Hi Isura, Why do we need "login" permission for user portal? Only workflow approvals and user session termination we need some specific permissions. Shall we remove the requirement to have "login" permission to login to the user portal? I guess removing it from the portal might not be enough. Services such as user profile, account association, authorized apps also may need to be modified to check only for authentication.
Wdyt? On Thu, Oct 27, 2016 at 8:50 PM, Ayesha Dissanayaka <[email protected]> wrote: > > On Thu, Oct 27, 2016 at 6:56 PM, Johann Nallathamby <[email protected]> > wrote: > >> Why do we need to have login permission for "selfsignup" role. We don't >> need to. "login" permission is to login to management console. We don't >> expect self signup users to login to management console. They can only >> login to dashboard, and for that we should not need "login" permission. Can >> you check if dashboard functions without "login" permission. > > > I tested removing 'login' permission from the "selfsignup" role and user > is unable to login to dashboard app without 'login' permission. > > With below logs in console, > [2016-10-27 20:47:17,346] ERROR {org.wso2.carbon.identity. > authenticator.saml2.sso.SAML2SSOAuthenticator} - Authentication Request > is rejected. Authorization Failure. > [2016-10-27 20:47:17,347] WARN > {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} > - Failed Administrator login attempt 'Ayesha[-1234]' at [2016-10-27 > 20:47:17,347+0530] > > > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: [email protected] <[email protected]> > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
