Hi, In the original design we are calling OSGI services from a class on the BE server. The flow is to retrieve the questions from the OSGi service send it to the FE. I would prefer this method over calling admin services because it means the JSP applications needs to store Admin credentials in a config file leading to even more concerns.
thanks, Dimuthu On Wed, May 30, 2018 at 2:15 PM, Rosen Silva <[email protected]> wrote: > Hi, > > @Farasath: We can call the related OSGi services and get the challenge > questions. > > It is also possible to authenticate the Admin service without a cookie by > using the following authenticate method used in > UserIdentityManagementAdminServiceClient [1 > <https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint/src/main/java/org/wso2/carbon/identity/mgt/endpoint/serviceclient/UserIdentityManagementAdminServiceClient.java>], > [2 > <https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint/src/main/java/org/wso2/carbon/identity/mgt/endpoint/IdentityManagementServiceUtil.java> > ]. > > public UserIdentityManagementAdminServiceClient() throws AxisFault { > > stub = new UserIdentityManagementAdminServiceStub(serviceURL); > ServiceClient client = stub._getServiceClient(); > IdentityManagementServiceUtil.getInstance().authenticate(client); > } > > public void authenticate(ServiceClient client) { > Options option = client.getOptions(); > HttpTransportProperties.Authenticator auth = new > HttpTransportProperties.Authenticator(); > auth.setUsername(accessUsername); > auth.setPassword(accessPassword); > auth.setPreemptiveAuthentication(true); > > option.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, > auth); > option.setManageSession(true); > } > > Is it a good idea to use a similar authentication method as above > UserIdentityManagementAdminServiceClient to retrieve challenge questions? > > > [1] https://github.com/wso2/carbon-identity-framework/ > blob/master/components/identity-mgt/org.wso2.carbon. > identity.mgt.endpoint/src/main/java/org/wso2/carbon/identity/mgt/endpoint/ > serviceclient/UserIdentityManagementAdminServiceClient.java > [2] https://github.com/wso2/carbon-identity-framework/ > blob/master/components/identity-mgt/org.wso2.carbon. > identity.mgt.endpoint/src/main/java/org/wso2/carbon/identity/mgt/endpoint/ > IdentityManagementServiceUtil.java > > Thanks and regards, > > On Wed, May 30, 2018 at 5:23 AM Farasath Ahamed <[email protected]> > wrote: > >> >> >> On Tuesday, May 29, 2018, Rosen Silva <[email protected]> wrote: >> >>> Hi All, >>> >>> I'm implementing a feature for IS 5.5.0 to force users to add answers to >>> challenge questions. >>> This feature is implemented using PostAuthenticationHandler. >>> >>> The logic executes in the following order, >>> * Check whether the user has already added the answers from the post >>> authenticator >>> * If not, redirect users to a webpage (JSP file) to get the answers to >>> the challenge questions >>> * Check whether users have added the challenge questions >>> * Let users log in to sp if the user has filled the answers to challenge >>> questions >>> >>> >>> Clarifications with implementing the JSP page for retrieving and >>> updating answers to challenge questions >>> >>> AFAIK we can't use admin service for retrieve and update security >>> questions since we don't have the cookie while in the post-authentication >>> flow. >>> One possibility is to send the challenge questions to the webpage with >>> the HTTP serverlet request and get the answers back to post authentication >>> handler through serverlet response and add the answers to the challenge >>> questions. >>> >> Can you explain how we plan to retrieve the available challenge questions >> of the tenant in this approach? >> >>> >>> Your input is appreciated. >>> >>> Thanks and regards, >>> -- >>> >>> *Rosen Silva* >>> Software Engineer - WSO2 >>> >>> Email: [email protected] >>> Mobile: +94770677418 >>> Web: https://wso2.com/ >>> >> >> >> -- >> Farasath Ahamed >> Senior Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> >> > > -- > > *Rosen Silva* > Software Engineer - WSO2 > > Email: [email protected] > Mobile: +94770677418 > Web: https://wso2.com/ > -- Dimuthu Leelarathne Director, Rapid Response Team WSO2, Inc. (http://wso2.com) email: [email protected] Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
