Re: [Dev] [Iam-dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.10.0 RC2
10.0. >>>>>>> >>>>>>> >>>>>>> *New Features:* >>>>>>> >>>>>>>1. Passwordless authentication support >>>>>>>2. An improved User Portal >>>>>>>3. New RESTful APIs for user self-services and server management >>>>>>>4. Scope based authorization for internal REST APIs >>>>>>>5. Unique User ID support >>>>>>>6. Tenant wise email-sender configuration >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Fixes:* >>>>>>> This release includes the following issue fixes and improvements: >>>>>>> >>>>>>>- 5.10.0-M1 >>>>>>><https://github.com/wso2/product-is/milestone/95?closed=1> >>>>>>>- 5.10.0-M2 >>>>>>><https://github.com/wso2/product-is/milestone/96?closed=1> >>>>>>>- 5.10.0-M3 >>>>>>><https://github.com/wso2/product-is/milestone/97?closed=1> >>>>>>>- 5.10.0-M4 >>>>>>><https://github.com/wso2/product-is/milestone/98?closed=1> >>>>>>>- 5.10.0-M5 >>>>>>><https://github.com/wso2/product-is/milestone/99?closed=1> >>>>>>>- 5.10.0-M6 >>>>>>><https://github.com/wso2/product-is/milestone/100?closed=1> >>>>>>>- 5.10.0-M7 >>>>>>><https://github.com/wso2/product-is/milestone/101?closed=1> >>>>>>>- 5.10.0-M8 >>>>>>><https://github.com/wso2/product-is/milestone/102?closed=1> >>>>>>>- 5.10.0-M9 >>>>>>><https://github.com/wso2/product-is/milestone/103?closed=1> >>>>>>>- 5.10.0-Alpha >>>>>>><https://github.com/wso2/product-is/milestone/104?closed=1> >>>>>>>- 5.10.0-Alpha2 >>>>>>><https://github.com/wso2/product-is/milestone/105?closed=1> >>>>>>>- 5.10.0-Alpha3 >>>>>>><https://github.com/wso2/product-is/milestone/106?closed=1> >>>>>>>- 5.10.0-Beta >>>>>>><https://github.com/wso2/product-is/milestone/107?closed=1> >>>>>>>- 5.10.0-Beta2 >>>>>>><https://github.com/wso2/product-is/milestone/108?closed=1> >>>>>>>- 5.10.0-Beta3 >>>>>>><https://github.com/wso2/product-is/milestone/109?closed=1> >>>>>>>- 5.10.0-GA >>>>>>><https://github.com/wso2/product-is/milestone/92?closed=1> >>>>>>> >>>>>>> >>>>>>> *Source and Distribution* >>>>>>> The source and distribution >>>>>>> <https://github.com/wso2/product-is/releases/download/v5.10.0-rc2/wso2is-5.10.0-rc2.zip> >>>>>>> are >>>>>>> available at >>>>>>> https://github.com/wso2/product-is/releases/tag/v5.10.0-rc2 >>>>>>> >>>>>>> >>>>>>> Please download the product, test it, and vote using the following >>>>>>> convention. >>>>>>> [+] Stable - go ahead and release >>>>>>> [-] Broken - do not release (explain why) >>>>>>> >>>>>>> >>>>>>> Thank you, >>>>>>> WSO2 Identity and Access Management Team >>>>>>> >>>>>>> -- >>>>>>> *Janak Amarasena* | Senior Software Engineer | WSO2 Inc. >>>>>>> (m) +9464144 | (w) +94112145345 | (e) ja...@wso2.com >>>>>>> >>>>>>> >>>>>>> <https://wso2.com/signature> >>>>>>> ___ >>>>>>> Iam-dev mailing list >>>>>>> iam-...@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/iam-dev >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Theviyanthan Krishnamohan (Thivi)* >>>>>> Software Engineer | WSO2 Inc. >>>>>> Mobile: 94 76 967 >>>>>> Email: theviyant...@wso2.com >>>>>> >>>>>> ___ >>>>>> Iam-dev mailing list >>>>>> iam-...@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/iam-dev >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Brion Silva* | Software Engineer | WSO2 Inc. >>>>> (m) +94777933830 | (e) br...@wso2.com >>>>> >>>>> <https://wso2.com/signature> >>>>> ___ >>>>> Iam-dev mailing list >>>>> iam-...@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/iam-dev >>>>> >>>> ___ >>>> Iam-dev mailing list >>>> iam-...@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/iam-dev >>>> >>> >>> >>> -- >>> Sathya Bandara >>> Senior Software Engineer >>> Blog: https://medium.com/@technospace >>> WSO2 Inc. http://wso2.com >>> Mobile: (+94) 715 360 421 >>> >>> <+94%2071%20411%205032> >>> ___ >>> Architecture mailing list >>> architect...@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> *Tharindu Bandara* >> Senior Software Engineer | WSO2 >> >> Email : tharin...@wso2.com >> Mobile : +94 714221776 >> web : http://wso2.com >> <https://www.google.com/url?q=http://wso2.com=D=151765338399=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >> >> https://wso2.com/signature >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Ashen Weerathunga | Senior Software Engineer | WSO2 Inc. > (m) +94716042995 | (w) +94112145345 | Email: as...@wso2.com > <http://wso2.com/signature> > > > ___ > Iam-dev mailing list > iam-...@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/iam-dev > -- Nilasini Thirunavukkarasu | Senior Software Engineer | WSO2 Inc. (m) +94775241823 | Email: nilas...@wso2.com <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release WSO2 Identity Server 5.9.0 RC2
;>>> *Buddhima Udaranga*|Software Engineer| WSO2 Inc. <http://wso2.com/> >>>>>>> (M)+94 714742094 | (E) buddhi...@wso2.com >>>>>>> <https://wso2.com/signature> >>>>>>> >>>>>>> >>>>>>> On Wed, Oct 2, 2019 at 10:59 AM Piraveena Paralogarajah < >>>>>>> pirave...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> >>>>>>>> We are pleased to announce the second release candidate of WSO2 >>>>>>>> Identity Server 5.9.0. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> New Features >>>>>>>> >>>>>>>>- >>>>>>>> >>>>>>>>An improved, simpler configuration model >>>>>>>>- >>>>>>>> >>>>>>>>RESTful APIs for user self-services >>>>>>>>- >>>>>>>> >>>>>>>>Passwordless authentication with WebAuthn >>>>>>>>- >>>>>>>> >>>>>>>>Reusable script library for adaptive authentication >>>>>>>>- >>>>>>>> >>>>>>>>Cross-protocol single logout capability >>>>>>>>- >>>>>>>> >>>>>>>>Inbuilt support to view and revoke user sessions >>>>>>>>- >>>>>>>> >>>>>>>>Azure AD/Office365 multi-domain federation support >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Fixes >>>>>>>> >>>>>>>> This release includes the following issue fixes and improvements: >>>>>>>> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-m1 >>>>>>>><https://github.com/wso2/product-is/milestone/85?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-m2 >>>>>>>><https://github.com/wso2/product-is/milestone/86?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-m3 >>>>>>>><https://github.com/wso2/product-is/milestone/87?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-m4 >>>>>>>><https://github.com/wso2/product-is/milestone/88?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-m5 >>>>>>>><https://github.com/wso2/product-is/milestone/90?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-m6 >>>>>>>><https://github.com/wso2/product-is/milestone/91?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-alpha >>>>>>>><https://github.com/wso2/product-is/milestone/89?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-beta >>>>>>>><https://github.com/wso2/product-is/milestone/93?closed=1> >>>>>>>>- >>>>>>>> >>>>>>>>5.9.0-GA >>>>>>>><https://github.com/wso2/product-is/milestone/83?closed=1> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Source and Distribution >>>>>>>> >>>>>>>> The source and distribution >>>>>>>> <https://github.com/wso2/product-is/releases/download/v5.9.0-rc2/wso2is-5.9.0-rc2.zip> >>>>>>>> are available at >>>>>>>> https://github.com/wso2/product-is/releases/tag/v5.9.0-rc2 >>>>>>>> >>>>>>>> >>>>>>>> Please download the product, test it, and vote using the following >>>>>>>> convention. >>>>>>>> >>>>>>>> [+] Stable - go ahead and release >>>>>>>> >>>>>>>> [-] Broken - do not release (explain why) >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> WSO2 Identity and Access Management Team >>>>>>>> >>>>>>>> *Piraveena Paralogarajah* >>>>>>>> Software Engineer | WSO2 Inc. >>>>>>>> *(m)* +94776099594 | *(e)* pirave...@wso2.com >>>>>>>> >>>>>>>> ___ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Niluka Sripali Monnankulama >>>>>> Software Engineer - WSO2 Sri Lanka >>>>>> >>>>>> Mobile : +94 76 76 52843 >>>>>> >>>>>> ___ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Mathuriga Thavarajah* >>>>> Software Engineer >>>>> WSO2 Inc. - http ://wso2.com >>>>> >>>>> Email : mathur...@wso2.com >>>>> Mobile : +94778191300 >>>>> >>>>> >>>>> >>>>> *[image: http://wso2.com/signature] <http://wso2.com/signature>* >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>> >>> >>> -- >>> Wijith Bandara >>> Software Engineer | WSO2 >>> >>> Email : wij...@wso2.com >>> Mobile : +94718970370 >>> Web : http://wso2.com >>> >>> <http://wso2.com/signature> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> >> Hasanthi Dissanayake | Associate Technical Lead | WSO2 Inc. >> (m) +94718407133 | (w) +94112145345 | Email: hasan...@wso2.com | Blog: >> https://medium.com/@hasanthipurnimadissanayake >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Sathya Bandara > Senior Software Engineer > Blog: https://medium.com/@technospace > WSO2 Inc. http://wso2.com > Mobile: (+94) 715 360 421 <+94%2071%20411%205032> > > <+94%2071%20411%205032> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu | Senior Software Engineer | WSO2 Inc. (m) +94775241823 | Email: nilas...@wso2.com <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release WSO2 Identity Server 5.8.0 RC3
.8.0-rc3.zip> >>> >>> >>> Please download, test the product and vote. >>> >>> [+] Stable - go ahead and release >>> [-] Broken - do not release (explain why) >>> >>> >>> Thanks, >>> - WSO2 Identity and Access Management Team - >>> >>> -- >>> >>> Hasanthi Dissanayake >>> >>> Senior Software Engineer | WSO2 >>> >>> E: hasan...@wso2.com >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> >> >> >> -- >> >> Hasanthi Dissanayake >> >> Senior Software Engineer | WSO2 >> >> E: hasan...@wso2.com >> M :0718407133| http://wso2.com <http://wso2.com/> >> > > > -- > > *Dilin Dampahalage* > Software Engineer | WSO2 > > Email : di...@wso2.com > Mobile : +94 771 462939 > web : http://wso2.com > > <http://wso2.com/signature> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu Senior Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release WSO2 Identity Server 5.8.0 RC2
t;> 5.8.0-rc2 >>>> <https://github.com/wso2/product-is/releases/download/v5.8.0-rc2/wso2is-5.8.0.zip> >>>> Analytics - >>>> https://github.com/wso2/analytics-is/releases/tag/v5.8.0-rc2 >>>> <https://github.com/wso2/analytics-is/releases/download/v5.8.0-rc2/wso2is-analytics-5.8.0-rc2.zip> >>>> >>>> >>>> Please download, test the product and vote. >>>> >>>> [+] Stable - go ahead and release >>>> [-] Broken - do not release (explain why) >>>> >>>> >>>> Thanks, >>>> - WSO2 Identity and Access Management Team - >>>> >>>> -- >>>> >>>> Hasanthi Dissanayake >>>> >>>> Senior Software Engineer | WSO2 >>>> >>>> E: hasan...@wso2.com >>>> M :0718407133| http://wso2.com <http://wso2.com/> >>>> >>> >>> >>> -- >>> >>> Hasanthi Dissanayake >>> >>> Senior Software Engineer | WSO2 >>> >>> E: hasan...@wso2.com >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> *Sominda Gamage* | Software Engineer| WSO2 Inc. <http://wso2.com/> >> (M)+94 719873902 | (E) somi...@wso2.com >> <https://wso2.com/signature> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > *Janak Amarasena* > > Software Engineer > > Email: ja...@wso2.com > > Mobile: +9464144 > > Web: https://wso2.com > > > <http://wso2.com/signature> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu Senior Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] OAuth2 introspection endpoint with token_type_hint parameter
Hi Farasath,
Seems like we have already added that logic as well [1]. If we have
specified a known token type hint then we are only searching the token
according to the given token_type_hint, if we are not specifying or specify
an unknown token_type_hint then we are searching through all the available
token validators and validate the token.
[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/970/files#diff-1e2e2c1e5664f2003188d37ab53048fdR237
Thanks,
Nila.
On Fri, May 10, 2019 at 4:08 PM Farasath Ahamed wrote:
> Hi,
>
> While supporting *token_type_hint *value access_token and refresh_token
> is good, it looks like we need to fix the logic of handling unknown
> token_type_hints.
>
> I think Chanaka has raised a valid concern here. If an invalid token hint
> is given then we need to do a full search. But it seems that we rely on the
> provided token_type_hint to do the search.
>
> @Chanaka Lakmal Can you create a git issue for this
> under product-is repo?
>
>
> Regards,
> Farasath
>
> On Fri, May 10, 2019 at 3:34 PM Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Hi Chanaka,
>>
>> supporting *token_type_hint *parameter had been fixed in the master
>> branch [1][2] and will be released with the upcoming release.
>>
>> [1] https://github.com/wso2/product-is/issues/3780
>> [2]
>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/970/files#diff-78ef442733b42d8573912a910e98d884R83
>>
>> Thanks,
>> Nila.
>>
>> On Fri, May 10, 2019 at 3:09 PM Chanaka Lakmal wrote:
>>
>>> Hi all,
>>>
>>> I encountered an issue when trying to Invoke the OAuth2 Introspection
>>> Endpoint of WSO2 IS 5.7.0 as guided by the doc [1]. These are the scenarios
>>> I tried a valid token, and a part of the response status:
>>>
>>>
>>>1. Invoke introspection endpoint with the *token. *Response -
>>>{"active":true}
>>>curl -k -u admin:admin -H 'Content-Type:
>>>application/x-www-form-urlencoded' -X POST --data
>>>'token=334060588-dd4e-36a5-ad93-440cc77a1cfb'
>>>https://localhost:9443/oauth2/introspect
>>>
>>>2. Invoke introspection endpoint with the *token* and
>>>*token_type_hint*=*bearer*. Response - {"active":true}
>>>curl -k -u admin:admin -H 'Content-Type:
>>>application/x-www-form-urlencoded' -X POST --data
>>>'token=334060588-dd4e-36a5-ad93-440cc77a1cfb_type_hint=bearer'
>>>https://localhost:9443/oauth2/introspect
>>>
>>>3. Invoke introspection endpoint with the *token* and
>>>*token_type_hint*=*access_token*. Response - {"active":false}
>>>curl -k -u admin:admin -H 'Content-Type:
>>>application/x-www-form-urlencoded' -X POST --data
>>>
>>> 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb_type_hint=access_token'
>>>https://localhost:9443/oauth2/introspect
>>>
>>>
>>> According to the OAuth2 token introspection specification [2],
>>>
>>> If the server is unable to locate the token using the given hint,
>>>
>>> it MUST extend its search across all of its supported token types.
>>>
>>>
>>> So, according to the specification, It should send the active parameter
>>> of the response as true in the 3rd scenario.
>>>
>>> Appreciate your thoughts on this.
>>>
>>> [1]
>>> https://docs.wso2.com/display/IS541/Invoke+the+OAuth+Introspection+Endpoint
>>> [2] https://tools.ietf.org/html/rfc7662#section-2.1
>>>
>>> Thanks,
>>> Chanaka
>>> --
>>> *Chanaka Lakmal* | Software Engineer | WSO2 Inc.
>>> Mobile : (+94) 77 596 2256
>>>
>>>
>>> * <https://wso2.com/signature>*
>>>
>>
>>
>> --
>> Nilasini Thirunavukkarasu
>> Senior Software Engineer - WSO2
>>
>> Email : nilas...@wso2.com
>> Mobile : +94775241823
>> Web : http://wso2.com/
>>
>>
>> <http://wso2.com/signature>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> Farasath Ahamed
> Associate Technical Lead, WSO2 Inc.: http://wso2.com
> Mobile: +94777603866
> Blog: https://farasath.blogspot.com / https://medium.com/@farasath
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>
>
--
Nilasini Thirunavukkarasu
Senior Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] OAuth2 introspection endpoint with token_type_hint parameter
Hi Chanaka,
supporting *token_type_hint *parameter had been fixed in the master branch
[1][2] and will be released with the upcoming release.
[1] https://github.com/wso2/product-is/issues/3780
[2]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/970/files#diff-78ef442733b42d8573912a910e98d884R83
Thanks,
Nila.
On Fri, May 10, 2019 at 3:09 PM Chanaka Lakmal wrote:
> Hi all,
>
> I encountered an issue when trying to Invoke the OAuth2 Introspection
> Endpoint of WSO2 IS 5.7.0 as guided by the doc [1]. These are the scenarios
> I tried a valid token, and a part of the response status:
>
>
>1. Invoke introspection endpoint with the *token. *Response -
>{"active":true}
>curl -k -u admin:admin -H 'Content-Type:
>application/x-www-form-urlencoded' -X POST --data
>'token=334060588-dd4e-36a5-ad93-440cc77a1cfb'
>https://localhost:9443/oauth2/introspect
>
>2. Invoke introspection endpoint with the *token* and *token_type_hint*
>=*bearer*. Response - {"active":true}
>curl -k -u admin:admin -H 'Content-Type:
>application/x-www-form-urlencoded' -X POST --data
>'token=334060588-dd4e-36a5-ad93-440cc77a1cfb_type_hint=bearer'
>https://localhost:9443/oauth2/introspect
>
>3. Invoke introspection endpoint with the *token* and *token_type_hint*
>=*access_token*. Response - {"active":false}
>curl -k -u admin:admin -H 'Content-Type:
>application/x-www-form-urlencoded' -X POST --data
>'token=334060588-dd4e-36a5-ad93-440cc77a1cfb_type_hint=access_token'
>https://localhost:9443/oauth2/introspect
>
>
> According to the OAuth2 token introspection specification [2],
>
> If the server is unable to locate the token using the given hint,
>
> it MUST extend its search across all of its supported token types.
>
>
> So, according to the specification, It should send the active parameter
> of the response as true in the 3rd scenario.
>
> Appreciate your thoughts on this.
>
> [1]
> https://docs.wso2.com/display/IS541/Invoke+the+OAuth+Introspection+Endpoint
> [2] https://tools.ietf.org/html/rfc7662#section-2.1
>
> Thanks,
> Chanaka
> --
> *Chanaka Lakmal* | Software Engineer | WSO2 Inc.
> Mobile : (+94) 77 596 2256
>
>
> * <https://wso2.com/signature>*
>
--
Nilasini Thirunavukkarasu
Senior Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] WSO2 IS 5.3.0 issue in two node clustering with Postgres
XRSInvoker.java:204) > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) > ... 44 more > Caused by: org.wso2.carbon.identity.base.IdentityRuntimeException: > org.postgresql.util.PSQLException: Cannot change transaction isolation > level in the middle of a transaction. > at > org.wso2.carbon.identity.base.IdentityRuntimeException.error(IdentityRuntimeException.java:71) > at > org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager.getDBConnection(JDBCPersistenceManager.java:129) > at > org.wso2.carbon.identity.core.util.IdentityDatabaseUtil.getDBConnection(IdentityDatabaseUtil.java:46) > at > org.wso2.carbon.identity.oauth.dao.OAuthAppDAO.getConsumerAppState(OAuthAppDAO.java:458) > at > org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:88) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) > at > org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) > ... 49 more > Caused by: org.postgresql.util.PSQLException: Cannot change transaction > isolation level in the middle of a transaction. > at > org.postgresql.jdbc.PgConnection.setTransactionIsolation(PgConnection.java:887) > at sun.reflect.GeneratedMethodAccessor49.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.tomcat.jdbc.pool.ProxyConnection.invoke(ProxyConnection.java:126) > at > org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109) > at > org.wso2.carbon.ndatasource.rdbms.ConnectionRollbackOnReturnInterceptor.invoke(ConnectionRollbackOnReturnInterceptor.java:51) > at > org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109) > at > org.apache.tomcat.jdbc.pool.interceptor.AbstractCreateStatementInterceptor.invoke(AbstractCreateStatementInterceptor.java:71) > at > org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109) > at > org.apache.tomcat.jdbc.pool.interceptor.ConnectionState.invoke(ConnectionState.java:153) > at > org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109) > at org.apache.tomcat.jdbc.pool.TrapException.invoke(TrapException.java:41) > at > org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109) > at > org.apache.tomcat.jdbc.pool.DisposableConnectionFacade.invoke(DisposableConnectionFacade.java:80) > at com.sun.proxy.$Proxy18.setTransactionIsolation(Unknown Source) > at > org.wso2.carbon.identity.core.persistence.JDBCPersistenceManager.getDBConnection(JDBCPersistenceManager.java:125) > ... 58 more > > Thanks, > Shiva Kumar K R > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Introspection Endpoint throws stacktrace for expired JWT token
Hi Inthirakumaaran, According to the specification[1], if a token is inactive then we should only return *"active": false*, we should not return why the token in inactive. authorization server SHOULD NOT include any additional information >about an inactive token, including why the token is inactive [1] https://tools.ietf.org/html/rfc7662#section-2.2 Thanks, Nila. On Fri, Jan 18, 2019 at 3:24 PM Inthirakumaaran Tharmakulasingham < inthirakumaa...@wso2.com> wrote: > Hi, > > If we validate the expired JWT token in the introspection endpoint it > prompts a error log with stack trace while sending the correct response to > the user. The detail stack trace is in [1]. This happens because we are > throwing an IdentityOAuth2Exception while checking the expiry time and > propagating to a point where we log the error with the stack trace. > > There two viable solutions to this problem. > 1. Creating a sub Exception extending the IdentityOAuth2Exception. > 2. Creating an error code for this time expiration. > > Then we can build the correct introspection response without logging the > stack trace if we encountered the exception or error code. > > What would be the suitable solution to tackle this problem? Is there any > better way to handle this? > > This problem will occur for IS servers that are > using identity-inbound-auth-oauth module v6.0.66 or above. The current > is-product in the master branch have this module. > > [1]https://github.com/wso2/product-is/issues/4319 > > Thanks & Regards, > kumaaran > -- > *Inthirakumaaran* > Software Engineer | WSO2 > > E-mail:inthirakumaa...@wso2.com > Mobile:+94775558050 > Web:https://wso2.com > > <http://wso2.com/signature> > > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Customizing oauth2 introspection response
Hi Shiva, If you want to add a new claim to the token response then you could achieve that by following the below steps. 1. Enable AuthorizationContextTokenGeneration as mentioned in [1] 2. Invoke the introspection endpoint with the required claims (if it is more than then it should be comma separated values) similar to below request. curl -k -u admin:admin -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=bff07310-610b-33c1-8d79-95c8c93024e6&*required_claims=http://wso2.org/claims/emailaddress <http://wso2.org/claims/emailaddress>*' https: //localhost:9443/oauth2/introspect 3. Then you will get a JWT with your introspection response. If you decode the JWT you could see that the requested claims will be retrieved through the JWT. [1] https://docs.wso2.com/display/IS570/JWT+Token+Generation#JWTTokenGeneration-Configurations Thanks, Nila. On Tue, Jan 15, 2019 at 5:41 PM Shiva Kumar K R wrote: > Hi WSO2 Team, > I am using oauth2 token introspection API to verify token status and get > user information. Is it possible to customize the response body of this API > like adding new claim or modifying existing claim? > > Thank you, > Shiva > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] WSO2 IS KM 5.6 - XACML Scope Validator
Hi Juan, Could you please remove the following property from the /repository/conf/identity/identity.xml file and restart the server. A git issue has been reported to solve the issue [1]. OAuthScopeValidator class= "org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator [1] https://github.com/wso2/product-apim/issues/3777 Thanks, Nila. On Mon, Oct 8, 2018 at 8:55 PM Juan Pablo Vadell wrote: > Hi, > > Anyone could give me somo help on this? > > Thanks, > > Juan Pablo Vadell | *VATROX* > > > > On Tue, Sep 11, 2018 at 6:30 PM Juan Pablo Vadell > wrote: > >> Hi, >> >> The element has the same elements that you mention in >> both versions (IS 5.6 and IS KM 5.6). >> >> I was looking if there are differences at the features installed and >> looks the same. >> >> IMO, It's just a problem at the UI part, but can't find where. >> >> Thank you, >> >> Juan Pablo Vadell | *VATROX* >> *CTO* >> >> Cel: +54 9 351 678-1414 >> Work: +54 351 485-6602 >> skype: jpvadell >> >> >> On Tue, Sep 11, 2018 at 5:04 PM Farasath Ahamed >> wrote: >> >>> Can you check the section in >>> KM_HOME/repository/conf/identity/identity.xml of WSO2 IS KM 5.6.0? >>> >>> It should be as below. >>> >>> >> class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" /> >>> >> class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/> >>> >>> >>> If it is not the case you can change it as above and do a restart. >>> >>> >>> Thanks, >>> Farasath >>> >>> On Tue, Sep 11, 2018 at 4:47 PM, Juan Pablo Vadell >>> wrote: >>> >>>> Hi Devs, >>>> >>>> There is a problem when I try to create a Service Provider, access to >>>> Inbound Authentication Configuration -> OAuth/OpenID Connect >>>> Configuration -> Configure -> and try to choose *XACML Scope Validator*, >>>> because this option is not available, I only can see the *Role based >>>> scope validator * >>>> If I try to do the same with the standard distribution of WSO2 IS 5.6, >>>> XACML Scope Validator appears as an option. >>>> >>>> There is a way to do this? >>>> >>>> Thank you, >>>> >>>> Juan Pablo Vadell | *VATROX* >>>> >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Farasath Ahamed >>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> <http://wso2.com/signature> >>> >>> >>> >>> ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] DB2 stored procedure give syntax errors
