Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Amalka Subasinghe]

Hi all,

We tested following
- Private key jwt authentication
- OIDC login/logout flow
- OIDC Hybrid flow with "code id_token" response type

No blocking issues found. Hence +1 for the release

Thanks
Amalka

On Wed, Jun 20, 2018 at 11:08 AM Ayesha Dissanayaka  wrote:

> Hi All,
>
> I have tested following Identity Management Scenarios.
>
> User Self Registration
> Username Recovery
> Password Self Recovery
>
> via Email
>
> via Challenge Questions
>
>
> Admin Forced Password reset
>
> via Email link
>
> via OTP in Email
>
> via Offline OTP
>
>
> Email Notifications
>
> Resend Account Verification link
>
> Account lock/unlock
>
> Start password recovery flow with challenge questions
>
> +1 for the release as no blocking issue is found.
>
> Thanks!
> -Ayesha
>
>
> On Tue, Jun 19, 2018 at 5:27 PM, Madawa Soysa  wrote:
>
>> Hi All,
>>
>> I have tested the following,
>>
>>- Generating MP-JWT 1.0 compatible token.
>>- Microprofile JWT Sample
>>
>> No blocking issues found. Hence +1 for the release.
>>
>> On Tue, Jun 19, 2018 at 5:08 PM Biruntha Gnaneswaran 
>> wrote:
>>
>>> Hi All,
>>>
>>> I have tested the following,
>>>
>>> Create service provider and tested OAuth flow with playground when
>>> hashing access tokens, refresh tokens, client secrets, and authorization
>>> codes feature enabled.
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - go ahead and release
>>>
>>> Thanks,
>>>
>>> On Tue, Jun 19, 2018 at 4:52 PM, Nadeeshani Pathirennehelage <
>>> nadeesha...@wso2.com> wrote:
>>>
 Hi All,

 +1 from Platform Security Team.

 Thank You,
 Nadeeshani.

 On Tue, Jun 19, 2018 at 4:42 PM, Ashen Weerathunga 
 wrote:

> Hi All,
>
> I have tested the following and found no issues.
>
>- Consent Management for Self Sign Up.
>- Creating Users with the Ask Password Option.
>- Password pattern validation.
>- SAML SSO with Consent Management.
>
> [+] Stable - go ahead and release
>
> Thanks,
> Ashen
>
>
> On Tue, Jun 19, 2018 at 3:59 PM Ishara Karunarathna 
> wrote:
>
>> Hi All,
>>
>> Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0
>> And check the session analytics reports.
>>
>>
>> No blocking issues found.
>> [+] Stable
>>
>> Thanks,
>> Ishara
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>>- SAML to SAML federation flow.
>>>- Publish and Update XACML policies.
>>>- OAuth token revocation.
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable
>>>
>>> Thanks
>>> Isuri.
>>>
>>> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera >> > wrote:
>>>
 Hi All,

 Tested SCIM 2.0 basic operations. No blocking issues found

 [+] Stable - Go ahead and release

 Regards,
 Omindu.





 On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya 
 wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- Configuring Single-Sign-On with SAML2
>- Configuring Single-Sign-On with OIDC
>- Configuring Multi-Factor Authentication
>- Configuring Twitter as a Federated Authenticator
>- Setting up Self-Signup
>- Creating a workflow
>- Tested Consent management API (Add/Retrieve purposes,
>Add/revoke consents.)
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks,
>
>
> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana <
> pulast...@wso2.com> wrote:
>
>> Hi,
>>
>> Tested SSO with Multi step/multi option authentication, Google
>> and Twitter authenticators
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>>
>> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
>> hasan...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>>
>>> - Register a service provider
>>> - Obtain an access token using JWT grant type
>>> - Invoke user info endpoint using the token.
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> Thanks,
>>> Hasanthi
>>>
>>> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
>>> wrote:
>>>
 Hi,

 Tested below scenarios on IS 5.6.0-RC3 pack,

- Invoke the 

Re: [Architecture] Rethinking Product Analytics Architecture

[Sinthuja Rajendran]

Hi Rukshan,

On Wed, Jun 20, 2018 at 9:40 AM Rukshan Premathunga 
wrote:

> Hi Sinthuja,
>
> Per min summary within local node will be fine and reduce the traffic to
> Analyzer. But can we grantee that, Siddhi apps will not slow down other
> functionalities(gateway request)?
>

IMHO it should not slow down. :)
Addtionally we should be simply calculating a time batch window with sum
aggregations and group bys therefore I believe, it shouldn't have a great
impact on the gateway.

This can be try out in ballerina based gateway since streams is already in
> there.
>

Well, ballerina based gateway, IMHO we should use the Ballerina
observabilty (metrics and tracing) APIs to calculate the statistics. We are
also thinking about merging the Ballerina observability to streams, but
still not yet functional upto that level.


> But if we take c4 based products this will not be easy right? we have to
> release the products with siddhi features.
>

We just simply need siddhi librabry, not other SP related features. As we
promote siddhi as edge analytics libabry for IoT devices as well, I
beleieve it will not have a major impact.

Anyhow, IMO it's worth to put some effort and see. IMHO, we are simply
moving some parts of the existing queries to the gateway. Since we are
already doing some APIM analytics SP migration, why not try this as well?
Shouldn't be a very hard thing to try. :) Ofcourse, if we have enough
bandwidth to the release timelines.

Thanks,
Sinthuja.

>
> Thanks and Regards
>
> On Tue, Jun 19, 2018 at 5:04 PM, Sinthuja Rajendran 
> wrote:
>
>> Hi,
>>
>> With my recent work with metrics and other monitoring systems, I'm
>> thinking whether our model of sending everything and calculate in the
>> analytics server side is correct.
>>
>> Basically IMHO, the majority of the product analytics use cases are
>> statistics calculation. For example, in APIM, we are calculating API
>> statistics, Subscription statistics, etc. And for this, we are sending
>> events for every request/response/fault to analytics server, and analytics
>> server is performing the actual statistics calculation on the events.
>> Therefore in the high traffic scenario, there are a lot of events needs to
>> be published to analytics server, and we are getting issues like "Event
>> Queue Full" in the gateway.
>>
>> My proposal is, what if we calculate the statistics on the local node
>> itself (similar to the edge analytics by running Siddhi within the
>> products), and only send the minute statistics summary to analytics server
>> to do the global (across all nodes) calculation. With this way, the traffic
>> to analytics server will be reduced drastically as only the final
>> calculated value for each group by combination will be reported. Therefore,
>> the analytics server can focus on global summarization and other global
>> monitoring aspects.
>>
>> Thanks,
>> Sinthuja.
>>
>> --
>> *Sinthuja Rajendran*
>> Senior Technical Lead
>> WSO2, Inc.:http://wso2.com
>>
>> Blog: http://sinthu-rajan.blogspot.com/
>> Mobile: +94774273955
>>
>>
>>
>
>
> --
> Rukshan Chathuranga.
> Software Engineer.
> WSO2, Inc.
> +94711822074
>


-- 
*Sinthuja Rajendran*
Senior Technical Lead
WSO2, Inc.:http://wso2.com

Blog: http://sinthu-rajan.blogspot.com/
Mobile: +94774273955
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Rethinking Product Analytics Architecture

[Sinthuja Rajendran]

Hi Fazlan,

Yes, would reduce some events 3 times, but still, I think in the new
approach we need to send at least one event per gateway request to
analytics server. Which means, based on the TPS values (load) of APIM
server, we need to scale up analytics nodes as well. Basically, our
requirement is calculating request/response/fault count based on different
bucket values (group by). Therefore, based on the proposed model, if we
calculate local statistics summary, then we don't need to scale analytics
nodes based on APIM TPS, because only one event will be pushed per group by
bucket per min.

Thanks,
Sinthuja

On Wed, Jun 20, 2018 at 10:23 AM Fazlan Nazeem  wrote:

> Hi Sinthuja,
>
> There is an ongoing effort to combine request, response and execution time
> event streams into a single stream and publish a single event instead of 3
> events to the Stream processor. This is targeted for the Q3 release and can
> bring down the traffic by 3 times to the analytics server.
>
> Mail Subject: Moving APIM Analytics to SP
>
> On Tue, Jun 19, 2018 at 5:05 PM Sinthuja Rajendran 
> wrote:
>
>> Hi,
>>
>> With my recent work with metrics and other monitoring systems, I'm
>> thinking whether our model of sending everything and calculate in the
>> analytics server side is correct.
>>
>> Basically IMHO, the majority of the product analytics use cases are
>> statistics calculation. For example, in APIM, we are calculating API
>> statistics, Subscription statistics, etc. And for this, we are sending
>> events for every request/response/fault to analytics server, and analytics
>> server is performing the actual statistics calculation on the events.
>> Therefore in the high traffic scenario, there are a lot of events needs to
>> be published to analytics server, and we are getting issues like "Event
>> Queue Full" in the gateway.
>>
>> My proposal is, what if we calculate the statistics on the local node
>> itself (similar to the edge analytics by running Siddhi within the
>> products), and only send the minute statistics summary to analytics server
>> to do the global (across all nodes) calculation. With this way, the traffic
>> to analytics server will be reduced drastically as only the final
>> calculated value for each group by combination will be reported. Therefore,
>> the analytics server can focus on global summarization and other global
>> monitoring aspects.
>>
>> Thanks,
>> Sinthuja.
>>
>> --
>> *Sinthuja Rajendran*
>> Senior Technical Lead
>> WSO2, Inc.:http://wso2.com
>>
>> Blog: http://sinthu-rajan.blogspot.com/
>> Mobile: +94774273955
>>
>>
>>
>
> --
> Thanks & Regards,
>
> *Fazlan Nazeem*
> Senior Software Engineer
> WSO2 Inc
> Mobile : +94772338839
> fazl...@wso2.com
>


-- 
*Sinthuja Rajendran*
Senior Technical Lead
WSO2, Inc.:http://wso2.com

Blog: http://sinthu-rajan.blogspot.com/
Mobile: +94774273955
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Ayesha Dissanayaka]

Hi All,

I have tested following Identity Management Scenarios.

User Self Registration
Username Recovery
Password Self Recovery

via Email

via Challenge Questions


Admin Forced Password reset

via Email link

via OTP in Email

via Offline OTP


Email Notifications

Resend Account Verification link

Account lock/unlock

Start password recovery flow with challenge questions

+1 for the release as no blocking issue is found.

Thanks!
-Ayesha


On Tue, Jun 19, 2018 at 5:27 PM, Madawa Soysa  wrote:

> Hi All,
>
> I have tested the following,
>
>- Generating MP-JWT 1.0 compatible token.
>- Microprofile JWT Sample
>
> No blocking issues found. Hence +1 for the release.
>
> On Tue, Jun 19, 2018 at 5:08 PM Biruntha Gnaneswaran 
> wrote:
>
>> Hi All,
>>
>> I have tested the following,
>>
>> Create service provider and tested OAuth flow with playground when
>> hashing access tokens, refresh tokens, client secrets, and authorization
>> codes feature enabled.
>>
>> No blocking issues found.
>>
>> [+] Stable - go ahead and release
>>
>> Thanks,
>>
>> On Tue, Jun 19, 2018 at 4:52 PM, Nadeeshani Pathirennehelage <
>> nadeesha...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> +1 from Platform Security Team.
>>>
>>> Thank You,
>>> Nadeeshani.
>>>
>>> On Tue, Jun 19, 2018 at 4:42 PM, Ashen Weerathunga 
>>> wrote:
>>>
 Hi All,

 I have tested the following and found no issues.

- Consent Management for Self Sign Up.
- Creating Users with the Ask Password Option.
- Password pattern validation.
- SAML SSO with Consent Management.

 [+] Stable - go ahead and release

 Thanks,
 Ashen


 On Tue, Jun 19, 2018 at 3:59 PM Ishara Karunarathna 
 wrote:

> Hi All,
>
> Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0
> And check the session analytics reports.
>
>
> No blocking issues found.
> [+] Stable
>
> Thanks,
> Ishara
>
>
>
>
>
> On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>>- SAML to SAML federation flow.
>>- Publish and Update XACML policies.
>>- OAuth token revocation.
>>
>> No blocking issues found.
>>
>> [+] Stable
>>
>> Thanks
>> Isuri.
>>
>> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
>> wrote:
>>
>>> Hi All,
>>>
>>> Tested SCIM 2.0 basic operations. No blocking issues found
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> Regards,
>>> Omindu.
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya 
>>> wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack.

