[Dev] Fwd: Image/PDF transfer

[Malaka Silva]

Hi Amit,

Can you share your synapse configuration and carbon logs please.


-- Forwarded message --
From: Amit Rajvanshi 
Date: Thu, Dec 15, 2016 at 3:56 PM
Subject: Image/PDF transfer
To: Malaka Silva 


Hi Malaka,



I again need your help, I need to pick Image and PDF file from one location
and transfer it to another location.

I am using inbound endpoint to do so and using below message builder and
formatter :

















My file is getting picked up but transferred with 0 kb content. Could you
please suggest some solution ?



Best regards,
*Amit Rajvanshi*
Eperium Business Solutions(I) Pvt Ltd,
B-13, Sector 57,
Noida (U.P.) - 201301
Web: http://www.eperiumindia.com

[image: logo-eperium]

This message may contain confidential or legally privileged information. In
the event of any error in transmission, unauthorized recipients are
requested to contact the sender immediately and not to disclose or make use
of this information. No warranties or assurance are made or given as to the
accuracy of the information given or in relation to the safety of this
e-mail and any attachments. No liability whatsoever is accepted for any
consequences arising from this e-mail.





-- 

Best Regards,

Malaka Silva
Senior Technical Lead
M: +94 777 219 791
Tel : 94 11 214 5345
Fax :94 11 2145300
Skype : malaka.sampath.silva
LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
Blog : http://mrmalakasilva.blogspot.com/

WSO2, Inc.
lean . enterprise . middleware
https://wso2.com/signature
http://www.wso2.com/about/team/malaka-silva/

https://store.wso2.com/store/

Don't make Trees rare, we should keep them with care
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Image/PDF transfer

[Malaka Silva]

Good to hear

On Fri, Dec 16, 2016 at 10:21 AM, Amit Rajvanshi <
amit.rajvan...@eperiumindia.com> wrote:

> Thanks Malaka for your Input, I were able to run it ,actually  problem was
> Inbound Endpoint property
>
>
>
>  true
>
>
>
> This property was false , I change it to true and it worked.
>
>
>
> Thanks again for your help and support.
>
>
>
> Best regards,
> *Amit Rajvanshi*
> Eperium Business Solutions(I) Pvt Ltd,
> B-13, Sector 57,
> Noida (U.P.) - 201301
> Web: http://www.eperiumindia.com
>
> [image: logo-eperium]
>
> This message may contain confidential or legally privileged information.
> In the event of any error in transmission, unauthorized recipients are
> requested to contact the sender immediately and not to disclose or make use
> of this information. No warranties or assurance are made or given as to the
> accuracy of the information given or in relation to the safety of this
> e-mail and any attachments. No liability whatsoever is accepted for any
> consequences arising from this e-mail.
>
>
>
> *From:* Malaka Silva [mailto:mal...@wso2.com]
> *Sent:* 16 December 2016 09:28
> *To:* Amit Rajvanshi
> *Cc:* WSO2 Developers' List
> *Subject:* Fwd: Image/PDF transfer
>
>
>
> Hi Amit,
>
>
>
> Can you share your synapse configuration and carbon logs please.
>
>
>
>
>
> -- Forwarded message --
> From: *Amit Rajvanshi* 
> Date: Thu, Dec 15, 2016 at 3:56 PM
> Subject: Image/PDF transfer
> To: Malaka Silva 
>
> Hi Malaka,
>
>
>
> I again need your help, I need to pick Image and PDF file from one
> location and transfer it to another location.
>
> I am using inbound endpoint to do so and using below message builder and
> formatter :
>
>
>
>  contentType="image/jpg"/>
>
>  contentType="application/pdf"/>
>
>
>
>  contentType="application/octet-stream"/>
>
>  contentType="image/jpg"/>
>
>
>
>
>
> My file is getting picked up but transferred with 0 kb content. Could you
> please suggest some solution ?
>
>
>
> Best regards,
> *Amit Rajvanshi*
> Eperium Business Solutions(I) Pvt Ltd,
> B-13, Sector 57,
> Noida (U.P.) - 201301
> Web: http://www.eperiumindia.com
>
> [image: logo-eperium]
>
> This message may contain confidential or legally privileged information.
> In the event of any error in transmission, unauthorized recipients are
> requested to contact the sender immediately and not to disclose or make use
> of this information. No warranties or assurance are made or given as to the
> accuracy of the information given or in relation to the safety of this
> e-mail and any attachments. No liability whatsoever is accepted for any
> consequences arising from this e-mail.
>
>
>
>
>
>
>
> --
>
>
>
> Best Regards,
>
>
> Malaka Silva
> Senior Technical Lead
> M: +94 777 219 791 <077%20721%209791>
>
> Tel : 94 11 214 5345
>
> Fax :94 11 2145300 <011%202%20145300>
>
> Skype : malaka.sampath.silva
>
> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
>
> Blog : http://mrmalakasilva.blogspot.com/
>
>
>
> WSO2, Inc.
>
> lean . enterprise . middleware
> https://wso2.com/signature
>
> http://www.wso2.com/about/team/malaka-silva/
> 
>
> https://store.wso2.com/store/
>
> Don't make Trees rare, we should keep them with care
>



