On Mon, Sep 4, 2017 at 3:02 PM, Rushmin Fernando <[email protected]> wrote:
> Hi Johann, > > The fix handles the tenant scenario as well. > > Are you specifically talking about having different domain names for > tenants? > Yes. > > Best Regards, > Rushmin > > > On Mon, Sep 4, 2017 at 2:59 PM, Johann Nallathamby <[email protected]> > wrote: > >> Hi Rushmin, >> >> I think the better, easier, uncomplicated fix that also works for tenants >> will be to make this a text box with a default value instead of a label. >> >> Can we change the fix like that? >> >> Regards, >> Johann. >> >> On Fri, Sep 1, 2017 at 5:17 PM, Rushmin Fernando <[email protected]> >> wrote: >> >>> Thank you for pointing this out Johann. >>> >>> Actually, the code doesn't do anything specific to the super tenant. >>> >>> The issue is with method name 'updateSuperTenantIdpWithNewEPUrls' which >>> is incorrect and misleading. It was my mistake :-( >>> >>> I just sent a PR [1] fixing the method name. >>> >>> @Darshana, could you review and merge it. >>> >>> Best Regards, >>> Rushmin >>> >>> [1] - https://github.com/wso2/carbon-identity-framework/pull/1043 >>> >>> On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> IAM Folks, >>>> >>>> Can we do a better fix for this? I don't seem to agree with this fix. >>>> >>>> 1. We have written super tenant specific code. We shows that we treat >>>> super tenant differently and can be error prone. >>>> 2. The problem still remains for already created tenants. >>>> >>>> Another thing we need to address is that (not related to this issue), >>>> some deployments require to have different DNS names for tenants. >>>> >>>> My suggestion: >>>> Make this field a text box that is modifiable. >>>> >>>> Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in >>>> that? >>>> >>>> Regards, >>>> Johann. >>>> >>>> ---------- Forwarded message ---------- >>>> From: Farasath Ahamed (JIRA) <[email protected]> >>>> Date: Thu, May 18, 2017 at 1:54 AM >>>> Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata >>>> URLs are always pointing to localhost:9443 >>>> To: [email protected] >>>> >>>> >>>> Farasath Ahamed >>>> <https://wso2.org/jira/secure/ViewProfile.jspa?name=farasatha%40wso2.com> >>>> *created* an issue >>>> >>>> WSO2 Identity Server <https://wso2.org/jira/browse/IDENTITY> / [image: >>>> Improvement] <https://wso2.org/jira/browse/IDENTITY-5948> IDENTITY-5948 >>>> <https://wso2.org/jira/browse/IDENTITY-5948> >>>> Generated IdP metadata URLs are always pointing to localhost:9443 >>>> <https://wso2.org/jira/browse/IDENTITY-5948> >>>> Issue Type: [image: Improvement] Improvement >>>> Affects Versions: 5.3.0-GA >>>> Assignee: Thanuja Lakmal >>>> <https://wso2.org/jira/secure/ViewProfile.jspa?name=thanuja%40wso2.com> >>>> Components: saml2-sso >>>> Created: 18/May/17 1:53 AM >>>> Fix Versions: 5.3.1-GA >>>> Priority: [image: High] High >>>> Reporter: Farasath Ahamed >>>> <https://wso2.org/jira/secure/ViewProfile.jspa?name=farasatha%40wso2.com> >>>> >>>> During the first startup if we do not change the hostname of the IS >>>> server. >>>> All endpoints related to SAML configs gets generated for localhost. >>>> >>>> Thereafter even if you change the hostname still they will remain as >>>> hostname, >>>> >>>> <?xml version="1.0" encoding="UTF-8"?><EntityDescriptor >>>> xmlns="urn:oasis:names:tc:SAML:2.0:metadata" >>>> entityID="localhost"><IDPSSODescriptor >>>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" >>>> validUntil="2017-05-17T21:20:17.955Z"><KeyDescriptor >>>> use="signing"><KeyInfo >>>> xmlns="http://www.w3.org/2000/09/xmldsig#";><X509Data><X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv >>>> Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw >>>> CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE >>>> AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou >>>> sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 >>>> HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID >>>> AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i >>>> QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR >>>> O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService >>>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" >>>> Location="https://localhost:9443/samlsso"; >>>> ResponseLocation="https://localhost:9443/samlsso"/><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat><SingleSignOnService >>>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >>>> Location="https://localhost:9443/samlsso"/><SingleSignOnService >>>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" >>>> Location="https://localhost:9443/samlsso"/></IDPSSODescriptor></EntityDescriptor> >>>> >>>> Any new tenants created after the hostname change will have the correct >>>> URL with the hostname. But super tenant's metadata URL becomes unusable. >>>> >>>> Basically, the endpoint in SAML Metadata file is static values. >>>> IMO we should generate them dynamically so that any change to an >>>> environment parameter would be reflected correctly. >>>> [image: Add Comment] >>>> <https://wso2.org/jira/browse/IDENTITY-5948#add-comment> Add Comment >>>> <https://wso2.org/jira/browse/IDENTITY-5948#add-comment> >>>> >>>> This message was sent by Atlassian JIRA (v7.2.2#72004-sha1:9d51328) >>>> [image: Atlassian logo] >>>> >>>> _______________________________________________ >>>> Carbon-jira mailing list >>>> [email protected] >>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-jira >>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Senior Lead Solutions Engineer >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> *Best Regards* >>> >>> *Rushmin Fernando* >>> *Technical Lead* >>> >>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>> >>> mobile : +94775615183 >>> >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Senior Lead Solutions Engineer >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94775615183 > > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
