Hi all, Thanks for the comments.
According to them, we are going to move the finding of users for multiple claims to the Identity store connector level. eg: We pass the claim list to the connector level JDBC and iterate through claims and get only the relevant users. For that, - First we implement a method* public List<User> listUsers(List<Claim> claims, int offset, int length, String domainName) throws IdentityStoreException;* in the IdentityStoreImpl <https://github.com/wso2/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/impl/IdentityStoreImpl.java>in org.wso2.carbon.identity.mgt - It will then call a method, *private List<User> doListUsers(List<Claim> claims, int offset, int length, Domain domain) throws IdentityStoreServerException * - Inside that we call *List<String> matchedDomainUserIds = domain.listDomainUsers(List<Claim> claims, offset, length);* to listDomainUsers in Domain.java <https://github.com/wso2/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/impl/Domain.java> will take the whole list of claims. - In the IdentityStoreConnector <https://github.com/wso2/carbon-identity-mgt/tree/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/connector> we will implement a method which will pass the set of claims to get get the userIds to the connect level eg. JDBC or LDAP For the connector level stuff, initially, we will implement this for JDBC Connectors in the *https://github.com/wso2-extensions/carbon-security-user-store-jdbc <https://github.com/wso2-extensions/carbon-security-user-store-jdbc> repository.* This is the plan for the above implementation. Hope this will help in our other future coding stuff as well. Please leave me any suggestions and comments on this plan. :) ! ​Thanks. Dina. On Fri, Feb 3, 2017 at 10:53 AM, Danushka Fernando <[email protected]> wrote: > On Thu, Feb 2, 2017 at 9:10 PM, Isura Karunaratne <[email protected]> wrote: > >> >> Hi Dinali, >> >> On Thu, Feb 2, 2017 at 7:55 PM Dinali Dabarera <[email protected]> wrote: >> >>> Hi all, >>> >>> In Username Recovery, I need to find a User which is available for >>> multiple claims. >>> So what I do now is, >>> >>> *Without considering the domains I go through whole users. * >>> * |* >>> * |_ Check for users (100) per claim. ( Default I have 3 claims) -> >>> *getUserList(String >>> claimUri, String value) >>> * |* >>> * |_ Then match the common users for all claims* >>> * |* >>> * |_ If one user found, send the username to >>> the user,* >>> * If multiple found, Notify user.* >>> >>> I think this procedure has too much work to do. >>> >>> But I think it is better to have a method called >>> *getUserList(ArrayList<UserClaims>) >>> *with domain or across all domain from the userstore directly than >>> comparing as above. >>> >>> Please leave me comments on this. >>> >> >> +1 for supporting new method in Identity Store level. >> > IMO we should think whether this is an useful operation for Identity > Store. For me also seems to be useful. So +1. And then when implementing, > it should be *getUserList(List<UserClaims>)* not > *getUserList(ArrayList<UserClaims>)*. > >> >> Thanks >> Isura. >> >>> >>> Thanks. >>> >>> >>> On Fri, Jan 27, 2017 at 3:03 PM, Dinali Dabarera <[email protected]> >>> wrote: >>> >>> Hi all, >>> >>> Thanks for the comments! >>> >>> We will implement those in our future releases. >>> >>> On Tue, Jan 24, 2017 at 11:36 AM, Shani Ranasinghe <[email protected]> >>> wrote: >>> >>> >>> >>> On Sat, Jan 21, 2017 at 8:20 PM, Imesh Chandrasiri <[email protected]> >>> wrote: >>> >>> Hi, >>> >>> +1 for having a recovery option selection such as Facebook does. In any >>> case where user no longer have access to his/her email address, selecting a >>> secondary option would be beneficial. >>> >>> On Sat, Jan 21, 2017 at 6:10 PM, Pubudu Gunatilaka <[email protected]> >>> wrote: >>> >>> Hi, >>> >>> What is the possibility of selecting a recovery option such as email or >>> mobile? >>> >>> When a user is matched to the given information, what if we provide >>> possible recovery options such as sending details to the email address or >>> to the mobile number which is already given? >>> >>> +1, we could also consider using the security questions/ or verifying >>> the mobile number registered with the account, if the above is not >>> available like google does. >>> >>> >>> Thank you! >>> >>> On Sat, Jan 21, 2017 at 4:20 PM, Pushpalanka Jayawardhana < >>> [email protected]> wrote: >>> >>> Hi All, >>> >>> On Sat, Jan 21, 2017 at 1:35 PM, Isura