-- 

Best Regards,

Malaka Silva
Senior Technical Lead
M: +94 777 219 791
Tel : 94 11 214 5345
Fax :94 11 2145300
Skype : malaka.sampath.silva
LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
Blog : http://mrmalakasilva.blogspot.com/

WSO2, Inc.
lean . enterprise . middleware
https://wso2.com/signature
http://www.wso2.com/about/team/malaka-silva/

https://store.wso2.com/store/

Don't make Trees rare, we should keep them with care
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Execution plan count increases in geoDashboard subscribe function every time execution plan is viewed from UI

[Damith Wickramasinghe]

Hi Ramindu,

AFAIK having upcount triggered in corresponding extensions init method
should solve this. Since it should be happen once. We need to see why its
triggering every time we views the execution plan. Were you able to check
on it.

Regards,
Damith.



On Fri, Dec 16, 2016 at 8:28 AM, Ramindu De Silva  wrote:

> Hi Megala,
>
> Yes, I'm experiencing the same. It is a bug. Will get back to you with a
> fix or a workaround. Thanks for reporting the bug.
>
> @Damith, the execution plan up count is called even when viewing the
> execution plans. And it makes the execution plan count increased by one. As
> a fix, I think, we need to handle the call method call or will have to keep
> a list of already available execution plans and check before increasing the
> number. WDYT?
>
> Thanks,
>
>
> On Thu, Dec 8, 2016 at 1:43 PM, Megala Uthayakumar 
> wrote:
>
>> Hi all,
>>
>> We are working on adding geo-fencing capabilities for IOT. While doing
>> that we came across following problem intermittently.
>> Sometimes the event fails to go from org.wso2.geo.ProcessedSpatialE
>> vents:1.0.0 to org.wso2.geo.FusedSpatialEvent:1.0.0 and
>> org.wso2.geo.AlertsNotifications:1.0.0
>>
>> While debugging we found that the events are passed to EventFusion
>> function and waiting on buffer to get the number of events that is equal
>> to the deployed execution count, But the value shown for the deployed count 
>> is
>> larger than the actual execution plan count. Further I found the deployed
>> execution count increases whenever we click on the execution plan that
>> is subscribed to geoDashboard in the carbon management console. The counts
>> become to actual count after we restart the server. Is this a known bug
>> ? Is there any work around solve this problem without restarting the server.
>>
>> Thanks.
>>
>> Regards,
>> Megala
>> --
>> Megala Uthayakumar
>>
>> Software Engineer
>> Mobile : 0779967122
>>
>
>
>
> --
> *Ramindu De Silva*
> Software Engineer
> WSO2 Inc.: http://wso2.com
> lean.enterprise.middleware
>
> email: ramin...@wso2.com 
> mob: +94 772339350
> mob: +94 719678895
>



-- 
Software Engineer
WSO2 Inc.; http://wso2.com

lean.enterprise.middleware

mobile: *+94728671315*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Execution plan count increases in geoDashboard subscribe function every time execution plan is viewed from UI

[Ramindu De Silva]

Hi Megala,

Yes, I'm experiencing the same. It is a bug. Will get back to you with a
fix or a workaround. Thanks for reporting the bug.

