Re: [Architecture] Moving the system properties from wso2server.sh to the carbon.properties

[Chamila De Alwis]

Hi Prakash, Ruwan,

What is the exact behavior wrt this carbon.properties file? Does it follow
the same standard as C5 Config Management where all configs have default
values and only the ones needed to be overridden are specified in a config
file? If that is not the case I'm not clear on how this would positively
affect the Container user story. Regarding Config Automation such as
Puppet, I see no difference wrt using wso2server.sh vs carbon.properties,
as both of these will be populated through some kind of templating in the
tool.


Regards,
Chamila de Alwis
Committer and PMC Member - Apache Stratos
Associate Technical Lead | WSO2
+94 77 220 7163
Blog: https://medium.com/@chamilad



On Fri, Feb 16, 2018 at 5:59 PM, Ruwan Abeykoon  wrote:

> Hi Harsha,
> This is for C4.
> For IS perspective, 5.5.0 and few releases to come will be on C4. But we
> want to make them more container native.
> So we need to move these system properties to a file, outside of
> "wso2server.sh", so that they can be scripted easily.
>
> And even these are the last one to be released, they will remain in
> production for longest, as they will be the most feature rich product for
> some time.
>
> Cheers,
> Ruwan
>
>
> On Fri, Feb 16, 2018 at 5:49 PM, Harsha Thirimanna 
> wrote:
>
>> Are we talking about C5 based products ?
>>
>> Because I feel like we are already in last few releases in C4 based
>> products, right ? If it is true, then why we need such a imporovement ?
>> I am just asking to get to know the context . Sorry for the interruption
>> to the thread,☺️
>>
>>
>> On 16 Feb 2018 5:35 pm, "Prakhash Sivakumar"  wrote:
>>
>> Hi All,
>>
>> From the next major releases, we are planning to ship the
>> carbon.properties file by default with the products.
>>
>> The properties that get added in the carbon.properties will be published
>> as a system property during the startup[1]. Currently, this file contains
>> only the CipherTransformation.
>>
>> Shall we move the other system properties from wso2server.sh to the
>> carbon.properties file?
>>
>> This will make easier to automate the deployment using the puppet scripts
>> as well.
>>
>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
>> o2.carbon.bootstrap/src/main/java/org/wso2/carbon/bootstrap
>> /Bootstrap.java#L77
>>
>> Thanks,
>> Prakhash
>>
>>
>> --
>> Prakhash Sivakumar
>> Software Engineer | WSO2 Inc
>> Platform Security Team
>> Mobile : +94771510080 <+94%2077%20151%200080>
>> Blog : https://medium.com/@PrakhashS
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] WSO2 Identity Server 5.5.0-Alpha Released!

[Sathya Bandara]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.5.0 Alpha!
Download

You can download WSO2 Identity Server 5.5.0 Alpha distributions from
following locations.

Identity Server:
https://github.com/wso2/product-is/releases/download/v5.5.0-alpha


IS Analytics: https://github.com/wso2/analytics-is/releases/tag/v5.5.0-alpha

How to run

1. Extract the downloaded zip file.

2. Go to the bin directory in the extracted folder.

3. Run the wso2server.sh file if you are on a Linux/Mac OS or run the
wso2server.bat file if you are on a Windows OS.



What's new in WSO2 Identity Server 5.5.0 Alpha

WSO2 Identity Server 5.5.0-Alpha is designed based on privacy best
practices and adhering to GDPR. Your GDPR compliance in IAM and API
security space can be fulfilled with WSO2 IS. Following includes major GDPR
related features provided in WSO2 IS 5.5.0-Alpha.



   -

   Privacy Tool Kit
   

-
   Supports removing references to a deleted user's identity as and when
   required.
   

   -

   Personal Information Export Capability
   

   - End users can retrieve  personal information stored in WSO2 Identity
   Server.
   
   -

   User Consent for Single-Sign-On
   
   - Provides users with choice and control over sharing their personal data.
   
   -

   User Consent for Self Sign Up
   
   - Capability to provide consent when a user self registers to WSO2 Identity
   Server. 
   -

   Consent Purposes Management
    -  An
   interactive UI to manage consent purposes/PII categories.
   

   -

   Private Key JWT Client Authentication
   

   - Facilitating client authentication using a signed JWT.
   -

   Encrypted ID token for OIDC Flow
   

   - Capability to encrypt ID tokens with a registered public key.

A list of all the new features and bug fixes shipped with this release can
be found here 

Online documentation is available at
https://docs.wso2.com/display/IS550/WSO2+Identity+Server+Documentation.


Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 



How You Can Contribute

Mailing Lists

Join our mailing list and correspond with the developers directly.

Developer list: d...@wso2.org | Subscribe | Mail Archive


User forum: StackOverflow


Reporting Issues

We encourage you to report issues, improvements, documentation faults, and
feature requests regarding WSO2 Identity Server through WSO2 Identity
Server GIT Issues .

For more information about WSO2 Identity Server, please see
https://wso2.com/identity-and-access-management or visit the WSO2 Oxygen
Tank  developer portal for additional resources.


~ The WSO2 Identity and Access Management Team ~


-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Moving the system properties from wso2server.sh to the carbon.properties

[Ruwan Abeykoon]

Hi Harsha,
This is for C4.
For IS perspective, 5.5.0 and few releases to come will be on C4. But we
want to make them more container native.
So we need to move these system properties to a file, outside of
"wso2server.sh", so that they can be scripted easily.

And even these are the last one to be released, they will remain in
production for longest, as they will be the most feature rich product for
some time.

Cheers,
Ruwan


On Fri, Feb 16, 2018 at 5:49 PM, Harsha Thirimanna  wrote:

> Are we talking about C5 based products ?
>
> Because I feel like we are already in last few releases in C4 based
> products, right ? If it is true, then why we need such a imporovement ?
> I am just asking to get to know the context . Sorry for the interruption
> to the thread,☺️
>
>
> On 16 Feb 2018 5:35 pm, "Prakhash Sivakumar"  wrote:
>
> Hi All,
>
> From the next major releases, we are planning to ship the
> carbon.properties file by default with the products.
>
> The properties that get added in the carbon.properties will be published
> as a system property during the startup[1]. Currently, this file contains
> only the CipherTransformation.
>
> Shall we move the other system properties from wso2server.sh to the
> carbon.properties file?
>
> This will make easier to automate the deployment using the puppet scripts
> as well.
>
> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.
> wso2.carbon.bootstrap/src/main/java/org/wso2/carbon/bootstra
> p/Bootstrap.java#L77
>
> Thanks,
> Prakhash
>
>
> --
> Prakhash Sivakumar
> Software Engineer | WSO2 Inc
> Platform Security Team
> Mobile : +94771510080 <+94%2077%20151%200080>
> Blog : https://medium.com/@PrakhashS
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Moving the system properties from wso2server.sh to the carbon.properties

[Harsha Thirimanna]

Are we talking about C5 based products ?

Because I feel like we are already in last few releases in C4 based
products, right ? If it is true, then why we need such a imporovement ?
I am just asking to get to know the context . Sorry for the interruption to
the thread,☺️


On 16 Feb 2018 5:35 pm, "Prakhash Sivakumar"  wrote:

Hi All,

>From the next major releases, we are planning to ship the carbon.properties
file by default with the products.

The properties that get added in the carbon.properties will be published as
a system property during the startup[1]. Currently, this file contains only
the CipherTransformation.

Shall we move the other system properties from wso2server.sh to the
carbon.properties file?

This will make easier to automate the deployment using the puppet scripts
as well.

[1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/
org.wso2.carbon.bootstrap/src/main/java/org/wso2/carbon/
bootstrap/Bootstrap.java#L77

Thanks,
Prakhash


-- 
Prakhash Sivakumar
Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080 <+94%2077%20151%200080>
Blog : https://medium.com/@PrakhashS

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] WSO2 API Manager 2.1.0-update11 Released !

[Chamalee De Silva]

The WSO2 API Manager team is pleased to announce the release of version
2.1.0-update11 of API Manager.

WSO2 API Manager is a platform for creating, managing, consuming and
monitoring APIs. It employs proven SOA best practices to solve a wide range
of API management challenges such as API provisioning, API governance, API
security and API monitoring. It combines some of the most powerful and
mature components of the WSO2's state-of-the-art Carbon platform to deliver
a smooth and end-to-end API management experience while catering to both
API publisher and API consumer requirements.

WSO2 API Manager is comprised of several modules.

   -

   API Provider: Define new APIs and manage them
   -

   API Store: Browse published APIs and subscribe to them
   -

   API Gateway: The underlying API runtime based on WSO2 ESB
   -

   API Key Manager: Performs Key Generation and Key Validation
   functionalities
   -

   API Traffic Manager: Performs Rate Limiting of API Requests

For more information on WSO2 API Manager please visit
http://wso2.com/products/api-manager. Also, take a look at the online
product documentation
.

DistributionWSO2 APIM 2.1.0-update11.zip


WSO2 APIM Analytics 2.1.0-update6.zip

How to Run

   1.

   Extract the downloaded zip
   2.

   Go to the bin directory in the extracted folder
   3.

   Run the wso2server.sh or wso2server.bat as appropriate
   4.

   Launch a web browser and navigate to https://localhost:9443/publisher to
   access the API publisher webapp
   5.

   Navigate to https://localhost:9443/store to access the API store
   6.

   Navigate to https://localhost:9443/admin to access Admin Portal
   7.

   Use "admin", "admin" as the username and password to login as an admin

Bug Fixes And Improvements in 2.1.0-update11

Please refer following locations for WSO2 API Manager 2.1.0-update11 Bug
fixes and Improvements.


   -

   JIRA 
   -

   GitHub (Product-apim
   
,
   Carbon-apimgt
   

   )

Known Issues

All the open issues pertaining to WSO2 API Manager are reported at the
following location:

   -

   JIRA 
   -

   GitHub (Product-apim
   
,
   Carbon-apimgt
   

   )

How You Can ContributeMailing Lists

Join our mailing list and correspond with the developers directly.

   -

   Developer List: d...@wso2.org | Subscribe | Mail Archive
   -

   User List: u...@wso2.org | Subscribe | Mail Archive

Reporting Issues

We encourage you to report issues, documentation faults, and feature
requests regarding WSO2 API Manager through the public API Manager Git Repo
.
 -- The WSO2 API Manager Team --
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IAM] SCIM 2.0 Outbound Connector

[Isuranga Perera]

Hi Dimuthu,

Yes, I'll be able to deliver it by the end of next week.

Best Regards

On Fri, Feb 16, 2018 at 1:42 PM, Dimuthu Leelarathne 
wrote:

> Hi Isurunga,
>
> I had a chat with the team and understood that what you are proposing is a
> connector configuration. If so +1.
>
> We have an internal requirement for this connector by the end of February.
> Wondering whether you could deliver it by that timeline?
>
> thanks,
> Dimuthu
>
> On Tue, Feb 13, 2018 at 8:45 AM, Dimuthu Leelarathne 
> wrote:
>
>> Hi Isuranga/Gayan and All,
>>
>> WSO2 IS should be able to provision with both SCIM 1.1 and SCIM 2.0 at
>> the same time. There can be two systems - one supporting 1.1 and the other
>> supporting 2.0, and we need to provision users to both of them.
>>
>> The above statement does *not* mean we need two separate outbound
>> connectors. It could mean we use one connector but that single connector
>> supports both of the protocols at the same time.
>>
>> thanks,
>> Dimuthu
>>
>>
>> On Mon, Feb 12, 2018 at 3:26 PM, Gayan Gunawardana 
>> wrote:
>>
>>>
>>>
>>> On Mon, Feb 12, 2018 at 12:11 PM, Isuranga Perera <
>>> isurangamper...@gmail.com> wrote:
>>>
 Hi Gayan,

 Currently working on the configuration option. Sure I'll move changes
 to *identity-outbound-provisioning-scim*.

>>> Thank you very much for the contribution.
>>>

 Best Regards
 Isuranga Perera

 On Mon, Feb 12, 2018 at 11:59 AM, Gayan Gunawardana 
 wrote:

> Hi Isuranga,
>
> Could you be able to move *identity-outbound-**provisioning-scim2* to
> *identity-outbound-provisioning-scim* by having configuration option
> for SCIM 1.1 and 2.0 ?
>
> Thanks,
> Gayan
>
> On Mon, Feb 5, 2018 at 10:48 AM, Isuranga Perera <
> isurangamper...@gmail.com> wrote:
>
>> Hi,
>>
>> *@Gayan*
>> yes, *identity-outbound-**provisioning-scim2* has the nearly same
>> code as* identity-outbound-provisioning-scim. **identity-client-scim2
>> *simply encode and decode SCIM objects and validate some actions. As
>> Malithi suggested we can use version as a connector configuration and
>> instantiate the appropriate provisioning client. As an alternative,
>> we can instantiate ScimClient [1] instead of ProvisioningClient since it
>> provides almost all SCIM version specific functions related to object
>> encoding and decoding. Anyway, if I'm not mistaken all of these changes 
>> are
>> required only if we're going to use
>> *identity-outbound-provisioning-scim* with SCIM client [2].
>>
>> *@Malithi*
>> Will work on the SCIM response error code issue asap.
>>
>>
>> [1] https://github.com/IsurangaPerera/identity-client-scim2/
>> blob/ab5bdd6382ce4b055f99b65568c77289472c9c14/src/main/java/
>> org/wso2/scim2/util/SCIMClient.java
>> [2] https://github.com/wso2-extensions/identity-client-scim2/pull/1
>>
>>
>> Best Regards
>> Isuranga Perera
>>
>> On Sun, Feb 4, 2018 at 2:22 PM, Malithi Edirisinghe <
>> malit...@wso2.com> wrote:
>>
>>> Hi Gayan,
>>>
>>> +1 for the thought. Basically, it's always the CRUD operations being
>>> triggered for User and Group resources in the outbound provisioning flow
>>> and based on the version the respective client can initiate calls upon 
>>> the
>>> protocol.
>>> So that's a matter of initializing the appropriate client based on
>>> the version that will be configured with respect to the protocol version
>>> used by the outbound party. That means version will be a connector
>>> configuration and the connector will instantiate the appropriate client
>>> upon the version with the application of factory pattern.
>>>
>>> *@Isuranga*,
>>> Thanks a lot for the contribution.
>>> Can we improve debug logs in the client to log respective requests
>>> calls and responses for outbound party.
>>> Also, looks like SCIM response errors are being swallowed in the
>>> client without passing them back to the connector [1]. In that case, the
>>> provisioning connector might not know if the request has been success or
>>> not and act accordingly.
>>>
>>> [1] https://github.com/wso2-extensions/identity-client-scim2/pul
>>> l/1/files#diff-5d09971e2f15b2c4858e2d49950f571cR75
>>>
>>> Thanks,
>>> Malithi.
>>>
>>> On Sat, Feb 3, 2018 at 6:01 PM, Gayan Gunawardana 
>>> wrote:
>>>
 Hi Isuranga,

 Thanks you very much for the contribution and definitely this will
 be a very valuable feature.

 I went through some of your PRs [1][2]. As I understood*
 identity-outbound-**provisioning-scim2* has nearly same code as*
 identity-outbound-provisioning-scim.* There is a good possibility
 for code 

Re: [Architecture] [IAM] SCIM 2.0 Outbound Connector

[Dimuthu Leelarathne]

Hi Isurunga,

I had a chat with the team and understood that what you are proposing is a
connector configuration. If so +1.

We have an internal requirement for this connector by the end of February.
Wondering whether you could deliver it by that timeline?

thanks,
Dimuthu

On Tue, Feb 13, 2018 at 8:45 AM, Dimuthu Leelarathne 
wrote:

> Hi Isuranga/Gayan and All,
>
> WSO2 IS should be able to provision with both SCIM 1.1 and SCIM 2.0 at the
> same time. There can be two systems - one supporting 1.1 and the other
> supporting 2.0, and we need to provision users to both of them.
>
> The above statement does *not* mean we need two separate outbound
> connectors. It could mean we use one connector but that single connector
> supports both of the protocols at the same time.
>
> thanks,
> Dimuthu
>
>
> On Mon, Feb 12, 2018 at 3:26 PM, Gayan Gunawardana  wrote:
>
>>
>>
>> On Mon, Feb 12, 2018 at 12:11 PM, Isuranga Perera <
>> isurangamper...@gmail.com> wrote:
>>
>>> Hi Gayan,
>>>
>>> Currently working on the configuration option. Sure I'll move changes to
>>> *identity-outbound-provisioning-scim*.
>>>
>> Thank you very much for the contribution.
>>
>>>
>>> Best Regards
>>> Isuranga Perera
>>>
>>> On Mon, Feb 12, 2018 at 11:59 AM, Gayan Gunawardana 
>>> wrote:
>>>
 Hi Isuranga,

 Could you be able to move *identity-outbound-**provisioning-scim2* to
 *identity-outbound-provisioning-scim* by having configuration option
 for SCIM 1.1 and 2.0 ?

 Thanks,
 Gayan

 On Mon, Feb 5, 2018 at 10:48 AM, Isuranga Perera <
 isurangamper...@gmail.com> wrote:

> Hi,
>
> *@Gayan*
> yes, *identity-outbound-**provisioning-scim2* has the nearly same
> code as* identity-outbound-provisioning-scim. **identity-client-scim2
> *simply encode and decode SCIM objects and validate some actions. As
> Malithi suggested we can use version as a connector configuration and
> instantiate the appropriate provisioning client. As an alternative,
> we can instantiate ScimClient [1] instead of ProvisioningClient since it
> provides almost all SCIM version specific functions related to object
> encoding and decoding. Anyway, if I'm not mistaken all of these changes 
> are
> required only if we're going to use
> *identity-outbound-provisioning-scim* with SCIM client [2].
>
> *@Malithi*
> Will work on the SCIM response error code issue asap.
>
>
> [1] https://github.com/IsurangaPerera/identity-client-scim2/
> blob/ab5bdd6382ce4b055f99b65568c77289472c9c14/src/main/java/
> org/wso2/scim2/util/SCIMClient.java
> [2] https://github.com/wso2-extensions/identity-client-scim2/pull/1
>
>
> Best Regards
> Isuranga Perera
>
> On Sun, Feb 4, 2018 at 2:22 PM, Malithi Edirisinghe  > wrote:
>
>> Hi Gayan,
>>
>> +1 for the thought. Basically, it's always the CRUD operations being
>> triggered for User and Group resources in the outbound provisioning flow
>> and based on the version the respective client can initiate calls upon 
>> the
>> protocol.
>> So that's a matter of initializing the appropriate client based on
>> the version that will be configured with respect to the protocol version
>> used by the outbound party. That means version will be a connector
>> configuration and the connector will instantiate the appropriate client
>> upon the version with the application of factory pattern.
>>
>> *@Isuranga*,
>> Thanks a lot for the contribution.
>> Can we improve debug logs in the client to log respective requests
>> calls and responses for outbound party.
>> Also, looks like SCIM response errors are being swallowed in the
>> client without passing them back to the connector [1]. In that case, the
>> provisioning connector might not know if the request has been success or
>> not and act accordingly.
>>
>> [1] https://github.com/wso2-extensions/identity-client-scim2/pul
>> l/1/files#diff-5d09971e2f15b2c4858e2d49950f571cR75
>>
>> Thanks,
>> Malithi.
>>
>> On Sat, Feb 3, 2018 at 6:01 PM, Gayan Gunawardana 
>> wrote:
>>
>>> Hi Isuranga,
>>>
>>> Thanks you very much for the contribution and definitely this will
>>> be a very valuable feature.
>>>
>>> I went through some of your PRs [1][2]. As I understood*
>>> identity-outbound-**provisioning-scim2* has nearly same code as*
>>> identity-outbound-provisioning-scim.* There is a good possibility
>>> for code duplication. Ideally protocol difference SCIM 1.1 and SCIM 2.0
>>> should be very minimum to the provisioning connector level and protocol
>>> difference should be handled from *ProvisioningClient*. I do not
>>> think existing SCIM 1.1 provisioning connector do much about SCIM 
>>> specific