Hi Omindu, This applies only if you are enabling the script. Otherwise it will behave as before without any change.
Thanks, On Tue, May 15, 2018 at 9:26 AM Omindu Rathnaweera <[email protected]> wrote: > Hi Maduranga, > > On Mon, May 14, 2018 at 11:57 AM Maduranga Siriwardena <[email protected]> > wrote: > >> After trying several methods to implement a retry mechanism, we decided >> to go for below approach. >> >> Authentication framework will not prompt for retrying unless it is >> specifically written in the script. So if we want to retry the >> authentication, the conditional authentication script would be like below. >> > > Not sure whether I got this right. But does this mean, moving forward, if > we need the retry behavior of the basic authenticator, we will have to get > it done through a script ? > > >> >> function onInitialRequest(context) { >> retryCount = 3; >> executeBasicAuth(context, retryCount); >> } >> >> function executeBasicAuth(context, retryCount) { >> Log.info('--------------- executeBasicAuth retryCount ' + retryCount); >> executeStep({ >> id: '1', >> on: { >> success: function (context) { >> Log.info('--------------- authentication succcessfull '); >> var isAdmin = hasRole(context, 'admin'); >> Log.info('--------------- Has Admin ' + isAdmin); >> if (isAdmin) { >> executeStep({id: '2'}); >> } >> }, >> fail: function (context) { >> Log.info('--------------- fail retryCount ' + retryCount); >> --retryCount; >> if (retryCount > 0) { >> executeBasicAuth(context, retryCount); >> } else { >> Log.info('--------------- login failed '); >> } >> } >> } >> }); >> } >> >> >> This script will try to authenticate the user 3 times in case credentials >> are incorrect. This approach will ensure that the authentication flow is >> strictly controlled by the script and there is no unnecessary/unwanted >> behavior. >> >> But with this approach we have a issue with how to get the authentication >> failure reason in case of a retrying step. At the moment in the basic >> authenticator, this failure message is set by checking >> "context.isRetrying()" [1]. With the new implementation, authentication >> framework is not aware if this is a retrying step or not. We are trying to >> find a solution for this. Any suggestions are welcome. >> >> [1] >> https://github.com/wso2-extensions/identity-local-auth-basicauth/blob/v5.3.7/components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java#L108 >> >> Thanks, >> Maduranga. >> >> >> >> On Tue, May 8, 2018 at 12:26 PM Maduranga Siriwardena <[email protected]> >> wrote: >> >>> Hi Gayan, >>> >>> Thanks for the suggestion. >>> >>> Yes its better to provide a configuration to change the number of retry >>> attempts. Apart from the above mentioned behavior, we will consider this >>> also in the implementation. >>> >>> Thanks, >>> >>> On Tue, May 8, 2018 at 9:31 AM gayan gunawardana < >>> [email protected]> wrote: >>> >>>> >>>> >>>> On Mon, May 7, 2018 at 7:17 PM, Maduranga Siriwardena < >>>> [email protected]> wrote: >>>> >>>>> Hi devs, >>>>> >>>>> In the Identity Server at the moment "retryAuthenticationEnabled" >>>>> method in the authenticators decide whether the user is allowed to retry >>>>> the authentication with that particular authenticator. Based on the result >>>>> from this method, authenticator itself triggers the retry flow. >>>>> >>>>> Because of this we have a main disadvantage for the implementation of >>>>> adaptive authentication. If retry is enabled, fail call back function in >>>>> JavaScript is not triggered. >>>>> >>>>> So we are planning to change this behavior and send the authentication >>>>> retry flow through the authentication framework. Below is the planned >>>>> behavior. >>>>> >>>>> - Authenticator will retry to authenticate by default. >>>>> - If the fail callback function has other steps to execute, >>>>> authenticator will not retry to authenticate. >>>>> - Developers can disable retry for a authentication sequence by >>>>> setting a parameter in the context. >>>>> >>>>> Isn't it better to invoke fail callback function after pre-configured >>>> number of retry attempts. >>>> >>>>> Please provide us with feedback what need to be changed from the above >>>>> mentioned behavior. >>>>> >>>>> Thanks, >>>>> -- >>>>> Maduranga Siriwardena >>>>> Senior Software Engineer >>>>> WSO2 Inc; http://wso2.com/ >>>>> >>>>> Email: [email protected] >>>>> Mobile: +94718990591 >>>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>>> <https://madurangasiriwardena.wordpress.com/>* >>>>> <http://wso2.com/signature> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Gayan >>>> >>> >>> >>> -- >>> Maduranga Siriwardena >>> Senior Software Engineer >>> WSO2 Inc; http://wso2.com/ >>> >>> Email: [email protected] >>> Mobile: +94718990591 >>> Blog: *https://madurangasiriwardena.wordpress.com/ >>> <https://madurangasiriwardena.wordpress.com/>* >>> <http://wso2.com/signature> >>> >> >> >> -- >> Maduranga Siriwardena >> Senior Software Engineer >> WSO2 Inc; http://wso2.com/ >> >> Email: [email protected] >> Mobile: +94718990591 >> Blog: *https://madurangasiriwardena.wordpress.com/ >> <https://madurangasiriwardena.wordpress.com/>* >> <http://wso2.com/signature> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 > -- Maduranga Siriwardena Senior Software Engineer WSO2 Inc; http://wso2.com/ Email: [email protected] Mobile: +94718990591 Blog: *https://madurangasiriwardena.wordpress.com/ <https://madurangasiriwardena.wordpress.com/>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
