Hi Ushani, When email username is enabled, we need a mechanism to identify the tenant domain. Hence in that case we need to have the username defined in the following format, [email protected]@*tenantdomain. *
For the case of super tenant when email username is enabled, an option could be considered to do another check to default to super tenant if a tenant domain is not specified (in order to omit suffixing with @carbon.super). However, also note this would slightly impact performance. Also i believe we need to check with the CEP team on possibility of changing the convention. Thanks, Pamod On Tue, Jun 14, 2016 at 11:34 AM, Ushani Balasooriya <[email protected]> wrote: > Hi Pamod, > > So according to this issue [1],when you enable email as username, to > connect to decision server we have to provide domain name of the super > tenant as e.g., [email protected]@carbon.super. > > But when email is not enabled, you can go with 'admin' as username. Also > we do not specifically mention the domain name for super tenant. > > Shouldn't it be in the same format when providing credentials? Otherwise a > user will be mislead with configurations. Or we need to specifically > mention this in documentation. WDYT? > > [1] https://wso2.org/jira/browse/APIMANAGER-4987 > > Thanks, > Ushani > > > On Wed, Jun 8, 2016 at 9:30 PM, Pamod Sylvester <[email protected]> wrote: > >> Hi Tharindu, >> >> To further elaborate, AMQP connection URL is in the following format [1], >> >> >> *amqp://[<user>:<pass>@][<clientid>]<virtualhost>[?<option>='<value>'[&<option>=&'<value>']]* >> >> '@' character is used to partition between client credentials with the >> rest of the uri. hence having the '@' for the user name (email as user >> name) would violate the specification. >> >> As Indika explained we use '!' character as an alternative to the >> restricted character '@' to identify tenant users. Hence, when you send a >> user name as *"foo!bar.com <http://bar.com>"* it would try to find a >> user *foo* in tenant *bar.com <http://bar.com>* instead of finding the >> user in *super tenant* by email *'[email protected] <[email protected]>'*. That >> would be the possible reason for you to get the error "invalid tenant >> domain". >> >> [1] >> https://qpid.apache.org/releases/qpid-0.30/jms-client-0-8/book/JMS-Client-0-8-Connection-URL.html >> >> Thanks, >> Pamod >> >> On Wed, Jun 8, 2016 at 6:59 PM, Tharindu Dharmarathna <[email protected] >> > wrote: >> >>> Hi All, >>> >>> In APIM 2.0 Snapshot Pack we have got issue when authenticate with the >>> CEP, DAS and MB components. >>> >>> >>> *CEP and DAS Components* >>> >>> As per the debugging session with Mohan we have found when we >>> authenticate the email user from [1] , It will not proper username with >>> tenant domain which caused to get the invalid tenant domain from [2]. >>> >>> *MB Components* >>> >>> When we do authentication request with MB it will not suppose to send >>> the email user in connection url since its a restricted character. As per >>> the Pamod pointed out we had replace the '@' mark with '!' in order to >>> overcome that issue . But this was not getting worked as correctly. >>> >>> Can any one give any clue to overcome this issue. >>> >>> >>> [1] - >>> https://github.com/wso2/carbon-analytics-common/blob/release-5.0.12-alpha/components/data-bridge/org.wso2.carbon.databridge.core/src/main/java/org/wso2/carbon/databridge/core/internal/authentication/CarbonAuthenticationHandler.java#L51 >>> >>> [2] - >>> https://github.com/wso2/carbon-commons/blob/v4.4.8/components/authentication/org.wso2.carbon.identity.authentication/src/main/java/org/wso2/carbon/identity/authentication/AuthenticationServiceImpl.java#L59 >>> >>> >>> -- >>> >>> *Tharindu Dharmarathna*Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94779109091 <%2B94779109091>* >>> >> >> >> >> -- >> *Pamod Sylvester * >> >> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >> cell: +94 77 7779495 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Ushani Balasooriya* > Senior Software Engineer - QA; > WSO2 Inc; http://www.wso2.com/. > > > -- *Pamod Sylvester * *WSO2 Inc.; http://wso2.com <http://wso2.com>* cell: +94 77 7779495
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
