[Dev] WSO2 Enterprise Integrator 6.2.0-M3 Released!

[Madhawa Gunasekara]

Hi All,

The WSO2 Integration team is pleased to announce the release of Enterprise
Integrator 6.2.0 Milestone 3.
Source & binary distribution files of the WSO2 Enterprise
Integrator 6.2.0-M3 is available for download from the following location.

https://github.com/wso2/product-ei/releases/tag/v6.2.0-m3

*Tasks/Bug Fixes and Improvements*

WSO2 Jira - Fixed Issues 
Product EI - Github fixed issues

*List of Open Issues*

WSO2 Jira - Open Issues 
WSO2 EI Github - Open Issues


*Mailing Lists*
Join our mailing list and correspond with the developers directly.
Developer List: dev@wso2.org | Subscribe | Mail Archive
User Forum: StackOverflow

*Reporting Issues*

We encourage you to report issues, improvements and feature requests
regarding WSO2 Integrator through WSO2 EI GIT Issues.

~ The WSO2 Integration Team ~

-- 
*Madhawa Gunasekara*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94 719411002 <+94+719411002>
blog: *http://madhawa-gunasekara.blogspot.com
*
linkedin: *http://lk.linkedin.com/in/mgunasekara
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSOC][Siddhi][DEV] Deployment and Code Management of PySiddhi

[Grainier Perera]

Hi Madhawa,

Merged both PRs and the Wiki.

Regards,
Grainier.

On Wed, Aug 23, 2017 at 9:41 PM, Madhawa Vidanapathirana <
madhawavidanapathir...@gmail.com> wrote:

> Hi,
>
> I have sent the new PRs [1] [2] which merge WSO2 DAS Client with PySiddhi.
>
> The Wiki [3] has also been updated, which would require a manual merge
> since PRs are not possible for GitHub Wikis.
>
> Kindly reach me if any changes are required.
>
> [1] https://github.com/wso2/PySiddhi/pull/3
> [2] https://github.com/wso2/PySiddhi/pull/4
> [3] https://github.com/madhawav/PySiddhi/wiki
>
> Regards,
> Madhawa
>
>
> On Fri, Aug 18, 2017 at 7:27 PM, Madhawa Vidanapathirana <
> madhawavidanapathir...@gmail.com> wrote:
>
>> Hi,
>>
>> I just noticed that it is not possible to send PRs on Wiki pages I made
>> for the project, that are available at [1]. I believe a collaborator of
>> main repository [2] would have to manually review the wiki at [1] and get
>> it copied to main repository [2].
>>
>> The link [3] describes a technique which can be useful to copy the wiki
>> pages from [1] to [2].
>>
>> Also, I am looking forward for your comments on updated PRs I sent to
>> branches master and 3.x of main repository [2].
>>
>> [1] - https://github.com/madhawav/PySiddhi/wiki
>> [2] - https://github.com/wso2/PySiddhi
>> [3] - https://stackoverflow.com/questions/10642928/how-to-pull-
>> request-a-wiki-page-on-github
>>
>> Kind Regards,
>> Madhawa
>>
>> On Thu, Aug 10, 2017 at 11:02 AM, Madhawa Vidanapathirana <
>> madhawavidanapathir...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I have sent PRs to both branches 3.x and master of [1] with relevant
>>> code versions.
>>> Kindly review and let me know any changes that are required.
>>>
>>> Meanwhile, I will check on generation of *.whl files which are required
>>> for distribution to PyPI.
>>>
>>> [1] https://github.com/wso2/pysiddhi
>>>
>>> Kind Regards,
>>> Madhawa
>>>
>>> On Wed, Aug 9, 2017 at 5:03 PM, Grainier Perera 
>>> wrote:
>>>
 Hi Madhawa,

 I have created a branch for PySiddhi 3.x at [1], and we are thinking of
 maintaining the PySiddhi 4.x in the master branch. Please send PRs to 3.x
 branch and master branch.

 [1] https://github.com/wso2/pysiddhi/tree/3.x

 Regards,

 On Wed, Aug 9, 2017 at 9:17 AM, Madhawa Vidanapathirana <
 madhawavidanapathir...@gmail.com> wrote:

> Hi,
>
> I have prepared the branch for PySiddhi 3.1 (in fork of main repo) and
> it is available at [1]. However, I am unable to send the PR since 3.1
> branch is not in the main repository at [2].
>
> Also, would be requiring a branch for 4.0 to PR the 4.0 version which
> will be ready soon.
>
> [1] https://github.com/madhawav/PySiddhi/tree/3.1
> [2] https://github.com/wso2/PySiddhi
>
> Kind Regards,
>
> --
> *Madhawa Vidanapathirana*
> Student
> Department of Computer Science and Engineering
> University of Moratuwa
> Sri Lanka
>
> Mobile: (+94) 716874425 <+94%2071%20687%204425>
> Email: madhawavidanapathir...@gmail.com
> Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
>



 --
 Grainier Perera
 Senior Software Engineer
 Mobile : +94716122384 <+94%2071%20612%202384>
 WSO2 Inc. | http://wso2.com
 lean.enterprise.middleware

>>>
>>>
>>>
>>> --
>>> *Madhawa Vidanapathirana*
>>> Student
>>> Department of Computer Science and Engineering
>>> University of Moratuwa
>>> Sri Lanka
>>>
>>> Mobile: (+94) 716874425 <+94%2071%20687%204425>
>>> Email: madhawavidanapathir...@gmail.com
>>> Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
>>>
>>
>>
>>
>> --
>> *Madhawa Vidanapathirana*
>> Student
>> Department of Computer Science and Engineering
>> University of Moratuwa
>> Sri Lanka
>>
>> Mobile: (+94) 716874425 <+94%2071%20687%204425>
>> Email: madhawavidanapathir...@gmail.com
>> Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
>>
>
>
>
> --
> *Madhawa Vidanapathirana*
> Student
> Department of Computer Science and Engineering
> University of Moratuwa
> Sri Lanka
>
> Mobile: (+94) 716874425 <+94%2071%20687%204425>
> Email: madhawavidanapathir...@gmail.com
> Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
>



-- 
Grainier Perera
Senior Software Engineer
Mobile : +94716122384
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Is this fix correct? Can someone explain?

[Isura Karunaratne]

On Thu, Aug 24, 2017 at 1:27 AM Johann Nallathamby  wrote:

>
> https://github.com/wso2/carbon-identity-framework/commit/1f2df5faf2a46258791bdaf1d4c94741626e34a1
>
> How is *resourceType* attribute mapped to *userType*? And why is
> AttributeID still *mail*?
>

This is scim2 dialect. when we add a user, its resorceTyoe is user. Then
the email address of that user becomes as user. That was the issue.

I think scim1 dialect uses userType claim local claim for this. remote
dialect's attributeId is not required in new claim management module,
instead it uses local mapped claim.

Thanks
Isura

>
> Regards,
> Johann.
>
> --
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.4.0-M3 Released!

[Johann Nallathamby]

IAM Team,

Please note that the following JIRAs have not be fixed per se. According to
the comments they have been resolved as "cannot reproduce", "won't fix" or
"invalid". But the "Resolution" says "Fixed" which is incorrect. Can we
change this and make sure in future we strictly follow proper resolution
category. Otherwise this will give a wrong impression when generating stats
on public JIRAs.

[1] https://wso2.org/jira/browse/IDENTITY-5943
[2] https://wso2.org/jira/browse/IDENTITY-6126
[3] https://wso2.org/jira/browse/IDENTITY-6235
[4] https://wso2.org/jira/browse/IDENTITY-6243
[5] https://wso2.org/jira/browse/IDENTITY-6282

Regards,
Johann.

On Wed, Aug 23, 2017 at 11:03 AM, Nuwandi Wickramasinghe 
wrote:

> WSO2 Identity Server team is pleased to announce the 3rd Milestone of WSO2
>  IdentityServer 5.4.0. You can download this distribution from the
> following location.
>
> https://github.com/wso2/product-is/releases/tag/v5.4.0-m3
>
> Following list contains all the features, improvements and bug fixes
> available with this milestone.
> Patch
>
>- [IDENTITY-6206 ] - ACS
>validation failure when using signed passive saml requests
>- [IDENTITY-6208 ] -
>Possible Connection Leak in RegistryRecoveryDataStore
>
> Bug
>
>- [IDENTITY-4663 ] -
>Getting a registry indexing error while evaluating a XACML request against
>PDP
>- [IDENTITY-5549 ] -
>Backend error while creating a tenant domain with capital letters in the
>name
>- [IDENTITY-5938 ] - [NPE]
>OAuth2AuthzEndpoint has thrown exception, unwinding now
>- [IDENTITY-5943 ] -
>[LoadTest] Error while retrieving access token in Authorization Code grant
>type
>- [IDENTITY-6073 ] - OIDC
>logout fails when call back url has a uri fragment
>- [IDENTITY-6088 ] - IS
>should not return IDTokens without required claims
>- [IDENTITY-6099 ] -
>Intermittent error when invoking password reset rest api using browser
>based client
>- [IDENTITY-6117 ] -
>Observed a performance degradation due to pre-authentication and
>post-authentication event handlers
>- [IDENTITY-6126 ] - Style
>issue in IS SSO Login page in IE
>- [IDENTITY-6158 ] -
>Exception thrown when debug logs are disabled
>- [IDENTITY-6175 ] -
>Improvements for updateAppAndRevokeTokensAndAuthzCodes
>- [IDENTITY-6235 ] -
>Nullpointer Exception on Requesting Access Token twice for using a custom
>grant type.
>- [IDENTITY-6237 ] -
>PROVIDE MANDATORY DETAILS page does not go away on submit of missing cliams
>- [IDENTITY-6241 ] -
>Multiple claims mapped to a same local claim
>- [IDENTITY-6242 ] -
>Internal Server Error on Requesting Access-Token for the Same 
> 'saml2-bearer'
>- [IDENTITY-6243 ] - Error
>on requesting access tokens with federated user and primary user where both
>users have the same username.
>- [IDENTITY-6244 ] - Only
>sub is recieving even claims are set for federated users
>- [IDENTITY-6247 ] -
>Updating multiple user attributes via SCIM2 Patch-Replace does not work
>- [IDENTITY-6248 ] - ldap
>search filters with objectGUID are not working properly
>- [IDENTITY-6251 ] -
>[SCIM] ArrayIndexOutofBoundException thrown for invalid authorization
>headers
>- [IDENTITY-6254 ] -
>[SCIM] Error in user creation and retrieval after enabling the config to
>allow emails as usernames
>- [IDENTITY-6259 ] - When
>a user is created email is shown as "User"
>- [IDENTITY-6269 ] -
>sslHandshakeException in the request to /oauth2/authorize in access token
>generation
>- [IDENTITY-6271 ] -
>Users/{id} PATCH expects the "schemas" attribute to be empty
>- [IDENTITY-6273 ] -
>

[Dev] [IAM] Can't we do the same fix by adding fragment component as a blacklisted pattern to our JS util method?

