Hi, I can see tenant specific code inside AuthnRequestProcessor class. There is a method named process and inside that we have tenant domain as a parameter. Is there any way to send it with message only for login requests. Is it correct place to do this or any other suggestion?
Thanks. On Wed, May 9, 2012 at 4:54 PM, Thilina Buddhika <[email protected]> wrote: > SSO implementation in IS is a generic single sign-on implementation which > is complainant with the specification. So whatever the modification we do > should not violate the message formats and headers defined in the > specification. If we are going to add the tenant domain as a transport > header or some other parameter, then it has to be done for all the single > sign-on requests. Otherwise we will have to write Stratos specific code > inside SSO implementation which is wrong. > > Thanks, > Thilina > > > On Wed, May 9, 2012 at 3:58 PM, Sanjeewa Malalgoda <[email protected]>wrote: > >> Yes we have to fix it from try it code. Also i can go ahead and modify >> sso code to add tenant domain parameter to message context to avoid looping >> issue mentioned above. WDYT? >> >> Thanks. >> >> >> On Fri, May 4, 2012 at 2:19 PM, Paul Fremantle <[email protected]> wrote: >> >>> I think thats a bug in TryIt. In fact it might even create a way of >>> attacking from one tenant to another? I think the right thing to do here is >>> to fix TryIt so each tenant uses only their own per-tenant services. >>> >>> Paul >>> >>> >>> On 4 May 2012 09:42, Sanjeewa Malalgoda <[email protected]> wrote: >>> >>>> Hi, >>>> I found some other issue in LB emdpoint. When we try to invoke >>>> deployed web service using tryit UI it send request to To >>>> *carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp * >>>> Then loadbalancer misunderstand this as request to super admin tenant >>>> and forward request to default cluster. Also found that many requests >>>> coming from tenant doesn't contain tenant domain in request. How do we >>>> proceed with this? >>>> >>>> >>>> Thanks. >>>> >>>> >>>> >>>> On Thu, May 3, 2012 at 12:23 PM, Sanjeewa Malalgoda >>>> <[email protected]>wrote: >>>> >>>>> Hi All, >>>>> We had issue with logging in tenant aware load balancer (when SSO >>>>> Enabled) which was discussed above. Problem is, i found that there is >>>>> a looping problem between appserver and is clusters because logging >>>>> requests doesn't have tenant domain in their URL's and then load balancer >>>>> misunderstand it as a request to super admin(Tenant Id 0) and forward it >>>>> to >>>>> default cluster. >>>>> >>>>> simplest possible solution for this is* setting tenant domain as a >>>>> parameter to message context form identity side*(SSO) when user >>>>> logging request comes and Tenant aware load balancer checks that >>>>> parameter only if tenant id is 0.That is good solution in performance >>>>> point >>>>> of view. >>>>> >>>>> Can someone from Identity side help on setting this parameter please? >>>>> >>>>> Thanks >>>>> >>>>> On Sun, Apr 1, 2012 at 4:58 PM, Afkham Azeez <[email protected]> wrote: >>>>> >>>>>> This is different. The main sequence may not change at all, but the >>>>>> loadbalancer.conf file will be changed to modify the tenant partitioning. >>>>>> We will need a separate hot deployer to handle the loadbalancer config >>>>>> change. >>>>>> >>>>>> >>>>>> On Sun, Apr 1, 2012 at 4:54 PM, Sanjeewa Malalgoda <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> yes we can make it dynamic. Once main sequence updated it pick up >>>>>>> loadbalancer.xml changes and work according to that. So we can improve >>>>>>> that >>>>>>> or we can update config as per admin request. >>>>>>> Thanks. >>>>>>> >>>>>>> >>>>>>> On Sun, Apr 1, 2012 at 3:06 PM, Paul Fremantle <[email protected]>wrote: >>>>>>> >>>>>>>> Great. I think that is what one of our other customers is looking >>>>>>>> for right now. >>>>>>>> >>>>>>>> Paul >>>>>>>> >>>>>>>> >>>>>>>> On 1 April 2012 10:34, Afkham Azeez <[email protected]> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sun, Apr 1, 2012 at 2:57 PM, Paul Fremantle <[email protected]>wrote: >>>>>>>>> >>>>>>>>>> Let me understand: can I use this to put a specific tenant to >>>>>>>>>> cluster and no-one else? >>>>>>>>> >>>>>>>>> >>>>>>>>> Yes, you can define a cluster that contains a single tenant. So, >>>>>>>>> we can now support private jet mode. The number of nodes in that >>>>>>>>> cluster is >>>>>>>>> done through the autoscaling configuration. Does that answer your >>>>>>>>> question? >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Also: can the config be dynamic? e.g. can I modify this >>>>>>>>>> definition at runtime? Or only static? >>>>>>>>>> >>>>>>>>> >>>>>>>>> Tenant partition definitions are static. Processes