Thanks for the clarification! On Tue, May 15, 2018 at 9:31 AM Maduranga Siriwardena <[email protected]> wrote:
> Hi Omindu, > > This applies only if you are enabling the script. Otherwise it will behave > as before without any change. > > Thanks, > > On Tue, May 15, 2018 at 9:26 AM Omindu Rathnaweera <[email protected]> > wrote: > >> Hi Maduranga, >> >> On Mon, May 14, 2018 at 11:57 AM Maduranga Siriwardena < >> [email protected]> wrote: >> >>> After trying several methods to implement a retry mechanism, we decided >>> to go for below approach. >>> >>> Authentication framework will not prompt for retrying unless it is >>> specifically written in the script. So if we want to retry the >>> authentication, the conditional authentication script would be like below. >>> >> >> Not sure whether I got this right. But does this mean, moving forward, if >> we need the retry behavior of the basic authenticator, we will have to get >> it done through a script ? >> >> >>> >>> function onInitialRequest(context) { >>> retryCount = 3; >>> executeBasicAuth(context, retryCount); >>> } >>> >>> function executeBasicAuth(context, retryCount) { >>> Log.info('--------------- executeBasicAuth retryCount ' + retryCount); >>> executeStep({ >>> id: '1', >>> on: { >>> success: function (context) { >>> Log.info('--------------- authentication succcessfull '); >>> var isAdmin = hasRole(context, 'admin'); >>> Log.info('--------------- Has Admin ' + isAdmin); >>> if (isAdmin) { >>> executeStep({id: '2'}); >>> } >>> }, >>> fail: function (context) { >>> Log.info('--------------- fail retryCount ' + retryCount); >>> --retryCount; >>> if (retryCount > 0) { >>> executeBasicAuth(context, retryCount); >>> } else { >>> Log.info('--------------- login failed '); >>> } >>> } >>> } >>> }); >>> } >>> >>> >>> This script will try to authenticate the user 3 times in case >>> credentials are incorrect. This approach will ensure that the >>> authentication flow is strictly controlled by the script and there is no >>> unnecessary/unwanted behavior. >>> >>> But with this approach we have a issue with how to get the >>> authentication failure reason in case of a retrying step. At the moment in >>> the basic authenticator, this failure message is set by checking >>> "context.isRetrying()" [1]. With the new implementation, authentication >>> framework is not aware if this is a retrying step or not. We are trying to >>> find a solution for this. Any suggestions are welcome. >>> >>> [1] >>> https://github.com/wso2-extensions/identity-local-auth-basicauth/blob/v5.3.7/components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java#L108 >>> >>> Thanks, >>> Maduranga. >>> >>> >>> >>> On Tue, May 8, 2018 at 12:26 PM Maduranga Siriwardena < >>> [email protected]> wrote: >>> >>>> Hi Gayan, >>>> >>>> Thanks for the suggestion. >>>> >>>> Yes its better to provide a configuration to change the number of retry >>>> attempts. Apart from the above mentioned behavior, we will consider this >>>> also in the implementation. >>>> >>>> Thanks, >>>> >>>> On Tue, May 8, 2018 at 9:31 AM gayan gunawardana < >>>> [email protected]> wrote: >>>> >>>>> >>>>> >>>>> On Mon, May 7, 2018 at 7:17 PM, Maduranga Siriwardena < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi devs, >>>>>> >>>>>> In the Identity Server at the moment "retryAuthenticationEnabled" >>>>>> method in the authenticators decide whether the user is allowed to retry >>>>>> the authentication with that particular authenticator. Based on the >>>>>> result >>>>>> from this method, authenticator itself triggers the retry flow. >>>>>> >>>>>> Because of this we have a main disadvantage for the implementation of >>>>>> adaptive authentication. If retry is enabled, fail call back function in >>>>>> JavaScript is not triggered. >>>>>> >>>>>> So we are planning to change this behavior and send the >>>>>> authentication retry flow through the authentication framework. Below is >>>>>> the planned behavior. >>>>>> >>>>>> - Authenticator will retry to authenticate by default. >>>>>> - If the fail callback function has other steps to execute, >>>>>> authenticator will not retry to authenticate. >>>>>> - Developers can disable retry for a authentication sequence by >>>>>> setting a parameter in the context. >>>>>> >>>>>> Isn't it better to invoke fail callback function after pre-configured >>>>> number of retry attempts. >>>>> >>>>>> Please provide us with feedback what need to be changed from the >>>>>> above mentioned behavior. >>>>>> >>>>>> Thanks, >>>>>> -- >>>>>> Maduranga Siriwardena >>>>>> Senior Software Engineer >>>>>> WSO2 Inc; http://wso2.com/ >>>>>> >>>>>> Email: [email protected] >>>>>> Mobile: +94718990591 >>>>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>>>> <https://madurangasiriwardena.wordpress.com/>* >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Gayan >>>>> >>>> >>>> >>>> -- >>>> Maduranga Siriwardena >>>> Senior Software Engineer >>>> WSO2 Inc; http://wso2.com/ >>>> >>>> Email: [email protected] >>>> Mobile: +94718990591 >>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>> <https://madurangasiriwardena.wordpress.com/>* >>>> <http://wso2.com/signature> >>>> >>> >>> >>> -- >>> Maduranga Siriwardena >>> Senior Software Engineer >>> WSO2 Inc; http://wso2.com/ >>> >>> Email: [email protected] >>> Mobile: +94718990591 >>> Blog: *https://madurangasiriwardena.wordpress.com/ >>> <https://madurangasiriwardena.wordpress.com/>* >>> <http://wso2.com/signature> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> Omindu Rathnaweera >> Senior Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 >> > > > -- > Maduranga Siriwardena > Senior Software Engineer > WSO2 Inc; http://wso2.com/ > > Email: [email protected] > Mobile: +94718990591 > Blog: *https://madurangasiriwardena.wordpress.com/ > <https://madurangasiriwardena.wordpress.com/>* > <http://wso2.com/signature> > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