@Damith, the execution plan up count is called even when viewing the
execution plans. And it makes the execution plan count increased by one. As
a fix, I think, we need to handle the call method call or will have to keep
a list of already available execution plans and check before increasing the
number. WDYT?

Thanks,


On Thu, Dec 8, 2016 at 1:43 PM, Megala Uthayakumar  wrote:

> Hi all,
>
> We are working on adding geo-fencing capabilities for IOT. While doing
> that we came across following problem intermittently.
> Sometimes the event fails to go from org.wso2.geo.ProcessedSpatialE
> vents:1.0.0 to org.wso2.geo.FusedSpatialEvent:1.0.0 and
> org.wso2.geo.AlertsNotifications:1.0.0
>
> While debugging we found that the events are passed to EventFusion
> function and waiting on buffer to get the number of events that is equal
> to the deployed execution count, But the value shown for the deployed count is
> larger than the actual execution plan count. Further I found the deployed
> execution count increases whenever we click on the execution plan that is
> subscribed to geoDashboard in the carbon management console. The counts
> become to actual count after we restart the server. Is this a known bug ?
> Is there any work around solve this problem without restarting the server.
>
> Thanks.
>
> Regards,
> Megala
> --
> Megala Uthayakumar
>
> Software Engineer
> Mobile : 0779967122
>



-- 
*Ramindu De Silva*
Software Engineer
WSO2 Inc.: http://wso2.com
lean.enterprise.middleware

email: ramin...@wso2.com 
mob: +94 772339350
mob: +94 719678895
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS : Change admin username/password through environment variables

[Pubudu Gunatilaka]

Hi Hanen,

This should work. Do you use any entry script to start the wso2 server?
This [1] is how we have done in WSO2 dockerfiles. If you replace the
mentioned line with the following line, it should work.

JAVA_OPTS="-DWSO2_ADMIN_USERNAME=${WSO2_ADMIN_USERNAME}
-DWSO2_ADMIN_PASSWORD=${WSO2_ADMIN_PASSWORD}"
${CARBON_HOME}/bin/wso2server.sh

I hope you correctly passed the environment variables as follows when
running the container. If you are using any cluster management system, you
need to provide values with relevant parameter values.

docker run -d -e WSO2_ADMIN_USERNAME=customuser -e
WSO2_ADMIN_PASSWORD=custompwd wso2esb:4.9.0

Another option is to start the wso2 server without JAVA_OPTS as follows.

${CARBON_HOME}/bin/wso2server.sh
-DWSO2_ADMIN_USERNAME=${WSO2_ADMIN_USERNAME}
-DWSO2_ADMIN_PASSWORD=${WSO2_ADMIN_PASSWORD}

[1] -
https://github.com/wso2/dockerfiles/blob/master/common/scripts/entrypoint.sh#L132

Thank you!

On Wed, Dec 14, 2016 at 7:58 PM, Hanen Ben Rhouma 
wrote:

> Hello,
>
> We're trying to launch WSO2 IS from a docker image by passing admin
> username and password as environment variables:
>
>
> JAVA_OPTS="-DWSO2_ADMIN_USERNAME=customuser -DWSO2_ADMIN_PASSWORD=custompwd"
> ./bin/wso2server.sh
>
>
> while WSO2_ADMIN_USERNAME and WSO2_ADMIN_PASSWORD are declared within
> user-mgt.xml as follow
>
>  
>
> 23
> 
>
> ${WSO2_ADMIN_USERNAME}
>
> 24
> 
>
> ${WSO2_ADMIN_PASSWORD}
>
> 25
> 
>
> 
>
>
>
> We noticed that it's working locally but when we deploy in a centos VM 
> containing docker, the variables aren't replcaed by their values.
>
>
> Any ideas why it's not picking up the arguments values?
>
>
>
> Regards,
>
> Hanen
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Docker image deployment in the Cloud

[Pubudu Gunatilaka]

Docker-rsync does the same job. What we need here is to synchronize the
configurations between the nodes.

Most of the cases, automation test covers if there is any configuration
issue.

Thank you!

