>>>>>>>>>>> similar functionality in SMS OTP authenticator,We will move to IS >>>>>>>>>>>> authenticator common framework which can be used in other >>>>>>>>>>>> authenticators. >>>>>>>>>>>> >>>>>>>>>>> Is this specific to a authinticator? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Yes I think above listed stuff are specific to each >>>>>>>>> authenticators. >>>>>>>>> For example if you think of Alternative authentication step, That >>>>>>>>> alternative mechanism should have some relation with the >>>>>>>>> the configured authenticators. >>>>>>>>> Actually if should not be a functionality of the authenticator >>>>>>>>> this is something we should implement introducing policy base >>>>>>>>> dynamic authentication flows. Then we should be able to configures >>>>>>>>> authenticates, alternative authenticates, Security levels etc. >>>>>>>>> with a policy. >>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> - HOTP and TOTP algorithm based code generation - We can >>>>>>>>>>>> reuse OTP code generation in SMS [2] and Email OTP [3], TOTP [4] >>>>>>>>>>>> authenticators. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Supporting muti tenancy should be added. >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Normally we associate an authenticator to a SP in a given tenant >>>>>>>>> so do we need to handle tenancy in a authenticator level ? >>>>>>>>> >>>>>>>> No issues is how can we keep configuration bound to a tenant in >>>>>>>> local authinticators. >>>>>>>> >>>>>>>> Eg:- Keep configs for the super teanant in local file and per >>>>>>>> tenant in registry. >>>>>>>> >>>>>>> Yes this is some thing you can put in to your component. And better >>>>>>> to put general requirements only to that. >>>>>>> >>>>>>> -Ishara >>>>>>> >>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Ishara >>>>>>>>> >>>>>>>>> >>>>>>>>>> Please let me know if you have any concerns. >>>>>>>>>>>> >>>>>>>>>>>> [1] - https://docs.wso2.com/display/ >>>>>>>>>>>> IS520/User+Account+Locking+and+Account+Disabling >>>>>>>>>>>> >>>>>>>>>>>> [2] - https://docs.wso2.com/display/ >>>>>>>>>>>> ISCONNECTORS/Configuring+SMSOTP+Authenticator >>>>>>>>>>>> >>>>>>>>>>>> [3] - https://docs.wso2.com/display/ >>>>>>>>>>>> ISCONNECTORS/Configuring+EmailOTP+Authenticator >>>>>>>>>>>> >>>>>>>>>>>> [4] - https://docs.wso2.com/displa >>>>>>>>>>>> y/ISCONNECTORS/Configuring+TOTP+Authenticator >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Kathees >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Kathees >>>>>>>>>>>> Software Engineer, >>>>>>>>>>>> email: [email protected] >>>>>>>>>>>> mobile: +94772596173 >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Ishara Karunarathna >>>>>>>>>>> Associate Technical Lead >>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>>> >>>>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>>>>> mobile: +94717996791 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> Best Regards, >>>>>>>>>> >>>>>>>>>> Malaka Silva >>>>>>>>>> Senior Technical Lead >>>>>>>>>> M: +94 777 219 791 >>>>>>>>>> Tel : 94 11 214 5345 >>>>>>>>>> Fax :94 11 2145300 >>>>>>>>>> Skype : malaka.sampath.silva >>>>>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>>>>> >>>>>>>>>> WSO2, Inc. >>>>>>>>>> lean . enterprise . middleware >>>>>>>>>> https://wso2.com/signature >>>>>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>>>>> https://store.wso2.com/store/ >>>>>>>>>> >>>>>>>>>> Don't make Trees rare, we should keep them with care >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Ishara Karunarathna >>>>>>>>> Associate Technical Lead >>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>> >>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>>> mobile: +94717996791 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Best Regards, >>>>>>>> >>>>>>>> Malaka Silva >>>>>>>> Senior Technical Lead >>>>>>>> M: +94 777 219 791 >>>>>>>> Tel : 94 11 214 5345 >>>>>>>> Fax :94 11 2145300 >>>>>>>> Skype : malaka.sampath.silva >>>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>>> >>>>>>>> WSO2, Inc. >>>>>>>> lean . enterprise . middleware >>>>>>>> https://wso2.com/signature >>>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>>> https://store.wso2.com/store/ >>>>>>>> >>>>>>>> Don't make Trees rare, we should keep them with care >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ishara Karunarathna >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>> >>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>> mobile: +94717996791 >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Kathees >>>>>> Software Engineer, >>>>>> email: [email protected] >>>>>> mobile: +94772596173 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Malaka Silva >>>> Senior Technical Lead >>>> M: +94 777 219 791 >>>> Tel : 94 11 214 5345 >>>> Fax :94 11 2145300 >>>> Skype : malaka.sampath.silva >>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>> Blog : http://mrmalakasilva.blogspot.com/ >>>> >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> https://wso2.com/signature >>>> http://www.wso2.com/about/team/malaka-silva/ >>>> <http://wso2.com/about/team/malaka-silva/> >>>> https://store.wso2.com/store/ >>>> >>>> Don't make Trees rare, we should keep them with care >>>> >>> >>> >>> >>> -- >>> >>> Best Regards, >>> >>> Malaka Silva >>> Senior Technical Lead >>> M: +94 777 219 791 >>> Tel : 94 11 214 5345 >>> Fax :94 11 2145300 >>> Skype : malaka.sampath.silva >>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>> Blog : http://mrmalakasilva.blogspot.com/ >>> >>> WSO2, Inc. >>> lean . enterprise . middleware >>> https://wso2.com/signature >>> http://www.wso2.com/about/team/malaka-silva/ >>> <http://wso2.com/about/team/malaka-silva/> >>> https://store.wso2.com/store/ >>> >>> Don't make Trees rare, we should keep them with care >>> >> >> >> >> -- >> Kathees >> Software Engineer, >> email: [email protected] >> mobile: +94772596173 >> > > > > -- > Kathees > Software Engineer, > email: [email protected] > mobile: +94772596173 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