[Johann Nallathamby]

Can't we do $subject to fix [1]? I thought we were following this as a
standard approach in our UI layer so that we can reuse these functionality
in all our UIs. This is the approach we were following up until IS 5.3.0.
Preventing entering fragment component could be a common requirement when
defining URLs. So there is a high chance this can be needed somewhere else.

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/commit/556ec8e1c2b8ad1a8e77b9216d6a3f6b301c863b


Regards,
Johann.

-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Is this fix correct? Can someone explain?

[Johann Nallathamby]

https://github.com/wso2/carbon-identity-framework/commit/1f2df5faf2a46258791bdaf1d4c94741626e34a1

How is *resourceType* attribute mapped to *userType*? And why is
AttributeID still *mail*?

Regards,
Johann.

-- 

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSOC][Siddhi][DEV] Deployment and Code Management of PySiddhi

[Madhawa Vidanapathirana]

Hi,

I have sent the new PRs [1] [2] which merge WSO2 DAS Client with PySiddhi.

The Wiki [3] has also been updated, which would require a manual merge
since PRs are not possible for GitHub Wikis.

Kindly reach me if any changes are required.

[1] https://github.com/wso2/PySiddhi/pull/3
[2] https://github.com/wso2/PySiddhi/pull/4
[3] https://github.com/madhawav/PySiddhi/wiki

Regards,
Madhawa


On Fri, Aug 18, 2017 at 7:27 PM, Madhawa Vidanapathirana <
madhawavidanapathir...@gmail.com> wrote:

> Hi,
>
> I just noticed that it is not possible to send PRs on Wiki pages I made
> for the project, that are available at [1]. I believe a collaborator of
> main repository [2] would have to manually review the wiki at [1] and get
> it copied to main repository [2].
>
> The link [3] describes a technique which can be useful to copy the wiki
> pages from [1] to [2].
>
> Also, I am looking forward for your comments on updated PRs I sent to
> branches master and 3.x of main repository [2].
>
> [1] - https://github.com/madhawav/PySiddhi/wiki
> [2] - https://github.com/wso2/PySiddhi
> [3] - https://stackoverflow.com/questions/10642928/how-to-
> pull-request-a-wiki-page-on-github
>
> Kind Regards,
> Madhawa
>
> On Thu, Aug 10, 2017 at 11:02 AM, Madhawa Vidanapathirana <
> madhawavidanapathir...@gmail.com> wrote:
>
>> Hi,
>>
>> I have sent PRs to both branches 3.x and master of [1] with relevant code
>> versions.
>> Kindly review and let me know any changes that are required.
>>
>> Meanwhile, I will check on generation of *.whl files which are required
>> for distribution to PyPI.
>>
>> [1] https://github.com/wso2/pysiddhi
>>
>> Kind Regards,
>> Madhawa
>>
>> On Wed, Aug 9, 2017 at 5:03 PM, Grainier Perera 
>> wrote:
>>
>>> Hi Madhawa,
>>>
>>> I have created a branch for PySiddhi 3.x at [1], and we are thinking of
>>> maintaining the PySiddhi 4.x in the master branch. Please send PRs to 3.x
>>> branch and master branch.
>>>
>>> [1] https://github.com/wso2/pysiddhi/tree/3.x
>>>
>>> Regards,
>>>
>>> On Wed, Aug 9, 2017 at 9:17 AM, Madhawa Vidanapathirana <
>>> madhawavidanapathir...@gmail.com> wrote:
>>>
 Hi,

 I have prepared the branch for PySiddhi 3.1 (in fork of main repo) and
 it is available at [1]. However, I am unable to send the PR since 3.1
 branch is not in the main repository at [2].

 Also, would be requiring a branch for 4.0 to PR the 4.0 version which
 will be ready soon.

 [1] https://github.com/madhawav/PySiddhi/tree/3.1
 [2] https://github.com/wso2/PySiddhi

 Kind Regards,

 --
 *Madhawa Vidanapathirana*
 Student
 Department of Computer Science and Engineering
 University of Moratuwa
 Sri Lanka

 Mobile: (+94) 716874425 <+94%2071%20687%204425>
 Email: madhawavidanapathir...@gmail.com
 Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94

>>>
>>>
>>>
>>> --
>>> Grainier Perera
>>> Senior Software Engineer
>>> Mobile : +94716122384 <+94%2071%20612%202384>
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>
>>
>>
>> --
>> *Madhawa Vidanapathirana*
>> Student
>> Department of Computer Science and Engineering
>> University of Moratuwa
>> Sri Lanka
>>
>> Mobile: (+94) 716874425 <+94%2071%20687%204425>
>> Email: madhawavidanapathir...@gmail.com
>> Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
>>
>
>
>
> --
> *Madhawa Vidanapathirana*
> Student
> Department of Computer Science and Engineering
> University of Moratuwa
> Sri Lanka
>
> Mobile: (+94) 716874425 <+94%2071%20687%204425>
> Email: madhawavidanapathir...@gmail.com
> Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
>



-- 
*Madhawa Vidanapathirana*
Student
Department of Computer Science and Engineering
University of Moratuwa
Sri Lanka

Mobile: (+94) 716874425
Email: madhawavidanapathir...@gmail.com
Linked-In: https://lk.linkedin.com/in/madhawa-vidanapathirana-3430b94
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Prabath Siriwardena]

On Wed, Aug 23, 2017 at 4:32 AM, Sathya Bandara  wrote:

> Hi,
>
> The aud claim in id token is used to identify to which parties the JWT is
> intended for. If the client application needs to process the JWT then it
> should identify itself as a value in the audiences claim. Therefore it is
> valid and rational to have the client ID in the audience claim.
>
>  Currently, it is possible to configure the audiences for OpenID Connect
> via identity.xml but it will get applied globally in all SPs. We are going
> to support multiple audience configuration in IS 5.5.0 via the UI similar
> to how its done in SAML. As an improvement to this we can include the
> client identifier in the audience claim as well.
>

I assume we will let the user define multiple audience values - for an
access token and an ID token, independently?