Hi, The issue was delimiter character not set properly. After setting the delimiter character as */* and ignore the native delimiter, the above-mentioned error was gone but again I have got another issue as follows. SQL Error [42704]: "DB2INST1.Tables" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=4.23.42 com.ibm.db2.jcc.am.SqlSyntaxErrorException: "DB2INST1.Tables" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=4.23.42 I could able to solve this issue using [1]. The reason was we should retrieve all the tables name using *SYSIBM.SYSTABLES*. [1] https://stackoverflow.com/a/3584161/6671627 Thanks, Nila. On Tue, Aug 28, 2018 at 4:11 PM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote: > I am creating a stored procedure for db2. But it is giving an error saying > that > > > "SQL Error [42601]: An unexpected token "END-OF-STATEMENT" was found > > following "SS_TOKEN_BAK". Expected tokens may include: " END IF".. > > SQLCODE=-104, SQLSTATE=42601, DRIVER=4.23.42". > > Following is the part of my stored procedure which gives the above error. > > > > CREATE OR REPLACE PROCEDURE TOKEN_CLEANUP_SP > > BEGIN > > DECLARE batchSize INTEGER; > > -- -- > -- CONFIGURABLE ATTRIBUTES > -- -- > SET batchSize = 1; > > -- -- > -- BACKUP IDN_OAUTH2_ACCESS_TOKEN TABLE > -- -- > IF EXISTS (SELECT TABLE_NAME FROM TABLES WHERE TABLE_NAME = > 'IDN_OAUTH2_ACCESS_TOKEN_BAK') > THEN > DROP TABLE IDN_OAUTH2_ACCESS_TOKEN_BAK; > END IF; > > END/ > > > Is anyone face this type of issue?. Any help on this would be much > appreciated. > > Thanks, > Nila. > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] DB2 stored procedure give syntax errors
I am creating a stored procedure for db2. But it is giving an error saying that > "SQL Error [42601]: An unexpected token "END-OF-STATEMENT" was found > following "SS_TOKEN_BAK". Expected tokens may include: " END IF".. > SQLCODE=-104, SQLSTATE=42601, DRIVER=4.23.42". Following is the part of my stored procedure which gives the above error. CREATE OR REPLACE PROCEDURE TOKEN_CLEANUP_SP BEGIN DECLARE batchSize INTEGER; -- -- -- CONFIGURABLE ATTRIBUTES -- -- SET batchSize = 1; -- -- -- BACKUP IDN_OAUTH2_ACCESS_TOKEN TABLE -- -- IF EXISTS (SELECT TABLE_NAME FROM TABLES WHERE TABLE_NAME = 'IDN_OAUTH2_ACCESS_TOKEN_BAK') THEN DROP TABLE IDN_OAUTH2_ACCESS_TOKEN_BAK; END IF; END/ Is anyone face this type of issue?. Any help on this would be much appreciated. Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] update service provider from soap APs in WSO2 identity server 5.5.0
Hi Shiva, You can't update the service provider partially. If you want to update an existing value you should provide all of the other attributes if you want to keep rest of the attributes as it is. According to [1] before adding the new changes we are deleting the existing configurations. Therefore if you didn't give the existing values for the claim configuration, then your claim configuration will be empty. [1] https://github.com/wso2/carbon-identity-framework/ blob/master/components/application-mgt/org.wso2.carbon.identity.application. mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ ApplicationDAOImpl.java#L389-L390 Thanks, Nila. On Tue, Aug 14, 2018 at 8:38 PM, Shiva Kumar wrote: > Hi, > > I want to update only description of service provider but when i tried > below request it is updating claim configuration as well how can I achieve > this? > > *REQUEST* > > http://schemas. > xmlsoap.org/soap/envelope/" <http://schemas.xmlsoap.org/soap/envelope/> > xmlns:xsd="http://org.apache.axis2/xsd; <http://org.apache.axis2/xsd> > xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd; > <http://model.common.application.identity.carbon.wso2.org/xsd>> > > > > > $SP_ID > $SP_NAME > New Description > > > false > > > > > > > Thanks, > > Shiva > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Sending a HashMap from front end to backend
+dev On Mon, Jul 2, 2018 at 2:06 PM, Nilasini Thirunavukkarasu wrote: > Hi, > > I am working on a UI change to support multiple certificate to IDP. > According to my current implementation if we upload the multiple > certificates the UI will look like as below. According to the discussion > [1] suggested change is to have a delete option for each certificate > separately rather than having one delete option. > > > > > With the suggested changes UI will look similar to following. > > > > Now we need to have a track on which table got deleted (This is not the > case previously because previously delete means there is no remaining > certificate since only one certificate can be uploaded). > > In order to have a track on which table got deleted, I am introducing a > HashMap which contains tableId as the key and certificate as the value[2]. > So once we delete the table, then using the tableId we could find which > certificate was deleted and what are the remaining certificates. > > In order to do that I am sending a HashMap object to a form as in [3]. > When it coming to backend, the HashMap object came as a byte array[4]. > > I couldn't use deserialization as in [5]. It gives > > "Method threw 'java.io.StreamCorruptedException' exception." > Cause :- "java.io.StreamCorruptedException: invalid stream header: > 5B6F626A" > > I have tried [6] as well. That also doesn't give proper solution. > > Is there any other approach to do the above requirement?, Is it possible > to get the HashMap object from the byte array?. > > Could anyone please help me to solve this issue? > > > [1] Updated invitation: Support secondary certificate for IDP @ Tue Jun > 26, 2018 2:30pm - 4pm (IST) (IAM team) > > [2] https://github.com/nilasini/carbon-identity-framework/ > blob/WIP/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/ > src/main/resources/web/idpmgt/idp-mgt-edit.jsp#L3311-L3319 > > [3] https://github.com/nilasini/carbon-identity-framework/ > blob/WIP/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/ > src/main/resources/web/idpmgt/idp-mgt-edit.jsp#L1728-L1736 > > [4] https://github.com/nilasini/carbon-identity-framework/ > blob/WIP/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/ > src/main/java/org/wso2/carbon/idp/mgt/ui/util/IdPManagementU > IUtil.java#L124 > > [5] https://github.com/nilasini/carbon-identity-framework/ > blob/WIP/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/ > src/main/java/org/wso2/carbon/idp/mgt/ui/util/IdPManagementU > IUtil.java#L313-L330 > > [6] https://coderanch.com/t/647594/java/Split-byte-array-HashMap > > Thanks, > Nila. > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC1
Hi, Tested below scenarios on the RC1 pack, - Authorization code grant - Implicit grant - Client credential grant - Password grant - Invoke user info with the access token retrieved from authorization code grant - OIDC federation with two IS [+] Stable - Go ahead and release Thanks, Nila. On Sat, Jun 9, 2018 at 3:35 PM, Madawa Soysa wrote: > Hi all, > > We are pleased to announce the first release candidate of WSO2 Identity > Server 5.6.0. > > This is the first release candidate (RC) of the WSO2 Identity Server 5.6.0 > release. > > This release fixes the following issues > >- 5.6.0-RC1 Fixes ><https://github.com/wso2/product-is/milestone/40?closed=1> >- 5.6.0-Beta Fixes ><https://github.com/wso2/product-is/milestone/39?closed=1> >- 5.6.0-Alpha2 Fixes ><https://github.com/wso2/product-is/milestone/43?closed=1> >- 5.6.0-Alpha Fixes ><https://github.com/wso2/product-is/milestone/38?closed=1> >- 5.6.0-M7 Fixes ><https://github.com/wso2/product-is/milestone/37?closed=1> >- 5.6.0-M6 Fixes ><https://github.com/wso2/product-is/milestone/36?closed=1> >- 5.6.0-M5 Fixes ><https://github.com/wso2/product-is/milestone/35?closed=1> >- 5.6.0-M4 Fixes ><https://github.com/wso2/product-is/milestone/34?closed=1> >- 5.6.0-M3 Fixes ><https://github.com/wso2/product-is/milestone/33?closed=1> >- 5.6.0-M2 Fixes ><https://github.com/wso2/product-is/milestone/31?closed=1> >- 5.6.0-M1 Fixes ><https://github.com/wso2/product-is/milestone/30?closed=1> > > Source and distribution, > - https://github.com/wso2/product-is/releases/tag/v5.6.0-rc1 > > Please download, test the product and vote. > > [+] Stable - go ahead and release > [-] Broken - do not release (explain why) > > Thanks, > WSO2 Identity and Access Management Team - > -- > > Madawa Soysa / Senior Software Engineer > mada...@wso2.com / +94714616050 > > *WSO2 Inc.* > lean.enterprise.middleware > > <https://wso2.com/signature> > > > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] How I can disable oauth2 consent
