Re: [Architecture] Dashboard Component Permission Model

[Thanuja Jayasinghe]

Hi Sajith,

Currently, we are in the process of refactoring the carbon-security source
and hope to release a 1.0.0-m3 soon. With this release, CAAS User
implementation will only provide authorization functionalities. In order to
consume identity store related functionalities, you need to use the User
class provided by carbon-identity-mgt[1]. Also, both classes will implement
Serializable.

[1] -
https://github.com/thanujalk/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/User.java

Thanks,
Thanuja

On Mon, Jan 9, 2017 at 12:45 PM, SajithAR Ariyarathna 
wrote:

> Hi Johann,
>
> Once you login using CAAS (carbon authentication and authorization
>> service) components you will get a CAAS User object [1]. This User object
>> is a proxy object which can be used to call all the underlying identity
>> store and authorization store methods. Ideally you will store this User
>> object in the user's logged in session and perform those operations when
>> necessary.
>>
>> [1] https://github.com/wso2/carbon-security/blob/release-1.0
>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java
>> /org/wso2/carbon/security/caas/user/core/bean/User.java
>>
> This means that we need to store the User object in the UUF session. In
> order to that the User class needs to be serializable. However User class
> does not implements Serializable interface.
>
> On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma 
> wrote:
>
>> Hi Dilan,
>>
>> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne 
>> wrote:
>>
>>> Hi Tania,
>>>
>>> Are we going to keep one dashboard permission or multiple ? The reason
>>> that I am asking this is if we can allow multiple, we can
>>> separate out access for critical functions like dashboard view, edit and
>>> manage via those permissions.
>>>
>> As explained offline each dashboard will have its own permission for view
>> , edit/ update, delete. The only difference in this with the previous
>> versions is that instead of the role we will use permissions.
>>
>>>
>>> Also, have you looked into the scenario of restricting access of
>>> dashboards for different users ?
>>>
>> A permission is resource + action. So we can restrict access with the
>> permission.
>>
>>> AFAIU, it's only by having multiple permissions, we can do this.
>>>
>>
>> Thanks,
>> Tanya
>>
>>>
>>> Cheers,
>>> Dilan.
>>>
>>> *Dilan U. Ariyaratne*
>>> Senior Software Engineer
>>> WSO2 Inc. 
>>> Mobile: +94766405580 <%2B94766405580>
>>> lean . enterprise . middleware
>>>
>>>
>>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby 
>>> wrote:
>>>


 On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa 
 wrote:

> [+adding Sajith]
> Please find the my questions and suggestions in line
>
>>
 Based on the above model we have following questions.
 1. How can we call the isAuthorized method from dashboard component
 ?

>>>
> Isn't this isAuthorized method should be exposed through UUF as
> dashboard component is basically a UUF component? It might not be good to
> expose a such a functionality through a UI framework but it'll be lot
> cleaner than invoking a OSGI service inside our component.
>

 Once you login using CAAS (carbon authentication and authorization
 service) components you will get a CAAS User object [1]. This User object
 is a proxy object which can be used to call all the underlying identity
 store and authorization store methods. Ideally you will store this User
 object in the user's logged in session and perform those operations when
 necessary.

 [1] https://github.com/wso2/carbon-security/blob/release-1.0
 .0-m2/components/org.wso2.carbon.security.caas/src/main/java
 /org/wso2/carbon/security/caas/user/core/bean/User.java

 Regards,
 Johann.



>
>
>> 2. Is there any standard / approval process for permission strings ?

>>> 3. How should we register the permissions dynamically at the time of
 creating a dashboard?

 Appreciate your insight.

