Hi Dinusha, Let me clarify my question. If the token is generated by the keymanager node why does not that node itself set the validity period read from KM node's identity.xml, at the time of token generation. Why does KM node generate the token and store node sets the validity period. Why not KM node does both tasks?
regards, Nirodha On Mon, Jul 28, 2014 at 12:42 PM, Sanjeewa Malalgoda <[email protected]> wrote: > > > > On Sun, Jul 27, 2014 at 11:56 PM, Dinusha Senanayaka <[email protected]> > wrote: > >> >> >> >> On Mon, Jul 28, 2014 at 11:44 AM, Nirodha Pramod <[email protected]> >> wrote: >> >>> Hi Sanjeewa, >>> >>> Ain't it a wrong design? IMO if the APPLICATION TOKEN is generated in >>> the KeyManager node (which you configure the server url in the store), then >>> it should read the validity period from the key manager node itself at the >>> time of token generation. I dont understand why it reads the validity >>> period from store node's configuration and then generate the token in >>> keymanager node. Configuring all the nodes in the same way is not a good >>> solution. >>> >> >> Once the store/key-maanger nodes are separated, we could not read the >> identity.xml of key-manager from the store using file system. To do that, >> we need to expose a service that could read the identity.xml properties. >> But this complicate the implementation and introduce additional service >> call in the store load. So defining it in store is ok IMO. >> > +1. > >> >> Regards, >> Dinusha. >> >>> >>> thanks, >>> Nirodha >>> >>> >>> On Mon, Jul 28, 2014 at 11:35 AM, Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> The reason for this issue is, in API store when we generate token >>>> default validity time will pick from store nodes config file. Then you will >>>> see store nodes validity period(configured in identity.xml) in token >>>> validity period box. But if you send token generation request(user access >>>> token) to key manager through gateway then it will eventually hit key >>>> manager. Then validity period in key manager will effect. There is no >>>> logical reason for this. We need to add this configuration to all nodes in >>>> same way. >>>> >>>> Thanks, >>>> sanjeewa. >>>> >>>> >>>> On Sun, Jul 27, 2014 at 10:56 PM, Asanthi Kulasinghe <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> We have observed that the token expiration times in a API-Manager >>>>> Clustered set up for token types Application access token and User access >>>>> token, are taken from the values set in 2 different nodes. >>>>> >>>>> ie: >>>>> <ApplicationAccessTokenDefaultValidityPeriod> value of the Store >>>>> node's identity.xml is considered for Application access token expiration >>>>> time. >>>>> <UserAccessTokenDefaultValidityPeriod> value of the Key Manager >>>>> node's identity.xml is considered for the User access token expiration >>>>> time. >>>>> >>>>> Is there a logical reason behind this or should the values set in Key >>>>> Manager node be considered for both token types? >>>>> >>>>> Regards >>>>> *Asanthi Kulasinghe* >>>>> WSO2 Inc; http://www.wso2.com/. >>>>> Mobile: +94777355522 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> *Nirodha Gallage* >>> Senior Software Engineer, QA. >>> WSO2 Inc.: http://wso2.com/ >>> Mobile: +94716429078 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Dinusha Dilrukshi >> Senior Software Engineer >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/ > <http://sanjeewamalalgoda.blogspot.com/> > > > -- *Nirodha Gallage* Senior Software Engineer, QA. WSO2 Inc.: http://wso2.com/ Mobile: +94716429078
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
