Evaluated the static code analysis and dynamic security analysis reports. All the flagged issues are found to be false positives.
[+] Stable in terms of security - Go ahead and release Thanks, Tharindu Edirisinghe On Thu, Sep 13, 2018 at 10:48 PM Pamoda Wimalasiri <[email protected]> wrote: > Hi all, > > I tested below scenarios with DB2 database. > > - Self-registration and account confirmation > - Self-registration consent purposes > - Just-In-Time Provisioning Consent Purposes > - SAML2 Artifact binding and authenticate > > No blocking issues found. > > [+] Stable - Go ahead and release > > Thanks, > Pamoda > > On Thu, Sep 13, 2018 at 10:39 PM Vihanga Liyanage <[email protected]> > wrote: > >> Hi all, >> >> Tested below scenarios on IS 5.7.0-RC2 pack using the default H2 >> database and Postgres SQL database. >> >> - Started with *-Dsetup* property in Postgres and DB scripts executed >> without any issues. >> - Add service provider, configured SAML SSO, authenticate with *the >> dispatch *sample web app. >> - Enable SAML2 Artifact binding and authenticate. >> - Add SP certificate, enable signature validation in SAML2 artifact >> resolve request and authenticate. >> - Add new SP with Open ID OAuth/OpenID Connect Configuration and >> authenticate with *the playground *sample web app. Tested all OAuth >> grand types. >> - Add SP certificate, enable ID token encryption, authenticate and >> decrypt the encrypted ID token by providing the private key of the SP. >> >> No blocking issues found. >> >> [+] Stable - Go ahead and release >> >> Best regards, >> Vihanga. >> >> On Thu, Sep 13, 2018 at 10:14 PM Janak Amarasena <[email protected]> wrote: >> >>> Hi all, >>> >>> Tested below scenarios with MySQL 5.7, >>> >>> - Self-Registration and Account Confirmation. >>> - Configure Just-In-Time Provisioning Consent Purposes. >>> - Add user, add roles, add permissions >>> - UMA 2.0 flow >>> - Obtain access token using password grant. >>> - Create, delete, update, list resources and read resource >>> description of a resource by invoking UMA resource registration endpoint. >>> - Entitlement policy creation using write policy in xml and >>> publishing. >>> - Obtain permission ticket by invoking UMA permission endpoint. >>> - Configure a service provider with OpenID Connect and obtain access >>> token using UMA grant. >>> - Invoke the OAuth Introspection Endpoint. >>> - Enable SAML2 Artifact binding and authenticate >>> >>> No blocking issues found. >>> >>> [+] Stable - Go ahead and release >>> >>> Best Regards, >>> Janak >>> >>> >>> On Thu, Sep 13, 2018 at 10:10 PM, Tharindu Bandara <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> I have tested the following scenarios on IS 5.7.0 RC3 pack using MySQL >>>> 5.7 database and did not encounter any issues. >>>> >>>> - Configuring a service provider for adaptive authentication. >>>> - Configuring Role-Based Adaptive Authentication. >>>> - Configuring User-Age-Based Adaptive Authentication. >>>> - Configuring IP-Based Adaptive Authentication. >>>> - Configuring New-Device-Based Adaptive Authentication. >>>> - Using WSO2 Stream Processor for Adaptive Authentication. >>>> - Configuring Risk-Based Adaptive Authentication. >>>> - Configuring login-based adaptive authentication. >>>> >>>> [+] Stable - Go ahead and release. >>>> >>>> On Thu, Sep 13, 2018 at 10:05 PM Winma Heenatigala <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> I have tested the following with Oracle and no issues were found. >>>>> >>>>> - Configuring Just-In-Time Provisioning Consent Purposes >>>>> - Self-Registration and Account Confirmation >>>>> - Configuring SAML 2.0 Artifact Binding >>>>> - Add user, add roles, add permissions >>>>> >>>>> [+] Stable - Go ahead and release >>>>> >>>>> Thanks, >>>>> Winma >>>>> >>>>> >>>>> On Thu, Sep 13, 2018 at 9:03 PM, Minoli Perera <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Tested below scenarios on IS 5.7.0-RC3 pack with Oracle database >>>>>> setup, >>>>>> >>>>>> - Self-Registration and Account Confirmation. >>>>>> - Configure Just-In-Time Provisioning Consent Purposes. >>>>>> - Add user, add roles, add permissions. >>>>>> >>>>>> No blocking issues found. >>>>>> >>>>>> [+] Stable - Go ahead and release >>>>>> >>>>>> Thanks, >>>>>> >>>>>> On Thu, Sep 13, 2018 at 8:55 PM Chamath Samarawickrama < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I tested the following on* IS 5.7.0-RC3* using a *DB2* database >>>>>>> setup. >>>>>>> >>>>>>> Configuring a Service Provider for Adaptive Authentication. >>>>>>> Adaptive Authentication with, >>>>>>> >>>>>>> - Role-Based template >>>>>>> - User-Age-Based template >>>>>>> - Tenant-Based template >>>>>>> - User Store-Based template >>>>>>> - IP-Based template >>>>>>> - New-Device-Based template >>>>>>> - ACR-Based template >>>>>>> - Login-Based template >>>>>>> >>>>>>> Configuring user input prompt templates in Adaptive Authentication. >>>>>>> Using WSO2 Stream Processor for Adaptive Authentication >>>>>>> >>>>>>> - Tested with Risk-Based template >>>>>>> >>>>>>> No blocking issues were found. >>>>>>> >>>>>>> *[+] Stable - Go ahead and release.* >>>>>>> >>>>>>> On Thu, Sep 13, 2018, 19:09 Senthalan Kanagalingam < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> >>>>>>>> We are pleased to announce the third release candidate of WSO2 >>>>>>>> Identity Server 5.7.0. >>>>>>>> >>>>>>>> >>>>>>>> This release fixes the following issues, >>>>>>>> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-RC2 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/58?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-RC1 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/52?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-Beta2 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/57?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-Beta fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/54?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-Alpha3 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/53?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-Alpha2 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/51?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-Alpha fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/50?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-M5 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/49?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-M4 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/48?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-M3 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/47?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-M2 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/46?closed=1> >>>>>>>> - >>>>>>>> >>>>>>>> 5.7.0-M1 fixes >>>>>>>> <https://github.com/wso2/product-is/milestone/45?closed=1> >>>>>>>> >>>>>>>> >>>>>>>> Source and distribution, >>>>>>>> >>>>>>>> >>>>>>>> Runtime - https://github.com/wso2/product-is/releases/v5.7.0-rc3 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Please download, test the product and vote. >>>>>>>> >>>>>>>> >>>>>>>> [+] Stable - go ahead and release >>>>>>>> >>>>>>>> [-] Broken - do not release (explain why) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> - WSO2 Identity and Access Management Team - >>>>>>>> -- >>>>>>>> >>>>>>>> *Senthalan Kanagalingam* >>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Minoli Perera, >>>>>> Software Engineer, WSO2, Inc. >>>>>> E-mail : [email protected] >>>>>> Mobile : +94771567527 >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Winma Heenatigala* >>>>> *Trainee Software Engineer | WSO2* >>>>> >>>>> *Mobile : +94719132444* >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> *Tharindu Bandara* >>>> Software Engineer | WSO2 >>>> >>>> Email : [email protected] >>>> Mobile : +94 714221776 >>>> web : http://wso2.com >>>> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >>>> >>>> https://wso2.com/signature >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Janak Amarasena* >>> >>> Software Engineer >>> >>> Email: [email protected] >>> >>> Mobile: +94777764144 >>> >>> Web: https://wso2.com >>> >>> >>> <http://wso2.com/signature> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> >> Vihanga Liyanage >> >> Software Engineer | WS*O₂* Inc. >> >> M : +*94710124103* | http://wso2.com >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > > *Pamoda Wimalasiri* > Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94713705814 <+94%2077%20936%207571> > Web : https://wso2.com/ > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