which have >>>>>>>>> loaded a tenant cannot unload that tenant and reload it with the >>>>>>>>> state etc. >>>>>>>>> on a different cluster. However, I believe we can support hotUpdate >>>>>>>>> of the >>>>>>>>> loadbalancer.conf file, which will allow you to change the tenant >>>>>>>>> partitions, so that new requests can be handled by a different >>>>>>>>> cluster. The >>>>>>>>> way we have implemented it currently, only the LB is aware of the >>>>>>>>> partitioning and not the worker nodes. >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Paul >>>>>>>>>> >>>>>>>>>> On 12 March 2012 13:31, Sanjeewa Malalgoda <[email protected]>wrote: >>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> Here i'm attaching the design diagram of this implementation, >>>>>>>>>>> And configurations will be as follows. >>>>>>>>>>> >>>>>>>>>>> *01.LoadBalancer.xml file we can define domain >>>>>>>>>>> and corresponding clusters and their tenant ranges as follows* >>>>>>>>>>> >>>>>>>>>>> <service> >>>>>>>>>>> <hosts> >>>>>>>>>>> <host>appserver.cloud-test.wso2.com</host> >>>>>>>>>>> </hosts> >>>>>>>>>>> <!--domain>wso2.carbon.as.domain</domain--> >>>>>>>>>>> <domains> >>>>>>>>>>> <domain> >>>>>>>>>>> <name>wso2.as1.domain</name> >>>>>>>>>>> <tenantRange>1,100</tenantRange> >>>>>>>>>>> </domain> >>>>>>>>>>> <domain> >>>>>>>>>>> <name>wso2.as2.domain</name> >>>>>>>>>>> <tenantRange>101,200</tenantRange> >>>>>>>>>>> </domain> >>>>>>>>>>> <domain> >>>>>>>>>>> <name>wso2.as3.domain</name> >>>>>>>>>>> <tenantRange>201,300</tenantRange> >>>>>>>>>>> </domain> >>>>>>>>>>> <domain> >>>>>>>>>>> <name>wso2.as4.domain</name> >>>>>>>>>>> <tenantRange>*</tenantRange> >>>>>>>>>>> </domain> >>>>>>>>>>> </domains> >>>>>>>>>>> </service> >>>>>>>>>>> >>>>>>>>>>> *In synapse main.xml Endpoint Defines as follows* >>>>>>>>>>> * >>>>>>>>>>> * >>>>>>>>>>> <endpoint name="tenantAwareLBEndpoint"> >>>>>>>>>>> <class name >>>>>>>>>>> ="org.wso2.carbon.endpoint.service.TenantAwareLoadBalanceEndpoint"> >>>>>>>>>>> <parameter name="algorithm"> >>>>>>>>>>> org.apache.synapse.endpoints.algorithms.RoundRobin</parameter> >>>>>>>>>>> <parameter >>>>>>>>>>> name="configuration">$system:loadbalancer.xml</parameter> >>>>>>>>>>> <parameter name="failover">true</parameter> >>>>>>>>>>> >>>>>>>>>>> </class> >>>>>>>>>>> </endpoint> >>>>>>>>>>> >>>>>>>>>>> Thanks. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Sun, Mar 4, 2012 at 2:09 AM, Afkham Azeez <[email protected]>wrote: >>>>>>>>>>> >>>>>>>>>>>> User management in the LB is not configured properly? We never >>>>>>>>>>>> used this in the LB before. Even CarbonContext will not be created >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Afkham Azeez >>>>>>>>>>>> Sent from my phone >>>>>>>>>>>> On Mar 3, 2012 9:30 PM, "Sanjeewa Malalgoda" <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi All, >>>>>>>>>>>>> I was able to setup 2 app services clusters that maps to same >>>>>>>>>>>>> host address and setup load balancer according to static >>>>>>>>>>>>> configuration(host/domain/tenant range). with this implementation >>>>>>>>>>>>> *we can send requests to correct cluster based on tenant >>>>>>>>>>>>> domain in url*.For this i created new TenantAwareLoadBalancer >>>>>>>>>>>>> endpoint in carbon end points and configure loadbalancer to use >>>>>>>>>>>>> that end >>>>>>>>>>>>> point(We can use external endpoints after azeez latest change to >>>>>>>>>>>>> synapse >>>>>>>>>>>>> trunk). First we get domainTenantContext(Which holds map of >>>>>>>>>>>>> tenatid, >>>>>>>>>>>>> cluster domain) object according to host address. Then we can get >>>>>>>>>>>>> cluster >>>>>>>>>>>>> domain from domainTenantContext object by passing tenant id (if >>>>>>>>>>>>> there no >>>>>>>>>>>>> any value that maps to tenantId key we will send that request to >>>>>>>>>>>>> cluster >>>>>>>>>>>>> with constant tenant id something like 0 or 1000 by this we can >>>>>>>>>>>>> avoid upper >>>>>>>>>>>>> range mapping). Map holds values something like below. >>>>>>>>>>>>> >>>>>>>>>>>>> tenat id cluster domain >>>>>>>>>>>>> 1-200 as1.domain >>>>>>>>>>>>> 201-400 as2.domain >>>>>>>>>>>>> 0 as3.domain >>>>>>>>>>>>> >>>>>>>>>>>>> so if request comes to 401 tenant request will send to >>>>>>>>>>>>> as3.domain cluster(default cluster). And regard sticky session >>>>>>>>>>>>> implementation which we discussed in separate mail i will work >>>>>>>>>>>>> with azeez. >>>>>>>>>>>>> For this moment all configurations are hard coded and easily we >>>>>>>>>>>>> can make >>>>>>>>>>>>> them configurable. Ideas and comments are welcome on this. >>>>>>>>>>>>> >>>>>>>>>>>>> And i have one question inside loadbalancer product we >>>>>>>>>>>>> are always getting >>>>>>>>>>>>> getRealmService().getTenantManager().getTenantId(domainName) as >>>>>>>>>>>>> -1 (which >>>>>>>>>>>>> means no such tenant). What did we miss here ? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks. >>>>>>>>>>>>> -- >>>>>>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>> ** >>>>>>>>>>>>> *WSO2, Inc.* >>>>>>>>>>>>> lean.enterprise.middleware. >>>>>>>>>>>>> >>>>>>>>>>>>> mobile : +94 713068779 >>>>>>>>>>>>> web: http://wso2.com >>>>>>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>>>>>> >>>>>>>>>>>>> [image: >>>>>>>>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Stratos-dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>>>> Software Engineer >>>>>>>>>>> ** >>>>>>>>>>> *WSO2, Inc.* >>>>>>>>>>> lean.enterprise.middleware. >>>>>>>>>>> >>>>>>>>>>> mobile : +94 713068779 >>>>>>>>>>> web: http://wso2.com >>>>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>>>> >>>>>>>>>>> [image: >>>>>>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Paul Fremantle >>>>>>>>>> CTO and Co-Founder, WSO2 >>>>>>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>>>>>>> >>>>>>>>>> UK: +44 207 096 0336 >>>>>>>>>> US: +1 646 595 7614 >>>>>>>>>> >>>>>>>>>> blog: http://pzf.fremantle.org >>>>>>>>>> twitter.com/pzfreo >>>>>>>>>> [email protected] >>>>>>>>>> >>>>>>>>>> wso2.com Lean Enterprise Middleware >>>>>>>>>> >>>>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>>>> confidential information and is intended exclusively for the >>>>>>>>>> addressee/s. >>>>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>>>> received this communication in error, please reply to the sender >>>>>>>>>> indicating >>>>>>>>>> that fact and delete the copy you received and in addition, you >>>>>>>>>> should not >>>>>>>>>> print, copy, retransmit, disseminate, or otherwise use the >>>>>>>>>> information >>>>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender >>>>>>>>>> does not >>>>>>>>>> accept liability for any errors or omissions. >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Afkham Azeez* >>>>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>> * <http://www.apache.org/>** >>>>>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>>>>> twitter: >>>>>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>>>>> * >>>>>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>>>>> * >>>>>>>>> * >>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Paul Fremantle >>>>>>>> CTO and Co-Founder, WSO2 >>>>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>>>>> >>>>>>>> UK: +44 207 096 0336 >>>>>>>> US: +1 646 595 7614 >>>>>>>> >>>>>>>> blog: http://pzf.fremantle.org >>>>>>>> twitter.com/pzfreo >>>>>>>> [email protected] >>>>>>>> >>>>>>>> wso2.com Lean Enterprise Middleware >>>>>>>> >>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>> confidential information and is intended exclusively for the >>>>>>>> addressee/s. >>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>> received this communication in error, please reply to the sender >>>>>>>> indicating >>>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>>> not >>>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>>> not >>>>>>>> accept liability for any errors or omissions. >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Sanjeewa Malalgoda* >>>>>>> Software Engineer >>>>>>> ** >>>>>>> *WSO2, Inc.* >>>>>>> lean.enterprise.middleware. >>>>>>> >>>>>>> mobile : +94 713068779 >>>>>>> web: http://wso2.com >>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>> >>>>>>> [image: >>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Afkham Azeez* >>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>> * <http://www.apache.org/>** >>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>> twitter: >>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>> * >>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>> * >>>>>> * >>>>>> *Lean . Enterprise . Middleware* >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Sanjeewa Malalgoda* >>>>> >>>>> mobile : +94 713068779 >>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Sanjeewa Malalgoda* >>>> mobile : +94 713068779 >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Paul Fremantle >>> CTO and Co-Founder, WSO2 >>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>> >>> UK: +44 207 096 0336 >>> US: +1 646 595 7614 >>> >>> blog: http://pzf.fremantle.org >>> twitter.com/pzfreo >>> [email protected] >>> >>> wso2.com Lean Enterprise Middleware >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >>> >> >> >> -- >> *Sanjeewa Malalgoda* >> mobile : +94 713068779 >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thilina Buddhika > Associate Technical Lead > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > -- *Sanjeewa Malalgoda* mobile : +94 713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