- Configuring Single-Sign-On with SAML2
- Configuring Single-Sign-On with OIDC
- Configuring Multi-Factor Authentication
- Configuring Twitter as a Federated Authenticator
- Setting up Self-Signup
- Creating a workflow
- Tested Consent management API (Add/Retrieve purposes,
Add/revoke consents.)

 No blocking issues found.

 [+] Stable

 Thanks,


 On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana <
 pulast...@wso2.com> wrote:

> Hi,
>
> Tested SSO with Multi step/multi option authentication, Google
> and Twitter authenticators
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
>
> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>> - Register a service provider
>> - Obtain an access token using JWT grant type
>> - Invoke user info endpoint using the token.
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Hasanthi
>>
>> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
>> wrote:
>>
>>> Hi,
>>>
>>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>>
>>>- Invoke the OAuth Introspection Endpoint.
>>>- OAuth token revocation.
>>>- Entitlement policy creation using write policy in xml and
>>>publishing.
>>>- Using REST APIs via XACML to manage entitlement.
>>>- Create, update, get, delete an OAuth app using Dynamic
>>>Client Registration endpoint.
>>>
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> 

[Architecture] SAML Artifact Binding - Server Side Implementations

[Vihanga Liyanage]

Hi all,

I've started working on the server-side implementation of SAML Artifact
Binding. The basic idea is as follows.

When authentication is done via SAML, SAML assertion is sent to the user
agent (browser) as a direct response from the IDP. One disadvantage of this
method is the possibility of communication messages being intersepted at
the browser. Also, there could be limitations on browsers such as limits on
query string / POST payload sizes, no support for JavaScript, etc. To
overcome these problems, SAML Artifact Binding has been introduced.

When the user is authenticated, the IDP responds with a key known as
SAMLart, which will be then sent to the service provider by the browser.
Then the SP uses this key to request the actual SAML assertion from the IDP
via a back channel call. This method reduces the use of browsers compared
to the old method. Below diagram shows the request flow with SAML Artifact
Binding.

[image: image.png]

​Currently the client side implementations have been completed and
discussed here [1]. The goal of this project is to implement the necessary
backend components following the official SAML specification [2]

.

I highly appriciate your valuable concerns and input on this.

Best regards,
Vihanga.

[1] - "[Architecture] [IAM] SAML Artifact Binding" @ architecture@wso2.org
[2] -
https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf

-- 

Vihanga Liyanage

Software Engineer | WS*O₂* Inc.

M : +*94710124103* | http://wso2.com

[image: http://wso2.com/signature] 
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Rethinking Product Analytics Architecture

[Fazlan Nazeem]

Hi Sinthuja,

There is an ongoing effort to combine request, response and execution time
event streams into a single stream and publish a single event instead of 3
events to the Stream processor. This is targeted for the Q3 release and can
bring down the traffic by 3 times to the analytics server.

Mail Subject: Moving APIM Analytics to SP

On Tue, Jun 19, 2018 at 5:05 PM Sinthuja Rajendran 
wrote:

> Hi,
>
> With my recent work with metrics and other monitoring systems, I'm
> thinking whether our model of sending everything and calculate in the
> analytics server side is correct.
>
> Basically IMHO, the majority of the product analytics use cases are
> statistics calculation. For example, in APIM, we are calculating API
> statistics, Subscription statistics, etc. And for this, we are sending
> events for every request/response/fault to analytics server, and analytics
> server is performing the actual statistics calculation on the events.
> Therefore in the high traffic scenario, there are a lot of events needs to
> be published to analytics server, and we are getting issues like "Event
> Queue Full" in the gateway.
>
> My proposal is, what if we calculate the statistics on the local node
> itself (similar to the edge analytics by running Siddhi within the
> products), and only send the minute statistics summary to analytics server
> to do the global (across all nodes) calculation. With this way, the traffic
> to analytics server will be reduced drastically as only the final
> calculated value for each group by combination will be reported. Therefore,
> the analytics server can focus on global summarization and other global
> monitoring aspects.
>
> Thanks,
> Sinthuja.
>
> --
> *Sinthuja Rajendran*
> Senior Technical Lead
> WSO2, Inc.:http://wso2.com
>
> Blog: http://sinthu-rajan.blogspot.com/
> Mobile: +94774273955
>
>
>

-- 
Thanks & Regards,

*Fazlan Nazeem*
Senior Software Engineer
WSO2 Inc
Mobile : +94772338839
fazl...@wso2.com
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Rethinking Product Analytics Architecture

[Rukshan Premathunga]

Hi Sinthuja,

Per min summary within local node will be fine and reduce the traffic to
Analyzer. But can we grantee that, Siddhi apps will not slow down other
functionalities(gateway request)?
This can be try out in ballerina based gateway since streams is already in
there. But if we take c4 based products this will not be easy right? we
have to release the products with siddhi features.

Thanks and Regards

On Tue, Jun 19, 2018 at 5:04 PM, Sinthuja Rajendran 
wrote:

> Hi,
>
> With my recent work with metrics and other monitoring systems, I'm
> thinking whether our model of sending everything and calculate in the
> analytics server side is correct.
>
> Basically IMHO, the majority of the product analytics use cases are
> statistics calculation. For example, in APIM, we are calculating API
> statistics, Subscription statistics, etc. And for this, we are sending
> events for every request/response/fault to analytics server, and analytics
> server is performing the actual statistics calculation on the events.
> Therefore in the high traffic scenario, there are a lot of events needs to
> be published to analytics server, and we are getting issues like "Event
> Queue Full" in the gateway.
>
> My proposal is, what if we calculate the statistics on the local node
> itself (similar to the edge analytics by running Siddhi within the
> products), and only send the minute statistics summary to analytics server
> to do the global (across all nodes) calculation. With this way, the traffic
> to analytics server will be reduced drastically as only the final
> calculated value for each group by combination will be reported. Therefore,
> the analytics server can focus on global summarization and other global
> monitoring aspects.
>
> Thanks,
> Sinthuja.
>
> --
> *Sinthuja Rajendran*
> Senior Technical Lead
> WSO2, Inc.:http://wso2.com
>
> Blog: http://sinthu-rajan.blogspot.com/
> Mobile: +94774273955
>
>
>


-- 
Rukshan Chathuranga.
Software Engineer.
WSO2, Inc.
+94711822074
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Madawa Soysa]

Hi All,

I have tested the following,

   - Generating MP-JWT 1.0 compatible token.
   - Microprofile JWT Sample

No blocking issues found. Hence +1 for the release.

On Tue, Jun 19, 2018 at 5:08 PM Biruntha Gnaneswaran 
wrote:

> Hi All,
>
> I have tested the following,
>
> Create service provider and tested OAuth flow with playground when hashing
> access tokens, refresh tokens, client secrets, and authorization codes
> feature enabled.
>
> No blocking issues found.
>
> [+] Stable - go ahead and release
>
> Thanks,
>
> On Tue, Jun 19, 2018 at 4:52 PM, Nadeeshani Pathirennehelage <
> nadeesha...@wso2.com> wrote:
>
>> Hi All,
>>
>> +1 from Platform Security Team.
>>
>> Thank You,
>> Nadeeshani.
>>
>> On Tue, Jun 19, 2018 at 4:42 PM, Ashen Weerathunga 
>> wrote:
>>
>>> Hi All,
>>>
>>> I have tested the following and found no issues.
>>>
>>>- Consent Management for Self Sign Up.
>>>- Creating Users with the Ask Password Option.
>>>- Password pattern validation.
>>>- SAML SSO with Consent Management.
>>>
>>> [+] Stable - go ahead and release
>>>
>>> Thanks,
>>> Ashen
>>>
>>>
>>> On Tue, Jun 19, 2018 at 3:59 PM Ishara Karunarathna 
>>> wrote:
>>>
 Hi All,

 Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0
 And check the session analytics reports.


 No blocking issues found.
 [+] Stable

 Thanks,
 Ishara





 On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- SAML to SAML federation flow.
>- Publish and Update XACML policies.
>- OAuth token revocation.
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks
> Isuri.
>
> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
> wrote:
>
>> Hi All,
>>
>> Tested SCIM 2.0 basic operations. No blocking issues found
>>
>> [+] Stable - Go ahead and release
>>
>> Regards,
>> Omindu.
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>>- Configuring Single-Sign-On with SAML2
>>>- Configuring Single-Sign-On with OIDC
>>>- Configuring Multi-Factor Authentication
>>>- Configuring Twitter as a Federated Authenticator
>>>- Setting up Self-Signup
>>>- Creating a workflow
>>>- Tested Consent management API (Add/Retrieve purposes,
>>>Add/revoke consents.)
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable
>>>
>>> Thanks,
>>>
>>>
>>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana <
>>> pulast...@wso2.com> wrote:
>>>
 Hi,

 Tested SSO with Multi step/multi option authentication, Google
 and Twitter authenticators

 No blocking issues found.

 [+] Stable - Go ahead and release


 On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
 hasan...@wso2.com> wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
> - Register a service provider
> - Obtain an access token using JWT grant type
> - Invoke user info endpoint using the token.
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Hasanthi
>
> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
> wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>>- Invoke the OAuth Introspection Endpoint.
>>- OAuth token revocation.
>>- Entitlement policy creation using write policy in xml and
>>publishing.
>>- Using REST APIs via XACML to manage entitlement.
>>- Create, update, get, delete an OAuth app using Dynamic
>>Client Registration endpoint.
>>
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Dewni
>>
>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>> User management (add/update/remove users).
>>> User management in secondary userstores (Read-Write LDAP).
>>> Consent Management in SAML SSO.
>>> SAML to SAML federation.
>>> Creating workflows definitions for primary userstore users.
>>> Engaging/Disabling workflows on user-store operations.
>>> Enable role based authorization using XACML for service
>>> providers.
>>> Tenant 

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Biruntha Gnaneswaran]

Hi All,

I have tested the following,

Create service provider and tested OAuth flow with playground when hashing
access tokens, refresh tokens, client secrets, and authorization codes
feature enabled.

No blocking issues found.

[+] Stable - go ahead and release

Thanks,

On Tue, Jun 19, 2018 at 4:52 PM, Nadeeshani Pathirennehelage <
nadeesha...@wso2.com> wrote:

> Hi All,
>
> +1 from Platform Security Team.
>
> Thank You,
> Nadeeshani.
>
> On Tue, Jun 19, 2018 at 4:42 PM, Ashen Weerathunga  wrote:
>
>> Hi All,
>>
>> I have tested the following and found no issues.
>>
>>- Consent Management for Self Sign Up.
>>- Creating Users with the Ask Password Option.
>>- Password pattern validation.
>>- SAML SSO with Consent Management.
>>
>> [+] Stable - go ahead and release
>>
>> Thanks,
>> Ashen
>>
>>
>> On Tue, Jun 19, 2018 at 3:59 PM Ishara Karunarathna 
>> wrote:
>>
>>> Hi All,
>>>
>>> Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0
>>> And check the session analytics reports.
>>>
>>>
>>> No blocking issues found.
>>> [+] Stable
>>>
>>> Thanks,
>>> Ishara
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack.

- SAML to SAML federation flow.
- Publish and Update XACML policies.
- OAuth token revocation.

 No blocking issues found.

 [+] Stable

 Thanks
 Isuri.

 On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
 wrote:

> Hi All,
>
> Tested SCIM 2.0 basic operations. No blocking issues found
>
> [+] Stable - Go ahead and release
>
> Regards,
> Omindu.
>
>
>
>
>
> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya 
> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>>- Configuring Single-Sign-On with SAML2
>>- Configuring Single-Sign-On with OIDC
>>- Configuring Multi-Factor Authentication
>>- Configuring Twitter as a Federated Authenticator
>>- Setting up Self-Signup
>>- Creating a workflow
>>- Tested Consent management API (Add/Retrieve purposes,
>>Add/revoke consents.)
>>
>> No blocking issues found.
>>
>> [+] Stable
>>
>> Thanks,
>>
>>
>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana <
>> pulast...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> Tested SSO with Multi step/multi option authentication, Google
>>> and Twitter authenticators
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>>
>>> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
>>> hasan...@wso2.com> wrote:
>>>
 Hi,

 Tested below scenarios on IS 5.6.0-RC3 pack,

 - Register a service provider
 - Obtain an access token using JWT grant type
 - Invoke user info endpoint using the token.

 No blocking issues found.

 [+] Stable - Go ahead and release

 Thanks,
 Hasanthi

 On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
 wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
>- Invoke the OAuth Introspection Endpoint.
>- OAuth token revocation.
>- Entitlement policy creation using write policy in xml and
>publishing.
>- Using REST APIs via XACML to manage entitlement.
>- Create, update, get, delete an OAuth app using Dynamic
>Client Registration endpoint.
>
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Dewni
>
> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>> User management (add/update/remove users).
>> User management in secondary userstores (Read-Write LDAP).
>> Consent Management in SAML SSO.
>> SAML to SAML federation.
>> Creating workflows definitions for primary userstore users.
>> Engaging/Disabling workflows on user-store operations.
>> Enable role based authorization using XACML for service providers.
>> Tenant creation/update/disabling.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Sathya
>>
>>
>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage <
>> viha...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack with
>>> 

[Architecture] Rethinking Product Analytics Architecture

[Sinthuja Rajendran]

Hi,

With my recent work with metrics and other monitoring systems, I'm thinking
whether our model of sending everything and calculate in the analytics
server side is correct.

Basically IMHO, the majority of the product analytics use cases are
statistics calculation. For example, in APIM, we are calculating API
statistics, Subscription statistics, etc. And for this, we are sending
events for every request/response/fault to analytics server, and analytics
server is performing the actual statistics calculation on the events.
Therefore in the high traffic scenario, there are a lot of events needs to
be published to analytics server, and we are getting issues like "Event
Queue Full" in the gateway.

My proposal is, what if we calculate the statistics on the local node
itself (similar to the edge analytics by running Siddhi within the
products), and only send the minute statistics summary to analytics server
to do the global (across all nodes) calculation. With this way, the traffic
to analytics server will be reduced drastically as only the final
calculated value for each group by combination will be reported. Therefore,
the analytics server can focus on global summarization and other global
monitoring aspects.

Thanks,
Sinthuja.

-- 
*Sinthuja Rajendran*
Senior Technical Lead
WSO2, Inc.:http://wso2.com

Blog: http://sinthu-rajan.blogspot.com/
Mobile: +94774273955
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Nadeeshani Pathirennehelage]

Hi All,

+1 from Platform Security Team.

Thank You,
Nadeeshani.

On Tue, Jun 19, 2018 at 4:42 PM, Ashen Weerathunga  wrote:

> Hi All,
>
> I have tested the following and found no issues.
>
>- Consent Management for Self Sign Up.
>- Creating Users with the Ask Password Option.
>- Password pattern validation.
>- SAML SSO with Consent Management.
>
> [+] Stable - go ahead and release
>
> Thanks,
> Ashen
>
>
> On Tue, Jun 19, 2018 at 3:59 PM Ishara Karunarathna 
> wrote:
>
>> Hi All,
>>
>> Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0
>> And check the session analytics reports.
>>
>>
>> No blocking issues found.
>> [+] Stable
>>
>> Thanks,
>> Ishara
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>>- SAML to SAML federation flow.
>>>- Publish and Update XACML policies.
>>>- OAuth token revocation.
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable
>>>
>>> Thanks
>>> Isuri.
>>>
>>> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
>>> wrote:
>>>
 Hi All,

 Tested SCIM 2.0 basic operations. No blocking issues found

 [+] Stable - Go ahead and release

 Regards,
 Omindu.





 On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- Configuring Single-Sign-On with SAML2
>- Configuring Single-Sign-On with OIDC
>- Configuring Multi-Factor Authentication
>- Configuring Twitter as a Federated Authenticator
>- Setting up Self-Signup
>- Creating a workflow
>- Tested Consent management API (Add/Retrieve purposes, Add/revoke
>consents.)
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks,
>
>
> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana <
> pulast...@wso2.com> wrote:
>
>> Hi,
>>
>> Tested SSO with Multi step/multi option authentication, Google
>> and Twitter authenticators
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>>
>> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
>> hasan...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>>
>>> - Register a service provider
>>> - Obtain an access token using JWT grant type
>>> - Invoke user info endpoint using the token.
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> Thanks,
>>> Hasanthi
>>>
>>> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
>>> wrote:
>>>
 Hi,

 Tested below scenarios on IS 5.6.0-RC3 pack,

- Invoke the OAuth Introspection Endpoint.
- OAuth token revocation.
- Entitlement policy creation using write policy in xml and
publishing.
- Using REST APIs via XACML to manage entitlement.
- Create, update, get, delete an OAuth app using Dynamic Client
Registration endpoint.


 No blocking issues found.

 [+] Stable - Go ahead and release

 Thanks,
 Dewni

 On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
 wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
> User management (add/update/remove users).
> User management in secondary userstores (Read-Write LDAP).
> Consent Management in SAML SSO.
> SAML to SAML federation.
> Creating workflows definitions for primary userstore users.
> Engaging/Disabling workflows on user-store operations.
> Enable role based authorization using XACML for service providers.
> Tenant creation/update/disabling.
>
> No blocking issues are found.
>
> [+] Stable - go ahead and release.
>
> Thanks,
> Sathya
>
>
> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage <
> viha...@wso2.com> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack with
>> default database setup.
>>
>>- Enable user self-registration and self-register a new user.
>>- Add multiple consent purposes with multiple PII categories.
>>- Login to dashboard and see whether we can see the default
>>consent and above added PII categories.
>>- Confirm claims are getting filtered based on consents.
>>- Configure a service provider with OpenID Connect and
>>acquire access tokens via Authorization Code, Implicit, Client 
>> Credential

Re: [Architecture] Additional roles on top of Active Directory

[Ishara Karunarathna]

Hi Jørgen.

On Mon, Jun 18, 2018 at 3:31 AM Jørgen Østergaard  wrote:

> Hi,
>
>
>
> We are using an Secure LDAP connection to Active Directory as a user
> store. We need some additional functionality on top of the existing AD
> structure, which requires changes in the existing setup / application.
>
>
>
> Are there any plans or ideas in adding an additional role layer on top of
> an existing external connected user store such as ex. Active Directory.
>
>
>
> The functionality we look for are intended to make it possible to collect
> or bundle security groups into a business role in the Identity Server.
>
If I'm correct, you need to map set of user Groups in the Active Directory
to a Role in Identity server. Please correct me if I'm wrong.

In the current rode-map we don't have a plan to implement this use case.
But this can be implemented extending the existing Active Directory
usestore manger and configure it as a custom userstore.

Regards,
Ishara

>
>
> Thanks,
>
>
>
>
>
>
>
> Med venlig hilsen / best regards
>
>
>
> Jørgen Østergaard
> Phone:  +45 5363 6732
>
>
>
> [image: cid:31391d25-b727-4571-b9f2-a66d58180757]
>
> id connect A/S
> CVR 39611082
> Engager 8
> DK – 2605 Brøndbyvester
> Denmark
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
Ishara Karunarathna
Technical Lead
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
+94717996791
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Ishara Karunarathna]

Hi All,

Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0
And check the session analytics reports.


No blocking issues found.
[+] Stable

Thanks,
Ishara





On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- SAML to SAML federation flow.
>- Publish and Update XACML policies.
>- OAuth token revocation.
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks
> Isuri.
>
> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
> wrote:
>
>> Hi All,
>>
>> Tested SCIM 2.0 basic operations. No blocking issues found
>>
>> [+] Stable - Go ahead and release
>>
>> Regards,
>> Omindu.
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya  wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>>- Configuring Single-Sign-On with SAML2
>>>- Configuring Single-Sign-On with OIDC
>>>- Configuring Multi-Factor Authentication
>>>- Configuring Twitter as a Federated Authenticator
>>>- Setting up Self-Signup
>>>- Creating a workflow
>>>- Tested Consent management API (Add/Retrieve purposes, Add/revoke
>>>consents.)
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable
>>>
>>> Thanks,
>>>
>>>
>>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana 
>>> wrote:
>>>
 Hi,

 Tested SSO with Multi step/multi option authentication, Google
 and Twitter authenticators

 No blocking issues found.

 [+] Stable - Go ahead and release


 On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
 hasan...@wso2.com> wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
> - Register a service provider
> - Obtain an access token using JWT grant type
> - Invoke user info endpoint using the token.
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Hasanthi
>
> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
> wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>>- Invoke the OAuth Introspection Endpoint.
>>- OAuth token revocation.
>>- Entitlement policy creation using write policy in xml and
>>publishing.
>>- Using REST APIs via XACML to manage entitlement.
>>- Create, update, get, delete an OAuth app using Dynamic Client
>>Registration endpoint.
>>
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Dewni
>>
>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>> User management (add/update/remove users).
>>> User management in secondary userstores (Read-Write LDAP).
>>> Consent Management in SAML SSO.
>>> SAML to SAML federation.
>>> Creating workflows definitions for primary userstore users.
>>> Engaging/Disabling workflows on user-store operations.
>>> Enable role based authorization using XACML for service providers.
>>> Tenant creation/update/disabling.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Sathya
>>>
>>>
>>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage >> > wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack with
 default database setup.

- Enable user self-registration and self-register a new user.
- Add multiple consent purposes with multiple PII categories.
- Login to dashboard and see whether we can see the default
consent and above added PII categories.
- Confirm claims are getting filtered based on consents.
- Configure a service provider with OpenID Connect and acquire
access tokens via Authorization Code, Implicit, Client Credential 
 and
Password grant types.
- Enable ID token encryption for the service provider and test
the flow with decryption for all grant types.
- Delete the self-signed up user, create another user with the
exact same username, log in to the dashboard and see what are the
consents shown.
- Revoke consents of the user via the dashboard and try
accessing the SP to verify the consents are asked again.
- Delete the SP, login to the dashboard and see whether the
consents are deleted for that SP.

 No blocking issues are found.

 [+] Stable - go ahead and release.

 Thanks,
 Vihanga.

 On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa 
 wrote:

> Hi all,
>
> 

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Thanuja Jayasinghe]

Hi All,

Tested user account association scenarios. No blocking issues found.

[+] Stable - Go ahead and release

Thanks,
Thanuja

On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- SAML to SAML federation flow.
>- Publish and Update XACML policies.
>- OAuth token revocation.
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks
> Isuri.
>
> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
> wrote:
>
>> Hi All,
>>
>> Tested SCIM 2.0 basic operations. No blocking issues found
>>
>> [+] Stable - Go ahead and release
>>
>> Regards,
>> Omindu.
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya  wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>>- Configuring Single-Sign-On with SAML2
>>>- Configuring Single-Sign-On with OIDC
>>>- Configuring Multi-Factor Authentication
>>>- Configuring Twitter as a Federated Authenticator
>>>- Setting up Self-Signup
>>>- Creating a workflow
>>>- Tested Consent management API (Add/Retrieve purposes, Add/revoke
>>>consents.)
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable
>>>
>>> Thanks,
>>>
>>>
>>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana 
>>> wrote:
>>>
 Hi,

 Tested SSO with Multi step/multi option authentication, Google
 and Twitter authenticators

 No blocking issues found.

 [+] Stable - Go ahead and release


 On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
 hasan...@wso2.com> wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
> - Register a service provider
> - Obtain an access token using JWT grant type
> - Invoke user info endpoint using the token.
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Hasanthi
>
> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
> wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>>- Invoke the OAuth Introspection Endpoint.
>>- OAuth token revocation.
>>- Entitlement policy creation using write policy in xml and
>>publishing.
>>- Using REST APIs via XACML to manage entitlement.
>>- Create, update, get, delete an OAuth app using Dynamic Client
>>Registration endpoint.
>>
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Dewni
>>
>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>> User management (add/update/remove users).
>>> User management in secondary userstores (Read-Write LDAP).
>>> Consent Management in SAML SSO.
>>> SAML to SAML federation.
>>> Creating workflows definitions for primary userstore users.
>>> Engaging/Disabling workflows on user-store operations.
>>> Enable role based authorization using XACML for service providers.
>>> Tenant creation/update/disabling.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Sathya
>>>
>>>
>>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage >> > wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack with
 default database setup.

- Enable user self-registration and self-register a new user.
- Add multiple consent purposes with multiple PII categories.
- Login to dashboard and see whether we can see the default
consent and above added PII categories.
- Confirm claims are getting filtered based on consents.
- Configure a service provider with OpenID Connect and acquire
access tokens via Authorization Code, Implicit, Client Credential 
 and
Password grant types.
- Enable ID token encryption for the service provider and test
the flow with decryption for all grant types.
- Delete the self-signed up user, create another user with the
exact same username, log in to the dashboard and see what are the
consents shown.
- Revoke consents of the user via the dashboard and try
accessing the SP to verify the consents are asked again.
- Delete the SP, login to the dashboard and see whether the
consents are deleted for that SP.