Thanks & regards,
-Prabath


>
> Thanks,
> Sathya
>
>
>
> On Wed, Aug 23, 2017 at 2:09 PM, Prabath Siriwardena 
> wrote:
>
>> The audience of the ID token is the web app (or it can also have the
>> token endpoint - in case of the JWT grant type) - the audience of the
>> access token is the API (or where it will be used by the web app).. so
>> those can be two different values..
>>
>> This [1] is  a good way we should consider implementing - to request an
>> access token for a given audience..
>>
>> [1]: https://tools.ietf.org/id/draft-tschofenig-oauth-audience-00.html
>>
>> Thanks & regards,
>> -Prabath
>>
>>
>>
>> On Mon, Aug 21, 2017 at 11:02 PM, Gayan Gunawardana 
>> wrote:
>>
>>> According to OpenID connect specification [1] "aud" value is client id
>>> with identifiers for other audiences.
>>>
>>>  {
>>>"iss": "https://server.example.com;,
>>>"sub": "24400320",
>>>"aud": "s6BhdRkqt3",
>>>"nonce": "n-0S6_WzA2Mj",
>>>"exp": 1311281970,
>>>"iat": 1311280970,
>>>"auth_time": 1311280969,
>>>"acr": "urn:mace:incommon:iap:silver"
>>>   }
>>>
>>> But in token introspection "aud" value is more like service provider URL
>>> with identifiers for other audiences.
>>>
>>>  {
>>>   "active": true,
>>>   "client_id": "l238j323ds-23ij4",
>>>   "username": "jdoe",
>>>   "scope": "read write dolphin",
>>>   "sub": "Z5O3upPC88QrAjx00dis",
>>>   "aud": "https://protected.example.net/resource;,
>>>   "iss": "https://server.example.com/;,
>>>   "exp": 1419356238,
>>>   "iat": 1419350238,
>>>   "extension_field": "twenty-seven"
>>>  }
>>>
>>> Can we have different Audience values for token introspection response
>>> and ID Token ? If not we can have both as Audience values.
>>>
>>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>>
>>> Thanks,
>>> Gayan
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> Twitter : @prabath
>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>>
>> Mobile : +1 650 625 7950 <(650)%20625-7950>
>>
>> http://facilelogin.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>



-- 
Thanks & Regards,
Prabath

Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Mobile : +1 650 625 7950

http://facilelogin.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Sathya Bandara]

Hi,

The aud claim in id token is used to identify to which parties the JWT is
intended for. If the client application needs to process the JWT then it
should identify itself as a value in the audiences claim. Therefore it is
valid and rational to have the client ID in the audience claim.

 Currently, it is possible to configure the audiences for OpenID Connect
via identity.xml but it will get applied globally in all SPs. We are going
to support multiple audience configuration in IS 5.5.0 via the UI similar
to how its done in SAML. As an improvement to this we can include the
client identifier in the audience claim as well.

Thanks,
Sathya



On Wed, Aug 23, 2017 at 2:09 PM, Prabath Siriwardena 
wrote:

> The audience of the ID token is the web app (or it can also have the token
> endpoint - in case of the JWT grant type) - the audience of the access
> token is the API (or where it will be used by the web app).. so those can
> be two different values..
>
> This [1] is  a good way we should consider implementing - to request an
> access token for a given audience..
>
> [1]: https://tools.ietf.org/id/draft-tschofenig-oauth-audience-00.html
>
> Thanks & regards,
> -Prabath
>
>
>
> On Mon, Aug 21, 2017 at 11:02 PM, Gayan Gunawardana 
> wrote:
>
>> According to OpenID connect specification [1] "aud" value is client id
>> with identifiers for other audiences.
>>
>>  {
>>"iss": "https://server.example.com;,
>>"sub": "24400320",
>>"aud": "s6BhdRkqt3",
>>"nonce": "n-0S6_WzA2Mj",
>>"exp": 1311281970,
>>"iat": 1311280970,
>>"auth_time": 1311280969,
>>"acr": "urn:mace:incommon:iap:silver"
>>   }
>>
>> But in token introspection "aud" value is more like service provider URL
>> with identifiers for other audiences.
>>
>>  {
>>   "active": true,
>>   "client_id": "l238j323ds-23ij4",
>>   "username": "jdoe",
>>   "scope": "read write dolphin",
>>   "sub": "Z5O3upPC88QrAjx00dis",
>>   "aud": "https://protected.example.net/resource;,
>>   "iss": "https://server.example.com/;,
>>   "exp": 1419356238,
>>   "iat": 1419350238,
>>   "extension_field": "twenty-seven"
>>  }
>>
>> Can we have different Audience values for token introspection response
>> and ID Token ? If not we can have both as Audience values.
>>
>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>
>> Thanks,
>> Gayan
>>
>> --
>> Gayan Gunawardana
>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>> Email: ga...@wso2.com
>> Mobile: +94 (71) 8020933
>>
>
>
>
> --
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950 <(650)%20625-7950>
>
> http://facilelogin.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Request to install mkdocs and mkdocs-material in jenkins.

[Sriskandarajah Suhothayan]

Thanks Maheshika,

If you need any help from us, please let us know, we need to get this done
ASAP.

Regards
Suho

On Wed, Aug 23, 2017 at 3:03 PM, Chathurika Amarathunga <
chathuri...@wso2.com> wrote:

> Thank you Maheshika.
>
> Regards
> Chathurika.
>
> On Wed, Aug 23, 2017 at 1:58 PM, Maheshika Goonetilleke <
> mahesh...@wso2.com> wrote:
>
>> Hi Chathurika
>>
>> We need to test this on staging and then install it in production. Will
>> do so and update this thread.
>>
>> On Wed, Aug 23, 2017 at 1:12 PM, Chathurika Amarathunga <
>> chathuri...@wso2.com> wrote:
>>
>>> Hi Maheshika,
>>>
>>> We are planing to use MKdocs [1] to generate the documentation site
>>> (github io site) for all repositories (siddhi,, siddhi extension and
>>> product-sp)  in Data Analytic team. It is required to install followings to
>>> ensure that site is generate at building time [2].
>>>
>>>  *- python*
>>> * - pip*
>>> * - mkdocs*
>>> * - mkdocs-material*
>>> Therefore, Could you please install mkdocs and mkdocs-material to the
>>> Jenkins.
>>>
>>> [1] http://www.mkdocs.org/
>>> [2] http://squidfunk.github.io/mkdocs-material/getting-started/
>>>
>>> Thank you.
>>> Chathurika Amarathunga.
>>> --
>>> *Chathurika Amarathunga*
>>> Software Engineer - WSO2
>>>
>>> Email: chathuri...@wso2.com
>>> Mobile: +94783886224 <+94%2078%20388%206224>
>>> 
>>>
>>
>>
>>
>> --
>>
>> Thanks & Best Regards,
>>
>> Maheshika Goonetilleke
>> Senior Engineering Process Coordinator
>>
>> *WSO2 Inc*
>> *email   : mahesh...@wso2.com *
>> *mobile : +94 773 596707 <+94%2077%20359%206707>*
>> *www: :http://wso2.com *lean . enterprise . middleware
>>
>>
>>
>>
>>
>
>
> --
> *Chathurika Amarathunga*
> Software Engineer - WSO2
>
> Email: chathuri...@wso2.com
> Mobile: +94783886224 <078%20388%206224>
> 
>



-- 

*S. Suhothayan*
Associate Director / Architect
*WSO2 Inc. *http://wso2.com
* *
lean . enterprise . middleware


*cell: (+94) 779 756 757 | blog: http://suhothayan.blogspot.com/
twitter: http://twitter.com/suhothayan
 | linked-in:
http://lk.linkedin.com/in/suhothayan *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Request to install mkdocs and mkdocs-material in jenkins.

[Chathurika Amarathunga]

Thank you Maheshika.

Regards
Chathurika.

On Wed, Aug 23, 2017 at 1:58 PM, Maheshika Goonetilleke 
wrote:

> Hi Chathurika
>
> We need to test this on staging and then install it in production. Will do
> so and update this thread.
>
> On Wed, Aug 23, 2017 at 1:12 PM, Chathurika Amarathunga <
> chathuri...@wso2.com> wrote:
>
>> Hi Maheshika,
>>
>> We are planing to use MKdocs [1] to generate the documentation site
>> (github io site) for all repositories (siddhi,, siddhi extension and
>> product-sp)  in Data Analytic team. It is required to install followings to
>> ensure that site is generate at building time [2].
>>
>>  *- python*
>> * - pip*
>> * - mkdocs*
>> * - mkdocs-material*
>> Therefore, Could you please install mkdocs and mkdocs-material to the
>> Jenkins.
>>
>> [1] http://www.mkdocs.org/
>> [2] http://squidfunk.github.io/mkdocs-material/getting-started/
>>
>> Thank you.
>> Chathurika Amarathunga.
>> --
>> *Chathurika Amarathunga*
>> Software Engineer - WSO2
>>
>> Email: chathuri...@wso2.com
>> Mobile: +94783886224 <+94%2078%20388%206224>
>> 
>>
>
>
>
> --
>
> Thanks & Best Regards,
>
> Maheshika Goonetilleke
> Senior Engineering Process Coordinator
>
> *WSO2 Inc*
> *email   : mahesh...@wso2.com *
> *mobile : +94 773 596707 <+94%2077%20359%206707>*
> *www: :http://wso2.com *lean . enterprise . middleware
>
>
>
>
>


-- 
*Chathurika Amarathunga*
Software Engineer - WSO2

Email: chathuri...@wso2.com
Mobile: +94783886224

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Prabath Siriwardena]

The audience of the ID token is the web app (or it can also have the token
endpoint - in case of the JWT grant type) - the audience of the access
token is the API (or where it will be used by the web app).. so those can
be two different values..

This [1] is  a good way we should consider implementing - to request an
access token for a given audience..

[1]: https://tools.ietf.org/id/draft-tschofenig-oauth-audience-00.html

Thanks & regards,
-Prabath



On Mon, Aug 21, 2017 at 11:02 PM, Gayan Gunawardana  wrote:

> According to OpenID connect specification [1] "aud" value is client id
> with identifiers for other audiences.
>
>  {
>"iss": "https://server.example.com;,
>"sub": "24400320",
>"aud": "s6BhdRkqt3",
>"nonce": "n-0S6_WzA2Mj",
>"exp": 1311281970,
>"iat": 1311280970,
>"auth_time": 1311280969,
>"acr": "urn:mace:incommon:iap:silver"
>   }
>
> But in token introspection "aud" value is more like service provider URL
> with identifiers for other audiences.
>
>  {
>   "active": true,
>   "client_id": "l238j323ds-23ij4",
>   "username": "jdoe",
>   "scope": "read write dolphin",
>   "sub": "Z5O3upPC88QrAjx00dis",
>   "aud": "https://protected.example.net/resource;,
>   "iss": "https://server.example.com/;,
>   "exp": 1419356238,
>   "iat": 1419350238,
>   "extension_field": "twenty-seven"
>  }
>
> Can we have different Audience values for token introspection response and
> ID Token ? If not we can have both as Audience values.
>
> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>
> Thanks,
> Gayan
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Thanks & Regards,
Prabath

Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Mobile : +1 650 625 7950

http://facilelogin.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Farasath Ahamed]

Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 




On Wed, Aug 23, 2017 at 1:58 PM, Gayan Gunawardana  wrote:

>
>
> On Wed, Aug 23, 2017 at 1:46 PM, Asela Pathberiya  wrote:
>
>>
>>
>> On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana 
>> wrote:
>>
>>> According to OpenID connect specification [1] "aud" value is client id
>>> with identifiers for other audiences.
>>>
>>>  {
>>>"iss": "https://server.example.com;,
>>>"sub": "24400320",
>>>"aud": "s6BhdRkqt3",
>>>"nonce": "n-0S6_WzA2Mj",
>>>"exp": 1311281970,
>>>"iat": 1311280970,
>>>"auth_time": 1311280969,
>>>"acr": "urn:mace:incommon:iap:silver"
>>>   }
>>>
>>> But in token introspection "aud" value is more like service provider URL
>>> with identifiers for other audiences.
>>>
>>
>> Where is it mentioned that it must be the SP URL.  I guess it must be
>> some kind of identification such as client id.  Isn't it ?
>>
> Yes no it is not a URL but kind of URI which represent service provider.
> According to offline chat had with Ruwan in Oauth/OpenID connect
> configuration there should be a way to configure Audiences like in SAML.
>

We do have a way to do this for OpenID Connect via identity.xml from IS
5.2.0. We did this so that our id_token could be used as a JWT Bearer
Grant. JWT Bearer grant requires the authorization server's token endpoint
or it alias to be included as a audience.



org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder
SHA256withRSA


**






But of course that would be a global value. So we might have to do an
improvement to define that per Service Provider





>
>>
>>>
>>>  {
>>>   "active": true,
>>>   "client_id": "l238j323ds-23ij4",
>>>   "username": "jdoe",
>>>   "scope": "read write dolphin",
>>>   "sub": "Z5O3upPC88QrAjx00dis",
>>>   "aud": "https://protected.example.net/resource;,
>>>   "iss": "https://server.example.com/;,
>>>   "exp": 1419356238,
>>>   "iat": 1419350238,
>>>   "extension_field": "twenty-seven"
>>>  }
>>>
>>> Can we have different Audience values for token introspection response
>>> and ID Token ? If not we can have both as Audience values.
>>>
>>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>>
>>> Thanks,
>>> Gayan
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>>  +358 449 228 979
>>
>> http://soasecurity.org/
>> http://xacmlinfo.org/
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Request to install mkdocs and mkdocs-material in jenkins.

[Maheshika Goonetilleke]

Hi Chathurika

We need to test this on staging and then install it in production. Will do
so and update this thread.

On Wed, Aug 23, 2017 at 1:12 PM, Chathurika Amarathunga <
chathuri...@wso2.com> wrote:

> Hi Maheshika,
>
> We are planing to use MKdocs [1] to generate the documentation site
> (github io site) for all repositories (siddhi,, siddhi extension and
> product-sp)  in Data Analytic team. It is required to install followings to
> ensure that site is generate at building time [2].
>
>  *- python*
> * - pip*
> * - mkdocs*
> * - mkdocs-material*
> Therefore, Could you please install mkdocs and mkdocs-material to the
> Jenkins.
>
> [1] http://www.mkdocs.org/
> [2] http://squidfunk.github.io/mkdocs-material/getting-started/
>
> Thank you.
> Chathurika Amarathunga.
> --
> *Chathurika Amarathunga*
> Software Engineer - WSO2
>
> Email: chathuri...@wso2.com
> Mobile: +94783886224 <+94%2078%20388%206224>
> 
>



-- 

Thanks & Best Regards,

Maheshika Goonetilleke
Senior Engineering Process Coordinator

*WSO2 Inc*
*email   : mahesh...@wso2.com *
*mobile : +94 773 596707*
*www: :http://wso2.com *lean . enterprise . middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Asela Pathberiya]

On Wed, Aug 23, 2017 at 1:58 PM, Gayan Gunawardana  wrote:

>
>
> On Wed, Aug 23, 2017 at 1:46 PM, Asela Pathberiya  wrote:
>
>>
>>
>> On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana 
>> wrote:
>>
>>> According to OpenID connect specification [1] "aud" value is client id
>>> with identifiers for other audiences.
>>>
>>>  {
>>>"iss": "https://server.example.com;,
>>>"sub": "24400320",
>>>"aud": "s6BhdRkqt3",
>>>"nonce": "n-0S6_WzA2Mj",
>>>"exp": 1311281970,
>>>"iat": 1311280970,
>>>"auth_time": 1311280969,
>>>"acr": "urn:mace:incommon:iap:silver"
>>>   }
>>>
>>> But in token introspection "aud" value is more like service provider URL
>>> with identifiers for other audiences.
>>>
>>
>> Where is it mentioned that it must be the SP URL.  I guess it must be
>> some kind of identification such as client id.  Isn't it ?
>>
> Yes no it is not a URL but kind of URI which represent service provider.
> According to offline chat had with Ruwan in Oauth/OpenID connect
> configuration there should be a way to configure Audiences like in SAML.
>

I do not think it is mentioned as URI.   +1 Yes. we need to allow to
configure multiple values & keep the client id as default.


>
>>
>>>
>>>  {
>>>   "active": true,
>>>   "client_id": "l238j323ds-23ij4",
>>>   "username": "jdoe",
>>>   "scope": "read write dolphin",
>>>   "sub": "Z5O3upPC88QrAjx00dis",
>>>   "aud": "https://protected.example.net/resource;,
>>>   "iss": "https://server.example.com/;,
>>>   "exp": 1419356238,
>>>   "iat": 1419350238,
>>>   "extension_field": "twenty-seven"
>>>  }
>>>
>>> Can we have different Audience values for token introspection response
>>> and ID Token ? If not we can have both as Audience values.
>>>
>>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>>
>>> Thanks,
>>> Gayan
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>>  +358 449 228 979
>>
>> http://soasecurity.org/
>> http://xacmlinfo.org/
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Gayan Gunawardana]

On Wed, Aug 23, 2017 at 1:46 PM, Asela Pathberiya  wrote:

>
>
> On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana 
> wrote:
>
>> According to OpenID connect specification [1] "aud" value is client id
>> with identifiers for other audiences.
>>
>>  {
>>"iss": "https://server.example.com;,
>>"sub": "24400320",
>>"aud": "s6BhdRkqt3",
>>"nonce": "n-0S6_WzA2Mj",
>>"exp": 1311281970,
>>"iat": 1311280970,
>>"auth_time": 1311280969,
>>"acr": "urn:mace:incommon:iap:silver"
>>   }
>>
>> But in token introspection "aud" value is more like service provider URL
>> with identifiers for other audiences.
>>
>
> Where is it mentioned that it must be the SP URL.  I guess it must be some
> kind of identification such as client id.  Isn't it ?
>
Yes no it is not a URL but kind of URI which represent service provider.
According to offline chat had with Ruwan in Oauth/OpenID connect
configuration there should be a way to configure Audiences like in SAML.

>
>
>>
>>  {
>>   "active": true,
>>   "client_id": "l238j323ds-23ij4",
>>   "username": "jdoe",
>>   "scope": "read write dolphin",
>>   "sub": "Z5O3upPC88QrAjx00dis",
>>   "aud": "https://protected.example.net/resource;,
>>   "iss": "https://server.example.com/;,
>>   "exp": 1419356238,
>>   "iat": 1419350238,
>>   "extension_field": "twenty-seven"
>>  }
>>
>> Can we have different Audience values for token introspection response
>> and ID Token ? If not we can have both as Audience values.
>>
>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>
>> Thanks,
>> Gayan
>>
>> --
>> Gayan Gunawardana
>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>> Email: ga...@wso2.com
>> Mobile: +94 (71) 8020933
>>
>
>
>
> --
> Thanks & Regards,
> Asela
>
> ATL
> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>  +358 449 228 979
>
> http://soasecurity.org/
> http://xacmlinfo.org/
>



-- 
Gayan Gunawardana
Senior Software Engineer; WSO2 Inc.; http://wso2.com/
Email: ga...@wso2.com
Mobile: +94 (71) 8020933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

[Asela Pathberiya]

On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana  wrote:

> According to OpenID connect specification [1] "aud" value is client id
> with identifiers for other audiences.
>
>  {
>"iss": "https://server.example.com;,
>"sub": "24400320",
>"aud": "s6BhdRkqt3",
>"nonce": "n-0S6_WzA2Mj",
>"exp": 1311281970,
>"iat": 1311280970,
>"auth_time": 1311280969,
>"acr": "urn:mace:incommon:iap:silver"
>   }
>
> But in token introspection "aud" value is more like service provider URL
> with identifiers for other audiences.
>

Where is it mentioned that it must be the SP URL.  I guess it must be some
kind of identification such as client id.  Isn't it ?


>
>  {
>   "active": true,
>   "client_id": "l238j323ds-23ij4",
>   "username": "jdoe",
>   "scope": "read write dolphin",
>   "sub": "Z5O3upPC88QrAjx00dis",
>   "aud": "https://protected.example.net/resource;,
>   "iss": "https://server.example.com/;,
>   "exp": 1419356238,
>   "iat": 1419350238,
>   "extension_field": "twenty-seven"
>  }
>
> Can we have different Audience values for token introspection response and
> ID Token ? If not we can have both as Audience values.
>
> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>
> Thanks,
> Gayan
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding auth_time claim in OIDC id_token

[Asela Pathberiya]

On Wed, Aug 23, 2017 at 12:46 PM, Hasini Witharana  wrote:

> Hi,
>
> In the OIDC specification auth_time is defined as below.[1]
>
> Time when the End-User authentication occurred. Its value is a JSON number
> representing the number of seconds from 1970-01-01T0:0:0Z as measured in
> UTC until the date/time. When a max_age request is made or when auth_time
> is requested as an Essential Claim, then this Claim is REQUIRED; otherwise,
> its inclusion is OPTIONAL.
>
> In the current implementation when the user is authenticated for the first
> time using user credentials, auth_time is considered as the session created
> time. After that when user is implicitly login in using a cookie without
> giving user credentials, auth_time is considered as session updated time.
>

If SP sends a force authe request,  Are we creating a new session or update
the existing session ?

If max_age is expired,  Does SP need to send a force auth request or just
an authentication request ?

Thanks,
Asela.

>
> As I think the auth_time should be the first time user authenticated using
> credentials.
> [2] is the fix made for this issue.
>
> Thank you.
>
> [1] - http://openid.net/specs/openid-connect-core-1_0.html
> [2] - https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/pull/455
>
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] *
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Request to install mkdocs and mkdocs-material in jenkins.

[Chathurika Amarathunga]

Hi Maheshika,

We are planing to use MKdocs [1] to generate the documentation site (github
io site) for all repositories (siddhi,, siddhi extension and product-sp)
 in Data Analytic team. It is required to install followings to ensure that
site is generate at building time [2].

 *- python*
* - pip*
* - mkdocs*
* - mkdocs-material*
Therefore, Could you please install mkdocs and mkdocs-material to the
Jenkins.

[1] http://www.mkdocs.org/
[2] http://squidfunk.github.io/mkdocs-material/getting-started/

Thank you.
Chathurika Amarathunga.
-- 
*Chathurika Amarathunga*
Software Engineer - WSO2

Email: chathuri...@wso2.com
Mobile: +94783886224

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Regarding auth_time claim in OIDC id_token

[Hasini Witharana]

Hi,

In the OIDC specification auth_time is defined as below.[1]

Time when the End-User authentication occurred. Its value is a JSON number
representing the number of seconds from 1970-01-01T0:0:0Z as measured in
UTC until the date/time. When a max_age request is made or when auth_time
is requested as an Essential Claim, then this Claim is REQUIRED; otherwise,
its inclusion is OPTIONAL.

In the current implementation when the user is authenticated for the first
time using user credentials, auth_time is considered as the session created
time. After that when user is implicitly login in using a cookie without
giving user credentials, auth_time is considered as session updated time.

As I think the auth_time should be the first time user authenticated using
credentials.
[2] is the fix made for this issue.

Thank you.

[1] - http://openid.net/specs/openid-connect-core-1_0.html
[2] -
https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/455

-- 

*Hasini Witharana*
Software Engineering Intern | WSO2


*Email : hasi...@wso2.com *

*Mobile : +94713850143[image: http://wso2.com/signature]
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] WSO2 Stream Processor 4.0.0-M10 Released !

[Nirmal Fernando]

On Wed, Aug 23, 2017 at 4:05 AM, Niveathika Rajendran 
wrote:

> Hi All,
>
>
> The WSO2 Analytics team is pleased to announce the release of *WSO2
> Stream Processor Version 4.0.0 Milestone 10*.
>
> WSO2 Smart Analytics let digital business creating real-time, intelligent,
> actionable business insights, and data products which are achieved by WSO2
> Stream Processor's real-time, incremental & intelligent data processing
> capabilities.
>
> WSO2 Stream Processor can:
>
>-
>
>Receive events from various data sources
>-
>
>Process & correlate them in real-time with the sate of the art
>high-performance real-time Siddhi Complex Event Processing Engine that
>works with easy to learn the SQL-Like query language.
>-
>
>Process analysis that spans for longer time duration with its
>incremental processing capability by achieving high performance with low
>infrastructure cost.
>-
>
>Uses Machine Learning and other models to drive intelligent
>insights from the data
>-
>
>Notifications interesting event occurrences as alerts via multiple
>types of transport & let users visualize the results via customizable
>dashboards.
>-
>
>WSO2 SP is released under Apache Software License Version 2.0, one
>of the most business-friendly licenses available today.
>
>
> You can find the product at https://github.com/wso2/
> 
>
>
Please find the correct link
https://github.com/wso2/product-sp/releases/download/v4.0.0-M10/wso2sp-4.0.0-M10.zip


>
> Documentation at https://docs.wso2.com/display/
> 
> Source code at https://github.com/wso2/
> 
>
> *WSO2 SP 4.0.0-M10 includes the following*
>
> *New Features*
>
>- Incremental Processing in Siddhi
>- Minimum High Availability Deployment Support for SP
>- Carbon Data Sources Integration in SP
>
> *New Extensions*
>
>
>
>- Siddhi-io-email : Sink feature
>- Siddhi-io-rabbitmq
>- Siddhi-io-mqtt
>- Siddhi-execution-streamingml
>
>
> *Reporting Issues*
>
> Issues can be reported using the github issue tracker available at
> https://github.com/wso2/product-sp
> 
> * Contact us*
>
> WSO2 Stream Processor developers can be contacted via the mailing lists:
>
> Developer List : dev@wso2.org | Subscribe
>  | M
> 
>
>
> Alternatively, questions can also be raised in the Stackoverflow:
>
> Forum http://stackoverflow.com/questwso2/
> 
>
>
> *Support *
>
> We are committed to ensuring that your enterprise middleware deployment is
> completely supported from evaluation to production. Our unique approach
> ensures that all support leverages our open development methodology and is
> provided by the very same engineers who build the technology.
>
> For more details and to take advantage of this unique opportunity please
> visit http://wso2.com/support/.  
>
> For more information on WSO2 Smart Analytics and
> Smart Analytics Solutions, visit the WSO2 Smart Analytics Page
> .
>
>
>
> *~ The WSO2 Analytics Team ~*
>
>
> --
> Best Regards,
> *Niveathika Rajendran,*
> *Software Engineer.*
> *Mobile : +94 077 903 7536 <+94%2077%20903%207536>*
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Thanks & regards,
Nirmal

Technical Lead, WSO2 Inc.
Mobile: +94715779733
Blog: http://nirmalfdo.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev