Re: [Dev] Regarding APPM-1160
Agree with Ruwan's point that we should not keep credentials per tenant. But, passing tenantId as a query parameter to API seems a security concern. This provides capability to access some other tenant's device list to any of the tenant having valid access token. One way that I could think of to avoid this is, keep only consumer/secret key in the app-manager.xml and generate the access token when user login into the store. In the API side, identify the user and tenant domain using access token and filter only devices belong to that tenant space. Again, this won't be a good solution, since we need to use password grant type which requires to access the user password to get the access token at the time of user login. So we back to keeping per tenant credential solution :). Regards, Dinusha. On Fri, Jul 8, 2016 at 12:25 PM, Ruwan Abeykoon wrote: > Hi All, > I think REST connector should have single endpoint. The rest call can have > tenant ID in a header or as a request parameter. Then the API gateway( > API-Manager) should be able to distinguish the respective endpoint if > necessary. This is a functionality of APIM. > > The reasons are, > 1. REST connector request/response will not be change at all between > tenants > 2. It is not needed to maintain credentials per tenant in AppM side. > > -1 on having configuration per tenant wise even in registry. > I do not agree with the JIRA. > > Cheers, > Ruwan > > On Fri, Jul 8, 2016 at 11:38 AM, Dinusha Senanayaka > wrote: > >> Hi Sajith, >> >> We could not keep each and every tenant authentication configuration in >> app-manager.xml, due to dynamic nature of tenant creation and the growth. >> >> appmgt.mdm.rest.connector is the default connector that we provided to >> connect with WSO2EMM. We could keep it's configurations in the registry. >> Also I don't think at least 1% of the requirements will come to use >> specific connector other than using default connectors provided by us (EMM). >> >> Regards, >> Dinusha. >> >> On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana >> wrote: >> >>> Hi All, >>> >>> EMM supports multi-tenancy it is designed to work with one instance of App Manager via OSGI services. When they work together they function as one product, hence EMM and App Manager share same tenants across the multi tenanted environment. >>> >>> This means we don't need to keep the tenant config when we are >>> connecting using OSGi service. >>> >>> This is a special scenario where AppM connects to EMM via EMM REST APIs. According to how we have developed the plugin tenant admin and password needs to be stored in the plugin configuration. This is a plugin specific configuration, therefore, the plugin developer has flexibility to store those configurations in any way he prefers. >>> >>> When we are connecting using REST connector we need to have a tenant >>> config in AppM side. How about that we kept those tenant config in >>> app-manager.xml as below. >>> >>> >>> >>> >> bundle="org.wso2.carbon.appmgt.mdm.restconnector"> >>> >> name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png >>> >>> https://localhost:9450/mdm-admin >>> >>> https://localhost:9448/oauth2/token >>> >> name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka >>> >> name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa >>> hr.com ,eng.com >>> ,mrk.com >>> >>> >>> >> bundle="org.wso2.carbon.appmgt.mdm.osgiconnector"> >>> >> name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png >>> >>> >>> >>> >>> hradmin >>> hr.123 >>> >>> >>> engadmin >>> eng.123 >>> >>> >>> mrkadmin >>> eng.123 >>> >>> >>> >>> >>> >>> >>> >>> -- >>> *Sajith Abeywardhana* | Software Engineer >>> WSO2, Inc | lean. enterprise. middleware. >>> #20, Palm Grove, Colombo 03, Sri Lanka. >>> Mobile: +94772260485 >>> Email: saji...@wso2.com | Web: www.wso2.com >>> >>> >>> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan >>> wrote: >>> Hi Dinusha, EMM supports multi-tenancy it is designed to work with one instance of App Manager via OSGI services. When they work together they function as one product, hence EMM and App Manager share same tenants across the multi tenanted environment. >>> This is a special scenario where AppM connects to EMM via EMM REST APIs. According to how we have developed the plugin tenant admin and password needs to be stored in the plugin configuration. This is a plugin specific configuration, therefore, the plugin developer has flexibility to store t
Re: [Dev] Regarding APPM-1160
Hi All, I think REST connector should have single endpoint. The rest call can have tenant ID in a header or as a request parameter. Then the API gateway( API-Manager) should be able to distinguish the respective endpoint if necessary. This is a functionality of APIM. The reasons are, 1. REST connector request/response will not be change at all between tenants 2. It is not needed to maintain credentials per tenant in AppM side. -1 on having configuration per tenant wise even in registry. I do not agree with the JIRA. Cheers, Ruwan On Fri, Jul 8, 2016 at 11:38 AM, Dinusha Senanayaka wrote: > Hi Sajith, > > We could not keep each and every tenant authentication configuration in > app-manager.xml, due to dynamic nature of tenant creation and the growth. > > appmgt.mdm.rest.connector is the default connector that we provided to > connect with WSO2EMM. We could keep it's configurations in the registry. > Also I don't think at least 1% of the requirements will come to use > specific connector other than using default connectors provided by us (EMM). > > Regards, > Dinusha. > > On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana > wrote: > >> Hi All, >> >> EMM supports multi-tenancy it is designed to work with one instance of >>> App Manager via OSGI services. When they work together they function as one >>> product, hence EMM and App Manager share same tenants across the multi >>> tenanted environment. >>> >> >> This means we don't need to keep the tenant config when we are connecting >> using OSGi service. >> >> >>> This is a special scenario where AppM connects to EMM via EMM REST >>> APIs. According to how we have developed the plugin tenant admin and >>> password needs to be stored in the plugin configuration. This is a >>> plugin specific configuration, therefore, the plugin developer has >>> flexibility to store those configurations in any way he prefers. >>> >> >> When we are connecting using REST connector we need to have a tenant >> config in AppM side. How about that we kept those tenant config in >> app-manager.xml as below. >> >> >> >> > bundle="org.wso2.carbon.appmgt.mdm.restconnector"> >> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png >> >> https://localhost:9450/mdm-admin >> >> https://localhost:9448/oauth2/token >> > name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka >> > name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa >> hr.com ,eng.com >> ,mrk.com >> >> >> > bundle="org.wso2.carbon.appmgt.mdm.osgiconnector"> >> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png >> >> >> >> >> hradmin >> hr.123 >> >> >> engadmin >> eng.123 >> >> >> mrkadmin >> eng.123 >> >> >> >> >> >> >> >> -- >> *Sajith Abeywardhana* | Software Engineer >> WSO2, Inc | lean. enterprise. middleware. >> #20, Palm Grove, Colombo 03, Sri Lanka. >> Mobile: +94772260485 >> Email: saji...@wso2.com | Web: www.wso2.com >> >> >> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan >> wrote: >> >>> Hi Dinusha, >>> >>> EMM supports multi-tenancy it is designed to work with one instance of >>> App Manager via OSGI services. When they work together they function as one >>> product, hence EMM and App Manager share same tenants across the multi >>> tenanted environment. >>> >> >>> This is a special scenario where AppM connects to EMM via EMM REST >>> APIs. According to how we have developed the plugin tenant admin and >>> password needs to be stored in the plugin configuration. This is a >>> plugin specific configuration, therefore, the plugin developer has >>> flexibility to store those configurations in any way he prefers. >>> >>> When it's comes to multi tenancy, +1 we have to store those >>> configurations in the registry for the rest connector plugin . But how we >>> store those values are plugin specific. >>> >>> >>> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka >>> wrote: >>> Hi Chathura, Does multi-tenancy supports in EMM for device management ? If yes, we need to fix [1] as well, which means we cannot keep this configuration in the app-manager.xml. Need to take it to registry. [1] https://wso2.org/jira/browse/APPM-1160 Regards, Dinsuha. -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ >>> >>> >>> >>> -- >>> Regards, >>> >>> Chatura Dilan Perera >>> *Associate Tech Lead** - WSO2 Inc.* >>> www.dilan.me >>> >> >> >> >> > > > -- > Dinusha Dilrukshi > Associate Technical Lead > WSO2
Re: [Dev] Regarding APPM-1160
Hi Sajith, We could not keep each and every tenant authentication configuration in app-manager.xml, due to dynamic nature of tenant creation and the growth. appmgt.mdm.rest.connector is the default connector that we provided to connect with WSO2EMM. We could keep it's configurations in the registry. Also I don't think at least 1% of the requirements will come to use specific connector other than using default connectors provided by us (EMM). Regards, Dinusha. On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana wrote: > Hi All, > > EMM supports multi-tenancy it is designed to work with one instance of >> App Manager via OSGI services. When they work together they function as one >> product, hence EMM and App Manager share same tenants across the multi >> tenanted environment. >> > > This means we don't need to keep the tenant config when we are connecting > using OSGi service. > > >> This is a special scenario where AppM connects to EMM via EMM REST >> APIs. According to how we have developed the plugin tenant admin and >> password needs to be stored in the plugin configuration. This is a >> plugin specific configuration, therefore, the plugin developer has >> flexibility to store those configurations in any way he prefers. >> > > When we are connecting using REST connector we need to have a tenant > config in AppM side. How about that we kept those tenant config in > app-manager.xml as below. > > > > bundle="org.wso2.carbon.appmgt.mdm.restconnector"> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png > > https://localhost:9450/mdm-admin > > https://localhost:9448/oauth2/token > name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka > name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa > hr.com ,eng.com > ,mrk.com > > > bundle="org.wso2.carbon.appmgt.mdm.osgiconnector"> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png > > > > > hradmin > hr.123 > > > engadmin > eng.123 > > > mrkadmin > eng.123 > > > > > > > > -- > *Sajith Abeywardhana* | Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka. > Mobile: +94772260485 > Email: saji...@wso2.com | Web: www.wso2.com > > > On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan > wrote: > >> Hi Dinusha, >> >> EMM supports multi-tenancy it is designed to work with one instance of >> App Manager via OSGI services. When they work together they function as one >> product, hence EMM and App Manager share same tenants across the multi >> tenanted environment. >> > >> This is a special scenario where AppM connects to EMM via EMM REST >> APIs. According to how we have developed the plugin tenant admin and >> password needs to be stored in the plugin configuration. This is a >> plugin specific configuration, therefore, the plugin developer has >> flexibility to store those configurations in any way he prefers. >> >> When it's comes to multi tenancy, +1 we have to store those >> configurations in the registry for the rest connector plugin . But how we >> store those values are plugin specific. >> >> >> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka >> wrote: >> >>> Hi Chathura, >>> >>> Does multi-tenancy supports in EMM for device management ? If yes, we >>> need to fix [1] as well, which means we cannot keep this configuration in >>> the app-manager.xml. Need to take it to registry. >>> >>> [1] https://wso2.org/jira/browse/APPM-1160 >>> >>> Regards, >>> Dinsuha. >>> >>> -- >>> Dinusha Dilrukshi >>> Associate Technical Lead >>> WSO2 Inc.: http://wso2.com/ >>> Mobile: +94725255071 >>> Blog: http://dinushasblog.blogspot.com/ >>> >> >> >> >> -- >> Regards, >> >> Chatura Dilan Perera >> *Associate Tech Lead** - WSO2 Inc.* >> www.dilan.me >> > > > > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding APPM-1160
Hi All, EMM supports multi-tenancy it is designed to work with one instance of App > Manager via OSGI services. When they work together they function as one > product, hence EMM and App Manager share same tenants across the multi > tenanted environment. > This means we don't need to keep the tenant config when we are connecting using OSGi service. > This is a special scenario where AppM connects to EMM via EMM REST > APIs. According to how we have developed the plugin tenant admin and > password needs to be stored in the plugin configuration. This is a > plugin specific configuration, therefore, the plugin developer has > flexibility to store those configurations in any way he prefers. > When we are connecting using REST connector we need to have a tenant config in AppM side. How about that we kept those tenant config in app-manager.xml as below. /store/extensions/assets/mobileapp/resources/models/%s.png https://localhost:9450/mdm-admin https://localhost:9448/oauth2/token WjLm24IxBVLF0oz0VJfmtJbjJbka v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa hr.com ,eng.com ,mrk.com /store/extensions/assets/mobileapp/resources/models/%s.png hradmin hr.123 engadmin eng.123 mrkadmin eng.123 -- *Sajith Abeywardhana* | Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka. Mobile: +94772260485 Email: saji...@wso2.com | Web: www.wso2.com On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan wrote: > Hi Dinusha, > > EMM supports multi-tenancy it is designed to work with one instance of > App Manager via OSGI services. When they work together they function as one > product, hence EMM and App Manager share same tenants across the multi > tenanted environment. > > This is a special scenario where AppM connects to EMM via EMM REST > APIs. According to how we have developed the plugin tenant admin and > password needs to be stored in the plugin configuration. This is a > plugin specific configuration, therefore, the plugin developer has > flexibility to store those configurations in any way he prefers. > > When it's comes to multi tenancy, +1 we have to store those > configurations in the registry for the rest connector plugin . But how we > store those values are plugin specific. > > > On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka > wrote: > >> Hi Chathura, >> >> Does multi-tenancy supports in EMM for device management ? If yes, we >> need to fix [1] as well, which means we cannot keep this configuration in >> the app-manager.xml. Need to take it to registry. >> >> [1] https://wso2.org/jira/browse/APPM-1160 >> >> Regards, >> Dinsuha. >> >> -- >> Dinusha Dilrukshi >> Associate Technical Lead >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > > > -- > Regards, > > Chatura Dilan Perera > *Associate Tech Lead** - WSO2 Inc.* > www.dilan.me > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding APPM-1160
Hi Dinusha, EMM supports multi-tenancy it is designed to work with one instance of App Manager via OSGI services. When they work together they function as one product, hence EMM and App Manager share same tenants across the multi tenanted environment. This is a special scenario where AppM connects to EMM via EMM REST APIs. According to how we have developed the plugin tenant admin and password needs to be stored in the plugin configuration. This is a plugin specific configuration, therefore, the plugin developer has flexibility to store those configurations in any way he prefers. When it's comes to multi tenancy, +1 we have to store those configurations in the registry for the rest connector plugin . But how we store those values are plugin specific. On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka wrote: > Hi Chathura, > > Does multi-tenancy supports in EMM for device management ? If yes, we need > to fix [1] as well, which means we cannot keep this configuration in the > app-manager.xml. Need to take it to registry. > > [1] https://wso2.org/jira/browse/APPM-1160 > > Regards, > Dinsuha. > > -- > Dinusha Dilrukshi > Associate Technical Lead > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- Regards, Chatura Dilan Perera *Associate Tech Lead** - WSO2 Inc.* www.dilan.me ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Regarding APPM-1160
Hi Chathura, Does multi-tenancy supports in EMM for device management ? If yes, we need to fix [1] as well, which means we cannot keep this configuration in the app-manager.xml. Need to take it to registry. [1] https://wso2.org/jira/browse/APPM-1160 Regards, Dinsuha. -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev