Hi Maduranga,
On Mon, May 14, 2018 at 11:57 AM Maduranga Siriwardena <[email protected]>
wrote:
> After trying several methods to implement a retry mechanism, we decided to
> go for below approach.
>
> Authentication framework will not prompt for retrying unless it is
> specifically written in the script. So if we want to retry the
> authentication, the conditional authentication script would be like below.
>
Not sure whether I got this right. But does this mean, moving forward, if
we need the retry behavior of the basic authenticator, we will have to get
it done through a script ?
>
> function onInitialRequest(context) {
> retryCount = 3;
> executeBasicAuth(context, retryCount);
> }
>
> function executeBasicAuth(context, retryCount) {
> Log.info('--------------- executeBasicAuth retryCount ' + retryCount);
> executeStep({
> id: '1',
> on: {
> success: function (context) {
> Log.info('--------------- authentication succcessfull ');
> var isAdmin = hasRole(context, 'admin');
> Log.info('--------------- Has Admin ' + isAdmin);
> if (isAdmin) {
> executeStep({id: '2'});
> }
> },
> fail: function (context) {
> Log.info('--------------- fail retryCount ' + retryCount);
> --retryCount;
> if (retryCount > 0) {
> executeBasicAuth(context, retryCount);
> } else {
> Log.info('--------------- login failed ');
> }
> }
> }
> });
> }
>
>
> This script will try to authenticate the user 3 times in case credentials
> are incorrect. This approach will ensure that the authentication flow is
> strictly controlled by the script and there is no unnecessary/unwanted
> behavior.
>
> But with this approach we have a issue with how to get the authentication
> failure reason in case of a retrying step. At the moment in the basic
> authenticator, this failure message is set by checking
> "context.isRetrying()" [1]. With the new implementation, authentication
> framework is not aware if this is a retrying step or not. We are trying to
> find a solution for this. Any suggestions are welcome.
>
> [1]
> https://github.com/wso2-extensions/identity-local-auth-basicauth/blob/v5.3.7/components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java#L108
>
> Thanks,
> Maduranga.
>
>
>
> On Tue, May 8, 2018 at 12:26 PM Maduranga Siriwardena <[email protected]>
> wrote:
>
>> Hi Gayan,
>>
>> Thanks for the suggestion.
>>
>> Yes its better to provide a configuration to change the number of retry
>> attempts. Apart from the above mentioned behavior, we will consider this
>> also in the implementation.
>>
>> Thanks,
>>
>> On Tue, May 8, 2018 at 9:31 AM gayan gunawardana <[email protected]>
>> wrote:
>>
>>>
>>>
>>> On Mon, May 7, 2018 at 7:17 PM, Maduranga Siriwardena <
>>> [email protected]> wrote:
>>>
>>>> Hi devs,
>>>>
>>>> In the Identity Server at the moment "retryAuthenticationEnabled"
>>>> method in the authenticators decide whether the user is allowed to retry
>>>> the authentication with that particular authenticator. Based on the result
>>>> from this method, authenticator itself triggers the retry flow.
>>>>
>>>> Because of this we have a main disadvantage for the implementation of
>>>> adaptive authentication. If retry is enabled, fail call back function in
>>>> JavaScript is not triggered.
>>>>
>>>> So we are planning to change this behavior and send the authentication
>>>> retry flow through the authentication framework. Below is the planned
>>>> behavior.
>>>>
>>>> - Authenticator will retry to authenticate by default.
>>>> - If the fail callback function has other steps to execute,
>>>> authenticator will not retry to authenticate.
>>>> - Developers can disable retry for a authentication sequence by
>>>> setting a parameter in the context.
>>>>
>>>> Isn't it better to invoke fail callback function after pre-configured
>>> number of retry attempts.
>>>
>>>> Please provide us with feedback what need to be changed from the above
>>>> mentioned behavior.
>>>>
>>>> Thanks,
>>>> --
>>>> Maduranga Siriwardena
>>>> Senior Software Engineer
>>>> WSO2 Inc; http://wso2.com/
>>>>
>>>> Email: [email protected]
>>>> Mobile: +94718990591
>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>> <http://wso2.com/signature>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> [email protected]
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Gayan
>>>
>>
>>
>> --
>> Maduranga Siriwardena
>> Senior Software Engineer
>> WSO2 Inc; http://wso2.com/
>>
>> Email: [email protected]
>> Mobile: +94718990591
>> Blog: *https://madurangasiriwardena.wordpress.com/
>> <https://madurangasiriwardena.wordpress.com/>*
>> <http://wso2.com/signature>
>>
>
>
> --
> Maduranga Siriwardena
> Senior Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: [email protected]
> Mobile: +94718990591
> Blog: *https://madurangasiriwardena.wordpress.com/
> <https://madurangasiriwardena.wordpress.com/>*
> <http://wso2.com/signature>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