>>>
>>>
> Thank you,
>
> --
> Nipuna Marcus
> *Software Engineer*
> WSO2 Inc.
> http://wso2.com/ - "lean . enterprise . middleware"
> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906>
> nipu...@wso2.com
>



 --
 Thanks & Regards,

 *Johann Dilantha Nallathamby*
 Technical Lead & Product Lead of WSO2 Identity Server
 Governance Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com *

 ___
 Architecture mailing list
 Architecture@wso2.org
 

Re: [Architecture] [Dev] [VOTE] Release WSO2 API Manager 2.1.0 RC1

[Ayoma Wijethunga]

[-] Broken - do not release (Due to a security related issue identified)

Thank you,
Ayoma.

On Sat, Jan 7, 2017 at 5:16 PM, Prakhash Sivakumar 
wrote:

> Hi all,
>
> Please keep the vote on hold as we are still analyzing security reports
> provided by the team and verifying the previous fixes.
>
> Thanks,
>
> On Fri, Jan 6, 2017 at 10:55 PM, Praminda Jayawardana 
> wrote:
>
>> Hi All,
>>
>> This is the 1st Release Candidate of WSO2 API Manager 2.1.0
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/produc
>> t-apim/releases/download/v2.1.0-rc1/wso2am-2.1.0-RC1.zip
>> Analytics : https://github.com/wso2/analyt
>> ics-apim/releases/download/v2.1.0-rc1/wso2am-analytics-2.1.0-RC1.zip
>> Tooling : https://github.com/wso2/devstu
>> dio-tooling-apim/releases/tag/v2.1.0
>>
>>
>> This release fixes the following issues:
>> Runtime : https://wso2.org/jira/issues/?filter=13623
>> Analytics : https://wso2.org/jira/issues/?filter=13624
>> Tooling : https://wso2.org/jira/browse/DEVTOOLAPI-1
>>
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>>
>> Thanks,
>> - WSO2 API Manager Team -
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Prakhash Sivakumar
> Software Engineer | WSO2 Inc
> Platform Security Team
> Mobile : +94771510080 <+94%2077%20151%200080>
> Blog : https://medium.com/@PrakhashS
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Ayoma Wijethunga
Software Engineer
Platform Security Team
WSO2, Inc.; http://wso2.com
lean.enterprise.middleware

Mobile : +94 (0) 719428123 <+94+(0)+719428123>
Blog : http://www.ayomaonline.com
LinkedIn: https://www.linkedin.com/in/ayoma
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Dashboard Component Permission Model

[SajithAR Ariyarathna]

Hi Johann,

Once you login using CAAS (carbon authentication and authorization service)
> components you will get a CAAS User object [1]. This User object is a proxy
> object which can be used to call all the underlying identity store and
> authorization store methods. Ideally you will store this User object in the
> user's logged in session and perform those operations when necessary.
>
> [1] https://github.com/wso2/carbon-security/blob/release-1.0
> .0-m2/components/org.wso2.carbon.security.caas/src/main/java
> /org/wso2/carbon/security/caas/user/core/bean/User.java
>
This means that we need to store the User object in the UUF session. In
order to that the User class needs to be serializable. However User class
does not implements Serializable interface.

On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma  wrote:

> Hi Dilan,
>
> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne 
> wrote:
>
>> Hi Tania,
>>
>> Are we going to keep one dashboard permission or multiple ? The reason
>> that I am asking this is if we can allow multiple, we can
>> separate out access for critical functions like dashboard view, edit and
>> manage via those permissions.
>>
> As explained offline each dashboard will have its own permission for view
> , edit/ update, delete. The only difference in this with the previous
> versions is that instead of the role we will use permissions.
>
>>
>> Also, have you looked into the scenario of restricting access of
>> dashboards for different users ?
>>
> A permission is resource + action. So we can restrict access with the
> permission.
>
>> AFAIU, it's only by having multiple permissions, we can do this.
>>
>
> Thanks,
> Tanya
>
>>
>> Cheers,
>> Dilan.
>>
>> *Dilan U. Ariyaratne*
>> Senior Software Engineer
>> WSO2 Inc. 
>> Mobile: +94766405580 <%2B94766405580>
>> lean . enterprise . middleware
>>
>>
>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby 
>> wrote:
>>
>>>
>>>
>>> On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa 
>>> wrote:
>>>
 [+adding Sajith]
 Please find the my questions and suggestions in line

>
>>> Based on the above model we have following questions.
>>> 1. How can we call the isAuthorized method from dashboard component ?
>>>
>>
 Isn't this isAuthorized method should be exposed through UUF as
 dashboard component is basically a UUF component? It might not be good to
 expose a such a functionality through a UI framework but it'll be lot
 cleaner than invoking a OSGI service inside our component.

>>>
>>> Once you login using CAAS (carbon authentication and authorization
>>> service) components you will get a CAAS User object [1]. This User object
>>> is a proxy object which can be used to call all the underlying identity
>>> store and authorization store methods. Ideally you will store this User
>>> object in the user's logged in session and perform those operations when
>>> necessary.
>>>
>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0
>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java
>>> /org/wso2/carbon/security/caas/user/core/bean/User.java
>>>
>>> Regards,
>>> Johann.
>>>
>>>
>>>


> 2. Is there any standard / approval process for permission strings ?
>>>
>> 3. How should we register the permissions dynamically at the time of
>>> creating a dashboard?
>>>
>>> Appreciate your insight.
>>>
>>
>>
 Thank you,

 --
 Nipuna Marcus
 *Software Engineer*
 WSO2 Inc.
 http://wso2.com/ - "lean . enterprise . middleware"
 Mobile : +94 (0) 713 667906 <+94%2071%20366%207906>
 nipu...@wso2.com

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Tanya Madurapperuma
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94718184439 <+94%2071%20818%204439>
> Blog : http://tanyamadurapperuma.blogspot.com
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Sajith Janaprasad Ariyarathna
Software Engineer; WSO2, Inc.;  http://wso2.com/

___
Architecture mailing list
Architecture@wso2.org

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Jayanga Kaushalya]

Tested the OAuth 2 Form Post response mode with an OWIN client in Windows
2012. No issues found.

[+] Stable - Go ahead and release.

Thanks!

*Jayanga Kaushalya*
Software Engineer
Mobile: +94777860160
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Isura Karunaratne]

Hi,

Tested following features

   - Account Recovery- Notification
   - Account Recovery - Security Question one by one
   - Account Recovery - Security Question at once
   - Recaptcha
   - Password History
   - Self Signup
   - Ask Password
   - User Email Verified
   - Password Pattern
   - Account Lock
   - User Mangement functionality
   - Email template internalization
   - Challenge Question internalization
   - HTML based email template.


These scenarios worked as expected.
[+1] Go ahead and release.

Thanks
Isura



*Isura Dilhara Karunaratne*
Senior Software Engineer | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/




On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera  wrote:

> Hi,
> I tested the following on the Identity Server 5.3.0-RC3 pack,
>
>- Discovery
>- DCR
>- Form Post
>- Introspection
>- SCIM API
>- User Management
>
> Worked fine without any issues.
> [+] Stable - go ahead and release
>
> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
> wrote:
>
>> Hi All,
>>
>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>>
>> Runtime : https://wso2.org/jira/issues/?filter=13612
>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
>> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-
>> rc3
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> *Pulasthi Mahawithana*
>> Senior Software Engineer
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: http://blog.pulasthi.org
>>
>> 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Rushmin Fernando]

Tested following features with MSSQL

1) SAML flow
2) OAuth
3) OIDC
4) SAML metedata profile

  [+] Stable - go ahead and release

Best Regards
Rushmin

On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera  wrote:

> Hi,
> I tested the following on the Identity Server 5.3.0-RC3 pack,
>
>- Discovery
>- DCR
>- Form Post
>- Introspection
>- SCIM API
>- User Management
>
> Worked fine without any issues.
> [+] Stable - go ahead and release
>
> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
> wrote:
>
>> Hi All,
>>
>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>>
>> Runtime : https://wso2.org/jira/issues/?filter=13612
>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
>> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-
>> rc3
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> *Pulasthi Mahawithana*
>> Senior Software Engineer
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: http://blog.pulasthi.org
>>
>> 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Best Regards*

*Rushmin Fernando*
*Technical Lead*

WSO2 Inc.  - Lean . Enterprise . Middleware

mobile : +94775615183
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Maduranga Siriwardena]

Tested the following on the Identity Server 5.3.0-RC3 pack,

   - Workflow related features
   - JIT provisioning
   - Facebook federated authenticator
   - Google federated authenticator
   - Authorization for service providers
   - Federated user account association

 [+] Stable - go ahead and release

On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera  wrote:

> Hi,
> I tested the following on the Identity Server 5.3.0-RC3 pack,
>
>- Discovery
>- DCR
>- Form Post
>- Introspection
>- SCIM API
>- User Management
>
> Worked fine without any issues.
> [+] Stable - go ahead and release
>
> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
> wrote:
>
>> Hi All,
>>
>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>>
>> Runtime : https://wso2.org/jira/issues/?filter=13612
>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
>> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-
>> rc3
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> *Pulasthi Mahawithana*
>> Senior Software Engineer
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: http://blog.pulasthi.org
>>
>> 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Maduranga Siriwardena
Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: http://madurangasblogs.blogspot.com/

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Ishara Karunarathna]

Hi,

Tested,
OAuth Discovery
OAuth DCR
IS Analytics with IS Runtime.

Worked fine without any issues.
[+] Stable - go ahead and release

-Ishara


On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
wrote:

> Hi All,
>
> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>
> Please download, test the product and vote. Vote will be open for 72 hours
> or as needed.
>
> This release fixes the following issues:
>
> Runtime : https://wso2.org/jira/issues/?filter=13612
> Analytics : https://wso2.org/jira/issues/?filter=13614
>
> Source and distribution
>
> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.
> 3.0-rc3
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> - WSO2 Identity Server Team -
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: http://blog.pulasthi.org
>
> 
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Ishara Karunarathna
Associate Technical Lead
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
+94717996791
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Dinali Dabarera]

Hi,
I tested the following on the Identity Server 5.3.0-RC3 pack,

   - Discovery
   - DCR
   - Form Post
   - Introspection
   - SCIM API
   - User Management

Worked fine without any issues.
[+] Stable - go ahead and release

On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
wrote:

> Hi All,
>
> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>
> Please download, test the product and vote. Vote will be open for 72 hours
> or as needed.
>
> This release fixes the following issues:
>
> Runtime : https://wso2.org/jira/issues/?filter=13612
> Analytics : https://wso2.org/jira/issues/?filter=13614
>
> Source and distribution
>
> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.
> 3.0-rc3
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> - WSO2 Identity Server Team -
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: http://blog.pulasthi.org
>
> 
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Dinali Rosemin Dabarera*
Software Engineer
WSO2 Lanka (pvt) Ltd.
Web: http://wso2.com/
Email : gdrdabar...@gmail.com
LinkedIn 
Mobile: +94770198933





___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Dharshana Warusavitharana]

Hi All,

Tested following areas on  Identity Server 5.3.0-RC3 pack
1. XACML policy deployment and XACML API.
2. Policy based provisioning.
3. Access policies during authorization flow.
4. Sample policies for Provisioning and Authorization.

 [+] Stable - go ahead and release

Thank you,
Dharshana.




On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera  wrote:

> Hi,
> I tested the following on the Identity Server 5.3.0-RC3 pack,
>
>- Discovery
>- DCR
>- Form Post
>- Introspection
>- SCIM API
>- User Management
>
> Worked fine without any issues.
> [+] Stable - go ahead and release
>
> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
> wrote:
>
>> Hi All,
>>
>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>>
>> Runtime : https://wso2.org/jira/issues/?filter=13612
>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
>> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-
>> rc3
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> *Pulasthi Mahawithana*
>> Senior Software Engineer
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: http://blog.pulasthi.org
>>
>> 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Dharshana Warusavitharana
Associate Technical Lead
WSO2 Inc. http://wso2.com
email : dharsha...@wso2.com 
Tel  : +94 11 214 5345
Fax :+94 11 2145300
cell : +94770342233
blog : http://dharshanaw.blogspot.com

lean . enterprise . middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Dimuthu De Lanerolle]

I have tested following  ,

 a) Password History Validation
 b) Account Suspension
c) Token Introspection
d) Dynamic Client Registration
e) Discovery
f) User challenge question internationalization

[+] Stable - go ahead and release

Regards

On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera  wrote:

> Hi,
> I tested the following on the Identity Server 5.3.0-RC3 pack,
>
>- Discovery
>- DCR
>- Form Post
>- Introspection
>- SCIM API
>- User Management
>
> Worked fine without any issues.
> [+] Stable - go ahead and release
>
> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
> wrote:
>
>> Hi All,
>>
>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>>
>> Runtime : https://wso2.org/jira/issues/?filter=13612
>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
>> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-
>> rc3
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> *Pulasthi Mahawithana*
>> Senior Software Engineer
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: http://blog.pulasthi.org
>>
>> 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Dimuthu De Lanerolle
Software Engineer
WSO2 Inc.
lean . enterprise . middlewear.
http://wso2.com/
Tel. : +94 11 2145345  Fax : +94 11 2145300  email : dimut...@wso2.com
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [IS] [C5] Self sign-up in C5 User Portal

[Indunil Upeksha Rathnayake]

Hi,

I'm having following concerns regarding claim profile, user store domain
and credentials with related to self sign-up.

*1) Selecting a claim profile for loading claims related to user self
sign-up*

   - Use default claim-profile
   - Only a single profile called "self sign-up"
   - There can be several claim profiles based on the service provider/user
   store domain
   - Have a default claim profile for self sign-up as "self-signUp-default"
   and for each service provider we can define claim profiles with the prefix
   "self-signUp" (ex: "self-signUp-serviceProvider1").

*2) User store domain where users getting added in self sign-up*

   - In the UI, it's not appropriate to expose all the user store domains
   which supports self sign-up, so that user has to added the user name with
   the user store domain (ex: "US1/user1")
   - Admin has to configure the user store domains that supports self
   sign-Up. And in each SP, can configuration where the users getting added.

*3) Suitable field in UI to add credentials*

   - There can be multiple options for adding credentials, all should be
   included in the UI by default.
   - Configure Credential profiles for self sign-up etc.

Appreciate your ideas on selecting appropriate ways of handling above
mentioned scenarios.

Thanks and Regards

On Sun, Jan 8, 2017 at 11:20 AM, Gayan Gunawardana  wrote:

>
>
> On Fri, Jan 6, 2017 at 5:12 PM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi,
>>
>> Thanks for all of your ideas and suggestions. As I have mentioned,
>> currently for M1, we are planning to cover user self sign-up without any
>> email notification(user will be registered and automatically get logged
>> in).  But I think, including your ideas following things would be good
>> improvements to have in future releases.
>>
>> *1)  Configurable option to enable/disable email confirmation*
>>
>>- Admin should be having flexibility to configure self sign-up with
>>email verification and uncontrolled sign up for user store domains
>>
>> *2)  Self sign-up configured in user store level*
>>
>>- Allow anyone to sign up(no restrictions) or restrict users to
>>specific domains
>>- Should be able to configure a particular user store where self sign
>>up users should go, since there can be multiple user store domains and 
>> some
>>are read only etc
>>
>>  As I understood both of above configurations are user store level
> configurations. In user store level there should be a configurations to say
> Enable/Disable self sign-up. If self sign-up enabled then next
> configuration is to enable email verification or uncontrolled sign up.
> Also does end-user need to know user store domain they are going to
> sign-up or all self sign-up users are gone to single user store based on
> admin configuration ?
>
>> *3) Administrators should receive en email when a new account is created*
>>
>> Need to discuss further about these and make user stories if needed.
>>
>> Thanks and Regards
>>
>> On Fri, Jan 6, 2017 at 5:08 PM, Indunil Upeksha Rathnayake <
>> indu...@wso2.com> wrote:
>>
>>> Hi Nuwan,
>>>
>>> Thanks for your reply. For M1, we are planning to cover user self
>>> sign-up without any email notification(user will be registered and
>>> automatically get logged in). For future releases captcha should be
>>> included and that need to be covered in the user stories.
>>>
>>> Thanks and Regards
>>>
>>> On Wed, Jan 4, 2017 at 9:41 AM, Nuwan Dias  wrote:
>>>
 Having a captcha should be supported OOTB in the default portal. I
 assume we've considered that to be so in C5?

 On Wed, Jan 4, 2017 at 9:22 AM, Dimuthu Leelarathne 
 wrote:

>
>
> On Tue, Jan 3, 2017 at 1:00 PM, Ishara Karunarathna 
> wrote:
>
>>
>>
>> On Tue, Jan 3, 2017 at 12:52 PM, Johann Nallathamby 
>> wrote:
>>
>>> What are the new user stories we are trying to implement that are
>>> not already there in IS 5.3.0? Can we come up with a list of new
>>> requirements? Isn't most of the above user stories already there in IS
>>> 5.3.0?
>>>
>> Yes in 5.3.0 we have almost complete user store. But when it comes to
>> C5 implementation we can't cover it with a single milestone release,So we
>> need to start with a simple user story and use different version of that
>> adding other use cases associated with that.
>>
>>
> First we need to envision what we are going to achieve in the long
> run. Then we need to start with the simplest case. For C5 are we trying to
> achieve something different to what we already have?
>
> thanks,
> Dimuthu
>
> -Ishara
>>
>>
>>> On Tue, Jan 3, 2017 at 10:30 AM, Ishara Karunarathna <
>>> isha...@wso2.com> wrote:
>>>
 Hi Indunil,

 When we think about self sign up.
 basic 

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Ayesha Dissanayaka]

Hi team,

I have tested below scenarios in super tenant and tenant mode both as non
email and email as username.


   1.

   Account Management
   1.

  User Self Registration
  1.

 Self signup with email confirmation
 2.

 Self signup without email confirmation
 3.

 reCaptcha validation at self signup
 2.

  Account Recovery
  1.

 Username Recovery
 2.

 Password Recover
 -

Notification Based Password Recovery
-

Challenge Question Based Password Recovery
1.

   Recover with Secret Questions sequentially
   2.

   Challenge Question Internationalization
   3.

   reCaptcha validation at password recovery
   -

Email Notification in Password recovery flow
1.

   When starting password recovery flow
   2.

   After successful completion of password recovery
   -

Block brute force attacks on password reset
3.

  Password Reset
  1.

 Recovery Email with a link to reset password
 2.

 Recovery Email with a OTP
 3.

 Offline OTP
 2.

   Password History validation
   3.

   Login Management
   1.

  reCaptcha for SSO Login
  2.

  Account Locking at failed attempts and increase lock time-out
  exponentially
  3.

  Resending Email verification code
  4.

   Email Configuration
   1. *Email template internationalization*
   5. Federation - Oauth/OIDC
  1. SAML to Oauth
  2. OIDC to Oauth
  3. PassiveSTS to Oauth
  4. Claim Mappings
  5. JIT Provisioning
  6. Outbound Provisioning with JIT
  7. Account Association and claims


Those scenarios worked as expected.
[+1] Go ahead and release.

Thanks!
-Ayesha

On Mon, Jan 9, 2017 at 6:53 AM, Kasun Bandara  wrote:

> Hi IS team,
>
> Tested the following on the Identity Server 5.3.0-RC3 pack,
>
>
>- Email Internationalisation Feature (Tenant wise support)
>   - Email Templates type addition
>   - Email Templates addition
>   - Update and Delete Email templates
>- HTML support for email template management (Tenant wise support))
>
> [+] Stable - go ahead and release
>
> Regards.
> Kasun
>
> Kasun Gayan Bandara
> PhD Research Student
> Machine Learning Group
>
> Faculty of Information Technology, Clayton
> Monash University
> 25 Exhibition Walk, Clayton Campus
> Wellington Road
> Clayton VIC 3800
> Australia.
>
> E: herath.band...@monash.edu
> M (+61) 43 491 6476
>
> 
>
>
>
> On Mon, Jan 9, 2017 at 6:05 AM, Farasath Ahamed 
> wrote:
>
>> Tested the following on the Identity Server 5.3.0-RC3 pack,
>>
>>- Create Service Provider by importing SAML metadata file.
>>- Export Resident IDP metadata.
>>- SAML SSO for apps hosted on Apache2 using mod_auth_mellon with
>>Identity Server.
>>- Verify CSRF protection for dashboard apps.
>>- Verify IDENTITY- 
>>- Verify IDENTITY-5563 
>>- Recover Password with user locale based challenge questions.
>>- Add User account association between two local user accounts.
>>
>>  [+] Stable - go ahead and release
>>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana > > wrote:
>>
>>> Hi All,
>>>
>>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>>
>>> Please download, test the product and vote. Vote will be open for 72
>>> hours or as needed.
>>>
>>> This release fixes the following issues:
>>>
>>> Runtime : https://wso2.org/jira/issues/?filter=13612
>>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>>
>>> Source and distribution
>>>
>>> Run-time : https://github.com/wso2/prod
>>> uct-is/releases/tag/v5.3.0-rc3
>>> Analytics : https://github.com/wso2/anal
>>> ytics-is/releases/tag/v5.3.0-rc3
>>>
>>> Please vote as follows.
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>> Thanks,
>>> - WSO2 Identity Server Team -
>>>
>>> --
>>> *Pulasthi Mahawithana*
>>> Senior Software Engineer
>>> WSO2 Inc., http://wso2.com/
>>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>>> Blog: http://blog.pulasthi.org
>>>
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> d...@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> 

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Kasun Bandara]

Hi IS team,

Tested the following on the Identity Server 5.3.0-RC3 pack,


   - Email Internationalisation Feature (Tenant wise support)
  - Email Templates type addition
  - Email Templates addition
  - Update and Delete Email templates
   - HTML support for email template management (Tenant wise support))

[+] Stable - go ahead and release

Regards.
Kasun

Kasun Gayan Bandara
PhD Research Student
Machine Learning Group

Faculty of Information Technology, Clayton
Monash University
25 Exhibition Walk, Clayton Campus
Wellington Road
Clayton VIC 3800
Australia.

E: herath.band...@monash.edu
M (+61) 43 491 6476





On Mon, Jan 9, 2017 at 6:05 AM, Farasath Ahamed  wrote:

> Tested the following on the Identity Server 5.3.0-RC3 pack,
>
>- Create Service Provider by importing SAML metadata file.
>- Export Resident IDP metadata.
>- SAML SSO for apps hosted on Apache2 using mod_auth_mellon with
>Identity Server.
>- Verify CSRF protection for dashboard apps.
>- Verify IDENTITY- 
>- Verify IDENTITY-5563 
>- Recover Password with user locale based challenge questions.
>- Add User account association between two local user accounts.
>
>  [+] Stable - go ahead and release
>
>
> Thanks,
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
> wrote:
>
>> Hi All,
>>
>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>>
>> Runtime : https://wso2.org/jira/issues/?filter=13612
>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>
>> Source and distribution
>>
>> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
>> Analytics : https://github.com/wso2/anal
>> ytics-is/releases/tag/v5.3.0-rc3
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> *Pulasthi Mahawithana*
>> Senior Software Engineer
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: http://blog.pulasthi.org
>>
>> 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Farasath Ahamed]

Tested the following on the Identity Server 5.3.0-RC3 pack,

   - Create Service Provider by importing SAML metadata file.
   - Export Resident IDP metadata.
   - SAML SSO for apps hosted on Apache2 using mod_auth_mellon with
   Identity Server.
   - Verify CSRF protection for dashboard apps.
   - Verify IDENTITY- 
   - Verify IDENTITY-5563 
   - Recover Password with user locale based challenge questions.
   - Add User account association between two local user accounts.

 [+] Stable - go ahead and release


Thanks,
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 




On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana 
wrote:

> Hi All,
>
> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>
> Please download, test the product and vote. Vote will be open for 72 hours
> or as needed.
>
> This release fixes the following issues:
>
> Runtime : https://wso2.org/jira/issues/?filter=13612
> Analytics : https://wso2.org/jira/issues/?filter=13614
>
> Source and distribution
>
> Run-time : https://github.com/wso2/product-is/releases/tag/v5.3.0-rc3
> Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-
> rc3
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> - WSO2 Identity Server Team -
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: http://blog.pulasthi.org
>
> 
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] WSO2 Carbon Unified UI Framework 1.0.0-M9 Released!

[SajithAR Ariyarathna]

Hi All,

We are pleased to announce the *ninth milestone* of WSO2 Carbon Unified UI
Framework (UUF). You can download the UUF server distribution at [1].

UUF is an UI framework that let webapp developers to build shareable UI
components and to build webapps by composing those UI components.


*Changes list*:

   - Changes in configuration files.
  - config.yaml, bindings.yaml files are no longer supported for apps
  and components.
  - For components,
 - Component has only component.yaml configuration file. (see sample
 

 )
 - UI specific REST APIs, zone-fragments bindings, business-logic
 related configurations can be defined.
 - Mandatory, without that component won't be deployed.
  - For apps,
 - app.yaml (see sample
 

 )
- Default theme name, menus, URI of error pages, login page
URI, and security related configurations can be defined.
- Mandatory, without that app won't be deployed.
 - component.yaml (see sample
 

 )
- Same as in a component.
 - For themes,
 - theme.yaml is mandatory. (see sample
 

 )
  - Menus are configured at the app level in the app.yaml configuration
  file. (see sample
  

  )
   - Support for deploying UI specified REST APIs.
  - UUF can deploy configured (in component.yaml
  
)
  microservices (using MSF4J
  ) as REST APIs.
  Deployed REST APIs will be available under
  ///apis/ context.
   - Support to push multiple fragments to a zone.
  - Through bindings (configured in component.yaml
  
),
  multiple fragments (in a specified order) can be pushed into a zone.
   - Support to define back-end bundles of a component in the component's
   pom.xml. (see sample
   

   )
   - Following Handlebars helpers are added,
  - {{template}} helper.
 - Can send a server-side Handlebars template (a fragment or an
 inline template) safely to the client-side.
  - String manipulation helpers.
 - abbreviate, capitalize, capitalizeFirst, center, cut, dateFormat
 , defaultIfEmpty, join, ljust, lower, now, numberFormat, replace,
 rjust, slugify, stringFormat, stripTags, substring, upper, wordWrap
 , yesno (see Features App sample
  for
 usage)
  - Added more samples (see Features App
   )
   - Bug fixes.


*Found an issue?*

Help us to improve. Use our GitHub issues page at [2] to report it to us.


[1]
https://github.com/wso2/carbon-uuf/releases/download/v1.0.0-m9/wso2uuf-1.0.0-m9.zip
[2] https://github.com/wso2/carbon-uuf/issues

*-- WSO2 Platform Team--*
Thanks.
-- 
Sajith Janaprasad Ariyarathna
Software Engineer; WSO2, Inc.;  http://wso2.com/

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture