[Dev] ♥ New message on Badoo

2017-11-02 Thread Ayeshmantha 
Title: New message on Badoo






































See this email in Deutsch, Français, Italiano, Español, Português or 37 other languages































Ayeshmantha messaged you











Take a look at your message and instantly reply






Read your message


This email is part of the message delivery service, sent from Ayeshmantha. If you received this email by mistake, please ignore it. After a short time the message will be removed from the system





















These other people are nearby too:























































Download on the App Store








Get it on Google Play

Re: [Dev] [IS][OAuth] Token Response request validation

2017-11-02 Thread Isura Karunaratne 
On Thu, Nov 2, 2017 at 9:37 PM Danushka Fernando  wrote:

> @Isura
> Thanks for pointing out. But still there is a dead code there which will
> never get triggered right? Shall we refactor that code?
>
+1

@Nuwandi,
Can you work on this refactoring?

Thanks
Isura.

>
> Thanks & Regards
> Danushka Fernando
> Associate Tech Lead
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729
>
> On Thu, Nov 2, 2017 at 9:08 PM, Isura Karunaratne  wrote:
>
>> Hi Danushka,
>>
>> Other than the responseType validation *validateAccessDelegation *method does
>> the OAuth callback handles invocation. OAuth callback handler is an
>> extension point that can be used to validate the access based on
>>
>>- AuthenticatedUser
>>- Consumer Key
>>- Scopes
>>- ResponseType
>>
>>
>> We can register new CallBackHandlers based on the requirements and
>> configure it in identity.xml file
>>
>>   
>> > Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler"/>
>> 
>>
>> Thanks
>> Isura.
>>
>> On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando 
>> wrote:
>>
>>> Hi All
>>> When access token, id token, auth code or open id token is requested, it
>>> will go through AuthorizationHandlerManager[1] class to authorize the
>>> client. There are three authorization steps [2].
>>>
>>>1. First check is isAuthorized check. Here it checks whether its
>>>requesting a token or a code and according to that it will check implicit
>>>or code grant types are allowed for the application and returns true of
>>>false.[3]
>>>2. Second check is validateAccessDelegation check. Here also it
>>>checks the request type and will check allowance of implicit or code 
>>> grant
>>>types and returns true or false.[4]
>>>3. Third is scope validation
>>>
>>> So according to this analysis both check #1 and #2 are doing the same
>>> thing and I don't see a way of check #1 getting passed and check #2 getting
>>> failed. Please correct me if I am wrong.
>>>
>>> If this is correct shall we do the necessary adjustment to reduce the
>>> complexity of the code?
>>>
>>>
>>> [1]
>>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java
>>> [2]
>>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java#L100-L123
>>> [3]
>>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165
>>> [4]
>>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104
>>>
>>>
>>> Thanks & Regards
>>> Danushka Fernando
>>> Associate Tech Lead
>>> WSO2 inc. http://wso2.com/
>>> Mobile : +94716332729 <+94%2071%20633%202729>
>>>
>>
>>
>>
>> --
>>
>> *Isura Dilhara Karunaratne*
>> Associate Technical Lead | WSO2
>> Email: is...@wso2.com
>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>> Blog : http://isurad.blogspot.com/
>>
>>
>>
>>
> --

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Avoiding Carbon Metrics releases every time the Databridge component is released.

2017-11-02 Thread Isuru Perera 
Hi,

We need to avoid releasing Carbon Metrics every time the Data bridge
related components are released. It should be possible if Carbon Metrics
can depend on a Data Publisher feature.

Shall we fix this soon?

Thank you.

-- 
Isuru Perera
Technical Lead | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha
Contact: +IsuruPereraWSO2 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [SP]Incremental processing not working with SP + RDBMS

2017-11-02 Thread Charini Nanayakkara 
Hi Gokul,

It worked when I tested without the retrieval part of incremental processor
if I remember correctly.

To be more precise, there are two parts in incremental aggregation. The
part where we aggregate, and the part where we retrieve.

RDBMS store is used in the aggregation level. We refer to that table and
perform a join to retrieve aggregated values in the second phase.

The issue occurs due to a function 'within'  (which has the namespace
'incrementalAggregator') being used in the retrieval part of the query. The
retrieval implementation was not done at the time I tested with RDBMS.
Hence I seem to have overlooked this issue. It should still work when only
the aggregation part is defined in the siddhi application. I will further
verify this matter and update you. Will check how we can fix this.

Thank you
Charini

On Thu, Nov 2, 2017 at 11:45 AM, Gokul Balakrishnan  wrote:

> Hi Charini,
>
> Are you sure that this worked with the RDBMS store before? It has not
> supported function namespaces from the start.
>
> Thanks,
>
> On 2 November 2017 at 11:40, Charini Nanayakkara 
> wrote:
>
>> Hi Suho,
>>
>> Incremental processing is not working with RDBMS due to a new change
>> introduced at RDBMS extension level which rejects function namespaces. I
>> will discuss this with Gokul as well and find a solution.
>>
>> Thank you
>> Charini
>>
>> On Thu, Nov 2, 2017 at 3:10 AM, Sriskandarajah Suhothayan 
>> wrote:
>>
>>>
>>> Hi Charini
>>>
>>> Please look into this.
>>>
>>> The attached Siddhi file is not compiling with RDBMS Aggregation.
>>>
>>> Thanks
>>> Suho
>>>
>>> --
>>>
>>> *S. Suhothayan*
>>> Associate Director / Architect
>>> *WSO2 Inc. *http://wso2.com
>>> * *
>>> lean . enterprise . middleware
>>>
>>>
>>> *cell: (+94) 779 756 757 <+94%2077%20975%206757> | blog:
>>> http://suhothayan.blogspot.com/ twitter:
>>> http://twitter.com/suhothayan  | linked-in:
>>> http://lk.linkedin.com/in/suhothayan *
>>>
>>
>>
>>
>> --
>> *Charini Vimansha Nanayakkara*
>> Software Engineer at WSO2
>>
>> Mobile: 0714126293
>> E-mail: chari...@wso2.com
>> Blog: http://www.charini.me/
>>
>> 
>>
>
>
>
> --
> Gokul Balakrishnan
> Senior Software Engineer,
> WSO2, Inc. http://wso2.com
> M +94 77 5935 789 | +44 7563 570502 <+44%207563%20570502>
>
>


-- 
*Charini Vimansha Nanayakkara*
Software Engineer at WSO2

Mobile: 0714126293
E-mail: chari...@wso2.com
Blog: http://www.charini.me/


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 5.3.0] How to configure OIDC claims globally?

2017-11-02 Thread Godwin Shrimal 
Hi Javier,

AFAIK there is no way to globally configure OIDC claims, we need to
configure required claims in Service provider to send via id_token.
I have cc few IS folks here, they'll give more information about this.


Thanks
Godwin

On Thu, Nov 2, 2017 at 12:35 AM, Vazquez-Hidalgo, Javier <
javier.vazquez-hida...@tdsecurities.com> wrote:

> Hello,
>
>
>
> I’ve been trying to return claims embedded in the “id_token” (JWT) but it
> only works if I configure them in the Service Provider -> Claim
> Configuration section.
>
>
>
> Is there a way to configure them globally for all service providers?
>
>
>
>
>
> Regards,
>
> Javier Vazquez
>
>
>
>
>
>
>
>
>
>
>
> If you wish to unsubscribe from receiving commercial electronic messages
> from TD Bank Group, please click here  or go
> to the following web address: www.td.com/tdoptout
> Si vous souhaitez vous désabonner des messages électroniques de nature
> commerciale envoyés par Groupe Banque TD veuillez cliquer ici
>  ou vous rendre à l'adresse www.td.com/tddesab
>
>
> NOTICE: Confidential message which may be privileged. Unauthorized
> use/disclosure prohibited. If received in error, please go to
> www.td.com/legal for instructions.
> AVIS : Message confidentiel dont le contenu peut être privilégié.
> Utilisation/divulgation interdites sans permission. Si reçu par erreur,
> prière d'aller au www.td.com/francais/avis_juridique pour des
> instructions.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] RabbitMQ connection related errors on WSO2 startup

2017-11-02 Thread Norberto Fernandes 
Hi all,

I am getting some strange errors while starting up the WSO2 6.1.1 server. Hope 
that you can help. 

So, I have a single node WSO2 Server running and connecting to a RabbitMQ node 
(rmqNode1) that is part of a cluster of two (rmqNode1 and rmqNode2). 
Have in mind that all the transportSender and listeners are pointing to 
rmqNode1. No connection details are defined for rmqNode2. 


If I have the two RabbitMQ cluster nodes up and running and start the WSO2 
6.1.1 server there isn’t any issue. 
With all servers up, if I shutdown rmqNode2, all continues ok with no errors. 

If I only have rmqNode1 up and then start WSO2 6.1.1, I get a endless stream of 
errors like : 
TID: [-1] [] [2017-11-02 15:34:48,232] ERROR 
{org.apache.axis2.transport.rabbitmq.ServiceTaskManager} -  Error, Connection 
already closed myProxysample, Listner id - 78 
{org.apache.axis2.transport.rabbitmq.ServiceTaskManager}
com.rabbitmq.client.AlreadyClosedException: channel is already closed due to 
channel error; protocol method: #method(reply-code=404, 
reply-text=NOT_FOUND - home node 'rabbit@node2.site1' of durable queue 
’sample.queue' in vhost ’sample' is down or inaccessible, class-id=50, 
method-id=10)
at com.rabbitmq.client.impl.AMQChannel.ensureIsOpen(AMQChannel.java:198)
at com.rabbitmq.client.impl.AMQChannel.rpc(AMQChannel.java:244)
at com.rabbitmq.client.impl.AMQChannel.privateRpc(AMQChannel.java:222)
at 
com.rabbitmq.client.impl.AMQChannel.exnWrappingRpc(AMQChannel.java:117)
at com.rabbitmq.client.impl.ChannelN.queueDeclare(ChannelN.java:925)
at 
com.rabbitmq.client.impl.recovery.AutorecoveringChannel.queueDeclare(AutorecoveringChannel.java:332)
at 
org.apache.axis2.transport.rabbitmq.utils.RabbitMQUtils.declareQueue(RabbitMQUtils.java:213)
at 
org.apache.axis2.transport.rabbitmq.ServiceTaskManager$MessageListenerTask.initConsumer(ServiceTaskManager.java:527)
at 
org.apache.axis2.transport.rabbitmq.ServiceTaskManager$MessageListenerTask.run(ServiceTaskManager.java:335)
at 
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
TID: [-1234] [] [2017-11-02 15:34:48,267]  INFO 
{org.apache.tomcat.util.net.NioSelectorPool} -  Using a shared selector for 
servlet write/read {org.apache.tomcat.util.net.NioSelectorPool}
TID: [-1] [] [2017-11-02 15:34:48,303]  INFO 
{org.apache.axis2.transport.rabbitmq.ServiceTaskManager} -  Successfully 
reconnected to RabbitMQ Broker for the service myProxysampleSecond, Listner id 
- 78 {org.apache.axis2.transport.rabbitmq.ServiceTaskManager}
TID: [-1] [] [2017-11-02 15:34:48,243] ERROR 
{org.apache.axis2.transport.rabbitmq.ServiceTaskManager} -  Error, Connection 
already closed STD.cacheXRefReceiver.1.0.0, Listner id - 77 
{org.apache.axis2.transport.rabbitmq.ServiceTaskManager}
com.rabbitmq.client.AlreadyClosedException: channel is already closed due to 
channel error; protocol method: #method(reply-code=404, 
reply-text=NOT_FOUND - home node 'rabbit@node2.site1' of durable queue 
’second.sample.queue' in vhost 'sample' is down or inaccessible, class-id=50, 
method-id=10)
at com.rabbitmq.client.impl.AMQChannel.ensureIsOpen(AMQChannel.java:198)

Please note that node2.site1 is the hostname for rmqNode2. 
I don’t think the server should complain about this. The node that is used on 
the transport configuration is always node1. 


Any ideias on what may be incorrect? Or can be done ? 
I didn’t find any connection parameter that is related to cluster setup, is 
there any? 


Many thanks in advance. 

Norberto___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS][OAuth] Token Response request validation

2017-11-02 Thread Isura Karunaratne 
Hi Danushka,

Other than the responseType validation *validateAccessDelegation *method does
the OAuth callback handles invocation. OAuth callback handler is an
extension point that can be used to validate the access based on

   - AuthenticatedUser
   - Consumer Key
   - Scopes
   - ResponseType


We can register new CallBackHandlers based on the requirements and
configure it in identity.xml file

  



Thanks
Isura.

On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando 
wrote:

> Hi All
> When access token, id token, auth code or open id token is requested, it
> will go through AuthorizationHandlerManager[1] class to authorize the
> client. There are three authorization steps [2].
>
>1. First check is isAuthorized check. Here it checks whether its
>requesting a token or a code and according to that it will check implicit
>or code grant types are allowed for the application and returns true of
>false.[3]
>2. Second check is validateAccessDelegation check. Here also it checks
>the request type and will check allowance of implicit or code grant types
>and returns true or false.[4]
>3. Third is scope validation
>
> So according to this analysis both check #1 and #2 are doing the same
> thing and I don't see a way of check #1 getting passed and check #2 getting
> failed. Please correct me if I am wrong.
>
> If this is correct shall we do the necessary adjustment to reduce the
> complexity of the code?
>
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
> AuthorizationHandlerManager.java
> [2] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
> AuthorizationHandlerManager.java#L100-L123
> [3] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165
> [4] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104
>
> Thanks & Regards
> Danushka Fernando
> Associate Tech Lead
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>



-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Illegal key size or default parameters thrown when trying out the JWT token Sample

2017-11-02 Thread Hasintha Indrajee 
Hi Jason,

Seems like you are using SAML inbound and you have requested an encrypted
assertion. Are you using SAML bearer grant type ? Just trying to identify
what actually you are trying to achieve here.