On Mon, Dec 12, 2016 at 5:55 PM, Hanen Ben Rhouma 
wrote:

> Thanks guys for the answers,
>
> Actually I found a project called docker-rsync I don't know if this is
> what you meant Pubudu, it seams a good solution for such issue, we need to
> test it first. What about WSO2 cloud based solutions don't you guys have a
> continuous build pipeline to validate each change happening to the config
> as well as the resources? How are you handling such scenarion?
>
>
>
> Regards,
> Hanen
>
>
> On Fri, Dec 9, 2016 at 9:06 PM, Pubudu Gunatilaka 
> wrote:
>
>> Hi,
>>
>> I think we can use dep sync. This is what normally do for API Manager and
>> ESB. If we use SVN based dep sync, server changes will be pushed to SVN.
>> SVN server can be a dedicated server or docker container.
>>
>> If you use docker containers for SVN, you need to mount the container
>> file system to the container host machine file system. If you are using
>> container management systems such as Kubernetes, Mesos, etc. you need to
>> restrict SVN docker container to spin in the same host machine.
>>
>> Thank you!
>>
>> On Fri, Dec 9, 2016 at 11:32 PM, Harsha Thirimanna 
>> wrote:
>>
>>> Hi Hanen,
>>>
>>> Yes, there may be several possibilities to do this such a situation.
>>> If we consider the real container base deployment, it may not be
>>> possible to allow to generate files in within the container itself because
>>> in that case we can't push that changes to the original docker image
>>> directly to add the new changes to the next spawning instance using current
>>> image. So if we want to go in that approach, definitely we have to first
>>> build a concrete identity server instance with the all the configuration
>>> changes except the runtime data that is stored in databases.
>>> As an example, when we create secondary user store, we create it in file
>>> system. So we can't allow to add such one in container model and we have to
>>> create it first and prepare the cdocker image using that concrete instance.
>>> That is not the specific problem to the WSO2 IS, but for this deployment
>>> model.
>>> In other way, it would be nice if we could point our configs in central
>>> place and use same image always. But that is not the expected container
>>> model. But in practical world it may be the one we can use. But WSO2 IS, we
>>> don't have a way to point configs in out side place of the product. All are
>>> relative to the product home folder.
>>> Am i answered to you ? Please let me know for further clarification.
>>>
>>> thanks
>>>
>>> *Harsha Thirimanna*
>>> *Associate Tech Lead | WSO2*
>>>
>>> Email: hars...@wso2.com
>>> Mob: +94715186770 <+94%2071%20518%206770>
>>> Blog: http://harshathirimanna.blogspot.com/
>>> Twitter: http://twitter.com/harshathirimann
>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha
>>> rsha-thirimanna/10/ab8/122
>>> 
>>>
>>> On Fri, Dec 9, 2016 at 7:42 PM, Hanen Ben Rhouma 
>>> wrote:
>>>
 Hello,

 I have a question related to WSO2 IS deployment on the cloud: what is
 the best approach to set up a continuous build pipeline for WSO2 IS knowing
 that the idea behind is to launch a dockerfile which is going to deploy the
 WSO2 IS image on AWS, the challenge is how can we keep our dynamic data
 generated after manipulating WSO2 on the cloud, we can persist xml files on
 BitBucket and retrieve them each time we rebuild the image but aside from
 those files there are some other types of transient data that are generated
 by the user actions once he starts configuring WSO2 from the administration
 console, how can we make sure that they're not lost once the docker image
 is regenerated ?


 Regards,
 Hanen

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Pubudu Gunatilaka*
>> Committer and PMC Member - Apache Stratos
>> Software Engineer
>> WSO2, Inc.: http://wso2.com
>> mobile : +94774078049 <%2B94772207163>
>>
>>
>


-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Validate user against given user store and save correct user domain in saml2-bearer grant type.

[Farasath Ahamed]

On Thu, Dec 15, 2016 at 12:33 PM, Rajith Vitharana  wrote:

>
>
> On 15 December 2016 at 00:59, Farasath Ahamed  wrote:
>
>> On Wed, Dec 14, 2016 at 8:59 PM, Rajith Vitharana 
>> wrote:
>>
>>> Hi IS team,
>>>
>>> In [1] when getting the user, it doesn't validate whether the user is
>>> in a user store or not. (This happens in saml2-bearer grant type and IS
>>> trust the saml assertion. It's totally valid not doing this)
>>>
>>> but can we give the user the freedom to choose whether to validate the
>>> user in saml assertion against a given user store or not?
>>>
>>
>>
>> If we let the user to choose to validate the user against a user store or
>> not, the assertions coming from trusted IDP for a federated users will fail
>> if he chooses to validate the user in userstore?
>>
> Yes, we can make this configurable and use current behavior as default, If
> user needs this behavior, he will need to provide the userstore details
> which he needs the user to be validated against.
>


Hmm that makes sense. But once he enables this option he will no longer be
able to accept SAML bearer tokens from Federated IDPs (say like Google)
right?


What i mean is, when user enables that option, he would only be able to use
>> assertions issued by IS or a federated IDP that shares a userstore with IS.
>>
>> Instead wouldn't it be better if we only check the user in the user store
>> if the assertion was issued by us (by us I mean IS that is validating the
>> SAML assertion). We can check this using the SAML IdpEntityId. For those
>> assertions not issued by us, we could treat them as coming from a federated
>> IDP for a federated user.
>>
>> In which case it will actually have a valid user and correct user domain
>>> in the token table, in which case he can generate jwt tokens with required
>>> claims for that user. Is this a valid scenario? if so can we support this?
>>>
>>> Note that since we are taking the user domain from the username(subject)
>>> in [1], we can send username(saml assertion subject) with correct
>>> domain(ex: Secondary/username1) in which case it will save the correct
>>> domain in token table. Hence jwt flow works fine. But I feel like it's kind
>>> of a hack for this.
>>>
>>> I have created a public jira for this in [2]
>>>
>>> [1] - https://github.com/wso2/carbon-identity/blob/master/co
>>> mponents/oauth/org.wso2.carbon.identity.oauth/src/main/java/
>>> org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L637
>>>
>>> [2] - https://wso2.org/jira/browse/IDENTITY-5483
>>>
>>>
>>> Thanks
>>>
>>> --
>>> Rajith Vitharana
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc. : wso2.com
>>> Mobile : +94715883223
>>> Blog : http://lankavitharana.blogspot.com/
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>
>
> --
> Rajith Vitharana
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94715883223
> Blog : http://lankavitharana.blogspot.com/
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Validate user against given user store and save correct user domain in saml2-bearer grant type.

[Farasath Ahamed]

On Wed, Dec 14, 2016 at 8:59 PM, Rajith Vitharana  wrote:

> Hi IS team,
>
> In [1] when getting the user, it doesn't validate whether the user is in
> a user store or not. (This happens in saml2-bearer grant type and IS trust
> the saml assertion. It's totally valid not doing this)
>
> but can we give the user the freedom to choose whether to validate the
> user in saml assertion against a given user store or not?
>


If we let the user to choose to validate the user against a user store or
not, the assertions coming from trusted IDP for a federated users will fail
if he chooses to validate the user in userstore?
What i mean is, when user enables that option, he would only be able to use
assertions issued by IS or a federated IDP that shares a userstore with IS.

Instead wouldn't it be better if we only check the user in the user store
if the assertion was issued by us (by us I mean IS that is validating the
SAML assertion). We can check this using the SAML IdpEntityId. For those
assertions not issued by us, we could treat them as coming from a federated
IDP for a federated user.

In which case it will actually have a valid user and correct user domain in
> the token table, in which case he can generate jwt tokens with required
> claims for that user. Is this a valid scenario? if so can we support this?
>
> Note that since we are taking the user domain from the username(subject)
> in [1], we can send username(saml assertion subject) with correct
> domain(ex: Secondary/username1) in which case it will save the correct
> domain in token table. Hence jwt flow works fine. But I feel like it's kind
> of a hack for this.
>
> I have created a public jira for this in [2]
>
> [1] - https://github.com/wso2/carbon-identity/blob/master/co
> mponents/oauth/org.wso2.carbon.identity.oauth/src/main/java/
> org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L637
>
> [2] - https://wso2.org/jira/browse/IDENTITY-5483
>
>
> Thanks
>
> --
> Rajith Vitharana
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94715883223
> Blog : http://lankavitharana.blogspot.com/
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Validate user against given user store and save correct user domain in saml2-bearer grant type.