 No blocking issues are found.

 [+] Stable - go ahead and release.

 Thanks,
 Vihanga.

 On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa 
 wrote:

> Hi all,
>
> We are pleased to announce the third 

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Isuri Anuradha]

Hi all,

I've tested following scenarios on the IS 5.6.0-RC3 pack.

   - SAML to SAML federation flow.
   - Publish and Update XACML policies.
   - OAuth token revocation.

No blocking issues found.

[+] Stable

Thanks
Isuri.

On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera  wrote:

> Hi All,
>
> Tested SCIM 2.0 basic operations. No blocking issues found
>
> [+] Stable - Go ahead and release
>
> Regards,
> Omindu.
>
>
>
>
>
> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya  wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>>- Configuring Single-Sign-On with SAML2
>>- Configuring Single-Sign-On with OIDC
>>- Configuring Multi-Factor Authentication
>>- Configuring Twitter as a Federated Authenticator
>>- Setting up Self-Signup
>>- Creating a workflow
>>- Tested Consent management API (Add/Retrieve purposes, Add/revoke
>>consents.)
>>
>> No blocking issues found.
>>
>> [+] Stable
>>
>> Thanks,
>>
>>
>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana 
>> wrote:
>>
>>> Hi,
>>>
>>> Tested SSO with Multi step/multi option authentication, Google
>>> and Twitter authenticators
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>>
>>> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
>>> hasan...@wso2.com> wrote:
>>>
 Hi,

 Tested below scenarios on IS 5.6.0-RC3 pack,

 - Register a service provider
 - Obtain an access token using JWT grant type
 - Invoke user info endpoint using the token.

 No blocking issues found.

 [+] Stable - Go ahead and release

 Thanks,
 Hasanthi

 On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman  wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
>- Invoke the OAuth Introspection Endpoint.
>- OAuth token revocation.
>- Entitlement policy creation using write policy in xml and
>publishing.
>- Using REST APIs via XACML to manage entitlement.
>- Create, update, get, delete an OAuth app using Dynamic Client
>Registration endpoint.
>
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Dewni
>
> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>> User management (add/update/remove users).
>> User management in secondary userstores (Read-Write LDAP).
>> Consent Management in SAML SSO.
>> SAML to SAML federation.
>> Creating workflows definitions for primary userstore users.
>> Engaging/Disabling workflows on user-store operations.
>> Enable role based authorization using XACML for service providers.
>> Tenant creation/update/disabling.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Sathya
>>
>>
>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack with
>>> default database setup.
>>>
>>>- Enable user self-registration and self-register a new user.
>>>- Add multiple consent purposes with multiple PII categories.
>>>- Login to dashboard and see whether we can see the default
>>>consent and above added PII categories.
>>>- Confirm claims are getting filtered based on consents.
>>>- Configure a service provider with OpenID Connect and acquire
>>>access tokens via Authorization Code, Implicit, Client Credential and
>>>Password grant types.
>>>- Enable ID token encryption for the service provider and test
>>>the flow with decryption for all grant types.
>>>- Delete the self-signed up user, create another user with the
>>>exact same username, log in to the dashboard and see what are the
>>>consents shown.
>>>- Revoke consents of the user via the dashboard and try
>>>accessing the SP to verify the consents are asked again.
>>>- Delete the SP, login to the dashboard and see whether the
>>>consents are deleted for that SP.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa 
>>> wrote:
>>>
 Hi all,

 We are pleased to announce the third release candidate of WSO2
 Identity Server 5.6.0.

 This release fixes the following issues

- 5.6.0-RC Fixes

- 5.6.0-Beta Fixes

- 5.6.0-Alpha2 Fixes

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Omindu Rathnaweera]

Hi All,

Tested SCIM 2.0 basic operations. No blocking issues found

[+] Stable - Go ahead and release

Regards,
Omindu.





On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- Configuring Single-Sign-On with SAML2
>- Configuring Single-Sign-On with OIDC
>- Configuring Multi-Factor Authentication
>- Configuring Twitter as a Federated Authenticator
>- Setting up Self-Signup
>- Creating a workflow
>- Tested Consent management API (Add/Retrieve purposes, Add/revoke
>consents.)
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks,
>
>
> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana 
> wrote:
>
>> Hi,
>>
>> Tested SSO with Multi step/multi option authentication, Google
>> and Twitter authenticators
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>>
>> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
>> hasan...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>>
>>> - Register a service provider
>>> - Obtain an access token using JWT grant type
>>> - Invoke user info endpoint using the token.
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> Thanks,
>>> Hasanthi
>>>
>>> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman  wrote:
>>>
 Hi,

 Tested below scenarios on IS 5.6.0-RC3 pack,

- Invoke the OAuth Introspection Endpoint.
- OAuth token revocation.
- Entitlement policy creation using write policy in xml and
publishing.
- Using REST APIs via XACML to manage entitlement.
- Create, update, get, delete an OAuth app using Dynamic Client
Registration endpoint.


 No blocking issues found.

 [+] Stable - Go ahead and release

 Thanks,
 Dewni

 On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
 wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
> User management (add/update/remove users).
> User management in secondary userstores (Read-Write LDAP).
> Consent Management in SAML SSO.
> SAML to SAML federation.
> Creating workflows definitions for primary userstore users.
> Engaging/Disabling workflows on user-store operations.
> Enable role based authorization using XACML for service providers.
> Tenant creation/update/disabling.
>
> No blocking issues are found.
>
> [+] Stable - go ahead and release.
>
> Thanks,
> Sathya
>
>
> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack with
>> default database setup.
>>
>>- Enable user self-registration and self-register a new user.
>>- Add multiple consent purposes with multiple PII categories.
>>- Login to dashboard and see whether we can see the default
>>consent and above added PII categories.
>>- Confirm claims are getting filtered based on consents.
>>- Configure a service provider with OpenID Connect and acquire
>>access tokens via Authorization Code, Implicit, Client Credential and
>>Password grant types.
>>- Enable ID token encryption for the service provider and test
>>the flow with decryption for all grant types.
>>- Delete the self-signed up user, create another user with the
>>exact same username, log in to the dashboard and see what are the
>>consents shown.
>>- Revoke consents of the user via the dashboard and try accessing
>>the SP to verify the consents are asked again.
>>- Delete the SP, login to the dashboard and see whether the
>>consents are deleted for that SP.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Vihanga.
>>
>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa 
>> wrote:
>>
>>> Hi all,
>>>
>>> We are pleased to announce the third release candidate of WSO2
>>> Identity Server 5.6.0.
>>>
>>> This release fixes the following issues
>>>
>>>- 5.6.0-RC Fixes
>>>
>>>- 5.6.0-Beta Fixes
>>>
>>>- 5.6.0-Alpha2 Fixes
>>>
>>>- 5.6.0-Alpha Fixes
>>>
>>>- 5.6.0-M7 Fixes
>>>
>>>- 5.6.0-M6 Fixes
>>>
>>>- 5.6.0-M5 Fixes
>>>
>>>- 

[Architecture] Prompt for user input during the authentication flow

[Maduranga Siriwardena]

Hi all,

We are working on a feature to prompt for user input during the
authentication flow. This is a part of the conditional authentication
implementation.

Consider the identifier first login flow implementation, where the user
first enter the username first and then Identity Server prompt for password
or any other form of authentication (federated login etc) based on the
username provided. With this feature we can prompt for the user to enter
the username first. Then we can improve the basic authenticator to get the
username from the parameters passed from the authentication script (mail
thread [1] at Architecture@) and avoid from prompting for username.

We are planing to provide a template based approach to get the user input.
Prompt function will have below method signature.

> prompt(, , )

>From the prompt function, we will redirect the user to a page in the
authentication endpoint with the template id and the data object provided.
With the initial implemantation, we will have a set of templates in the
authentication endpoint itself. From the template id provided in the
request, authentication endpoint will select the relevant template and
render the page.

At the moment the data send with the request is encoded only (deflate
encoding + base 64 encoding + url encoding). We are planing to add
encryption capability also in the future.

[1] [IAM] Passing parameters from authentication script to Authenticators

-- 
Maduranga Siriwardena
Senior Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: *https://madurangasiriwardena.wordpress.com/
*

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Nipuni Bhagya]

 Hi all,

I've tested following scenarios on the IS 5.6.0-RC3 pack.

   - Configuring Single-Sign-On with SAML2
   - Configuring Single-Sign-On with OIDC
   - Configuring Multi-Factor Authentication
   - Configuring Twitter as a Federated Authenticator
   - Setting up Self-Signup
   - Creating a workflow
   - Tested Consent management API (Add/Retrieve purposes, Add/revoke
   consents.)

No blocking issues found.

[+] Stable

Thanks,


On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana 
wrote:

> Hi,
>
> Tested SSO with Multi step/multi option authentication, Google and Twitter
> authenticators
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
>
> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>> - Register a service provider
>> - Obtain an access token using JWT grant type
>> - Invoke user info endpoint using the token.
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Hasanthi
>>
>> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman  wrote:
>>
>>> Hi,
>>>
>>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>>
>>>- Invoke the OAuth Introspection Endpoint.
>>>- OAuth token revocation.
>>>- Entitlement policy creation using write policy in xml and
>>>publishing.
>>>- Using REST APIs via XACML to manage entitlement.
>>>- Create, update, get, delete an OAuth app using Dynamic Client
>>>Registration endpoint.
>>>
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> Thanks,
>>> Dewni
>>>
>>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara  wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack.

 User management (add/update/remove users).
 User management in secondary userstores (Read-Write LDAP).
 Consent Management in SAML SSO.
 SAML to SAML federation.
 Creating workflows definitions for primary userstore users.
 Engaging/Disabling workflows on user-store operations.
 Enable role based authorization using XACML for service providers.
 Tenant creation/update/disabling.

 No blocking issues are found.

 [+] Stable - go ahead and release.

 Thanks,
 Sathya


 On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
 wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack with default
> database setup.
>
>- Enable user self-registration and self-register a new user.
>- Add multiple consent purposes with multiple PII categories.
>- Login to dashboard and see whether we can see the default
>consent and above added PII categories.
>- Confirm claims are getting filtered based on consents.
>- Configure a service provider with OpenID Connect and acquire
>access tokens via Authorization Code, Implicit, Client Credential and
>Password grant types.
>- Enable ID token encryption for the service provider and test the
>flow with decryption for all grant types.
>- Delete the self-signed up user, create another user with the
>exact same username, log in to the dashboard and see what are the
>consents shown.
>- Revoke consents of the user via the dashboard and try accessing
>the SP to verify the consents are asked again.
>- Delete the SP, login to the dashboard and see whether the
>consents are deleted for that SP.
>
> No blocking issues are found.
>
> [+] Stable - go ahead and release.
>
> Thanks,
> Vihanga.
>
> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:
>
>> Hi all,
>>
>> We are pleased to announce the third release candidate of WSO2
>> Identity Server 5.6.0.
>>
>> This release fixes the following issues
>>
>>- 5.6.0-RC Fixes
>>
>>- 5.6.0-Beta Fixes
>>
>>- 5.6.0-Alpha2 Fixes
>>
>>- 5.6.0-Alpha Fixes
>>
>>- 5.6.0-M7 Fixes
>>
>>- 5.6.0-M6 Fixes
>>
>>- 5.6.0-M5 Fixes
>>
>>- 5.6.0-M4 Fixes
>>
>>- 5.6.0-M3 Fixes
>>
>>- 5.6.0-M2 Fixes
>>
>>- 5.6.0-M1 Fixes
>>

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Pulasthi Mahawithana]

Hi,

Tested SSO with Multi step/multi option authentication, Google and Twitter
authenticators

No blocking issues found.

[+] Stable - Go ahead and release


On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
> - Register a service provider
> - Obtain an access token using JWT grant type
> - Invoke user info endpoint using the token.
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Hasanthi
>
> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman  wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>>- Invoke the OAuth Introspection Endpoint.
>>- OAuth token revocation.
>>- Entitlement policy creation using write policy in xml and
>>publishing.
>>- Using REST APIs via XACML to manage entitlement.
>>- Create, update, get, delete an OAuth app using Dynamic Client
>>Registration endpoint.
>>
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Dewni
>>
>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara  wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>> User management (add/update/remove users).
>>> User management in secondary userstores (Read-Write LDAP).
>>> Consent Management in SAML SSO.
>>> SAML to SAML federation.
>>> Creating workflows definitions for primary userstore users.
>>> Engaging/Disabling workflows on user-store operations.
>>> Enable role based authorization using XACML for service providers.
>>> Tenant creation/update/disabling.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Sathya
>>>
>>>
>>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack with default
 database setup.

- Enable user self-registration and self-register a new user.
- Add multiple consent purposes with multiple PII categories.
- Login to dashboard and see whether we can see the default consent
and above added PII categories.
- Confirm claims are getting filtered based on consents.
- Configure a service provider with OpenID Connect and acquire
access tokens via Authorization Code, Implicit, Client Credential and
Password grant types.
- Enable ID token encryption for the service provider and test the
flow with decryption for all grant types.
- Delete the self-signed up user, create another user with the
exact same username, log in to the dashboard and see what are the
consents shown.
- Revoke consents of the user via the dashboard and try accessing
the SP to verify the consents are asked again.
- Delete the SP, login to the dashboard and see whether the consents
are deleted for that SP.

 No blocking issues are found.

 [+] Stable - go ahead and release.

 Thanks,
 Vihanga.

 On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:

> Hi all,
>
> We are pleased to announce the third release candidate of WSO2
> Identity Server 5.6.0.
>
> This release fixes the following issues
>
>- 5.6.0-RC Fixes
>
>- 5.6.0-Beta Fixes
>
>- 5.6.0-Alpha2 Fixes
>
>- 5.6.0-Alpha Fixes
>
>- 5.6.0-M7 Fixes
>
>- 5.6.0-M6 Fixes
>
>- 5.6.0-M5 Fixes
>
>- 5.6.0-M4 Fixes
>
>- 5.6.0-M3 Fixes
>
>- 5.6.0-M2 Fixes
>
>- 5.6.0-M1 Fixes
>
>
> Source and distribution,
> Runtime -
> https://github.com/wso2/product-is/releases/tag/v5.6.0-rc3
> Analytics -
> https://github.com/wso2/analytics-is/releases/v5.6.0-rc3
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> WSO2 Identity and Access Management Team
> --
>
> Madawa Soysa / Senior Software Engineer
> mada...@wso2.com / +94714616050
>
> *WSO2 Inc.*
> lean.enterprise.middleware
>
>   

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Senthalan Kanagalingam]

Hi all,

I have tested the following,

Create service provider and tested oAuth flow with playground.
multi-authentication with facebook.
Configure TOTP Authenticator.

No blocking issues found.

[+] Stable - Go ahead and release

thanks,

On Tue, Jun 19, 2018 at 1:44 PM Sathya Bandara  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
> User management (add/update/remove users).
> User management in secondary userstores (Read-Write LDAP).
> Consent Management in SAML SSO.
> SAML to SAML federation.
> Creating workflows definitions for primary userstore users.
> Engaging/Disabling workflows on user-store operations.
> Enable role based authorization using XACML for service providers.
> Tenant creation/update/disabling.
>
> No blocking issues are found.
>
> [+] Stable - go ahead and release.
>
> Thanks,
> Sathya
>
>
> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack with default
>> database setup.
>>
>>- Enable user self-registration and self-register a new user.
>>- Add multiple consent purposes with multiple PII categories.
>>- Login to dashboard and see whether we can see the default consent
>>and above added PII categories.
>>- Confirm claims are getting filtered based on consents.
>>- Configure a service provider with OpenID Connect and acquire access
>>tokens via Authorization Code, Implicit, Client Credential and Password
>>grant types.
>>- Enable ID token encryption for the service provider and test the
>>flow with decryption for all grant types.
>>- Delete the self-signed up user, create another user with the exact
>>same username, log in to the dashboard and see what are the consents
>>shown.
>>- Revoke consents of the user via the dashboard and try accessing the
>>SP to verify the consents are asked again.
>>- Delete the SP, login to the dashboard and see whether the consents
>>are deleted for that SP.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Vihanga.
>>
>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:
>>
>>> Hi all,
>>>
>>> We are pleased to announce the third release candidate of WSO2 Identity
>>> Server 5.6.0.
>>>
>>> This release fixes the following issues
>>>
>>>- 5.6.0-RC Fixes
>>>
>>>- 5.6.0-Beta Fixes
>>>
>>>- 5.6.0-Alpha2 Fixes
>>>
>>>- 5.6.0-Alpha Fixes
>>>
>>>- 5.6.0-M7 Fixes
>>>
>>>- 5.6.0-M6 Fixes
>>>
>>>- 5.6.0-M5 Fixes
>>>
>>>- 5.6.0-M4 Fixes
>>>
>>>- 5.6.0-M3 Fixes
>>>
>>>- 5.6.0-M2 Fixes
>>>
>>>- 5.6.0-M1 Fixes
>>>
>>>
>>> Source and distribution,
>>> Runtime -
>>> https://github.com/wso2/product-is/releases/tag/v5.6.0-rc3
>>> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc3
>>>
>>> Please download, test the product and vote.
>>>
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>> Thanks,
>>> WSO2 Identity and Access Management Team
>>> --
>>>
>>> Madawa Soysa / Senior Software Engineer
>>> mada...@wso2.com / +94714616050
>>>
>>> *WSO2 Inc.*
>>> lean.enterprise.middleware
>>>
>>>   
>>>
>>>
>>>
>>>
>>
>> --
>>
>> Vihanga Liyanage
>>
>> Software Engineer | WS*O₂* Inc.
>>
>> M : +*94710124103* | http://wso2.com
>>
>> [image: http://wso2.com/signature] 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 

*Senthalan Kanagalingam*
*Software Engineer - WSO2 Inc.*
*Mobile : +94 (0) 77 18 77 466*

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Isura Karunaratne]

Hi,

Tested followed scenarios in super tenant, primary user store.


   - Account Locking
   - Self Registration with email confirmation.
   - Self-care portal operations.
   - Password reset through a notification.
   - Password reset through challenge questions.
   - Account Recovery.
   - Password History validation.
   - Password Pattern validation.

No blocking issues found.

[+] Stable - Go ahead and release

Thanks
Isura.

On Tue, Jun 19, 2018 at 2:46 PM Dewni Weeraman  wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
>- Invoke the OAuth Introspection Endpoint.
>- OAuth token revocation.
>- Entitlement policy creation using write policy in xml and publishing.
>- Using REST APIs via XACML to manage entitlement.
>- Create, update, get, delete an OAuth app using Dynamic Client
>Registration endpoint.
>
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Dewni
>
> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara  wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>> User management (add/update/remove users).
>> User management in secondary userstores (Read-Write LDAP).
>> Consent Management in SAML SSO.
>> SAML to SAML federation.
>> Creating workflows definitions for primary userstore users.
>> Engaging/Disabling workflows on user-store operations.
>> Enable role based authorization using XACML for service providers.
>> Tenant creation/update/disabling.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Sathya
>>
>>
>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack with default
>>> database setup.
>>>
>>>- Enable user self-registration and self-register a new user.
>>>- Add multiple consent purposes with multiple PII categories.
>>>- Login to dashboard and see whether we can see the default consent
>>>and above added PII categories.
>>>- Confirm claims are getting filtered based on consents.
>>>- Configure a service provider with OpenID Connect and acquire
>>>access tokens via Authorization Code, Implicit, Client Credential and
>>>Password grant types.
>>>- Enable ID token encryption for the service provider and test the
>>>flow with decryption for all grant types.
>>>- Delete the self-signed up user, create another user with the exact
>>>same username, log in to the dashboard and see what are the consents
>>>shown.
>>>- Revoke consents of the user via the dashboard and try accessing
>>>the SP to verify the consents are asked again.
>>>- Delete the SP, login to the dashboard and see whether the consents
>>>are deleted for that SP.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:
>>>
 Hi all,

 We are pleased to announce the third release candidate of WSO2 Identity
 Server 5.6.0.

 This release fixes the following issues

- 5.6.0-RC Fixes

- 5.6.0-Beta Fixes

- 5.6.0-Alpha2 Fixes

- 5.6.0-Alpha Fixes

- 5.6.0-M7 Fixes

- 5.6.0-M6 Fixes

- 5.6.0-M5 Fixes

- 5.6.0-M4 Fixes

- 5.6.0-M3 Fixes

- 5.6.0-M2 Fixes

- 5.6.0-M1 Fixes


 Source and distribution,
 Runtime -
 https://github.com/wso2/product-is/releases/tag/v5.6.0-rc3
 Analytics -
 https://github.com/wso2/analytics-is/releases/v5.6.0-rc3

 Please download, test the product and vote.

 [+] Stable - go ahead and release
 [-] Broken - do not release (explain why)

 Thanks,
 WSO2 Identity and Access Management Team
 --

 Madawa Soysa / Senior Software Engineer
 mada...@wso2.com / +94714616050

 *WSO2 Inc.*
 lean.enterprise.middleware

   




>>>
>>> --
>>>
>>> Vihanga Liyanage
>>>
>>> Software Engineer | WS*O₂* Inc.
>>>
>>> M : +*94710124103* | http://wso2.com
>>>
>>> [image: http://wso2.com/signature] 
>>>
>>> 

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Hasanthi Purnima Dissanayake]

Hi,

Tested below scenarios on IS 5.6.0-RC3 pack,

- Register a service provider
- Obtain an access token using JWT grant type
- Invoke user info endpoint using the token.

No blocking issues found.

[+] Stable - Go ahead and release

Thanks,
Hasanthi

On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman  wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
>- Invoke the OAuth Introspection Endpoint.
>- OAuth token revocation.
>- Entitlement policy creation using write policy in xml and publishing.
>- Using REST APIs via XACML to manage entitlement.
>- Create, update, get, delete an OAuth app using Dynamic Client
>Registration endpoint.
>
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Dewni
>
> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara  wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>
>> User management (add/update/remove users).
>> User management in secondary userstores (Read-Write LDAP).
>> Consent Management in SAML SSO.
>> SAML to SAML federation.
>> Creating workflows definitions for primary userstore users.
>> Engaging/Disabling workflows on user-store operations.
>> Enable role based authorization using XACML for service providers.
>> Tenant creation/update/disabling.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Sathya
>>
>>
>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack with default
>>> database setup.
>>>
>>>- Enable user self-registration and self-register a new user.
>>>- Add multiple consent purposes with multiple PII categories.
>>>- Login to dashboard and see whether we can see the default consent
>>>and above added PII categories.
>>>- Confirm claims are getting filtered based on consents.
>>>- Configure a service provider with OpenID Connect and acquire
>>>access tokens via Authorization Code, Implicit, Client Credential and
>>>Password grant types.
>>>- Enable ID token encryption for the service provider and test the
>>>flow with decryption for all grant types.
>>>- Delete the self-signed up user, create another user with the exact
>>>same username, log in to the dashboard and see what are the consents
>>>shown.
>>>- Revoke consents of the user via the dashboard and try accessing
>>>the SP to verify the consents are asked again.
>>>- Delete the SP, login to the dashboard and see whether the consents
>>>are deleted for that SP.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:
>>>
 Hi all,

 We are pleased to announce the third release candidate of WSO2 Identity
 Server 5.6.0.

 This release fixes the following issues

- 5.6.0-RC Fixes

- 5.6.0-Beta Fixes

- 5.6.0-Alpha2 Fixes

- 5.6.0-Alpha Fixes

- 5.6.0-M7 Fixes

- 5.6.0-M6 Fixes

- 5.6.0-M5 Fixes

- 5.6.0-M4 Fixes

- 5.6.0-M3 Fixes

- 5.6.0-M2 Fixes

- 5.6.0-M1 Fixes


 Source and distribution,
 Runtime -  https://github.com/wso2/pro
 duct-is/releases/tag/v5.6.0-rc3
 Analytics - https://github.com/wso2/anal
 ytics-is/releases/v5.6.0-rc3

 Please download, test the product and vote.

 [+] Stable - go ahead and release
 [-] Broken - do not release (explain why)

 Thanks,
 WSO2 Identity and Access Management Team
 --

 Madawa Soysa / Senior Software Engineer
 mada...@wso2.com / +94714616050

 *WSO2 Inc.*
 lean.enterprise.middleware

   




>>>
>>> --
>>>
>>> Vihanga Liyanage
>>>
>>> Software Engineer | WS*O₂* Inc.
>>>
>>> M : +*94710124103* | http://wso2.com
>>>
>>> [image: http://wso2.com/signature] 
>>>
>>> ___
>>> Dev mailing list
>>> d...@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sathya Bandara
>> Software 

Re: [Architecture] Micro Gateway CLI - Hashing Resources (APIs/Policies) for change detection

[Nuwan Dias]

When we do WUM updates to the distribution (Microgateway Toolkit), we may
have to force build the runtime even if there aren't changes to the API and
Policy definitions. In that case we may need a flag to force build.

On Tue, Jun 19, 2018 at 2:41 PM, Isuru Haththotuwa  wrote:

> +1 for this approach.
>
> On Tue, Jun 19, 2018 at 1:47 PM, Malintha Amarasinghe 
> wrote:
>
>> + IsuruH
>>
>> On Tue, Jun 19, 2018 at 12:41 PM, Malintha Amarasinghe <
>> malint...@wso2.com> wrote:
>>
>>> List of fields planned to be added as of now; kindly let me know if any
>>> field is missing.
>>>
>>> *API*
>>> name
>>> context
>>> version
>>> apiDefinition
>>> responseCaching
>>> isDefaultVersion
>>> type - (http vs ws)
>>> transport - (http/https)
>>> endpointConfig
>>> endpointSecurity
>>> corsConfiguration
>>> authorizationHeader
>>>
>>>
>>> *SubscriptionThrottlePolicy*
>>> policyName
>>> defaultLimit (throttling limits)
>>> stopOnQuotaReach
>>>
>>> *ApplicationThrottlePolicy*
>>> policyName
>>> defaultLimit (throttling limits)
>>>
>>>
>>> Thanks!
>>> Malintha
>>>
>>> On Tue, Jun 19, 2018 at 12:00 PM, Harsha Kumara 
>>> wrote:
>>>


 On Tue, Jun 19, 2018 at 11:45 AM Malintha Amarasinghe <
 malint...@wso2.com> wrote:

> Hi,
>
> Micro gateway CLI works completely separately to API manager; whenever
> a new API is added for a label, whenever there is a change happens to an
> existing label there won't be any events published etc like previously. 
> The
> CLI needs to regenerate the source build it and push the artifacts to the
> deployment and the full process needs to complete. In most occasions, the
> CLI can be configured to run periodically to generate sources and do above
> job.
>
> But in this case, most of the time, the CLI will be uselessly
> generating sources building it and pushing the artifacts to deployment.
> Comparatively, building and pushing artifacts to deployment have a huge
> overhead compared to generating sources.
>
> This effort is to avoid that as much as possible by change-detection;
> i.e.
>
> 1. The CLI will check if any of the required resources has changed vs
> the previous build and notify the user after a successful "setup" (source
> generate) command using the command line output and the exit code of the
> command.
> 2. Using the exit code, a user can write a shell script etc to decide
> whether he should proceed with "build" or not.
>
>
> *Proposed implementation:*
>
> API Publisher APIs does not have ETag feature. Even if it is there,
> the ETag will be generated for the whole resource. For code generation, we
> will be only using few attributes of the resource, hence using a global
> ETag for a resource may lead to unnecessary changes for the ETag. Hence 
> the
> proposed implementation will be using a CLI-side hash generation for *used
> attributes *of the resource (API/Policies) only.
>
> To mark the attributes which are used for generating the code, a newly
> introduced annotation "@Hash" can be used.
>
> Ex:
>
> public class APIDetailedDTO extends APIInfoDTO {
>
> /**
>  * Swagger definition of the APIDetailedDTO which contains details 
> about URI templates and scopes\n
>  **/
> *@Hash*
> @JsonProperty("apiDefinition")
> public String getApiDefinition() {
> return apiDefinition;
> }
>
> public void setApiDefinition(String apiDefinition) {
> this.apiDefinition = apiDefinition;
> }
>
>
> /**
>  * WSDL URL if the APIDetailedDTO is based on a WSDL endpoint\n
>  **/
> @JsonProperty("wsdlUri")
> public String getWsdlUri() {
> return wsdlUri;
> }
>
> public void setWsdlUri(String wsdlUri) {
> this.wsdlUri = wsdlUri;
> }
>
> *@Hash*
> @JsonProperty("responseCaching")
> public String getResponseCaching() {
> return responseCaching;
> }
>
>
>
> The methods marked with *@Hash* will be automatically extracted from
> the code and will be used to generate the hashes for each resource.
>
> The generated hashes will be stored inside the CLI's temp folder
> against each resources' UUID, which will be used to compare the hash
> changes between next runs.
>
 What are the fields which we have added to the hash?

>
>
> Highly appreciate your ideas on this.
>
> Thanks!
> Malintha
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>


 --
 Harsha Kumara
 Associate Technical Lead, WSO2 Inc.
 Mobile: +94775505618
 Blog:harshcreationz.blogspot.com

>>>
>>>
>>>

Re: [Architecture] [Dev] [VOTE] Release of WSO2 API Manager 2.5.0 RC3

[Chamin Dias]

Hi,

We are closing the vote due to the above issue. We will fix the issue and
release another release candidate as soon as possible.

Thanks.

On Tue, Jun 19, 2018 at 2:03 PM, Thilini Shanika  wrote:

> Hi All,
>
> Found [1] while testing the distributed deployment of APIM. Hence -1 for
> RC3.
>
> [1] https://github.com/wso2/product-apim/issues/3459
>
>
>
>
>
> On Tue, Jun 19, 2018 at 11:11 AM, Dinusha Dissanayake 
> wrote:
>
>> Hi all,
>>
>> Tested the following.
>>
>> Different user creations. ( admin, publisher and subscriber)
>> Created APIS.
>> Published APIs.
>> Subscribed and token generation.
>> Stat viewing in publisher and store with analytics enabled.
>> Alert generation for API tier usage crossing and abnormal resource
>> pattern detection.
>>
>> [+] Stable -go ahead and release
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 11:06 AM, Prasanna Dangalla 
>> wrote:
>>
>>> Hi All,
>>>
>>> I tested the following scenarios to super tenant and tenant.
>>>
>>>- New API creation
>>>- New Application Creation with ouath and JWT
>>>- Custom subscription Policy creation
>>>- Generating OAuth token
>>>- Generating JWT
>>>- Invoking API using OAuth token.
>>>- Blocking the API from invoking JTI in JWT
>>>- Invoke the API using JTI as access token when the application type
>>>is changed from JWT to OAuth.
>>>- Application creation for JWT and OAuth
>>>
>>>
>>> [+]Stable - go ahead and release
>>>
>>> Thanks
>>>
>>> *Prasanna Dangalla*
>>> Senior Software Engineer, WSO2, Inc.; http://wso2.com/
>>> lean.enterprise.middleware
>>>
>>>
>>> *cell: +94 718 11 27 51*
>>> *twitter: @prasa77*
>>>
>>>
>>> On Tue, Jun 19, 2018 at 10:09 AM Vithursa Mahendrarajah <
>>> vithu...@wso2.com> wrote:
>>>
 Hi,

 I have tested following and no issues found.

- Application creation, update and key generation using REST API
- Application Attributes (Server specific and tenant specific)
- Creating and Publishing API
- Application creation & subscription

 [+] Stable - go ahead and release

 Thanks,

 On Tue, Jun 19, 2018 at 9:47 AM, Chamin Dias  wrote:

> Hi,
>
> Tested following (for both super tenat and tenat) and no issues found.
>
> Enviornment : Mac OS, Safari web browser
> a) Label creation/update
> b) Attaching/removing labels to/from APIs
> c) Displaying label information in Publisher and Store
>
> [+] Stable - go ahead and release
>
> Thanks.
>
> On Tue, Jun 19, 2018 at 6:11 AM, Chamalee De Silva 
> wrote:
>
>> Hi,
>> I have tested following and no issues found.
>>
>> 1. Basic API flow
>> - API creation, publishing, invocation etc.
>> 2. Creating users and roles, and user permissions.
>>
>> 3. Single Sign On with WSO2 Idnetity Server (WSO2 IS 5.6.0 RC3)
>>  - SP init and IDP init SSO
>>  - Assertion Encryption
>>  - Single logout on/off
>>  -  SAML request singning in store and publisher.
>>
>> 4. Installing SCIM identity feature in API Manager 2.5.0
>>
>> 5. API Properties
>>
>> 6. SDK generation feature
>>
>>
>> [+]Stable - go ahead and release
>>
>>
>> Thanks,
>> Chamalee
>>
>>
>>
>> On Tue, Jun 19, 2018 at 12:07 AM, Chamin Dias 
>> wrote:
>>
>>> Hi all,
>>>
>>> We are pleased to announce the third release candidate of WSO2 API
>>> Manager 2.5.0.
>>>
>>> This release fixes the following issues.
>>> Fixes : carbon-apimgt
>>> 
>>> Fixes : product-apim
>>> 
>>> Fixes : analytics-apim
>>> 
>>>
>>> Source and distribution,
>>> Runtime : https://github.com/wso2/produc
>>> t-apim/releases/tag/v2.5.0-rc3
>>> Analytics : https://github.com/wso2/analyt
>>> ics-apim/releases/tag/v2.5.0-rc1
>>>
>>> Please download, test the product and vote.
>>>
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>> Note : We can still use APIM-Analytics 2.5.0-rc1 for analytics (no
>>> issues reported so far).
>>>
>>> Thanks,
>>> WSO2 API Manager Team
>>>
>>> --
>>> Chamin Dias
>>> Mobile : 0716097455
>>> Email : cham...@wso2.com
>>> LinkedIn : https://www.linkedin.com/in/chamindias
>>>
>>>
>>> ___
>>> Dev mailing list
>>> d...@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> 

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Dewni Weeraman]

Hi,

Tested below scenarios on IS 5.6.0-RC3 pack,

   - Invoke the OAuth Introspection Endpoint.
   - OAuth token revocation.
   - Entitlement policy creation using write policy in xml and publishing.
   - Using REST APIs via XACML to manage entitlement.
   - Create, update, get, delete an OAuth app using Dynamic Client
   Registration endpoint.


No blocking issues found.

[+] Stable - Go ahead and release

Thanks,
Dewni

On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
> User management (add/update/remove users).
> User management in secondary userstores (Read-Write LDAP).
> Consent Management in SAML SSO.
> SAML to SAML federation.
> Creating workflows definitions for primary userstore users.
> Engaging/Disabling workflows on user-store operations.
> Enable role based authorization using XACML for service providers.
> Tenant creation/update/disabling.
>
> No blocking issues are found.
>
> [+] Stable - go ahead and release.
>
> Thanks,
> Sathya
>
>
> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> I've tested following scenarios on the IS 5.6.0-RC3 pack with default
>> database setup.
>>
>>- Enable user self-registration and self-register a new user.
>>- Add multiple consent purposes with multiple PII categories.
>>- Login to dashboard and see whether we can see the default consent
>>and above added PII categories.
>>- Confirm claims are getting filtered based on consents.
>>- Configure a service provider with OpenID Connect and acquire access
>>tokens via Authorization Code, Implicit, Client Credential and Password
>>grant types.
>>- Enable ID token encryption for the service provider and test the
>>flow with decryption for all grant types.
>>- Delete the self-signed up user, create another user with the exact
>>same username, log in to the dashboard and see what are the consents
>>shown.
>>- Revoke consents of the user via the dashboard and try accessing the
>>SP to verify the consents are asked again.
>>- Delete the SP, login to the dashboard and see whether the consents
>>are deleted for that SP.
>>
>> No blocking issues are found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Vihanga.
>>
>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:
>>
>>> Hi all,
>>>
>>> We are pleased to announce the third release candidate of WSO2 Identity
>>> Server 5.6.0.
>>>
>>> This release fixes the following issues
>>>
>>>- 5.6.0-RC Fixes
>>>
>>>- 5.6.0-Beta Fixes
>>>
>>>- 5.6.0-Alpha2 Fixes
>>>
>>>- 5.6.0-Alpha Fixes
>>>
>>>- 5.6.0-M7 Fixes
>>>
>>>- 5.6.0-M6 Fixes
>>>
>>>- 5.6.0-M5 Fixes
>>>
>>>- 5.6.0-M4 Fixes
>>>
>>>- 5.6.0-M3 Fixes
>>>
>>>- 5.6.0-M2 Fixes
>>>
>>>- 5.6.0-M1 Fixes
>>>
>>>
>>> Source and distribution,
>>> Runtime -  https://github.com/wso2/product-is/releases/tag/v5.6.0-
>>> rc3
>>> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc3
>>>
>>> Please download, test the product and vote.
>>>
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>> Thanks,
>>> WSO2 Identity and Access Management Team
>>> --
>>>
>>> Madawa Soysa / Senior Software Engineer
>>> mada...@wso2.com / +94714616050
>>>
>>> *WSO2 Inc.*
>>> lean.enterprise.middleware
>>>
>>>   
>>>
>>>
>>>
>>>
>>
>> --
>>
>> Vihanga Liyanage
>>
>> Software Engineer | WS*O₂* Inc.
>>
>> M : +*94710124103* | http://wso2.com
>>
>> [image: http://wso2.com/signature] 
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Dewni Weeraman*
Trainee Software Engineer | WSO2

Email: de...@wso2.com
Mobile: +94772979049
Web: http://wso2.com/
___
Architecture mailing list
Architecture@wso2.org

Re: [Architecture] Micro Gateway CLI - Hashing Resources (APIs/Policies) for change detection

[Isuru Haththotuwa]

+1 for this approach.

On Tue, Jun 19, 2018 at 1:47 PM, Malintha Amarasinghe 
wrote:

> + IsuruH
>
> On Tue, Jun 19, 2018 at 12:41 PM, Malintha Amarasinghe  > wrote:
>
>> List of fields planned to be added as of now; kindly let me know if any
>> field is missing.
>>
>> *API*
>> name
>> context
>> version
>> apiDefinition
>> responseCaching
>> isDefaultVersion
>> type - (http vs ws)
>> transport - (http/https)
>> endpointConfig
>> endpointSecurity
>> corsConfiguration
>> authorizationHeader
>>
>>
>> *SubscriptionThrottlePolicy*
>> policyName
>> defaultLimit (throttling limits)
>> stopOnQuotaReach
>>
>> *ApplicationThrottlePolicy*
>> policyName
>> defaultLimit (throttling limits)
>>
>>
>> Thanks!
>> Malintha
>>
>> On Tue, Jun 19, 2018 at 12:00 PM, Harsha Kumara  wrote:
>>
>>>
>>>
>>> On Tue, Jun 19, 2018 at 11:45 AM Malintha Amarasinghe <
>>> malint...@wso2.com> wrote:
>>>
 Hi,

 Micro gateway CLI works completely separately to API manager; whenever
 a new API is added for a label, whenever there is a change happens to an
 existing label there won't be any events published etc like previously. The
 CLI needs to regenerate the source build it and push the artifacts to the
 deployment and the full process needs to complete. In most occasions, the
 CLI can be configured to run periodically to generate sources and do above
 job.

 But in this case, most of the time, the CLI will be uselessly
 generating sources building it and pushing the artifacts to deployment.
 Comparatively, building and pushing artifacts to deployment have a huge
 overhead compared to generating sources.

 This effort is to avoid that as much as possible by change-detection;
 i.e.

 1. The CLI will check if any of the required resources has changed vs
 the previous build and notify the user after a successful "setup" (source
 generate) command using the command line output and the exit code of the
 command.
 2. Using the exit code, a user can write a shell script etc to decide
 whether he should proceed with "build" or not.


 *Proposed implementation:*

 API Publisher APIs does not have ETag feature. Even if it is there, the
 ETag will be generated for the whole resource. For code generation, we will
 be only using few attributes of the resource, hence using a global ETag for
 a resource may lead to unnecessary changes for the ETag. Hence the proposed
 implementation will be using a CLI-side hash generation for *used
 attributes *of the resource (API/Policies) only.

 To mark the attributes which are used for generating the code, a newly
 introduced annotation "@Hash" can be used.

 Ex:

 public class APIDetailedDTO extends APIInfoDTO {

 /**
  * Swagger definition of the APIDetailedDTO which contains details 
 about URI templates and scopes\n
  **/
 *@Hash*
 @JsonProperty("apiDefinition")
 public String getApiDefinition() {
 return apiDefinition;
 }

 public void setApiDefinition(String apiDefinition) {
 this.apiDefinition = apiDefinition;
 }


 /**
  * WSDL URL if the APIDetailedDTO is based on a WSDL endpoint\n
  **/
 @JsonProperty("wsdlUri")
 public String getWsdlUri() {
 return wsdlUri;
 }

 public void setWsdlUri(String wsdlUri) {
 this.wsdlUri = wsdlUri;
 }

 *@Hash*
 @JsonProperty("responseCaching")
 public String getResponseCaching() {
 return responseCaching;
 }



 The methods marked with *@Hash* will be automatically extracted from
 the code and will be used to generate the hashes for each resource.

 The generated hashes will be stored inside the CLI's temp folder
 against each resources' UUID, which will be used to compare the hash
 changes between next runs.

>>> What are the fields which we have added to the hash?
>>>


 Highly appreciate your ideas on this.

 Thanks!
 Malintha


 --
 Malintha Amarasinghe
 *WSO2, Inc. - lean | enterprise | middleware*
 http://wso2.com/

 Mobile : +94 712383306

>>>
>>>
>>> --
>>> Harsha Kumara
>>> Associate Technical Lead, WSO2 Inc.
>>> Mobile: +94775505618
>>> Blog:harshcreationz.blogspot.com
>>>
>>
>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>



-- 
Thanks and Regards,

Isuru H.
+94 716 358 048* *
___
Architecture mailing list
Architecture@wso2.org

Re: [Architecture] [Dev] [VOTE] Release of WSO2 API Manager 2.5.0 RC3

[Thilini Shanika]

Hi All,

Found [1] while testing the distributed deployment of APIM. Hence -1 for
RC3.

[1] https://github.com/wso2/product-apim/issues/3459





On Tue, Jun 19, 2018 at 11:11 AM, Dinusha Dissanayake 
wrote:

> Hi all,
>
> Tested the following.
>
> Different user creations. ( admin, publisher and subscriber)
> Created APIS.
> Published APIs.
> Subscribed and token generation.
> Stat viewing in publisher and store with analytics enabled.
> Alert generation for API tier usage crossing and abnormal resource pattern
> detection.
>
> [+] Stable -go ahead and release
>
>
>
>
>
> On Tue, Jun 19, 2018 at 11:06 AM, Prasanna Dangalla 
> wrote:
>
>> Hi All,
>>
>> I tested the following scenarios to super tenant and tenant.
>>
>>- New API creation
>>- New Application Creation with ouath and JWT
>>- Custom subscription Policy creation
>>- Generating OAuth token
>>- Generating JWT
>>- Invoking API using OAuth token.
>>- Blocking the API from invoking JTI in JWT
>>- Invoke the API using JTI as access token when the application type
>>is changed from JWT to OAuth.
>>- Application creation for JWT and OAuth
>>
>>
>> [+]Stable - go ahead and release
>>
>> Thanks
>>
>> *Prasanna Dangalla*
>> Senior Software Engineer, WSO2, Inc.; http://wso2.com/
>> lean.enterprise.middleware
>>
>>
>> *cell: +94 718 11 27 51*
>> *twitter: @prasa77*
>>
>>
>> On Tue, Jun 19, 2018 at 10:09 AM Vithursa Mahendrarajah <
>> vithu...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> I have tested following and no issues found.
>>>
>>>- Application creation, update and key generation using REST API
>>>- Application Attributes (Server specific and tenant specific)
>>>- Creating and Publishing API
>>>- Application creation & subscription
>>>
>>> [+] Stable - go ahead and release
>>>
>>> Thanks,
>>>
>>> On Tue, Jun 19, 2018 at 9:47 AM, Chamin Dias  wrote:
>>>
 Hi,

 Tested following (for both super tenat and tenat) and no issues found.

 Enviornment : Mac OS, Safari web browser
 a) Label creation/update
 b) Attaching/removing labels to/from APIs
 c) Displaying label information in Publisher and Store

 [+] Stable - go ahead and release

 Thanks.

 On Tue, Jun 19, 2018 at 6:11 AM, Chamalee De Silva 
 wrote:

> Hi,
> I have tested following and no issues found.
>
> 1. Basic API flow
> - API creation, publishing, invocation etc.
> 2. Creating users and roles, and user permissions.
>
> 3. Single Sign On with WSO2 Idnetity Server (WSO2 IS 5.6.0 RC3)
>  - SP init and IDP init SSO
>  - Assertion Encryption
>  - Single logout on/off
>  -  SAML request singning in store and publisher.
>
> 4. Installing SCIM identity feature in API Manager 2.5.0
>
> 5. API Properties
>
> 6. SDK generation feature
>
>
> [+]Stable - go ahead and release
>
>
> Thanks,
> Chamalee
>
>
>
> On Tue, Jun 19, 2018 at 12:07 AM, Chamin Dias 
> wrote:
>
>> Hi all,
>>
>> We are pleased to announce the third release candidate of WSO2 API
>> Manager 2.5.0.
>>
>> This release fixes the following issues.
>> Fixes : carbon-apimgt
>> 
>> Fixes : product-apim
>> 
>> Fixes : analytics-apim
>> 
>>
>> Source and distribution,
>> Runtime : https://github.com/wso2/produc
>> t-apim/releases/tag/v2.5.0-rc3
>> Analytics : https://github.com/wso2/analyt
>> ics-apim/releases/tag/v2.5.0-rc1
>>
>> Please download, test the product and vote.
>>
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Note : We can still use APIM-Analytics 2.5.0-rc1 for analytics (no
>> issues reported so far).
>>
>> Thanks,
>> WSO2 API Manager Team
>>
>> --
>> Chamin Dias
>> Mobile : 0716097455
>> Email : cham...@wso2.com
>> LinkedIn : https://www.linkedin.com/in/chamindias
>>
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Chamalee De Silva*
> Senior Software Engineer
> *WS**O2* Inc. :http://wso2.com/
>
> Office   :- *+94 11 2145345 <%2B94%2011%202145345>*
> mobile  :- *+94 7 <%2B94%2077%202782039>1 4315942*
>
>


 --
 Chamin Dias
 Mobile : 0716097455
 Email : cham...@wso2.com
 LinkedIn : 

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Sathya Bandara]

Hi all,

I've tested following scenarios on the IS 5.6.0-RC3 pack.

User management (add/update/remove users).
User management in secondary userstores (Read-Write LDAP).
Consent Management in SAML SSO.
SAML to SAML federation.
Creating workflows definitions for primary userstore users.
Engaging/Disabling workflows on user-store operations.
Enable role based authorization using XACML for service providers.
Tenant creation/update/disabling.

No blocking issues are found.

[+] Stable - go ahead and release.

Thanks,
Sathya


On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack with default
> database setup.
>
>- Enable user self-registration and self-register a new user.
>- Add multiple consent purposes with multiple PII categories.
>- Login to dashboard and see whether we can see the default consent
>and above added PII categories.
>- Confirm claims are getting filtered based on consents.
>- Configure a service provider with OpenID Connect and acquire access
>tokens via Authorization Code, Implicit, Client Credential and Password
>grant types.
>- Enable ID token encryption for the service provider and test the
>flow with decryption for all grant types.
>- Delete the self-signed up user, create another user with the exact
>same username, log in to the dashboard and see what are the consents
>shown.
>- Revoke consents of the user via the dashboard and try accessing the
>SP to verify the consents are asked again.
>- Delete the SP, login to the dashboard and see whether the consents
>are deleted for that SP.
>
> No blocking issues are found.
>
> [+] Stable - go ahead and release.
>
> Thanks,
> Vihanga.
>
> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:
>
>> Hi all,
>>
>> We are pleased to announce the third release candidate of WSO2 Identity
>> Server 5.6.0.
>>
>> This release fixes the following issues
>>
>>- 5.6.0-RC Fixes
>>
>>- 5.6.0-Beta Fixes
>>
>>- 5.6.0-Alpha2 Fixes
>>
>>- 5.6.0-Alpha Fixes
>>
>>- 5.6.0-M7 Fixes
>>
>>- 5.6.0-M6 Fixes
>>
>>- 5.6.0-M5 Fixes
>>
>>- 5.6.0-M4 Fixes
>>
>>- 5.6.0-M3 Fixes
>>
>>- 5.6.0-M2 Fixes
>>
>>- 5.6.0-M1 Fixes
>>
>>
>> Source and distribution,
>> Runtime -  https://github.com/wso2/product-is/releases/tag/v5.6.0-rc3
>> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc3
>>
>> Please download, test the product and vote.
>>
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> WSO2 Identity and Access Management Team
>> --
>>
>> Madawa Soysa / Senior Software Engineer
>> mada...@wso2.com / +94714616050
>>
>> *WSO2 Inc.*
>> lean.enterprise.middleware
>>
>>   
>>
>>
>>
>>
>
> --
>
> Vihanga Liyanage
>
> Software Engineer | WS*O₂* Inc.
>
> M : +*94710124103* | http://wso2.com
>
> [image: http://wso2.com/signature] 
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Micro Gateway CLI - Hashing Resources (APIs/Policies) for change detection

[Malintha Amarasinghe]

List of fields planned to be added as of now; kindly let me know if any
field is missing.

