On Thu, Nov 10, 2016 at 9:22 AM, Johann Nallathamby <[email protected]> wrote:
> Hi Prabath, > > On Sat, Oct 22, 2016 at 2:33 AM, Prabath Siriwardana <[email protected]> > wrote: > >> Thanks! >> >> Few questions related to the certificate-based handler... >> >> 1. Why do we expect username to be passed along with the request and it's >> a must...? >> > > Yes. Username is not a must. As I have explained in my other mail, only if > we are going to do username based authorization then username is a must. In > that case it will fail at the authorization handler level. At this level it > will pass because the certificate is valid. > > >> 2. Also, we are not checking whether we have the original certificate - >> we only rely on the TLS mutual auth validation at the container level - >> which only checks whether the cert is trusted (signed by a trusted CA). >> That means anyone having a certificate from a trusted CA can invoke the API. >> > > Yes, we need validate that it's in our trust store also. > Do we have a public jira for this ? > > >> >> [1]: https://github.com/wso2-extensions/identity-carbon-auth >> -rest/blob/master/components/org.wso2.carbon.identity.auth.s >> ervice/src/main/java/org/wso2/carbon/identity/auth/service/h >> andler/impl/ClientCertificateBasedAuthenticationHandler.java >> >> Thanks & regards, >> -Prabath >> >> >> On Thu, Oct 20, 2016 at 7:36 PM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> Here is the git repo for the authentication layer >>> >>> https://github.com/wso2-extensions/identity-carbon-auth-rest >>> >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Fri, Oct 21, 2016 at 7:28 AM, Prabath Siriwardana <[email protected]> >>> wrote: >>> >>>> Can you please share the git repo where we have the code for the >>>> 'authentication layer'....? >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> On Thu, Oct 20, 2016 at 12:19 AM, Harsha Thirimanna <[email protected]> >>>> wrote: >>>> >>>>> If there any REST API that already secured within itself the feature, >>>>> then we have to remove it and use this. As ex : DCR. in DCR we expect user >>>>> in request payload for now and that APIs are not secured. After apply this >>>>> we can remove the user from request payload and rely on this. And same as >>>>> we may have to check other REST APIs whether those are rely on any other >>>>> secure mechanism. >>>>> >>>>> @Isura, Can you please confirm in identity management REST API like >>>>> inforecovery ? >>>>> >>>>> @Ayesha, >>>>> Ishara already test the DCR and you can fix that removing user in >>>>> payload, apply this and test. >>>>> >>>>> *Harsha Thirimanna* >>>>> Associate Tech Lead | WSO2 >>>>> >>>>> Email: [email protected] >>>>> Mob: +94715186770 >>>>> Blog: http://harshathirimanna.blogspot.com/ >>>>> Twitter: http://twitter.com/harshathirimann >>>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>>> rsha-thirimanna/10/ab8/122 >>>>> <http://wso2.com/signature> >>>>> >>>>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Ayesha, >>>>>> >>>>>> This feature provide a authentication layer in front of any unsecured >>>>>> REST APIs. So do we need to test this with all the REST APIs ? >>>>>> >>>>>> -Ishara >>>>>> >>>>>> >>>>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I have started testing the"Generic Authentication Mechanism to all >>>>>>> the REST APIs" feature [1] in IS-5.3.0. >>>>>>> Please mention details on REST APIs in IS services which needs to be >>>>>>> secured, so that I can test those APIs with this feature. >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>>>> >>>>>>> Thanks! >>>>>>> -Ayesha >>>>>>> >>>>>>> -- >>>>>>> *Ayesha Dissanayaka* >>>>>>> Software Engineer, >>>>>>> WSO2, Inc : http://wso2.com >>>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>>>> 20, Palmgrove Avenue, Colombo 3 >>>>>>> E-Mail: [email protected] <[email protected]> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ishara Karunarathna >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>> >>>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>>> +94717996791 >>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +1 650 625 7950 >>>> >>>> http://facilelogin.com >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://facilelogin.com >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