[Farasath Ahamed]

On Thu, Dec 15, 2016 at 12:45 PM, Rajith Vitharana  wrote:

>
>
> On 15 December 2016 at 01:11, Farasath Ahamed  wrote:
>
>>
>>
>> On Thu, Dec 15, 2016 at 12:33 PM, Rajith Vitharana 
>> wrote:
>>
>>>
>>>
>>> On 15 December 2016 at 00:59, Farasath Ahamed 
>>> wrote:
>>>
 On Wed, Dec 14, 2016 at 8:59 PM, Rajith Vitharana 
 wrote:

> Hi IS team,
>
> In [1] when getting the user, it doesn't validate whether the user is
> in a user store or not. (This happens in saml2-bearer grant type and IS
> trust the saml assertion. It's totally valid not doing this)
>
> but can we give the user the freedom to choose whether to validate the
> user in saml assertion against a given user store or not?
>


 If we let the user to choose to validate the user against a user store
 or not, the assertions coming from trusted IDP for a federated users will
 fail if he chooses to validate the user in userstore?

>>> Yes, we can make this configurable and use current behavior as default,
>>> If user needs this behavior, he will need to provide the userstore details
>>> which he needs the user to be validated against.
>>>
>>
>>
>> Hmm that makes sense. But once he enables this option he will no longer
>> be able to accept SAML bearer tokens from Federated IDPs (say like Google)
>> right?
>>
> we can make this per IDP right? without making this a global config. so
> that he can disable this for google right?
>

I think what you meant was per SP. If so, yes :)

And also we can improve our default behaviour to detect SAML bearer tokens
issued to local users without treating everyone bringing a SAML bearer into
IS as federated one as we do now in [1]


[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/912088d9f45d1c76534f0907586198b51ca20509/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/saml/SAML2BearerGrantHandler.java#L181



>
>>
>> What i mean is, when user enables that option, he would only be able to
 use assertions issued by IS or a federated IDP that shares a userstore with
 IS.

 Instead wouldn't it be better if we only check the user in the user
 store if the assertion was issued by us (by us I mean IS that is validating
 the SAML assertion). We can check this using the SAML IdpEntityId. For
 those assertions not issued by us, we could treat them as coming from a
 federated IDP for a federated user.

 In which case it will actually have a valid user and correct user
> domain in the token table, in which case he can generate jwt tokens with
> required claims for that user. Is this a valid scenario? if so can we
> support this?
>
> Note that since we are taking the user domain from the
> username(subject) in [1], we can send username(saml assertion subject) 
> with
> correct domain(ex: Secondary/username1) in which case it will save the
> correct domain in token table. Hence jwt flow works fine. But I feel like
> it's kind of a hack for this.
>
> I have created a public jira for this in [2]
>
> [1] - https://github.com/wso2/carbon-identity/blob/master/co
> mponents/oauth/org.wso2.carbon.identity.oauth/src/main/java/
> org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L637
>
> [2] - https://wso2.org/jira/browse/IDENTITY-5483
>
>
> Thanks
>
> --
> Rajith Vitharana
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94715883223
> Blog : http://lankavitharana.blogspot.com/
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

>>>
>>>
>>> --
>>> Rajith Vitharana
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc. : wso2.com
>>> Mobile : +94715883223
>>> Blog : http://lankavitharana.blogspot.com/
>>> 
>>>
>>
>>
>
>
> --
> Rajith Vitharana
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94715883223
> Blog : http://lankavitharana.blogspot.com/
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Change profile to runtime in product creation pom

[Imesh Gunaratne]

On Thu, Dec 15, 2016 at 11:48 AM, Niranjan Karunanandham 
wrote:

> Hi all,
>
> In C5, the server can have multiple runtimes and for each one will have a
> separate directory and contains runtime specific files. But at the time of
> product creation, in the pom, we are using tag  to denote the
> *runtime*. This tag ("<*profile*>") is required by the* tycho plugin*.
> Shall we change this to  and handle the conversion to profile in
> the *carbon-feature-plugin* so that outside, this is only known as
> runtime?
>

​Yes, I think that make sense. Since the profile concept itself has been
changed in C5 changing the term to "runtime" would make it more meaningful.

Thanks


-- 
*Imesh Gunaratne*
Software Architect
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
lean. enterprise. middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev