Yes, this is a temporary solution. We should add to the IS framework. On Thu, Nov 10, 2016 at 9:14 PM, Malaka Silva <[email protected]> wrote:
> Yes we should do that. > > @Kathees - Did we create a redmine for this already? > Yes, there are redmines in IS for "Federated support of 2nd factor authenticators" [1], "Ability to define local authenticator (request path and otherwise) configurations from UI" [2], In this module, currently we are saving the configuration in registry for tenant based configuration and "Build authentication sequences based on various parameters" [3]. [1] - https://redmine.wso2.com/issues/5416 [2] - https://redmine.wso2.com/issues/5507 [3] - https://redmine.wso2.com/issues/5511 > > On Thu, Nov 10, 2016 at 7:27 AM, Harsha Thirimanna <[email protected]> > wrote: > >> Hi all, >> Let's consider these common stuff to the connectors as a part of the >> framework itself, because now connector team pack this common code module >> with each connector and duplicate with each. From C5 onward we can remove >> that from connector level and provide it from framework. >> WDYT ? >> >> On Nov 8, 2016 1:50 PM, "Kathees Rajendram" <[email protected]> wrote: >> >> The common module is released with federated authenticator support in >> multi factor authentication, locking user while applying wrong code in >> other steps and tenant based configuration for application authentication >> xml file. >> >> >> Thanks, >> Kathees >> >> On Fri, Nov 4, 2016 at 7:43 PM, Kathees Rajendram <[email protected]> >> wrote: >> >>> Hi Malaka, >>> >>> This is the common module [1] for the authenticators. I will release to >>> the nexus by Monday. >>> >>> [1] - https://github.com/wso2-extensions/identity-extension-utils >>> >>> Thanks, >>> Kathees >>> >>> On Fri, Nov 4, 2016 at 9:41 AM, Malaka Silva <[email protected]> wrote: >>> >>>> Hi Kathees, >>>> >>>> Did we release this? If not please update once done.. >>>> >>>> On Sat, Oct 8, 2016 at 6:51 AM, Malaka Silva <[email protected]> wrote: >>>> >>>>> My understanding here is what we try to do here is getting generic >>>>> methods (Utils) to a common module. Nothing more. >>>>> >>>>> Dynamic sequence is something that should be supported from IS product >>>>> framework in the future. >>>>> >>>>> On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna <[email protected]> >>>>> wrote: >>>>> >>>>>> This is kind of dynamic sequence bases on different factors like per >>>>>> user , per group , right ? >>>>>> Do you guys have concrete plan for this ? Then shall we discuss this >>>>>> design before jump to the code ? >>>>>> >>>>>> *Harsha Thirimanna* >>>>>> Associate Tech Lead | WSO2 >>>>>> >>>>>> Email: [email protected] >>>>>> Mob: +94715186770 >>>>>> Blog: http://harshathirimanna.blogspot.com/ >>>>>> Twitter: http://twitter.com/harshathirimann >>>>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>>>> rsha-thirimanna/10/ab8/122 >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> On Fri, Oct 7, 2016 at 12:10 PM, Kathees Rajendram <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Thanks for the comments and suggestions. >>>>>>> >>>>>>> The subject may be mislead. We need to create a utility component >>>>>>> with common use cases. Basically we are providing generalized component >>>>>>> and >>>>>>> the common use cases are applicable for most of authenticators. >>>>>>> >>>>>>> As you said, alternative authentication flow is not in authenticator >>>>>>> level and a use case for IS framework is, if we configure a >>>>>>> authenticator flow for particular SP, that will be applicable for all >>>>>>> users. Based on the user role or the policy, we need to have the a >>>>>>> authentication access model. For example:- For particular user group, we >>>>>>> need to enable two factor authenticator (Basic + SMS OTP), for other >>>>>>> user >>>>>>> group, we need to have Basic + other factor (Basic + RSA or Token2) and >>>>>>> for some other user group, we need basic or social login. This should be >>>>>>> configurable. >>>>>>> >>>>>>> We are building common use cases for the authenticators [1]. Please >>>>>>> add if anything, we can include in authentication level. >>>>>>> >>>>>>> [1] - https://store.wso2.com/store/assets/isconnector/list >>>>>>> >>>>>>> Thanks, >>>>>>> Kathees >>>>>>> >>>>>>> On Thu, Oct 6, 2016 at 2:43 PM, Ishara Karunarathna < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Malaka. >>>>>>>> >>>>>>>> On Thu, Oct 6, 2016 at 12:25 PM, Malaka Silva <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Oct 6, 2016 at 10:31 AM, Ishara Karunarathna < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Malaka. >>>>>>>>>> >>>>>>>>>> On Thu, Oct 6, 2016 at 9:42 AM, Malaka Silva <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Ishara, >>>>>>>>>>> >>>>>>>>>>> I guess the subject is bit misleading. What we are trying >>>>>>>>>>> to achieve here is to put common functionalities used by all / most >>>>>>>>>>> of the >>>>>>>>>>> IS extensions. >>>>>>>>>>> >>>>>>>>>>> For example we have done a improvement to totp to support multi >>>>>>>>>>> tenancy. These logic's are built into totp and that is wrong. So we >>>>>>>>>>> are >>>>>>>>>>> planning to have these in this module. >>>>>>>>>>> >>>>>>>>>> I think here you are trying to implement utility component to be >>>>>>>>>> used in authenticates. >>>>>>>>>> >>>>>>>>> yes >>>>>>>>> >>>>>>>>> >>>>>>>> Then +1 for have utility component with common usecases. >>>>>>>> >>>>>>>>> >>>>>>>>>>> On Thu, Oct 6, 2016 at 9:29 AM, Ishara Karunarathna < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi kathees, >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Oct 5, 2016 at 2:12 PM, Kathees Rajendram < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi All, >>>>>>>>>>>>> >>>>>>>>>>>>> I am working on creating common extension framework for IS >>>>>>>>>>>>> authenticators. >>>>>>>>>>>>> >>>>>>>>>>>> Can you explain more on this. What is the existing problem and >>>>>>>>>>>> how its going to fix this framework. >>>>>>>>>>>> >>>>>>>>>>>> At the moment we have authentication framework where we mainly >>>>>>>>>>>> handle the authentication related operations and Authenticators >>>>>>>>>>>> are one of the connectors that can be plugged in to >>>>>>>>>>>> authentication framework. >>>>>>>>>>>> So why do we need another framework for authenticates. >>>>>>>>>>>> >>>>>>>>>>>> And I think following items also more specific to authenticates >>>>>>>>>>>> and I don't think we can use them in all authenticates. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Ishara >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> In extension common framework, I am planing to add the >>>>>>>>>>>>> following features which can be reused in authenticators. >>>>>>>>>>>>> >>>>>>>>>>>>> - Federated authenticator support - Currently, two-factor >>>>>>>>>>>>> authenticator supports basic authenticator in the first step >>>>>>>>>>>>> and federated >>>>>>>>>>>>> authentication in first factor supports only in TOTP >>>>>>>>>>>>> authenticator. I am >>>>>>>>>>>>> planing to add this federated authenticator support in common >>>>>>>>>>>>> framework so >>>>>>>>>>>>> we can reuse in all two factor authenticators. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> - Account Lock/Unlock - Currently, we don't have any >>>>>>>>>>>>> limit for applying the code in two factor authenticator >>>>>>>>>>>>> authentication. I >>>>>>>>>>>>> am planing to add Lock a user account functionality [1] when >>>>>>>>>>>>> configurable >>>>>>>>>>>>> number of applying code attempts are exceeded in second step of >>>>>>>>>>>>> authentication. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> - Alternative authentication steps >>>>>>>>>>>>> >>>>>>>>>>>>> Backup Phone no - Add backup phone so user can >>>>>>>>>>>>> still sign in if user lose phone and add alternative step as >>>>>>>>>>>>> backup phone >>>>>>>>>>>>> no. >>>>>>>>>>>>> Backup codes - These printable one-off pass >>>>>>>>>>>>> codes allow you to sign in when away from your phone, like when >>>>>>>>>>>>> you’re >>>>>>>>>>>>> traveling. >>>>>>>>>>>>> Currently We have >>>>>>>>>>>>> similar functionality in SMS OTP authenticator,We will move to IS >>>>>>>>>>>>> authenticator common framework which can be used in other >>>>>>>>>>>>> authenticators. >>>>>>>>>>>>> >>>>>>>>>>>> Is this specific to a authinticator? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Yes I think above listed stuff are specific to each >>>>>>>>>> authenticators. >>>>>>>>>> For example if you think of Alternative authentication step, That >>>>>>>>>> alternative mechanism should have some relation with the >>>>>>>>>> the configured authenticators. >>>>>>>>>> Actually if should not be a functionality of the authenticator >>>>>>>>>> this is something we should implement introducing policy base >>>>>>>>>> dynamic authentication flows. Then we should be able to >>>>>>>>>> configures authenticates, alternative authenticates, Security levels >>>>>>>>>> etc. >>>>>>>>>> with a policy. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>> - HOTP and TOTP algorithm based code generation - We can >>>>>>>>>>>>> reuse OTP code generation in SMS [2] and Email OTP [3], TOTP >>>>>>>>>>>>> [4] >>>>>>>>>>>>> authenticators. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Supporting muti tenancy should be added. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Normally we associate an authenticator to a SP in a given tenant >>>>>>>>>> so do we need to handle tenancy in a authenticator level ? >>>>>>>>>> >>>>>>>>> No issues is how can we keep configuration bound to a tenant in >>>>>>>>> local authinticators. >>>>>>>>> >>>>>>>>> Eg:- Keep configs for the super teanant in local file and per >>>>>>>>> tenant in registry. >>>>>>>>> >>>>>>>> Yes this is some thing you can put in to your component. And better >>>>>>>> to put general requirements only to that. >>>>>>>> >>>>>>>> -Ishara >>>>>>>> >>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Ishara >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Please let me know if you have any concerns. >>>>>>>>>>>>> >>>>>>>>>>>>> [1] - https://docs.wso2.com/display/ >>>>>>>>>>>>> IS520/User+Account+Locking+and+Account+Disabling >>>>>>>>>>>>> >>>>>>>>>>>>> [2] - https://docs.wso2.com/display/ >>>>>>>>>>>>> ISCONNECTORS/Configuring+SMSOTP+Authenticator >>>>>>>>>>>>> >>>>>>>>>>>>> [3] - https://docs.wso2.com/display/ >>>>>>>>>>>>> ISCONNECTORS/Configuring+EmailOTP+Authenticator >>>>>>>>>>>>> >>>>>>>>>>>>> [4] - https://docs.wso2.com/displa >>>>>>>>>>>>> y/ISCONNECTORS/Configuring+TOTP+Authenticator >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Kathees >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Kathees >>>>>>>>>>>>> Software Engineer, >>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>> mobile: +94772596173 >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Ishara Karunarathna >>>>>>>>>>>> Associate Technical Lead >>>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>>>> >>>>>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>>>>>> mobile: +94717996791 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> Best Regards, >>>>>>>>>>> >>>>>>>>>>> Malaka Silva >>>>>>>>>>> Senior Technical Lead >>>>>>>>>>> M: +94 777 219 791 >>>>>>>>>>> Tel : 94 11 214 5345 >>>>>>>>>>> Fax :94 11 2145300 >>>>>>>>>>> Skype : malaka.sampath.silva >>>>>>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>>>>>> >>>>>>>>>>> WSO2, Inc. >>>>>>>>>>> lean . enterprise . middleware >>>>>>>>>>> https://wso2.com/signature >>>>>>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>>>>>> https://store.wso2.com/store/ >>>>>>>>>>> >>>>>>>>>>> Don't make Trees rare, we should keep them with care >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Ishara Karunarathna >>>>>>>>>> Associate Technical Lead >>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>> >>>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>>>> mobile: +94717996791 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Best Regards, >>>>>>>>> >>>>>>>>> Malaka Silva >>>>>>>>> Senior Technical Lead >>>>>>>>> M: +94 777 219 791 >>>>>>>>> Tel : 94 11 214 5345 >>>>>>>>> Fax :94 11 2145300 >>>>>>>>> Skype : malaka.sampath.silva >>>>>>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>>>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>>>>>> >>>>>>>>> WSO2, Inc. >>>>>>>>> lean . enterprise . middleware >>>>>>>>> https://wso2.com/signature >>>>>>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>>>>>> <http://wso2.com/about/team/malaka-silva/> >>>>>>>>> https://store.wso2.com/store/ >>>>>>>>> >>>>>>>>> Don't make Trees rare, we should keep them with care >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Ishara Karunarathna >>>>>>>> Associate Technical Lead >>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>> >>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com, >>>>>>>> mobile: +94717996791 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Kathees >>>>>>> Software Engineer, >>>>>>> email: [email protected] >>>>>>> mobile: +94772596173 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Best Regards, >>>>> >>>>> Malaka Silva >>>>> Senior Technical Lead >>>>> M: +94 777 219 791 >>>>> Tel : 94 11 214 5345 >>>>> Fax :94 11 2145300 >>>>> Skype : malaka.sampath.silva >>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>> >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> https://wso2.com/signature >>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>> <http://wso2.com/about/team/malaka-silva/> >>>>> https://store.wso2.com/store/ >>>>> >>>>> Don't make Trees rare, we should keep them with care >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Malaka Silva >>>> Senior Technical Lead >>>> M: +94 777 219 791 >>>> Tel : 94 11 214 5345 >>>> Fax :94 11 2145300 >>>> Skype : malaka.sampath.silva >>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>> Blog : http://mrmalakasilva.blogspot.com/ >>>> >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> https://wso2.com/signature >>>> http://www.wso2.com/about/team/malaka-silva/ >>>> <http://wso2.com/about/team/malaka-silva/> >>>> https://store.wso2.com/store/ >>>> >>>> Don't make Trees rare, we should keep them with care >>>> >>> >>> >>> >>> -- >>> Kathees >>> Software Engineer, >>> email: [email protected] >>> mobile: +94772596173 >>> >> >> >> >> -- >> Kathees >> Software Engineer, >> email: [email protected] >> mobile: +94772596173 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> >> > > > -- > > Best Regards, > > Malaka Silva > Senior Technical Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