Karunaratne <[email protected]> >>> wrote: >>> >>> Hi Dinali, >>> >>> On Sat, Jan 21, 2017 at 12:33 PM, Dinali Dabarera <[email protected]> >>> wrote: >>> >>> Hi all, >>> >>> We are working on implementing username recovery feature for IS 6.0.0 >>> >>> *The admin has to enable the Username Recovery* >>> >>> >>> *When Username Recovery enabled:* >>> >>> - User portal user can click on the forget username option. >>> - The User can enter his details of the default profile. >>> - The System will match the entered details with the claims >>> available and if they matched, the relevant username will email to his >>> email address and prompt a notification saying that an email is sent to >>> his >>> mail. >>> - If it doesn't match, the user will notify telling that relevant >>> user is not registered in the system. >>> >>> We need to inform user, if multiple users matching to the given >>> criteria. Then the user can fiill additional details to recover username. >>> >>> We should have a mechanism like captcha verification here, to avoid >>> possible brute force attack. >>> >>> >>> >>> *When Username Recovery is disabled:* >>> >>> - User portal user may not be able to recover his username. >>> - The User needs to contact the admin of the system to recover his >>> username. >>> >>> The admin enables the username recovery in the identity.yaml file for >>> the users in the domain. Since we have different user stores available in >>> IS 6.0.0, >>> *Does the admin need to enable username recovery in user store >>> wise or Does he need to configure it for the whole domain at once?* >>> >>> >>> We need to have a global configuration identity.yaml file for all the >>> domains. It is better to have domain/roles/group wise configuration for all >>> the identity managment scenarios like account lock, password policy, >>> password recovery, idle account suspenstion, force password reset, user >>> onbording with ask paassword. >>> >>> >>> Thanks >>> Isura. >>> >>> >>> Please provide us your comments on this point. >>> >>> Thanks, >>> >>> Dina. >>> -- >>> *Dinali Rosemin Dabarera* >>> Software Engineer >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : [email protected] >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 <+94%2077%20019%208933> >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >>> >>> Thanks, >>> -- >>> Pushpalanka. >>> -- >>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>> Mobile: +94779716248 >>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >>> ushpalanka/ | Twitter: @pushpalanka >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >>> >>> >>> -- >>> *Pubudu Gunatilaka* >>> Committer and PMC Member - Apache Stratos >>> Software Engineer >>> WSO2, Inc.: http://wso2.com >>> mobile : +94774078049 <%2B94772207163> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >>> >>> >>> -- >>> *Thanks and Best Regards,* >>> Imesh Ashandimal Chandrasiri >>> *Software Engineer* >>> WSO2, Inc. >>> lean . enterprise . middleware >>> *E:* [email protected] | *P:* 0716519187 >>> >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >>> >>> >>> -- >>> Thanks and Regards >>> *,Shani Ranasinghe* >>> Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: +94 77 2273555 <+94%2077%20227%203555> >>> Blog: http://waysandmeans.blogspot.com/ >>> linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >>> >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Software Engineer >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : [email protected] >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 <+94%2077%20019%208933> >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Software Engineer >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : [email protected] >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 <+94%2077%20019%208933> >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >> >> *Isura Dilhara Karunaratne* >> Senior Software Engineer | WSO2 >> Email: [email protected] >> Mob : +94 772 254 810 <+94%2077%20225%204810> >> Blog : http://isurad.blogspot.com/ >> >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> Thanks & Regards > Danushka Fernando > Senior Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 <+94%2071%20633%202729> > -- *Dinali Rosemin Dabarera* Software Engineer WSO2 Lanka (pvt) Ltd. Web: http://wso2.com/ Email : [email protected] LinkedIn <https://lk.linkedin.com/in/dinalidabarera> Mobile: +94770198933 <+94%2077%20019%208933> <https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
