Thanks Farasath. I'll check on this. Thanks & Regards, Mushthaq
On Mon, Oct 30, 2017 at 1:23 PM, Farasath Ahamed <[email protected]> wrote: > Hi Rumy, > > If we can identify the users we want to restrict access by a particular > role, Let's say 'X'. We can achieve your requirement as follows, > > 1. Add management console as a service provider in IS ( Ref: > https://medium.com/@PrakhashS/enabling-multi-factor- > authentication-for-wso2-identity-server-management-console-c4e247cd553f) > > 2. Engage Authorization for the service provider representing the > management console. (Ref: https://medium.com/@pulasthi7/ > application-authorization-using-wso2-identity-server-1- > introduction-3f2e0898b43e) > > 3. We can engage an XACML policy which restricts login to users with role > 'X' > > > Thanks, > Farasath > > Farasath Ahamed > Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > On Sun, Oct 29, 2017 at 10:53 PM, Mushthaq Rumy <[email protected]> wrote: > >> @Farasath - These users will have roles assigned to them. >> >> Thanks & Regards, >> Mushthaq >> >> On Sun, Oct 29, 2017 at 1:01 AM, Farasath Ahamed <[email protected]> >> wrote: >> >>> >>> >>> On Friday, October 27, 2017, Mushthaq Rumy <[email protected]> wrote: >>> >>>> Hi Thanuja, >>>> >>>> Thanks for the clarification. One more thing. Is there a way that we >>>> can avoid specific users to login to the Management Console who has " >>>> permission/admin/login" permission? >>>> >>> >>> Can we identify these users based on their role or some other attribute? >>> >>> >>> >>>> Thanks & Regards, >>>> Mushthaq >>>> >>>> On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe <[email protected]> >>>> wrote: >>>> >>>>> Hi Mushthaq, >>>>> >>>>> UserAccountAssociationService.switchLoggedInUser() service method is >>>>> only useful for users who has logged in session. Because this feature >>>>> provides support for switch between associated user accounts in that >>>>> logged >>>>> in session. In order to create a session we need to call A >>>>> uthenticationAdmin.login() and in this service method, we do check >>>>> whether the user has permission/admin/login permission[1]. So it is a >>>>> must to have permission/admin/login permission for any user who is >>>>> using switchLoggedInUser method. >>>>> >>>>> I think this gives the rationality for other methods which have the >>>>> same permission level. >>>>> >>>>> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws >>>>> o2.carbon.core.services/src/main/java/org/wso2/carbon/core/s >>>>> ervices/authentication/AuthenticationAdmin.java#L110 >>>>> >>>>> Thanks, >>>>> Thanuja >>>>> >>>>> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> Is there a specific reason to have "/permission/admin/login" in some >>>>>> of the operations in UserAccountAssociationService? >>>>>> >>>>>> This permission will allow the users to login to the Management >>>>>> Console and In case, if someone wants to use these operations of >>>>>> UserAccountAssociationService in a separate client application and he/she >>>>>> does not want to the users of this application to login to the Management >>>>>> Console, what would be the work around and how can we solve this? >>>>>> >>>>>> Your thoughts on this is highly appreciated. >>>>>> >>>>>> Thanks & Regards, >>>>>> Mushthaq >>>>>> -- >>>>>> Mushthaq Rumy >>>>>> *Software Engineer* >>>>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>>>> Email : [email protected] >>>>>> WSO2, Inc.; http://wso2.com/ >>>>>> lean . enterprise . middleware. >>>>>> >>>>>> <http://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Thanuja Lakmal* >>>>> Associate Technical Lead >>>>> WSO2 Inc. http://wso2.com/ >>>>> *lean.enterprise.middleware* >>>>> Mobile: +94715979891 >>>>> >>>> >>>> >>>> >>>> -- >>>> Mushthaq Rumy >>>> *Software Engineer* >>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>> Email : [email protected] >>>> WSO2, Inc.; http://wso2.com/ >>>> lean . enterprise . middleware. >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> -- >>> Farasath Ahamed >>> Software Engineer, WSO2 Inc.; http://wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> <http://wso2.com/signature> >>> >>> >>> >>> >> >> >> -- >> Mushthaq Rumy >> *Software Engineer* >> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >> Email : [email protected] >> WSO2, Inc.; http://wso2.com/ >> lean . enterprise . middleware. >> >> <http://wso2.com/signature> >> > > -- Mushthaq Rumy *Software Engineer* Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> Email : [email protected] WSO2, Inc.; http://wso2.com/ lean . enterprise . middleware. <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
