Hi Maduranga, On Mon, May 14, 2018 at 11:57 AM Maduranga Siriwardena <madura...@wso2.com> wrote:
> After trying several methods to implement a retry mechanism, we decided to > go for below approach. > > Authentication framework will not prompt for retrying unless it is > specifically written in the script. So if we want to retry the > authentication, the conditional authentication script would be like below. > Not sure whether I got this right. But does this mean, moving forward, if we need the retry behavior of the basic authenticator, we will have to get it done through a script ? > > function onInitialRequest(context) { > retryCount = 3; > executeBasicAuth(context, retryCount); > } > > function executeBasicAuth(context, retryCount) { > Log.info('--------------- executeBasicAuth retryCount ' + retryCount); > executeStep({ > id: '1', > on: { > success: function (context) { > Log.info('--------------- authentication succcessfull '); > var isAdmin = hasRole(context, 'admin'); > Log.info('--------------- Has Admin ' + isAdmin); > if (isAdmin) { > executeStep({id: '2'}); > } > }, > fail: function (context) { > Log.info('--------------- fail retryCount ' + retryCount); > --retryCount; > if (retryCount > 0) { > executeBasicAuth(context, retryCount); > } else { > Log.info('--------------- login failed '); > } > } > } > }); > } > > > This script will try to authenticate the user 3 times in case credentials > are incorrect. This approach will ensure that the authentication flow is > strictly controlled by the script and there is no unnecessary/unwanted > behavior. > > But with this approach we have a issue with how to get the authentication > failure reason in case of a retrying step. At the moment in the basic > authenticator, this failure message is set by checking > "context.isRetrying()" [1]. With the new implementation, authentication > framework is not aware if this is a retrying step or not. We are trying to > find a solution for this. Any suggestions are welcome. > > [1] > https://github.com/wso2-extensions/identity-local-auth-basicauth/blob/v5.3.7/components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java#L108 > > Thanks, > Maduranga. > > > > On Tue, May 8, 2018 at 12:26 PM Maduranga Siriwardena <madura...@wso2.com> > wrote: > >> Hi Gayan, >> >> Thanks for the suggestion. >> >> Yes its better to provide a configuration to change the number of retry >> attempts. Apart from the above mentioned behavior, we will consider this >> also in the implementation. >> >> Thanks, >> >> On Tue, May 8, 2018 at 9:31 AM gayan gunawardana <gmgunaward...@gmail.com> >> wrote: >> >>> >>> >>> On Mon, May 7, 2018 at 7:17 PM, Maduranga Siriwardena < >>> madura...@wso2.com> wrote: >>> >>>> Hi devs, >>>> >>>> In the Identity Server at the moment "retryAuthenticationEnabled" >>>> method in the authenticators decide whether the user is allowed to retry >>>> the authentication with that particular authenticator. Based on the result >>>> from this method, authenticator itself triggers the retry flow. >>>> >>>> Because of this we have a main disadvantage for the implementation of >>>> adaptive authentication. If retry is enabled, fail call back function in >>>> JavaScript is not triggered. >>>> >>>> So we are planning to change this behavior and send the authentication >>>> retry flow through the authentication framework. Below is the planned >>>> behavior. >>>> >>>> - Authenticator will retry to authenticate by default. >>>> - If the fail callback function has other steps to execute, >>>> authenticator will not retry to authenticate. >>>> - Developers can disable retry for a authentication sequence by >>>> setting a parameter in the context. >>>> >>>> Isn't it better to invoke fail callback function after pre-configured >>> number of retry attempts. >>> >>>> Please provide us with feedback what need to be changed from the above >>>> mentioned behavior. >>>> >>>> Thanks, >>>> -- >>>> Maduranga Siriwardena >>>> Senior Software Engineer >>>> WSO2 Inc; http://wso2.com/ >>>> >>>> Email: madura...@wso2.com >>>> Mobile: +94718990591 >>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>> <https://madurangasiriwardena.wordpress.com/>* >>>> <http://wso2.com/signature> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Gayan >>> >> >> >> -- >> Maduranga Siriwardena >> Senior Software Engineer >> WSO2 Inc; http://wso2.com/ >> >> Email: madura...@wso2.com >> Mobile: +94718990591 >> Blog: *https://madurangasiriwardena.wordpress.com/ >> <https://madurangasiriwardena.wordpress.com/>* >> <http://wso2.com/signature> >> > > > -- > Maduranga Siriwardena > Senior Software Engineer > WSO2 Inc; http://wso2.com/ > > Email: madura...@wso2.com > Mobile: +94718990591 > Blog: *https://madurangasiriwardena.wordpress.com/ > <https://madurangasiriwardena.wordpress.com/>* > <http://wso2.com/signature> > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev