login permission is required for following gadgets - Update user profile : It uses UserProfileMgtService - Setting security questions : It uses UserIdentityManagementAdminService - Change password : It uses UserIdentityManagementAdminService - Account association - Authorized Apps - Pending approvals (This is required some additional permission too)
As you mentioned, we can remove authorization check in most of these gadgets. so, +1 to remove the login permission requirement from user portal. I will be good for user experience. Thanks Isura. *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/ On Thu, Oct 27, 2016 at 10:30 AM, Johann Nallathamby <[email protected]> wrote: > Hi Isura, > > Why do we need "login" permission for user portal? Only workflow approvals > and user session termination we need some specific permissions. Shall we > remove the requirement to have "login" permission to login to the user > portal? I guess removing it from the portal might not be enough. Services > such as user profile, account association, authorized apps also may need to > be modified to check only for authentication. > > Wdyt? > > On Thu, Oct 27, 2016 at 8:50 PM, Ayesha Dissanayaka <[email protected]> > wrote: > >> >> On Thu, Oct 27, 2016 at 6:56 PM, Johann Nallathamby <[email protected]> >> wrote: >> >>> Why do we need to have login permission for "selfsignup" role. We don't >>> need to. "login" permission is to login to management console. We don't >>> expect self signup users to login to management console. They can only >>> login to dashboard, and for that we should not need "login" permission. Can >>> you check if dashboard functions without "login" permission. >> >> >> I tested removing 'login' permission from the "selfsignup" role and user >> is unable to login to dashboard app without 'login' permission. >> >> With below logs in console, >> [2016-10-27 20:47:17,346] ERROR {org.wso2.carbon.identity.auth >> enticator.saml2.sso.SAML2SSOAuthenticator} - Authentication Request is >> rejected. Authorization Failure. >> [2016-10-27 20:47:17,347] WARN {org.wso2.carbon.core.services >> .util.CarbonAuthenticationUtil} - Failed Administrator login attempt >> 'Ayesha[-1234]' at [2016-10-27 20:47:17,347+0530] >> >> >> >> -- >> *Ayesha Dissanayaka* >> Software Engineer, >> WSO2, Inc : http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> 20, Palmgrove Avenue, Colombo 3 >> E-Mail: [email protected] <[email protected]> >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