On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva  wrote:

> Hi IS Team,
>
> I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the
> occasions I face the below issue. I also found [2] where it suggests
> increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I
> did it on H2 and MySQL as well but still, it fails. Appreciate any input on
> this.
>
> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
> [2] https://medium.com/@hasinthaindrajee/self-contained-
> access-tokens-with-wso2-identity-server-82111631d5b6
>
> [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter}
> -  Error encrypting XMLObject
> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
> size or default parameters
> Original Exception was java.security.InvalidKeyException: Illegal key
> size or default parameters
> at org.apache.xml.security.encryption.XMLCipher.encryptData(
> XMLCipher.java:1140)
> at org.apache.xml.security.encryption.XMLCipher.encryptData(
> XMLCipher.java:1083)
> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt
> er.java:452)
> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344)
> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258)
> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul
> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55)
> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp
> tedAssertion(SAMLSSOUtil.java:657)
> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
> ilder.buildResponse(DefaultResponseBuilder.java:75)
> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
> e(SAMLSSOService.java:164)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
> rServlet.java:816)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleRequest(SAMLSSOProviderServlet.java:207)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.doGet(SAMLSSOProviderServlet.java:105)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleRequest(SAMLSSOProviderServlet.java:169)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.doPost(SAMLSSOProviderServlet.java:117)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
> rvice(ContextPathServletAdaptor.java:37)
> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
> n.service(ServletRegistration.java:61)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
> ssAlias(ProxyServlet.java:128)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
> ce(ProxyServlet.java:60)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
> (DelegationServlet.java:68)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:303)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt
> er(CaptchaFilter.java:76)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte
> r(HttpHeaderSecurityFilter.java:124)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte
> r(CharacterSetFilter.java:61)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte
>

Re: [Dev] [IS][OAuth] Token Response request validation

2017-11-02 Thread Farasath Ahamed 
Had a look at the code and looks like we are doing a redundant check in the
two methods.
Ideally, we should only have this logic in isAuthorizedClient() method.

IMO your analysis is correct and we should remove the redundant logic.

We have similar methods in AuthorizationGrantHandler interface as well.
There,
1. isAuthorizedClient() method validates whether the client is using an
allowed grant type
2. authorizeAccessDelegation() is used to fire callback handlers to achieve
scope validation logic etc. (ie. to validate whether the authorized user is
allowed to request the particular scope)[2]


[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/c8683a407b22327fb57492dda313ca665d0d29f9/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java#L675-L675

[2]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/c8683a407b22327fb57492dda313ca665d0d29f9/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java#L605-L605


Thanks,
Farasath




Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 




On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando 
wrote:

> Hi All
> When access token, id token, auth code or open id token is requested, it
> will go through AuthorizationHandlerManager[1] class to authorize the
> client. There are three authorization steps [2].
>
>1. First check is isAuthorized check. Here it checks whether its
>requesting a token or a code and according to that it will check implicit
>or code grant types are allowed for the application and returns true of
>false.[3]
>2. Second check is validateAccessDelegation check. Here also it checks
>the request type and will check allowance of implicit or code grant types
>and returns true or false.[4]
>3. Third is scope validation
>
> So according to this analysis both check #1 and #2 are doing the same
> thing and I don't see a way of check #1 getting passed and check #2 getting
> failed. Please correct me if I am wrong.
>
> If this is correct shall we do the necessary adjustment to reduce the
> complexity of the code?
>
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
> AuthorizationHandlerManager.java
> [2] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
> AuthorizationHandlerManager.java#L100-L123
> [3] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165
> [4] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104
>
> Thanks & Regards
> Danushka Fernando
> Associate Tech Lead
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS][OAuth] Token Response request validation

2017-11-02 Thread Danushka Fernando 
Hi All
When access token, id token, auth code or open id token is requested, it
will go through AuthorizationHandlerManager[1] class to authorize the
client. There are three authorization steps [2].

   1. First check is isAuthorized check. Here it checks whether its
   requesting a token or a code and according to that it will check implicit
   or code grant types are allowed for the application and returns true of
   false.[3]
   2. Second check is validateAccessDelegation check. Here also it checks
   the request type and will check allowance of implicit or code grant types
   and returns true or false.[4]
   3. Third is scope validation

So according to this analysis both check #1 and #2 are doing the same thing
and I don't see a way of check #1 getting passed and check #2 getting
failed. Please correct me if I am wrong.

If this is correct shall we do the necessary adjustment to reduce the
complexity of the code?


[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java
[2]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java#L100-L123
[3]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L128-L165
[4]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/AbstractResponseTypeHandler.java#L66-L104


Thanks & Regards
Danushka Fernando
Associate Tech Lead
WSO2 inc. http://wso2.com/
Mobile : +94716332729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Illegal key size or default parameters thrown when trying out the JWT token Sample

2017-11-02 Thread Jason De Silva 
Hi Hasintha,

Yes, I am using SAML bearer grant type. I am basically trying to get the
sample provided in [1] to work so that I can extend it to work with other
OAuth grant types. Also, you are correct when I unticked "Enable Assertion
Encryption" it logged me in successfully. Is there a reason that we cannot
use the encrypted assertion here?

[1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims

Regards,
Jason

Jason De Silva
*Software Engineer - QA*
Mobile: +94 (0) 772 097 678
Email: jas...@wso2.com
WSO2 Inc. www.wso2.com


On Thu, Nov 2, 2017 at 8:22 PM, Hasintha Indrajee  wrote:

> Hi Jason,
>
> Seems like you are using SAML inbound and you have requested an encrypted
> assertion. Are you using SAML bearer grant type ? Just trying to identify
> what actually you are trying to achieve here.
>
> On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva  wrote:
>
>> Hi IS Team,
>>
>> I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the
>> occasions I face the below issue. I also found [2] where it suggests
>> increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I
>> did it on H2 and MySQL as well but still, it fails. Appreciate any input on
>> this.
>>
>> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
>> [2] https://medium.com/@hasinthaindrajee/self-contained-acce
>> ss-tokens-with-wso2-identity-server-82111631d5b6
>>
>> [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter}
>> -  Error encrypting XMLObject
>> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
>> size or default parameters
>> Original Exception was java.security.InvalidKeyException: Illegal key
>> size or default parameters
>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML
>> Cipher.java:1140)
>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML
>> Cipher.java:1083)
>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt
>> er.java:452)
>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344)
>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258)
>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul
>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55)
>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp
>> tedAssertion(SAMLSSOUtil.java:657)
>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
>> ilder.buildResponse(DefaultResponseBuilder.java:75)
>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
>> e(SAMLSSOService.java:164)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
>> rServlet.java:816)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleRequest(SAMLSSOProviderServlet.java:207)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.doGet(SAMLSSOProviderServlet.java:105)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleRequest(SAMLSSOProviderServlet.java:169)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.doPost(SAMLSSOProviderServlet.java:117)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
>> rvice(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>> n.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>> ssAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>> ce(ProxyServlet.java:60)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
>> (DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt
>> er(CaptchaFilter.java:76)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:241)
>> at

Re: [Dev] Illegal key size or default parameters thrown when trying out the JWT token Sample

2017-11-02 Thread Jason De Silva 
Yes, I have installed the JCE extensions. Previously I had the wso2carbon
as the Certificate Alias.

Jason De Silva
*Software Engineer - QA*
Mobile: +94 (0) 772 097 678
Email: jas...@wso2.com
WSO2 Inc. www.wso2.com


On Thu, Nov 2, 2017 at 10:20 PM, Hasintha Indrajee 
wrote:

> It depends on the type of encryption algorithm you are using. What is the
> encryption algorithm you are using ?. Also make sure that you have
> installed JCE extensions on top of relevant java version you are using.
>
> On Thu, Nov 2, 2017 at 10:07 PM, Jason De Silva  wrote:
>
>> Hi Hasintha,
>>
>> Yes, I am using SAML bearer grant type. I am basically trying to get the
>> sample provided in [1] to work so that I can extend it to work with other
>> OAuth grant types. Also, you are correct when I unticked "Enable Assertion
>> Encryption" it logged me in successfully. Is there a reason that we cannot
>> use the encrypted assertion here?
>>
>> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
>>
>> Regards,
>> Jason
>>
>> Jason De Silva
>> *Software Engineer - QA*
>> Mobile: +94 (0) 772 097 678
>> Email: jas...@wso2.com
>> WSO2 Inc. www.wso2.com
>> 
>>
>> On Thu, Nov 2, 2017 at 8:22 PM, Hasintha Indrajee 
>> wrote:
>>
>>> Hi Jason,
>>>
>>> Seems like you are using SAML inbound and you have requested an
>>> encrypted assertion. Are you using SAML bearer grant type ? Just trying to
>>> identify what actually you are trying to achieve here.
>>>
>>> On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva  wrote:
>>>
 Hi IS Team,

 I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both
 the occasions I face the below issue. I also found [2] where it suggests
 increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I
 did it on H2 and MySQL as well but still, it fails. Appreciate any input on
 this.

 [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
 [2] https://medium.com/@hasinthaindrajee/self-contained-acce
 ss-tokens-with-wso2-identity-server-82111631d5b6

 [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter}
 -  Error encrypting XMLObject
 org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
 size or default parameters
 Original Exception was java.security.InvalidKeyException: Illegal key
 size or default parameters
 at org.apache.xml.security.encryption.XMLCipher.encryptData(XML
 Cipher.java:1140)
 at org.apache.xml.security.encryption.XMLCipher.encryptData(XML
 Cipher.java:1083)
 at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt
 er.java:452)
 at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344)
 at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258)
 at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul
 tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55)
 at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp
 tedAssertion(SAMLSSOUtil.java:657)
 at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
 ilder.buildResponse(DefaultResponseBuilder.java:75)
 at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
 equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
 at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
 e(SAMLSSOService.java:164)
 at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
 vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
 rServlet.java:816)
 at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
 vlet.handleRequest(SAMLSSOProviderServlet.java:207)
 at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
 vlet.doGet(SAMLSSOProviderServlet.java:105)
 at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
 vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114)
 at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
 vlet.handleRequest(SAMLSSOProviderServlet.java:169)
 at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
 vlet.doPost(SAMLSSOProviderServlet.java:117)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
 rvice(ContextPathServletAdaptor.java:37)
 at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
 n.service(ServletRegistration.java:61)
 at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
 ssAlias(ProxyServlet.java:128)
 at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
 ce(ProxyServlet.java:60)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at

Re: [Dev] Illegal key size or default parameters thrown when trying out the JWT token Sample

2017-11-02 Thread Hasintha Indrajee 
It depends on the type of encryption algorithm you are using. What is the
encryption algorithm you are using ?. Also make sure that you have
installed JCE extensions on top of relevant java version you are using.

On Thu, Nov 2, 2017 at 10:07 PM, Jason De Silva  wrote:

> Hi Hasintha,
>
> Yes, I am using SAML bearer grant type. I am basically trying to get the
> sample provided in [1] to work so that I can extend it to work with other
> OAuth grant types. Also, you are correct when I unticked "Enable Assertion
> Encryption" it logged me in successfully. Is there a reason that we cannot
> use the encrypted assertion here?
>
> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
>
> Regards,
> Jason
>
> Jason De Silva
> *Software Engineer - QA*
> Mobile: +94 (0) 772 097 678
> Email: jas...@wso2.com
> WSO2 Inc. www.wso2.com
> 
>
> On Thu, Nov 2, 2017 at 8:22 PM, Hasintha Indrajee 
> wrote:
>
>> Hi Jason,
>>
>> Seems like you are using SAML inbound and you have requested an encrypted
>> assertion. Are you using SAML bearer grant type ? Just trying to identify
>> what actually you are trying to achieve here.
>>
>> On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva  wrote:
>>
>>> Hi IS Team,
>>>
>>> I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the
>>> occasions I face the below issue. I also found [2] where it suggests
>>> increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I
>>> did it on H2 and MySQL as well but still, it fails. Appreciate any input on
>>> this.
>>>
>>> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
>>> [2] https://medium.com/@hasinthaindrajee/self-contained-acce
>>> ss-tokens-with-wso2-identity-server-82111631d5b6
>>>
>>> [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter}
>>> -  Error encrypting XMLObject
>>> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key
>>> size or default parameters
>>> Original Exception was java.security.InvalidKeyException: Illegal key
>>> size or default parameters
>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML
>>> Cipher.java:1140)
>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML
>>> Cipher.java:1083)
>>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt
>>> er.java:452)
>>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344)
>>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258)
>>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul
>>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55)
>>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp
>>> tedAssertion(SAMLSSOUtil.java:657)
>>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
>>> ilder.buildResponse(DefaultResponseBuilder.java:75)
>>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
>>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
>>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
>>> e(SAMLSSOService.java:164)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
>>> rServlet.java:816)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.handleRequest(SAMLSSOProviderServlet.java:207)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.doGet(SAMLSSOProviderServlet.java:105)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.handleRequest(SAMLSSOProviderServlet.java:169)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.doPost(SAMLSSOProviderServlet.java:117)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
>>> rvice(ContextPathServletAdaptor.java:37)
>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>>> n.service(ServletRegistration.java:61)
>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>>> ssAlias(ProxyServlet.java:128)
>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>>> ce(ProxyServlet.java:60)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
>>> (DelegationServlet.java:68)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>> lter(ApplicationFilterChain.java:303)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>> licationFilterChain.java:208)
>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte
>>> r.java:52)
>>> at

Re: [Dev] Avoiding Carbon Metrics releases every time the Databridge component is released.

2017-11-02 Thread Isuru Perera 
Thank you!

On Thu, Nov 2, 2017 at 12:32 PM, Sajith Perera  wrote:

> Noted!, Please find the relevant GitHub issue : https://github.com/wso2/
> carbon-analytics-common/issues/397
>
> On Thu, Nov 2, 2017 at 12:12 PM, Mohanadarshan Vivekanandalingam <
> mo...@wso2.com> wrote:
>
>>
>>
>> On Thu, Nov 2, 2017 at 12:08 PM, Isuru Perera  wrote:
>>
>>> Hi,
>>>
>>> We need to avoid releasing Carbon Metrics every time the Data bridge
>>> related components are released. It should be possible if Carbon Metrics
>>> can depend on a Data Publisher feature.
>>>
>>> Shall we fix this soon?
>>>
>>
>> Yes, we have to fix this. Data publisher features are implemented but
>> faced some issues when embedding the features with carbon-metrics. We'll
>> take this for our next release and fix it.
>>
>> @SajithD, let's create a github issue for this.
>>
>> Thanks,
>> Mohan
>>
>>
>>> Thank you.
>>>
>>> --
>>> Isuru Perera
>>> Technical Lead | WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> about.me/chrishantha
>>> Contact: +IsuruPereraWSO2
>>> 
>>>
>>
>>
>>
>> --
>> *V. Mohanadarshan*
>> *Technical Lead,*
>> *Data Technologies Team,*
>> *WSO2, Inc. http://wso2.com  *
>> *lean.enterprise.middleware.*
>>
>> email: mo...@wso2.com
>> phone:(+94) 771117673 <+94%2077%20111%207673>
>>
>
>
>
> --
> 
> Sajith Dimal
> Software Engineer
> Email : saji...@wso2.com
> Mobile : +94783101496
> WSO2 Inc. | http://wso2.com
> lean.enterprise.middleware
>



-- 
Isuru Perera
Technical Lead | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha
Contact: +IsuruPereraWSO2 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS][OAuth] Token Response request validation

2017-11-02 Thread Danushka Fernando 
@Isura
Thanks for pointing out. But still there is a dead code there which will
never get triggered right? Shall we refactor that code?

Thanks & Regards
Danushka Fernando
Associate Tech Lead
WSO2 inc. http://wso2.com/
Mobile : +94716332729

On Thu, Nov 2, 2017 at 9:08 PM, Isura Karunaratne  wrote:

> Hi Danushka,
>
> Other than the responseType validation *validateAccessDelegation *method does
> the OAuth callback handles invocation. OAuth callback handler is an
> extension point that can be used to validate the access based on
>
>- AuthenticatedUser
>- Consumer Key
>- Scopes
>- ResponseType
>
>
> We can register new CallBackHandlers based on the requirements and
> configure it in identity.xml file
>
>   
> 
> 
>
> Thanks
> Isura.
>
> On Thu, Nov 2, 2017 at 2:54 PM, Danushka Fernando 
> wrote:
>
>> Hi All
>> When access token, id token, auth code or open id token is requested, it
>> will go through AuthorizationHandlerManager[1] class to authorize the
>> client. There are three authorization steps [2].
>>
>>1. First check is isAuthorized check. Here it checks whether its
>>requesting a token or a code and according to that it will check implicit
>>or code grant types are allowed for the application and returns true of
>>false.[3]
>>2. Second check is validateAccessDelegation check. Here also it
>>checks the request type and will check allowance of implicit or code grant
>>types and returns true or false.[4]
>>3. Third is scope validation
>>
>> So according to this analysis both check #1 and #2 are doing the same
>> thing and I don't see a way of check #1 getting passed and check #2 getting
>> failed. Please correct me if I am wrong.
>>
>> If this is correct shall we do the necessary adjustment to reduce the
>> complexity of the code?
>>
>>
>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/master/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/A
>> uthorizationHandlerManager.java
>> [2] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/master/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/A
>> uthorizationHandlerManager.java#L100-L123
>> [3] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/master/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
>> handlers/AbstractResponseTypeHandler.java#L128-L165
>> [4] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/master/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/
>> handlers/AbstractResponseTypeHandler.java#L66-L104
>>
>> Thanks & Regards
>> Danushka Fernando
>> Associate Tech Lead
>> WSO2 inc. http://wso2.com/
>> Mobile : +94716332729 <+94%2071%20633%202729>
>>
>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Illegal key size or default parameters thrown when trying out the JWT token Sample

2017-11-02 Thread Jason De Silva 
Hi IS Team,

I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the
occasions I face the below issue. I also found [2] where it suggests
increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I
did it on H2 and MySQL as well but still, it fails. Appreciate any input on
this.

[1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims
[2]
https://medium.com/@hasinthaindrajee/self-contained-access-tokens-with-wso2-identity-server-82111631d5b6

[2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter} -
Error encrypting XMLObject
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size
or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size
or default parameters
at
org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1140)
at
org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1083)
at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:452)
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344)
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258)
at
org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55)
at
org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryptedAssertion(SAMLSSOUtil.java:657)
at
org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder.buildResponse(DefaultResponseBuilder.java:75)
at
org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
at
org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:164)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:816)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:207)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:105)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:169)
at
org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doPost(SAMLSSOProviderServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at

Re: [Dev] Correct way to Add users and Roles via an API

2017-11-02 Thread Ushani Balasooriya 
Hi Shavindri,

Thanks for bringing this up. I was going to reply by reporting a doc jira
asking to explain about SCIM APIs in terms of its use case since I couldn't
find much information in docs.
Better if we can explain SCIM inbound connector and SCIM outbound
connector's use case as Farsath has explained in the mail thread. His
explanation is clear enough to go in to docs.

I have reported a jira [1] for your reference.

[1] https://wso2.org/jira/browse/DOCUMENTATION-6342

Thanks,
Ushani


On Thu, Nov 2, 2017 at 5:49 PM, Shavindri Dissanayake 
wrote:

> Hi Ushani,
>
> Need your help to clarify the following:
> Do you feel there is a doc gap with regard to managing users/roles using
> REST APIs?  If so we will move to update docs to avoid this. Looking
> forward to your reply.
>
> [1] https://docs.wso2.com/display/IS540/SCIM+APIs
>
> Thanks & Regards
> Shavindri Dissanayake
> Senior Technical Writer
>
> WSO2 Inc.
> lean.enterprise.middleware
>
> On Wed, Nov 1, 2017 at 8:26 PM, Ushani Balasooriya 
> wrote:
>
>> Thanks Farsath and Isura for the clarification.
>>
>> On 1 Nov 2017 8:24 pm, "Isura Karunaratne"  wrote:
>>
>>>
>>> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed 
>>> wrote:
>>>
 On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya 
 wrote:

> Hi IAM team,
>
> I am trying to implement a thirdparty web app to manage users and
> roles functionalities as explained in this blog post [1] Solution 26.
>
> According to the solution, it says,
>
> *"The WSO2 Identity Server exposes a set of REST endpoints as well as
> SOAP-based services for user management, the web app just need to talk to
> these endpoints, without having to deal directly with underlying user
> stores (LDAP, AD, JDBC)."*
>
> This [2] is the only document I can find as the available API for user
> role management.
>
> Please verify whether my below understandings are correct to proceed
> with this solution.
>
> 1. Since WSO2IS does not provide any REST API for user/role
> management, there will not be a particular API where I can use as endpoint
> in my third party application.
> Therefore my web app should use a class as explained in this [2]
> document.
>
> 2. We should not consider SCIM as REST endpoint to manage users since
> it is used to provision users to external system. Therefore I cannot treat
> SCIM as a REST endpoint which can use to add users and roles.
>

>>> No. As Farasath explains, we do support both inbound and outbound SCIM
>>> provisioning.
>>>
>>> You can treat SCIM endpoint as a well defined standard way to manage
>>> users from a third party application.
>>>
>>> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as
>>> a connector)
>>>
>>> Thanks
>>> Isura.
>>>
>>>
>>>
 IMO this is not entirely correct.
 SCIM inbound connector is used to provision users *in to* Identity
 Server and the SCIM outbound connector can be used provision user to
 external systems as you explained.

 SCIM inbound connector exposes a REST endpoint through which you can do
 CRUD operation on users/groups. This can be considered as a REST endpoint
 to manage users. Both SCIM and our SOAP APIs talk to the same underlying
 user-core impelementation to achieve CRUD on users (user stores).

 Moreover SCIM simply provides a RESTful layer over our usercore
 funcionality. So I don't see why we should not consider SCIM as a REST API
 to manage users.
 Infact we have customers using SCIM to achieve user registration, user
 profile update etc.

>
>
> [1] https://medium.facilelogin.com/thirty-solution-patterns-
> with-the-wso2-identity-server-16f9fd0c0389
>
> [2] https://docs.wso2.com/display/IS530/Managing+Users+and+R
> oles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()
>
> Thanks,
> --
> *Ushani Balasooriya*
> Associate Technical Lead - EE;
> WSO2 Inc; http://www.wso2.com/.
>
>
> --
>>>
>>> *Isura Dilhara Karunaratne*
>>> Associate Technical Lead | WSO2
>>> Email: is...@wso2.com
>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>> Blog : http://isurad.blogspot.com/
>>>
>>>
>>>
>>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>


-- 
*Ushani Balasooriya*
Associate Technical Lead - EE;
WSO2 Inc; http://www.wso2.com/.
Mobile; +94772636796
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [SP]Incremental processing not working with SP + RDBMS

2017-11-02 Thread Charini Nanayakkara 
Hi Suho,

Incremental processing is not working with RDBMS due to a new change
introduced at RDBMS extension level which rejects function namespaces. I
will discuss this with Gokul as well and find a solution.

Thank you
Charini

On Thu, Nov 2, 2017 at 3:10 AM, Sriskandarajah Suhothayan 
wrote:

>
> Hi Charini
>
> Please look into this.
>
> The attached Siddhi file is not compiling with RDBMS Aggregation.
>
> Thanks
> Suho
>
> --
>
> *S. Suhothayan*
> Associate Director / Architect
> *WSO2 Inc. *http://wso2.com
> * *
> lean . enterprise . middleware
>
>
> *cell: (+94) 779 756 757 <+94%2077%20975%206757> | blog:
> http://suhothayan.blogspot.com/ twitter:
> http://twitter.com/suhothayan  | linked-in:
> http://lk.linkedin.com/in/suhothayan *
>



-- 
*Charini Vimansha Nanayakkara*
Software Engineer at WSO2

Mobile: 0714126293
E-mail: chari...@wso2.com
Blog: http://www.charini.me/


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to send subject in a XACML request

2017-11-02 Thread Godwin Shrimal 
Thanks for the response Dinali.

On Thu, Nov 2, 2017 at 12:19 PM, Dinali Dabarera  wrote:

> Hi Godwin,
>
> When we are sending the Subject in a JSON payload, I figured out it should
> be "*AccessSubject*" not Subject.
>
> This is the sample request payload I changed for JSON,
>
> {
> "Request": {
>  "AccessSubject": {
>  "Attribute": [
>{
>   "AttributeId":
> "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
>   "Value": "Andreas"
>}
>]
>   },
> "Action": {
> "Attribute": [
> {
> "AttributeId": "urn:oasis:names:tc:xacml:1.0:
> action:action-id",
> "Value": "read"
> }
> ]
> },
> "Resource": {
> "Attribute": [
> {
> "AttributeId": "urn:oasis:names:tc:xacml:1.0:
> resource:resource-id",
> "Value": "http://127.0.0.1/service/very_secure/;
> }
> ]
> }
> }
> }
>
> I will update the doc with these details.
>
>
> Thanks!
>
> Dinali
>
>
>
>
> On Thu, Nov 2, 2017 at 10:13 AM, Godwin Shrimal  wrote:
>
>> Hi Dinali,
>>
>> XML request format is clear and I guess we have enough information
>> regarding that. I am referring to JSON format on how to send subject.
>>
>>
>> Thanks
>> Godwin
>>
>> On Tue, Oct 31, 2017 at 10:24 PM, Dinali Dabarera 
>> wrote:
>>
>>> Hi Godwin,
>>>
>>> As you mentioned in your offline chats, there is no mention about "how
>>> to send the subject in the XACML Request" in our Docs.
>>>
>>> I did a small research on XACML spec and figured out we could send the
>>> subject in the XACML request as follows,
>>>
>>> I changed the sample request on my blog [1] with the Subject attribute
>>> as follows
>>>
>>> Request:
>>>
>>> >> xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
>>>  >> Category="urn:oasis:names:tc:xacml:3.0:subject-category:access-subject">
>>>   >> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
>>>  >> DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">b...@simpsons.com
>>>   
>>>
>>> >> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
>>> >> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" 
>>> IncludeInResult="false">
>>> >> DataType="http://www.w3.org/2001/XMLSchema#string;>read
>>> 
>>> 
>>> >> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
>>> >> AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
>>> IncludeInResult="false">
>>> >> DataType="http://www.w3.org/2001/XMLSchema#string;>http://127.0.0.1/service/very_secure/
>>>  
>>> 
>>> 
>>> 
>>>
>>> I will update XACML docs with this information.
>>> Please let me know if you have any concerns on this! I hope this is what
>>> you expected.
>>>
>>> [1] https://medium.com/@gdrdabarera/how-entitlement-management-w
>>> orks-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c
>>>
>>> Thank you!
>>> Dinali
>>> ​
>>> -
>>> *Dinali Rosemin Dabarera*
>>> Software Engineer
>>> WSO2 Lanka (pvt) Ltd.
>>> Web: http://wso2.com/
>>> Email : gdrdabar...@gmail.com
>>> LinkedIn 
>>> Mobile: +94770198933 <+94%2077%20019%208933>
>>>
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [APIM] [C5] package-lock.json files are untracked

2017-11-02 Thread Menuka Warushavithana 
Hi all,
I have created a GitHub issue for $subject. [1]
AFAIK package-lock.json files should either be committed or ignored (added
to .gitignore) to avoid unexpected results. [2]
Or the generation of package-lock.json could be disabled altogether by
adding the line 'package-lock=false' to the .npmrc file. [3]


[1] https://github.com/wso2/carbon-apimgt/issues/4676
[2] https://github.com/nodejs/citgm/issues/451
[3] https://github.com/hapijs/contrib/issues/114

Regards

*Menuka Warushavithana*
*Software Engineering Intern*
*WSO2*

*Moblie:  + <%2B%2094%2011%202145345%20%C2%A0Ext.%205737> 94 77 6979690*
*LinkedIn:   **https://www.linkedin.com/in/menukawarushavithana/
*
*GitHub:  **https://github.com/menuka94/ *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Avoiding Carbon Metrics releases every time the Databridge component is released.

2017-11-02 Thread Sajith Perera 
Noted!, Please find the relevant GitHub issue :
https://github.com/wso2/carbon-analytics-common/issues/397

On Thu, Nov 2, 2017 at 12:12 PM, Mohanadarshan Vivekanandalingam <
mo...@wso2.com> wrote:

>
>
> On Thu, Nov 2, 2017 at 12:08 PM, Isuru Perera  wrote:
>
>> Hi,
>>
>> We need to avoid releasing Carbon Metrics every time the Data bridge
>> related components are released. It should be possible if Carbon Metrics
>> can depend on a Data Publisher feature.
>>
>> Shall we fix this soon?
>>
>
> Yes, we have to fix this. Data publisher features are implemented but
> faced some issues when embedding the features with carbon-metrics. We'll
> take this for our next release and fix it.
>
> @SajithD, let's create a github issue for this.
>
> Thanks,
> Mohan
>
>
>> Thank you.
>>
>> --
>> Isuru Perera
>> Technical Lead | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> about.me/chrishantha
>> Contact: +IsuruPereraWSO2 
>>
>
>
>
> --
> *V. Mohanadarshan*
> *Technical Lead,*
> *Data Technologies Team,*
> *WSO2, Inc. http://wso2.com  *
> *lean.enterprise.middleware.*
>
> email: mo...@wso2.com
> phone:(+94) 771117673 <+94%2077%20111%207673>
>



-- 

Sajith Dimal
Software Engineer
Email : saji...@wso2.com
Mobile : +94783101496
WSO2 Inc. | http://wso2.com
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to send subject in a XACML request

2017-11-02 Thread Dinali Dabarera 
Hi Godwin,

When we are sending the Subject in a JSON payload, I figured out it should
be "*AccessSubject*" not Subject.

This is the sample request payload I changed for JSON,

{
"Request": {
 "AccessSubject": {
 "Attribute": [
   {
  "AttributeId":
"urn:oasis:names:tc:xacml:1.0:subject:subject-id",
  "Value": "Andreas"
   }
   ]
  },
"Action": {
"Attribute": [
{
"AttributeId":
"urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "read"
}
]
},
"Resource": {
"Attribute": [
{
"AttributeId":
"urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value": "http://127.0.0.1/service/very_secure/;
}
]
}
}
}

I will update the doc with these details.


Thanks!

Dinali




On Thu, Nov 2, 2017 at 10:13 AM, Godwin Shrimal  wrote:

> Hi Dinali,
>
> XML request format is clear and I guess we have enough information
> regarding that. I am referring to JSON format on how to send subject.
>
>
> Thanks
> Godwin
>
> On Tue, Oct 31, 2017 at 10:24 PM, Dinali Dabarera  wrote:
>
>> Hi Godwin,
>>
>> As you mentioned in your offline chats, there is no mention about "how to
>> send the subject in the XACML Request" in our Docs.
>>
>> I did a small research on XACML spec and figured out we could send the
>> subject in the XACML request as follows,
>>
>> I changed the sample request on my blog [1] with the Subject attribute as
>> follows
>>
>> Request:
>>
>> > xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
>>  > Category="urn:oasis:names:tc:xacml:3.0:subject-category:access-subject">
>>   > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
>>  > DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">b...@simpsons.com
>>   
>>
>> > Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
>> > AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" 
>> IncludeInResult="false">
>> > DataType="http://www.w3.org/2001/XMLSchema#string;>read
>> 
>> 
>> > Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
>> > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
>> IncludeInResult="false">
>> > DataType="http://www.w3.org/2001/XMLSchema#string;>http://127.0.0.1/service/very_secure/
>>  
>> 
>> 
>> 
>>
>> I will update XACML docs with this information.
>> Please let me know if you have any concerns on this! I hope this is what
>> you expected.
>>
>> [1] https://medium.com/@gdrdabarera/how-entitlement-management-
>> works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c
>>
>> Thank you!
>> Dinali
>> ​
>> -
>> *Dinali Rosemin Dabarera*
>> Software Engineer
>> WSO2 Lanka (pvt) Ltd.
>> Web: http://wso2.com/
>> Email : gdrdabar...@gmail.com
>> LinkedIn 
>> Mobile: +94770198933 <+94%2077%20019%208933>
>>
>>
>>
>>
>> 
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
*Dinali Rosemin Dabarera*
Software Engineer
WSO2 Lanka (pvt) Ltd.
Web: http://wso2.com/
Email : gdrdabar...@gmail.com
LinkedIn 
Mobile: +94770198933





___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Avoiding Carbon Metrics releases every time the Databridge component is released.

2017-11-02 Thread Mohanadarshan Vivekanandalingam 
On Thu, Nov 2, 2017 at 12:08 PM, Isuru Perera  wrote:

> Hi,
>
> We need to avoid releasing Carbon Metrics every time the Data bridge
> related components are released. It should be possible if Carbon Metrics
> can depend on a Data Publisher feature.
>
> Shall we fix this soon?
>

Yes, we have to fix this. Data publisher features are implemented but faced
some issues when embedding the features with carbon-metrics. We'll take
this for our next release and fix it.

@SajithD, let's create a github issue for this.

Thanks,
Mohan


> Thank you.
>
> --
> Isuru Perera
> Technical Lead | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> about.me/chrishantha
> Contact: +IsuruPereraWSO2 
>



-- 
*V. Mohanadarshan*
*Technical Lead,*
*Data Technologies Team,*
*WSO2, Inc. http://wso2.com  *
*lean.enterprise.middleware.*

email: mo...@wso2.com
phone:(+94) 771117673
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 BPS REST API and query with variables filtering

2017-11-02 Thread Himasha Guruge 
Hi Thomas,

Could you try using TransientVariables[1] for your use-case? REST api
provided through WSO2 BPS is actually wrapping the REST API provided by
Activiti.In [2] it suggests that transient variables might be better for
performance.

[1] https://www.activiti.org/userguide/#apiTransientVariables
[2]
http://www.jorambarrez.be/blog/2016/09/01/how-to-use-transient-variables-in-activiti/

Thanks
Himasha

On Wed, Nov 1, 2017 at 12:33 AM, Thomas LEGRAND <
thomas.legr...@versusmind.eu> wrote:

> Hello everybody,
>
> I am creating an interface to display the list of the current user tasks
> waiting for approval. In this list, I display some information provided by
> the variables inside the process instances. For example, it can be the id
> of an object that I defined during the creation of the instance of the
> process.
>
> To retrieve the information for the list, I am using the REST API. But,
> because I would like the user to be able to filter the list with criteria,
> I am using the query endpoint for the tasks to be able to filter by the
> values of the variables in the instances.
>
> However, I have a problem because it seems that I have huge responsiveness
> lag when I want the REST API to return the current state of the variables
> of the instances. Actually, when I send a query request, it takes around 40
> seconds for the server to respond, if it does not time out. The problem
> disappears when I don't set the attribute to retrieve the list of the
> variables in my query request.
>
> For example, this one causes problems:
>
> {
> "includeProcessVariables": true
> "variables": [
> {
> "name": "group",
> "operation": "equals",
> "value": "MyGroupName
> }
> ]
> }
>
> whereas this one causes no problems:
> {
> "variables": [
> {
> "name": "group",
> "operation": "equals",
> "value": "MyGroupName
> }
> ]
> }
>
> I don't see other way to retrieve "custom" informations from a process
> instance except by using the variables. And because this is a list I want
> to display, it is really overkill to retrieve the list of the instances to
> loop on each one of them to retrieve their variables.
>
> Of course, in this example, I try to retrieve the current pending
> instances because one of their user task is waiting to be unblocked by a
> user. But I am doing the same thing to retrieve a list of already finished
> tasks/process instances (so by using the historic-task-instances endpoint).
> And I have exactly the same problem. Too much time to respond or time out.
>
> So, here are my questions:
>
> - Do you have any idea from where those "latency" problems could come from?
> - Do you know if I can use the Activiti Java API with the embedded
> Activiti in the WSO2 Business Process Server?
>
> I am using WSO2 Enterprise Integrator 6.0.0.
>
> Regards,
>
> Thomas
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Himasha Guruge
Senior Software Engineer
WS*O2* *Inc.*
Mobile: +94 777459299
himas...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Error occurred while generating keys for Default application

2017-11-02 Thread Gayan Gunawardana 
On Wed, Nov 1, 2017 at 3:20 PM, Sanjeewa Malalgoda 
wrote:

> Hi Gayan,
> I cannot recall fixing something like this. But can we check same with
> updated pack as well.
> We dont see same behavior in default pack with H2.
>
Thanks. I will look in a updated pack if I get a time. btw according to my
understanding no need to invoke createApplicationRegistrationEntry() method
at this point.

>
> Thanks,
> sanjeewa.
>
> On Wed, Nov 1, 2017 at 11:54 AM, Gayan Gunawardana  wrote:
>
>> Hi All,
>>
>> I got this exception first time only when generating keys for Default
>> application.
>>
>> Environment:
>>
>>- IS as KM IS-5.3.0 and APIM-2.1.0
>>- DB postgres-10
>>- Without patches or wum updates
>>
>> Other applications works fine. If I delete Default application and create
>> new one with same name it works.
>> Appreciate your input.
>>
>> [2017-10-31 20:53:13,463] ERROR - 
>> ApplicationRegistrationSimpleWorkflowExecutor
>> Error occurred when updating the status of the Application creation process
>> org.wso2.carbon.apimgt.api.APIManagementException: Application
>> 'DefaultApplication' is already registered.
>> at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.createApplicationR
>> egistrationEntry(ApiMgtDAO.java:293)
>> at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistration
>> SimpleWorkflowExecutor.complete(ApplicationRegistrationSimpl
>> eWorkflowExecutor.java:77)
>> at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistration
>> SimpleWorkflowExecutor.execute(ApplicationRegistrationSimple
>> WorkflowExecutor.java:54)
>> at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalF
>> orApplicationRegistration(APIConsumerImpl.java:2789)
>> at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestAppr
>> ovalForApplicationRegistration(UserAwareAPIConsumer.java:36)
>> at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunc
>> tion_getApplicationKey(APIStoreHostObject.java:385)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>> at org.mozilla.javascript.FunctionObject.call(FunctionObject.ja
>> va:386)
>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime
>> .java:52)
>> at org.jaggeryjs.rhino.store.modules.subscription.c4._c_anonymo
>> us_2(/store/modules/subscription/key.jag:39)
>> at org.jaggeryjs.rhino.store.modules.subscription.c4.call(/stor
>> e/modules/subscription/key.jag)
>> at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRunti
>> me.java:2430)
>> at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.
>> java:269)
>> at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObjec
>> t.java:97)
>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime
>> .java:42)
>> at org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymo
>> us_10(/store/modules/subscription/module.jag:35)
>> at org.jaggeryjs.rhino.store.modules.subscription.c0.call(/stor
>> e/modules/subscription/module.jag)
>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime
>> .java:52)
>> at org.jaggeryjs.rhino.store.site.blocks.subscription.subscript
>> ion_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscripti
>> on/subscription-add/ajax/subscription-add.jag:240)
>> at org.jaggeryjs.rhino.store.site.blocks.subscription.subscript
>> ion_add.ajax.c0.call(/store/site/blocks/subscription/subscri
>> ption-add/ajax/subscription-add.jag)
>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime
>> .java:23)
>> at org.jaggeryjs.rhino.store.site.blocks.subscription.subscript
>> ion_add.ajax.c0._c_script_0(/store/site/blocks/subscription/
>> subscription-add/ajax/subscription-add.jag:3)
>> at org.jaggeryjs.rhino.store.site.blocks.subscription.subscript
>> ion_add.ajax.c0.call(/store/site/blocks/subscription/subscri
>> ption-add/ajax/subscription-add.jag)
>> at org.mozilla.javascript.ContextFactory.doTopCall(ContextFacto
>> ry.java:394)
>> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime
>> .java:3091)
>> at org.jaggeryjs.rhino.store.site.blocks.subscription.subscript
>> ion_add.ajax.c0.call(/store/site/blocks/subscription/subscri
>> ption-add/ajax/subscription-add.jag)
>> at org.jaggeryjs.rhino.store.site.blocks.subscription.subscript
>> ion_add.ajax.c0.exec(/store/site/blocks/subscription/subscri
>> ption-add/ajax/subscription-add.jag)
>> at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(Rhi
>> noEngine.java:567)
>> at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngi
>> ne.java:273)
>> at