*API*
name
context
version
apiDefinition
responseCaching
isDefaultVersion
type - (http vs ws)
transport - (http/https)
endpointConfig
endpointSecurity
corsConfiguration
authorizationHeader


*SubscriptionThrottlePolicy*
policyName
defaultLimit (throttling limits)
stopOnQuotaReach

*ApplicationThrottlePolicy*
policyName
defaultLimit (throttling limits)


Thanks!
Malintha

On Tue, Jun 19, 2018 at 12:00 PM, Harsha Kumara  wrote:

>
>
> On Tue, Jun 19, 2018 at 11:45 AM Malintha Amarasinghe 
> wrote:
>
>> Hi,
>>
>> Micro gateway CLI works completely separately to API manager; whenever a
>> new API is added for a label, whenever there is a change happens to an
>> existing label there won't be any events published etc like previously. The
>> CLI needs to regenerate the source build it and push the artifacts to the
>> deployment and the full process needs to complete. In most occasions, the
>> CLI can be configured to run periodically to generate sources and do above
>> job.
>>
>> But in this case, most of the time, the CLI will be uselessly generating
>> sources building it and pushing the artifacts to deployment. Comparatively,
>> building and pushing artifacts to deployment have a huge overhead compared
>> to generating sources.
>>
>> This effort is to avoid that as much as possible by change-detection;
>> i.e.
>>
>> 1. The CLI will check if any of the required resources has changed vs the
>> previous build and notify the user after a successful "setup" (source
>> generate) command using the command line output and the exit code of the
>> command.
>> 2. Using the exit code, a user can write a shell script etc to decide
>> whether he should proceed with "build" or not.
>>
>>
>> *Proposed implementation:*
>>
>> API Publisher APIs does not have ETag feature. Even if it is there, the
>> ETag will be generated for the whole resource. For code generation, we will
>> be only using few attributes of the resource, hence using a global ETag for
>> a resource may lead to unnecessary changes for the ETag. Hence the proposed
>> implementation will be using a CLI-side hash generation for *used
>> attributes *of the resource (API/Policies) only.
>>
>> To mark the attributes which are used for generating the code, a newly
>> introduced annotation "@Hash" can be used.
>>
>> Ex:
>>
>> public class APIDetailedDTO extends APIInfoDTO {
>>
>> /**
>>  * Swagger definition of the APIDetailedDTO which contains details about 
>> URI templates and scopes\n
>>  **/
>> *@Hash*
>> @JsonProperty("apiDefinition")
>> public String getApiDefinition() {
>> return apiDefinition;
>> }
>>
>> public void setApiDefinition(String apiDefinition) {
>> this.apiDefinition = apiDefinition;
>> }
>>
>>
>> /**
>>  * WSDL URL if the APIDetailedDTO is based on a WSDL endpoint\n
>>  **/
>> @JsonProperty("wsdlUri")
>> public String getWsdlUri() {
>> return wsdlUri;
>> }
>>
>> public void setWsdlUri(String wsdlUri) {
>> this.wsdlUri = wsdlUri;
>> }
>>
>> *@Hash*
>> @JsonProperty("responseCaching")
>> public String getResponseCaching() {
>> return responseCaching;
>> }
>>
>>
>>
>> The methods marked with *@Hash* will be automatically extracted from the
>> code and will be used to generate the hashes for each resource.
>>
>> The generated hashes will be stored inside the CLI's temp folder against
>> each resources' UUID, which will be used to compare the hash changes
>> between next runs.
>>
> What are the fields which we have added to the hash?
>
>>
>>
>> Highly appreciate your ideas on this.
>>
>> Thanks!
>> Malintha
>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
> --
> Harsha Kumara
> Associate Technical Lead, WSO2 Inc.
> Mobile: +94775505618
> Blog:harshcreationz.blogspot.com
>



-- 
Malintha Amarasinghe
*WSO2, Inc. - lean | enterprise | middleware*
http://wso2.com/

Mobile : +94 712383306
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Vihanga Liyanage]

Hi all,

I've tested following scenarios on the IS 5.6.0-RC3 pack with default
database setup.

   - Enable user self-registration and self-register a new user.
   - Add multiple consent purposes with multiple PII categories.
   - Login to dashboard and see whether we can see the default consent and
   above added PII categories.
   - Confirm claims are getting filtered based on consents.
   - Configure a service provider with OpenID Connect and acquire access
   tokens via Authorization Code, Implicit, Client Credential and Password
   grant types.
   - Enable ID token encryption for the service provider and test the flow
   with decryption for all grant types.
   - Delete the self-signed up user, create another user with the exact
   same username, log in to the dashboard and see what are the consents
   shown.
   - Revoke consents of the user via the dashboard and try accessing the SP
   to verify the consents are asked again.
   - Delete the SP, login to the dashboard and see whether the consents are
   deleted for that SP.

No blocking issues are found.

[+] Stable - go ahead and release.

Thanks,
Vihanga.

On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa  wrote:

> Hi all,
>
> We are pleased to announce the third release candidate of WSO2 Identity
> Server 5.6.0.
>
> This release fixes the following issues
>
>- 5.6.0-RC Fixes
>
>- 5.6.0-Beta Fixes
>
>- 5.6.0-Alpha2 Fixes
>
>- 5.6.0-Alpha Fixes
>
>- 5.6.0-M7 Fixes
>
>- 5.6.0-M6 Fixes
>
>- 5.6.0-M5 Fixes
>
>- 5.6.0-M4 Fixes
>
>- 5.6.0-M3 Fixes
>
>- 5.6.0-M2 Fixes
>
>- 5.6.0-M1 Fixes
>
>
> Source and distribution,
> Runtime -  https://github.com/wso2/product-is/releases/tag/v5.6.0-rc3
> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc3
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> WSO2 Identity and Access Management Team
> --
>
> Madawa Soysa / Senior Software Engineer
> mada...@wso2.com / +94714616050
>
> *WSO2 Inc.*
> lean.enterprise.middleware
>
>   
>
>
>
>

-- 

Vihanga Liyanage

Software Engineer | WS*O₂* Inc.

M : +*94710124103* | http://wso2.com

[image: http://wso2.com/signature] 
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Micro Gateway CLI - Hashing Resources (APIs/Policies) for change detection

[Harsha Kumara]

On Tue, Jun 19, 2018 at 11:45 AM Malintha Amarasinghe 
wrote:

> Hi,
>
> Micro gateway CLI works completely separately to API manager; whenever a
> new API is added for a label, whenever there is a change happens to an
> existing label there won't be any events published etc like previously. The
> CLI needs to regenerate the source build it and push the artifacts to the
> deployment and the full process needs to complete. In most occasions, the
> CLI can be configured to run periodically to generate sources and do above
> job.
>
> But in this case, most of the time, the CLI will be uselessly generating
> sources building it and pushing the artifacts to deployment. Comparatively,
> building and pushing artifacts to deployment have a huge overhead compared
> to generating sources.
>
> This effort is to avoid that as much as possible by change-detection; i.e.
>
> 1. The CLI will check if any of the required resources has changed vs the
> previous build and notify the user after a successful "setup" (source
> generate) command using the command line output and the exit code of the
> command.
> 2. Using the exit code, a user can write a shell script etc to decide
> whether he should proceed with "build" or not.
>
>
> *Proposed implementation:*
>
> API Publisher APIs does not have ETag feature. Even if it is there, the
> ETag will be generated for the whole resource. For code generation, we will
> be only using few attributes of the resource, hence using a global ETag for
> a resource may lead to unnecessary changes for the ETag. Hence the proposed
> implementation will be using a CLI-side hash generation for *used
> attributes *of the resource (API/Policies) only.
>
> To mark the attributes which are used for generating the code, a newly
> introduced annotation "@Hash" can be used.
>
> Ex:
>
> public class APIDetailedDTO extends APIInfoDTO {
>
> /**
>  * Swagger definition of the APIDetailedDTO which contains details about 
> URI templates and scopes\n
>  **/
> *@Hash*
> @JsonProperty("apiDefinition")
> public String getApiDefinition() {
> return apiDefinition;
> }
>
> public void setApiDefinition(String apiDefinition) {
> this.apiDefinition = apiDefinition;
> }
>
>
> /**
>  * WSDL URL if the APIDetailedDTO is based on a WSDL endpoint\n
>  **/
> @JsonProperty("wsdlUri")
> public String getWsdlUri() {
> return wsdlUri;
> }
>
> public void setWsdlUri(String wsdlUri) {
> this.wsdlUri = wsdlUri;
> }
>
> *@Hash*
> @JsonProperty("responseCaching")
> public String getResponseCaching() {
> return responseCaching;
> }
>
>
>
> The methods marked with *@Hash* will be automatically extracted from the
> code and will be used to generate the hashes for each resource.
>
> The generated hashes will be stored inside the CLI's temp folder against
> each resources' UUID, which will be used to compare the hash changes
> between next runs.
>
What are the fields which we have added to the hash?

>
>
> Highly appreciate your ideas on this.
>
> Thanks!
> Malintha
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>


-- 
Harsha Kumara
Associate Technical Lead, WSO2 Inc.
Mobile: +94775505618
Blog:harshcreationz.blogspot.com
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Micro Gateway CLI - Hashing Resources (APIs/Policies) for change detection

[Malintha Amarasinghe]

Hi,

Micro gateway CLI works completely separately to API manager; whenever a
new API is added for a label, whenever there is a change happens to an
existing label there won't be any events published etc like previously. The
CLI needs to regenerate the source build it and push the artifacts to the
deployment and the full process needs to complete. In most occasions, the
CLI can be configured to run periodically to generate sources and do above
job.

But in this case, most of the time, the CLI will be uselessly generating
sources building it and pushing the artifacts to deployment. Comparatively,
building and pushing artifacts to deployment have a huge overhead compared
to generating sources.

This effort is to avoid that as much as possible by change-detection; i.e.

1. The CLI will check if any of the required resources has changed vs the
previous build and notify the user after a successful "setup" (source
generate) command using the command line output and the exit code of the
command.
2. Using the exit code, a user can write a shell script etc to decide
whether he should proceed with "build" or not.


*Proposed implementation:*

API Publisher APIs does not have ETag feature. Even if it is there, the
ETag will be generated for the whole resource. For code generation, we will
be only using few attributes of the resource, hence using a global ETag for
a resource may lead to unnecessary changes for the ETag. Hence the proposed
implementation will be using a CLI-side hash generation for *used
attributes *of the resource (API/Policies) only.

To mark the attributes which are used for generating the code, a newly
introduced annotation "@Hash" can be used.

Ex:

public class APIDetailedDTO extends APIInfoDTO {

/**
 * Swagger definition of the APIDetailedDTO which contains details
about URI templates and scopes\n
 **/
*@Hash*
@JsonProperty("apiDefinition")
public String getApiDefinition() {
return apiDefinition;
}

public void setApiDefinition(String apiDefinition) {
this.apiDefinition = apiDefinition;
}


/**
 * WSDL URL if the APIDetailedDTO is based on a WSDL endpoint\n
 **/
@JsonProperty("wsdlUri")
public String getWsdlUri() {
return wsdlUri;
}

public void setWsdlUri(String wsdlUri) {
this.wsdlUri = wsdlUri;
}

*@Hash*
@JsonProperty("responseCaching")
public String getResponseCaching() {
return responseCaching;
}



The methods marked with *@Hash* will be automatically extracted from the
code and will be used to generate the hashes for each resource.

The generated hashes will be stored inside the CLI's temp folder against
each resources' UUID, which will be used to compare the hash changes
between next runs.


Highly appreciate your ideas on this.

Thanks!
Malintha


-- 
Malintha Amarasinghe
*WSO2, Inc. - lean | enterprise | middleware*
http://wso2.com/

Mobile : +94 712383306
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture