Hi, On Wed, Mar 14, 2018 at 10:14 PM, Pushpalanka Jayawardhana <[email protected]> wrote:
> > > On Wed, Mar 14, 2018 at 10:09 PM, Pushpalanka Jayawardhana <[email protected] > > wrote: > >> Hi All, >> >> Tested OIDC hybrid flow with "code idtoken" response type. This is >> breaking with "Invalid response type" error message. >> Could do a bit of debugging and it seems that at [1], it failing to >> identify the existing key for "code idtoken" type. >> >> In the HashTable returned at >> OAuthServerConfiguration.getInstance().getSupportedResponseTypeValidators() >> execution, "code idtoken" key has the hashCode of '-1819461976' while >> input key 'code idtoken' produce the hashcode of '-732188021'. In plain >> Java code, if we generate the hashCode for 'code idtoken' it also generates >> this. This result in not identifying the sending response type properly. >> Appreciate if this can be further investigated. >> >> [1] - https://github.com/wso2-extensions/identity-inbound-auth- >> oauth/blob/5.6.x/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/oauth2/model/C >> arbonOAuthAuthzRequest.java#L49 >> > > Please ignore this, just realised it should be id_token. Sorry for the > noise. > Even with this fix the flow is failing with below error, java.lang.NullPointerException org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.getIdTokenFromRedirectURL(OAuth2AuthzEndpoint.java:2321) org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.storeSidClaim(OAuth2AuthzEndpoint.java:2225) org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.manageOIDCSessionState(OAuth2AuthzEndpoint.java:2050) org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleSuccessfulAuthentication(OAuth2AuthzEndpoint.java:607) org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleAuthenticationResponse(OAuth2AuthzEndpoint.java:574) org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:199) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214) javax.servlet.http.HttpServlet.service(HttpServlet.java:624) org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:85) org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124) This is only when the user login is performed in the flow. If the authorization request is sent in a browser where user is already loggedin, the issue is not occurring and flow works fine. > >> >> >> On Wed, Mar 14, 2018 at 7:52 PM, Sagara Gunathunga <[email protected]> >> wrote: >> >>> >>> >>> On Wed, Mar 14, 2018 at 7:46 PM, Jayanga Kaushalya <[email protected]> >>> wrote: >>> >>>> Hi Sagara, >>>> >>>> Yes I have suggested other teams also to follow the IS convention in >>>> [1]. APIM team told me offline that they already changed. Hope others will >>>> do the same. >>>> >>> >>> Great. >>> >>> Thanks ! >>> >>>> >>>> [1] [GDPR] Anonymization Tool default configurations/references are >>>> differed over the Products >>>> >>>> Thanks! >>>> >>>> *Jayanga Kaushalya* >>>> Senior Software Engineer >>>> Mobile: +94777860160 <+94%2077%20786%200160> >>>> WSO2 Inc. | http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> >>>> >>>> On Wed, Mar 14, 2018 at 7:37 PM, Sagara Gunathunga <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Mar 14, 2018 at 7:27 PM, Sathya Bandara <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> We are calling-off this vote as we have found an issue, >>>>>> >>>>>> - for user-mgt ui component in EI product >>>>>> - in Windows environment >>>>>> >>>>>> Since we want to align same component versions among EI & IS, we will >>>>>> fix this and update versions in IS as well. Additionally we will fix the >>>>>> issue in README.txt along with this. >>>>>> >>>>> Ruwan/Jayanga, shall we also look into the suggestion made by Lanka in >>>>> the "GDPR compliance for WSO2 products" thread ? >>>>> >>>>> Thanks ! >>>>> >>>>>> We will do a RC2 and call for a vote soon. >>>>>> >>>>>> [1] https://github.com/wso2/product-ei/issues/2004 >>>>>> >>>>>> On Wed, Mar 14, 2018 at 6:29 PM, Nilasini Thirunavukkarasu < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I have tested the following flows in mysql. >>>>>>> >>>>>>> - User management, role management (Primary + Secondary user >>>>>>> store) >>>>>>> - OIDC flow (password grant, authorization code)(Primary + >>>>>>> Secondary user store) >>>>>>> - consent management with SAML SSO for primary and secondary >>>>>>> users. >>>>>>> - SAML assertion encryption and response signing. >>>>>>> >>>>>>> >>>>>>> I have tested the following flow with h2 >>>>>>> >>>>>>> - federated scenario with two IS >>>>>>> >>>>>>> +1 to go ahead and release >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Nila. >>>>>>> >>>>>>> >>>>>>> On Wed, Mar 14, 2018 at 6:15 PM, Darshana Gunawardana < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Dilini, >>>>>>>> >>>>>>>> We will fix this, if we noted any blocker for RC1 release.. If not, >>>>>>>> let's continue on the vote considering this is a known issue.. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> On Wed, Mar 14, 2018 at 6:05 PM, Dilini Gunatilake < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> The README .txt contains references to old documentation and few >>>>>>>>> other issues which is reported in [1]. Better if we can fix those. >>>>>>>>> WDUT? >>>>>>>>> >>>>>>>>> [1] https://github.com/wso2/product-is/issues/2945 >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Dilini >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Mar 14, 2018 at 5:23 PM, Farasath Ahamed < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Tested Below scenario on the IS 5.5.0-RC1 pack with MSSQL database >>>>>>>>>> >>>>>>>>>> - Create an OAuth app using Dynamic Client Registration >>>>>>>>>> endpoint >>>>>>>>>> - Configured mandatory claims for the service provider >>>>>>>>>> - Tested OIDC Implicit flow with user consent management >>>>>>>>>> enabled >>>>>>>>>> - Verified that the user claims sent in the id_token are >>>>>>>>>> filtered based on user consent. >>>>>>>>>> >>>>>>>>>> +1 to go ahead and release >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Wed, Mar 14, 2018 at 11:16 AM, Sathya Bandara <[email protected] >>>>>>>>>> > wrote: >>>>>>>>>> >>>>>>>>>>> Hi all, >>>>>>>>>>> >>>>>>>>>>> We are pleased to announce the first release candidate of WSO2 >>>>>>>>>>> Identity Server 5.5.0. >>>>>>>>>>> >>>>>>>>>>> This is the first release candidate (RC) of the WSO2 Identity >>>>>>>>>>> Server 5.5.0 release. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This release fixes the following issues >>>>>>>>>>> >>>>>>>>>>> - 5.5.0-RC1 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1> >>>>>>>>>>> - 5.5.0-Beta fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta> >>>>>>>>>>> - 5.5.0-Alpha3 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3> >>>>>>>>>>> - 5.5.0-Alpha2 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2> >>>>>>>>>>> - 5.5.0-Alpha fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha> >>>>>>>>>>> - 5.5.0-M4 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4> >>>>>>>>>>> - 5.5.0-M3 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3> >>>>>>>>>>> - 5.5.0-M2 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2> >>>>>>>>>>> - 5.5.0-M1 fixes >>>>>>>>>>> >>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Source and distribution >>>>>>>>>>> >>>>>>>>>>> Runtime - https://github.com/wso2/produc >>>>>>>>>>> t-is/releases/tag/v5.5.0-rc1 >>>>>>>>>>> Analytics - https://github.com/wso2/analyt >>>>>>>>>>> ics-is/releases/tag/v5.5.0-rc1 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Please download, test the product and vote. >>>>>>>>>>> >>>>>>>>>>> [+] Stable - go ahead and release >>>>>>>>>>> [-] Broken - do not release (explain why) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> - WSO2 Identity and Access Management Team - >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Sathya Bandara >>>>>>>>>>> Software Engineer >>>>>>>>>>> WSO2 Inc. http://wso2.com >>>>>>>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>>>>>>>>> >>>>>>>>>>> <+94%2071%20411%205032> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Farasath Ahamed >>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>>> Mobile: +94777603866 >>>>>>>>>> Blog: blog.farazath.com >>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team* >>>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518> >>>>>>>>> [email protected] >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> >>>>>>>> >>>>>>>> *Darshana Gunawardana*Technical Lead >>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>> >>>>>>>> *E-mail: [email protected] <[email protected]>* >>>>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >>>>>>>> Middleware >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Nilasini Thirunavukkarasu >>>>>>> Software Engineer - WSO2 >>>>>>> >>>>>>> Email : [email protected] >>>>>>> Mobile : +94775241823 <+94%2077%20524%201823> >>>>>>> Web : http://wso2.com/ >>>>>>> >>>>>>> >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sathya Bandara >>>>>> Software Engineer >>>>>> WSO2 Inc. http://wso2.com >>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>>>> >>>>>> <+94%2071%20411%205032> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sagara Gunathunga >>>>> >>>>> Director; WSO2, Inc.; http://wso2.com >>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>> Blog ; http://ssagara.blogspot.com >>>>> Mobile : +9471 <+94%2071%20565%209887>2149951 >>>>> >>>>> >>>> >>> >>> >>> -- >>> Sagara Gunathunga >>> >>> Director; WSO2, Inc.; http://wso2.com >>> Linkedin; http://www.linkedin.com/in/ssagara >>> Blog ; http://ssagara.blogspot.com >>> Mobile : +9471 <+94%2071%20565%209887>2149951 >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> Thanks, >> -- >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >> ushpalanka/ | Twitter: @pushpalanka >> >> > > > -- > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/ > pushpalanka/ | Twitter: @pushpalanka > > -- Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
