Hi Rumy, If we can identify the users we want to restrict access by a particular role, Let's say 'X'. We can achieve your requirement as follows,
1. Add management console as a service provider in IS ( Ref: https://medium.com/@PrakhashS/enabling-multi-factor-authentication-for-wso2-identity-server-management-console-c4e247cd553f ) 2. Engage Authorization for the service provider representing the management console. (Ref: https://medium.com/@pulasthi7/application-authorization-using-wso2-identity-server-1-introduction-3f2e0898b43e ) 3. We can engage an XACML policy which restricts login to users with role 'X' Thanks, Farasath Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Sun, Oct 29, 2017 at 10:53 PM, Mushthaq Rumy <[email protected]> wrote: > @Farasath - These users will have roles assigned to them. > > Thanks & Regards, > Mushthaq > > On Sun, Oct 29, 2017 at 1:01 AM, Farasath Ahamed <[email protected]> > wrote: > >> >> >> On Friday, October 27, 2017, Mushthaq Rumy <[email protected]> wrote: >> >>> Hi Thanuja, >>> >>> Thanks for the clarification. One more thing. Is there a way that we can >>> avoid specific users to login to the Management Console who has " >>> permission/admin/login" permission? >>> >> >> Can we identify these users based on their role or some other attribute? >> >> >> >>> Thanks & Regards, >>> Mushthaq >>> >>> On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe <[email protected]> >>> wrote: >>> >>>> Hi Mushthaq, >>>> >>>> UserAccountAssociationService.switchLoggedInUser() service method is >>>> only useful for users who has logged in session. Because this feature >>>> provides support for switch between associated user accounts in that logged >>>> in session. In order to create a session we need to call A >>>> uthenticationAdmin.login() and in this service method, we do check >>>> whether the user has permission/admin/login permission[1]. So it is a >>>> must to have permission/admin/login permission for any user who is >>>> using switchLoggedInUser method. >>>> >>>> I think this gives the rationality for other methods which have the >>>> same permission level. >>>> >>>> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws >>>> o2.carbon.core.services/src/main/java/org/wso2/carbon/core/s >>>> ervices/authentication/AuthenticationAdmin.java#L110 >>>> >>>> Thanks, >>>> Thanuja >>>> >>>> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> Is there a specific reason to have "/permission/admin/login" in some >>>>> of the operations in UserAccountAssociationService? >>>>> >>>>> This permission will allow the users to login to the Management >>>>> Console and In case, if someone wants to use these operations of >>>>> UserAccountAssociationService in a separate client application and he/she >>>>> does not want to the users of this application to login to the Management >>>>> Console, what would be the work around and how can we solve this? >>>>> >>>>> Your thoughts on this is highly appreciated. >>>>> >>>>> Thanks & Regards, >>>>> Mushthaq >>>>> -- >>>>> Mushthaq Rumy >>>>> *Software Engineer* >>>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>>> Email : [email protected] >>>>> WSO2, Inc.; http://wso2.com/ >>>>> lean . enterprise . middleware. >>>>> >>>>> <http://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Thanuja Lakmal* >>>> Associate Technical Lead >>>> WSO2 Inc. http://wso2.com/ >>>> *lean.enterprise.middleware* >>>> Mobile: +94715979891 >>>> >>> >>> >>> >>> -- >>> Mushthaq Rumy >>> *Software Engineer* >>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>> Email : [email protected] >>> WSO2, Inc.; http://wso2.com/ >>> lean . enterprise . middleware. >>> >>> <http://wso2.com/signature> >>> >> >> >> -- >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> > > > -- > Mushthaq Rumy > *Software Engineer* > Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> > Email : [email protected] > WSO2, Inc.; http://wso2.com/ > lean . enterprise . middleware. > > <http://wso2.com/signature> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