Hi Shiva, You can disable the consent page using the following configuration in identity.xml file. . true .. Thanks, Nila. On Fri, May 18, 2018 at 11:11 AM, Shiva Kumar <shiv...@securelyshare.com> wrote: > Hi All, > > I added few claims for service provider in the claim configuration, I am > getting oauth2 consent page how can I skip this configuration. > > Thanks, > > Shiva > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] NPE when request a self contained access token with requested claims in OIDC
Hi, As mentioned in [1], when we request a self-contained access token with requested claims NPE is thrown. The root cause is from [2] and [3]. Here we are filtering the claims from request object where access token is null[3]. When we create jwt token, before creating the token we are retrieving the requested claims and add those to jwt claims[2]. So until we got the jwt claims, the JWT won't get created. Created a git issue to track the issue [4]. Seems like this is a deadlock situation. Callback handler needs an access token to populate claims. JwtTokenIssuer is using callback handler to populate claims in order to issue an access token. Looks like a design issue in the jwt access token issuer. Appreciate any input on this. [1] [Dev] Issues with extra claims when using self-signed tokens [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L160 [3] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.6.63/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.java#L191 [4] https://github.com/wso2/product-is/issues/3086 Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Issues with extra claims when using self signed tokens
ve.java:169) > > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:103) > > at org.wso2.carbon.identity.context.rewrite.valve. > TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80) > > at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke( > AuthorizationValve.java:91) > > at org.wso2.carbon.identity.auth.valve.AuthenticationValve. > invoke(AuthenticationValve.java:60) > > at org.wso2.carbon.tomcat.ext.valves.CompositeValve. > continueInvocation(CompositeValve.java:99) > > at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1. > invoke(CarbonTomcatValve.java:47) > > at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke( > TenantLazyLoaderValve.java:57) > > at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer. > invokeValves(TomcatValveContainer.java:47) > > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke( > CompositeValve.java:62) > > at org.wso2.carbon.tomcat.ext.valves. > CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValv > e.java:159) > > at org.apache.catalina.valves.AccessLogValve.invoke( > AccessLogValve.java:962) > > at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. > invoke(CarbonContextCreatorValve.java:57) > > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:116) > > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:445) > > at org.apache.coyote.http11.AbstractHttp11Processor.process( > AbstractHttp11Processor.java:1115) > > at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler. > process(AbstractProtocol.java:637) > > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor. > doRun(NioEndpoint.java:1775) > > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor. > run(NioEndpoint.java:1734) > > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1149) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:624) > > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run( > TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:748) > > > > > > Any help or insights would be greatly appreciated. > > > > Thank you, > > Ciprian Sabolovits > CONFIDENTIALITY NOTICE: This email message and any attachments are for the > sole use of the intended recipient(s) and may contain confidential > information of Cognosante Holdings, LLC and/or its subsidiaries, including > Cognosante, LLC, Cognosante Consulting, LLC, and Cognosante MVH, LLC and is > protected by law. If you have received this in error, please reply to the > sender and delete it from your system. If you are the intended recipient, > you may use the information contained in this message and any files > attached only as authorized. > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Renamed identity-inbound-auth-saml branches
Hi, Since we are continuing the current identity server releases based on c4, identity-inbound-auth-saml repo[1] undergoes following branch changes. - *master* branch which had c5 related works renamed as *deprecated-c5-implementation* - *5.3.x *branch which had the code until IS-5.4.1 release was merged to *5.4.x *and* 5.3.x *branch will be deleted. - *5.4.x* branch which is currently the default and active branch has been renamed as *master* [1] https://github.com/wso2-extensions/identity-inbound-auth-saml/tree/master Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC2
.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3> >>>>>>- 5.5.0-Alpha2 fixes >>>>>> >>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2> >>>>>>- 5.5.0-Alpha fixes >>>>>> >>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha> >>>>>>- 5.5.0-M4 fixes >>>>>> >>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4> >>>>>>- 5.5.0-M3 fixes >>>>>> >>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3> >>>>>>- 5.5.0-M2 fixes >>>>>> >>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2> >>>>>>- 5.5.0-M1 fixes >>>>>> >>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1> >>>>>> >>>>>> >>>>>> Source and distribution >>>>>> >>>>>> Runtime - https://github.com/wso2/product-is/releases/v5.5.0-rc2 >>>>>> Analytics - https://github.com/wso2/anal >>>>>> ytics-is/releases/v5.5.0-rc2 >>>>>> >>>>>> >>>>>> Please download, test the product and vote. >>>>>> >>>>>> [+] Stable - go ahead and release >>>>>> [-] Broken - do not release (explain why) >>>>>> >>>>>> >>>>>> Thanks, >>>>>> - WSO2 Identity and Access Management Team - >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>>>>> >>>>>> *Darshana Gunawardana*Technical Lead >>>>>> WSO2 Inc.; http://wso2.com >>>>>> >>>>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >>>>>> Middleware >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Best Regards, >>>>> >>>>> Nuwandi Wickramasinghe >>>>> >>>>> Senior Software Engineer >>>>> >>>>> WSO2 Inc. >>>>> >>>>> Web : http://wso2.com >>>>> >>>>> Mobile : 0719214873 <071%20921%204873> >>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> >>>> >>>> *Kind Regards,Nipuni Bhagya* >>>> >>>> *Software Engineering Intern* >>>> *WSO2* >>>> >>>> >>>> >>>> *Mobile : +94 0779028904 <+94%2077%20767%201807>* >>>> >>>> ___ >>>> Architecture mailing list >>>> architect...@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Software Engineer >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : gdrdabar...@gmail.com >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 <077%20019%208933> >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> Thanks, >> -- >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >> ushpalanka/ | Twitter: @pushpalanka >> >> >> ___ >> Architecture mailing list >> architect...@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Denuwanthi De Silva > Senior Software Engineer; > WSO2 Inc.; http://wso2.com, > Email: denuwan...@wso2.com > Blog: https://denuwanthi.wordpress.com/ > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1
Hi, I have tested the following flows in mysql. - User management, role management (Primary + Secondary user store) - OIDC flow (password grant, authorization code)(Primary + Secondary user store) - consent management with SAML SSO for primary and secondary users. - SAML assertion encryption and response signing. I have tested the following flow with h2 - federated scenario with two IS +1 to go ahead and release Thanks, Nila. On Wed, Mar 14, 2018 at 6:15 PM, Darshana Gunawardana <darsh...@wso2.com> wrote: > Hi Dilini, > > We will fix this, if we noted any blocker for RC1 release.. If not, let's > continue on the vote considering this is a known issue.. > > Thanks, > > On Wed, Mar 14, 2018 at 6:05 PM, Dilini Gunatilake <dili...@wso2.com> > wrote: > >> Hi, >> >> The README .txt contains references to old documentation and few other >> issues which is reported in [1]. Better if we can fix those. WDUT? >> >> [1] https://github.com/wso2/product-is/issues/2945 >> >> Regards, >> Dilini >> >> >> >> On Wed, Mar 14, 2018 at 5:23 PM, Farasath Ahamed <farasa...@wso2.com> >> wrote: >> >>> >>> Tested Below scenario on the IS 5.5.0-RC1 pack with MSSQL database >>> >>>- Create an OAuth app using Dynamic Client Registration endpoint >>>- Configured mandatory claims for the service provider >>>- Tested OIDC Implicit flow with user consent management enabled >>>- Verified that the user claims sent in the id_token are filtered >>>based on user consent. >>> >>> +1 to go ahead and release >>> >>> >>> On Wed, Mar 14, 2018 at 11:16 AM, Sathya Bandara <sat...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> We are pleased to announce the first release candidate of WSO2 Identity >>>> Server 5.5.0. >>>> >>>> This is the first release candidate (RC) of the WSO2 Identity Server >>>> 5.5.0 release. >>>> >>>> >>>> This release fixes the following issues >>>> >>>>- 5.5.0-RC1 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1> >>>>- 5.5.0-Beta fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta> >>>>- 5.5.0-Alpha3 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3> >>>>- 5.5.0-Alpha2 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2> >>>>- 5.5.0-Alpha fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha> >>>>- 5.5.0-M4 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4> >>>>- 5.5.0-M3 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3> >>>>- 5.5.0-M2 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2> >>>>- 5.5.0-M1 fixes >>>> >>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1> >>>> >>>> >>>> Source and distribution >>>> >>>> Runtime - https://github.com/wso2/produc >>>> t-is/releases/tag/v5.5.0-rc1 >>>> Analytics - https://github.com/wso2/analyt >>>> ics-is/releases/tag/v5.5.0-rc1 >>>> >>>> >>>> Please download, test the product and vote. >>>> >>>> [+] Stable - go ahead and release >>>> [-] Broken - do not release (explain why) >>>> >>>> >>>> Thanks, >>>> - WSO2 Identity and Access Management Team - >>>> >>>> -- >>>> Sathya Bandara >>>> Software Engineer >>>> WSO2 Inc. http://wso2.com >>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>> >>>> <+94%2071%20411%205032> >>>> >>> >>> >>> >>> -- >>> Farasath Ahamed >>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @far
[Dev] WSO2 Identity Server 5.4.1 Update5 Released !!!
The WSO2 Identity and Access Management team is pleased to announce the release of WSO2 Identity Server 5.4.1 Update5. You can build the distribution from the source tag, Runtime: https://github.com/wso2/product-is/releases/tag/v5.4.1-update5 follow the steps given below. *Building from the source* 1. Install Java8 or above 2. Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#) 3. Get the source, - For the Runtime: Get a clone from https://github.com/wso2/p roduct-is.git and checkout to v5.4.1-update5 tag or you can directly download the source for the tag from https://github.com/wso2/product-is/releases/tag/v5.4.1-update5 4. Run the one of the below maven commands from product-is directory, - *mvn** clean install* (To build the binary and source distributions with the tests) - *mvn** clean install -Dmaven.test.skip=true* (To build the binary and source distributions, without running any of the unit/integration tests) 5. You can find the wso2is-5.4.1-update5.zip binary distribution in product-is/modules/distribution/target directory. What's new in WSO2 Identity Server 5.4.1 Update5 New Features & Bug Fixes: A list of new features and bug fixes shipped with this release can be found here <https://github.com/wso2/product-is/milestone/28?closed=1>. Download You can download WSO2 Identity Server 5.4.1 Update5 here <https://github.com/wso2/product-is/releases/download/v5.4.1-update5/wso2is-5.4.1-update5.zip> . Contribute to WSO2 Identity ServerMailing Lists Join our mailing lists and correspond with the developers directly. We also encourage you to take part in discussions related to the product in the architecture mailing list. If you have any questions regarding the product you can use our StackOverflow forum to raise them as well. - Developer List: dev@wso2.org - Architecture List: architect...@wso2.org - User Forum: StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues We encourage you to report issues, improvements, and feature requests regarding WSO2 Identity Server through our public WSO2 Identity Server GIT Issues <https://github.com/wso2/product-is/issues>. ~ The WSO2 Identity and Access Management Team ~ -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] WSO2 Identity Server 5.4.1 Update4 Released !!!
The WSO2 Identity and Access Management team is pleased to announce the release of WSO2 Identity Server 5.4.1 Update4. You can build the distribution from the source tag, Runtime: https://github.com/wso2/product-is/releases/tag/v5.4.1-update4 follow the steps given below. *Building from the source* 1. Install Java8 or above 2. Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#) 3. Get the source, - For the Runtime: Get a clone from https://github.com/wso2/p roduct-is.git and checkout to v5.4.1-update4 tag or you can directly download the source for the tag from https://github.com/wso2/ product-is/releases/tag/v5.4.1-update4 <https://github.com/wso2/product-is/releases/tag/v5.4.1-update4> 4. Run the one of the below maven commands from product-is directory, - *mvn** clean install* (To build the binary and source distributions with the tests) - *mvn** clean install -Dmaven.test.skip=true* (To build the binary and source distributions, without running any of the unit/integration tests) 5. You can find the wso2is-5.4.1-update4.zip binary distribution in product-is/modules/distribution/target directory. What's new in WSO2 Identity Server 5.4.1 Update4 New Features & Bug Fixes: A list of new features and bug fixes shipped with this release can be found here <https://github.com/wso2/product-is/milestone/24?closed=1>. Download You can download WSO2 Identity Server 5.4.1 Update4 here <https://github.com/wso2/product-is/releases/download/v5.4.1-update4/wso2is-5.4.1-update4.zip> . Contribute to WSO2 Identity ServerMailing Lists Join our mailing lists and correspond with the developers directly. We also encourage you to take part in discussions related to the product in the architecture mailing list. If you have any questions regarding the product you can use our StackOverflow forum to raise them as well. - Developer List: dev@wso2.org - Architecture List: architect...@wso2.org - User Forum: StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues We encourage you to report issues, improvements, and feature requests regarding WSO2 Identity Server through our public WSO2 Identity Server GIT Issues <https://github.com/wso2/product-is/issues>. ~ The WSO2 Identity and Access Management Team ~ -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] WSO2 Identity Server 5.4.1 Update1 Released !!!
The WSO2 Identity and Access Management team is pleased to announce the release of WSO2 Identity Server 5.4.1 Update1. You can build the distribution from the source tag, Runtime: https://github.com/wso2/product-is/releases/tag/v5.4.1-update1 follow the steps given below. *Building from the source* 1. Install Java8 or above 2. Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#) 3. Get the source, - For the Runtime: Get a clone from https://github.com/wso2/p roduct-is.git and checkout to v5.4.1-update1 tag or you can directly download the source for the tag from https://github.com/wso2/ product-is/releases/tag/v5.4.1-update1 <https://github.com/wso2/product-is/releases/tag/v5.4.1-update1>1 4. Run the one of the below maven commands from product-is directory, - *mvn** clean install* (To build the binary and source distributions with the tests) - *mvn** clean install -Dmaven.test.skip=true* (To build the binary and source distributions, without running any of the unit/integration tests) 5. You can find the wso2is-5.4.1-update1.zip binary distribution in product-is/modules/distribution/target directory. What's new in WSO2 Identity Server 5.4.1 Update1 New Features & Bug Fixes: A list of new features and bug fixes shipped with this release can be found here <https://github.com/wso2/product-is/milestone/19?closed=1> and here <https://wso2.org/jira/issues/?filter=14518>. Download You can download WSO2 Identity Server 5.4.1 Update1 here <https://github.com/wso2/product-is/releases/download/v5.4.1-update1/wso2is-5.4.1-update1.zip> . Contribute to WSO2 Identity ServerMailing Lists Join our mailing lists and correspond with the developers directly. We also encourage you to take part in discussions related to the product in the architecture mailing list. If you have any questions regarding the product you can use our StackOverflow forum to raise them as well. - Developer List: dev@wso2.org - Architecture List: architect...@wso2.org - User Forum: StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues We encourage you to report issues, improvements, and feature requests regarding WSO2 Identity Server through our public WSO2 Identity Server GIT Issues <https://github.com/wso2/product-is/issues>. ~ The WSO2 Identity and Access Management Team ~ -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Error code unsupported_client_authentication_method in IS-5.4.1
Hi,
Thanks. Sent the PR.
Thanks,
Nila.
On Wed, Feb 7, 2018 at 12:00 AM, Hasintha Indrajee <hasin...@wso2.com>
wrote:
>
>
> On Tue, Feb 6, 2018 at 11:43 PM, Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Hi,
>>
>> Thank you for the reply.
>>
>> I have checked it in identity-inbound-auth-oauth 5.6.x branch which is
>> used for 5.5.0, the error code was changed from
>> *unsupported_client_authentication_method
>> *but anyhow it has been changed to *invalid_request.*Shouldn't we
>> need to change the error code as *invalid_client*?
>>
>
> +1. Let's do this change.
>
>>
>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/5.6.x/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/A
>> ccessTokenIssuer.java#L168-L170
>>
>>
>> Thanks,
>> Nila.
>>
>> On Tue, Feb 6, 2018 at 10:49 PM, Hasintha Indrajee <hasin...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Tue, Feb 6, 2018 at 10:32 PM, Maduranga Siriwardena <
>>> madura...@wso2.com> wrote:
>>>
>>>> Hi Nilasini,
>>>>
>>>> Yes, unsupported_client_authentication_method is a incorrect error
>>>> message. So we need to fix this.
>>>>
>>>> I think this should be already fixed in IS 5.5.0 branch. *@Hasintha*,
>>>> can you confirm?
>>>>
>>>
>>> IIRC this is already fixed in 5.5.0-snapshot
>>>
>>>>
>>>> Thanks,
>>>>
>>>> On Tue, Feb 6, 2018 at 5:07 PM, Nilasini Thirunavukkarasu <
>>>> nilas...@wso2.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> In IS-5.4.1 if there is no client authentication in the token request,
>>>>> we are giving the error code
>>>>> *unsupported_client_authentication_method*. According to the spec[1],
>>>>> if there is no client authentication or unsupported client authentication,
>>>>> it will fall under "invalid_client".
>>>>>
>>>>> invalid_client
>>>>>Client authentication failed (e.g., unknown client, no
>>>>>client authentication included, or unsupported
>>>>>authentication method). The authorization server MAY
>>>>>return an HTTP 401 (Unauthorized) status code to indicate
>>>>>which HTTP authentication schemes are supported. If the
>>>>>client attempted to authenticate via the "Authorization"
>>>>>request header field, the authorization server MUST
>>>>>respond with an HTTP 401 (Unauthorized) status code and
>>>>>include the "WWW-Authenticate" response header field
>>>>>matching the authentication scheme used by the client.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> According to the spec, there is no standard error code like
>>>>> *unsupported_client_authentication_method.
>>>>> *Is there any specific reason to introduce a new error code
>>>>> *unsupported_client_authentication_method *in IS5.4.1?.
>>>>>
>>>>> Example:-
>>>>>
>>>>> request:-
>>>>> curl -H -k -d "grant_type=client_credentials" -H
>>>>> "Content-Type:application/x-www-form-urlencoded"
>>>>> https://localhost:9443/oauth2/token -k
>>>>>
>>>>> response:-
>>>>> {"error_description":"Unsupported Client Authentication
>>>>> Method!","error":"unsupported_client_authentication_method"}
>>>>>
>>>>> Please correct me if I'm wrong.
>>>>>
>>>>> [1] https://tools.ietf.org/html/rfc6749#section-5.2
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Nila.
>>>>>
>>>>> --
>>>>> Nilasini Thirunavukkarasu
>>>>> Software Engineer - WSO2
>>>>>
>>>>> Email : nilas...@wso2.com
>>>>> Mobile : +94775241823 <+94%2077%20524%201823>
>>>>> Web : http://wso2.com/
>>>>>
>>>>>
>>>>> <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Maduranga Siriwardena
>>>> Senior Software Engineer
>>>> WSO2 Inc; http://wso2.com/
>>>>
>>>> Email: madura...@wso2.com
>>>> Mobile: +94718990591 <071%20899%200591>
>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>> <http://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453 <+94%2077%20189%202453>
>>>
>>>
>>
>>
>> --
>> Nilasini Thirunavukkarasu
>> Software Engineer - WSO2
>>
>> Email : nilas...@wso2.com
>> Mobile : +94775241823 <077%20524%201823>
>> Web : http://wso2.com/
>>
>>
>> <http://wso2.com/signature>
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>
--
Nilasini Thirunavukkarasu
Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Error code unsupported_client_authentication_method in IS-5.4.1
Hi,
Thank you for the reply.
I have checked it in identity-inbound-auth-oauth 5.6.x branch which is used
for 5.5.0, the error code was changed from
*unsupported_client_authentication_method
*but anyhow it has been changed to *invalid_request.*Shouldn't we need to
change the error code as *invalid_client*?
[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/5.6.x/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java#L168-L170
Thanks,
Nila.
On Tue, Feb 6, 2018 at 10:49 PM, Hasintha Indrajee <hasin...@wso2.com>
wrote:
>
>
> On Tue, Feb 6, 2018 at 10:32 PM, Maduranga Siriwardena <madura...@wso2.com
> > wrote:
>
>> Hi Nilasini,
>>
>> Yes, unsupported_client_authentication_method is a incorrect error
>> message. So we need to fix this.
>>
>> I think this should be already fixed in IS 5.5.0 branch. *@Hasintha*,
>> can you confirm?
>>
>
> IIRC this is already fixed in 5.5.0-snapshot
>
>>
>> Thanks,
>>
>> On Tue, Feb 6, 2018 at 5:07 PM, Nilasini Thirunavukkarasu <
>> nilas...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> In IS-5.4.1 if there is no client authentication in the token request,
>>> we are giving the error code *unsupported_client_authentication_method*.
>>> According to the spec[1], if there is no client authentication or
>>> unsupported client authentication, it will fall under "invalid_client".
>>>
>>> invalid_client
>>>Client authentication failed (e.g., unknown client, no
>>>client authentication included, or unsupported
>>>authentication method). The authorization server MAY
>>>return an HTTP 401 (Unauthorized) status code to indicate
>>>which HTTP authentication schemes are supported. If the
>>>client attempted to authenticate via the "Authorization"
>>>request header field, the authorization server MUST
>>>respond with an HTTP 401 (Unauthorized) status code and
>>>include the "WWW-Authenticate" response header field
>>>matching the authentication scheme used by the client.
>>>
>>>
>>>
>>>
>>> According to the spec, there is no standard error code like
>>> *unsupported_client_authentication_method.
>>> *Is there any specific reason to introduce a new error code
>>> *unsupported_client_authentication_method *in IS5.4.1?.
>>>
>>> Example:-
>>>
>>> request:-
>>> curl -H -k -d "grant_type=client_credentials" -H
>>> "Content-Type:application/x-www-form-urlencoded"
>>> https://localhost:9443/oauth2/token -k
>>>
>>> response:-
>>> {"error_description":"Unsupported Client Authentication
>>> Method!","error":"unsupported_client_authentication_method"}
>>>
>>> Please correct me if I'm wrong.
>>>
>>> [1] https://tools.ietf.org/html/rfc6749#section-5.2
>>>
>>>
>>> Thanks,
>>> Nila.
>>>
>>> --
>>> Nilasini Thirunavukkarasu
>>> Software Engineer - WSO2
>>>
>>> Email : nilas...@wso2.com
>>> Mobile : +94775241823 <+94%2077%20524%201823>
>>> Web : http://wso2.com/
>>>
>>>
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Maduranga Siriwardena
>> Senior Software Engineer
>> WSO2 Inc; http://wso2.com/
>>
>> Email: madura...@wso2.com
>> Mobile: +94718990591 <071%20899%200591>
>> Blog: *https://madurangasiriwardena.wordpress.com/
>> <https://madurangasiriwardena.wordpress.com/>*
>> <http://wso2.com/signature>
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>
--
Nilasini Thirunavukkarasu
Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Error code unsupported_client_authentication_method in IS-5.4.1
Hi,
In IS-5.4.1 if there is no client authentication in the token request, we
are giving the error code *unsupported_client_authentication_method*.
According to the spec[1], if there is no client authentication or
unsupported client authentication, it will fall under "invalid_client".
invalid_client
Client authentication failed (e.g., unknown client, no
client authentication included, or unsupported
authentication method). The authorization server MAY
return an HTTP 401 (Unauthorized) status code to indicate
which HTTP authentication schemes are supported. If the
client attempted to authenticate via the "Authorization"
request header field, the authorization server MUST
respond with an HTTP 401 (Unauthorized) status code and
include the "WWW-Authenticate" response header field
matching the authentication scheme used by the client.
According to the spec, there is no standard error code like
*unsupported_client_authentication_method.
*Is there any specific reason to introduce a new error code
*unsupported_client_authentication_method *in IS5.4.1?.
Example:-
request:-
curl -H -k -d "grant_type=client_credentials" -H
"Content-Type:application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token -k
response:-
{"error_description":"Unsupported Client Authentication
Method!","error":"unsupported_client_authentication_method"}
Please correct me if I'm wrong.
[1] https://tools.ietf.org/html/rfc6749#section-5.2
Thanks,
Nila.
--
Nilasini Thirunavukkarasu
Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Validation query for DB2 in Identity server 5.4.0-GA and 5.4.1-GA
Hi, I have tested db2 as the database with IS-5.4.1, at the server startup, I got SQL exception (see the attachment for stack trace). In order to verify the exception with older versions, I have tested older versions with DB2. Following are the observations. version :- 5.3.0-GA, 5.4.0 - alpha2 *validation query :- SELECT 1* Status :- Got exception at the server startup (Due to syntax error in db2 script) Fixed the syntax errors with [1] for later versions. version :- 5.4.0 - alpha5 *validation query :- SELECT 1* Status:- Server starts without any errors version :- 5.4.0 - GA & 5.4.1-GA *validation query :- SELECT 1* Status :- validation query exception at server startup Changed the validation query according to [2] and tested version :- 5.4.0 - GA & 5.4.1-GA *validation query :- SELECT 1 FROM SYSIBM.SYSDUMMY1 (modify and tested)* Status:- Server starts without any errors. For more details regarding the stack trace, please see the attachment. created a git issue[3] to track the problem. What is the reason of this behavior?. With the existing validation query 5.4.0 - alpha5 works fine, but 5.4.0-GA giving an exception. Any help on this would be appreciated. [1] https://wso2.org/jira/browse/IDENTITY-6377 [2] https://stackoverflow.com/questions/10684244/dbcp-validationquery-for-different-databases [3] https://github.com/wso2/product-is/issues/2246 Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> db2_testing_results Description: Binary data ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Tested IS-5.4.1 with Oracle & Postgres database
Hi, Did a basic functionality test with DB2 as well. Face some issues and reported by mail thread [1]. After fixing the issue, sanity testing works fine with DB2. [1] Validation query for DB2 in Identity server 5.4.0-GA and 5.4.1-GA Thanks, Nila. On Thu, Feb 1, 2018 at 2:24 PM, Nilasini Thirunavukkarasu <nilas...@wso2.com > wrote: > Hi, > > I have tested the databases Postgres, Oracle for IS-5.4.1 with basic > functionalities includes SCIM1 & SCIM2 (add, update, get, delete user & > role, inbound & outbound provisioning), OAuth/OIDC & SAML federation, email > username scenarios. > > In addition to that tested the migration scenario from IS-5.4.0 to > IS-5.4.1. There were no migration changes. IS-5.4.0 schemas work fine with > IS-5.4.1 pack. > > Created a git doc issue [1] & verify, fix the identity jiras [2], [3], [4] > which are reported for Oracle & Postgres database. > > [1] https://github.com/wso2/product-is/issues/2225 > [2] https://wso2.org/jira/browse/IDENTITY-4622 > [3] https://wso2.org/jira/browse/IDENTITY-6441 > [4] https://wso2.org/jira/browse/IDENTITY-6943 > > > Thanks, > Nila. > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Tested IS-5.4.1 with Oracle & Postgres database
Hi, I have tested the databases Postgres, Oracle for IS-5.4.1 with basic functionalities includes SCIM1 & SCIM2 (add, update, get, delete user & role, inbound & outbound provisioning), OAuth/OIDC & SAML federation, email username scenarios. In addition to that tested the migration scenario from IS-5.4.0 to IS-5.4.1. There were no migration changes. IS-5.4.0 schemas work fine with IS-5.4.1 pack. Created a git doc issue [1] & verify, fix the identity jiras [2], [3], [4] which are reported for Oracle & Postgres database. [1] https://github.com/wso2/product-is/issues/2225 [2] https://wso2.org/jira/browse/IDENTITY-4622 [3] https://wso2.org/jira/browse/IDENTITY-6441 [4] https://wso2.org/jira/browse/IDENTITY-6943 Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] OAuth2 Client Authentication Error Response when authorization header is malformed
Hi, Client password is just one of the client authentication methods and also client authentication can be extensible according to OAuth2. So why can't we say this as an unsupported authentication method?. According to the spec If it falls under unsupported authentication method then it will be an invalid client. Please correct me if I'm wrong. Thanks, Nila. On Fri, Jan 19, 2018 at 3:43 PM, Pushpalanka Jayawardhana <la...@wso2.com> wrote: > Hi Hasintha, > > On Fri, Jan 19, 2018 at 3:32 PM, Hasintha Indrajee <hasin...@wso2.com> > wrote: > >> WDYT about the $subject ? Below quoted the descriptions of two types of >> error codes from spec [1]. It looks like "invalid_request" is more >> appropriate here. Any thoughts ? . An example authorization header is >> Base64Encoded (randomString which doesn't have the format >> clientid:clientSecret format) >> >> >> invalid_request >>The request is missing a required parameter, includes an >>unsupported parameter value (other than grant type), >>repeats a parameter, includes multiple credentials, >>utilizes more than one mechanism for authenticating the >>client, or is otherwise malformed. >> >> invalid_client >>Client authentication failed (e.g., unknown client, no >>client authentication included, or unsupported >>authentication method). The authorization server MAY >>return an HTTP 401 (Unauthorized) status code to indicate >>which HTTP authentication schemes are supported. If the >>client attempted to authenticate via the "Authorization" >>request header field, the authorization server MUST >>respond with an HTTP 401 (Unauthorized) status code and >>include the "WWW-Authenticate" response header field >>matching the authentication scheme used by the client. >> >> > +1 for using 'invalid request' in this case, where client authentication > is happening with the method 'client password'. > We will have consider that other authentication mechanism can also be > available as per [2], which won't adhere this format of > 'Base64Encoded(clientid:clientSecret). > > >> >> [1] https://tools.ietf.org/html/rfc6749 >> > [2] - https://tools.ietf.org/html/rfc6749#section-2.3 > >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <077%20189%202453> >> >> > > Thanks, > -- > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p > ushpalanka/ | Twitter: @pushpalanka > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] WSO2 Identity Server 5.4.0 Update3 Released !!!
The WSO2 Identity and Access Management team is pleased to announce the release of WSO2 Identity Server 5.4.0 Update3. You can build the distribution from the source tag, Runtime: https://github.com/wso2/product-is/releases/tag/v5.4.0-update3 follow the steps given below. *Building from the source* 1. Install Java8 or above 2. Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#) 3. Get the source, - For the Runtime: Get a clone from https://github.com/wso2/p roduct-is.git and checkout to v5.4.0-update3 tag or you can directly download the source for the tag from https://github.com/wso2/ product-is/releases/tag/v5.4.0-update3 <https://github.com/wso2/product-is/releases/tag/v5.4.0-update3> 4. Run the one of the below maven commands from product-is directory, - *mvn** clean install* (To build the binary and source distributions with the tests) - *mvn** clean install -Dmaven.test.skip=true* (To build the binary and source distributions, without running any of the unit/integration tests) 5. You can find the wso2is-5.4.0-update3.zip binary distribution in product-is/modules/distribution/target directory. What's new in WSO2 Identity Server 5.4.0 Update3 New Features & Bug Fixes: A list of new features and bug fixes shipped with this release can be found here <https://github.com/wso2/product-is/milestone/11?closed=1> and here <https://wso2.org/jira/issues/?filter=14505>. Download You can download WSO2 Identity Server 5.4.0 Update3 here <https://github.com/wso2/product-is/releases/download/v5.4.0-update3/wso2is-5.4.0-update3.zip> . Contribute to WSO2 Identity ServerMailing Lists Join our mailing lists and correspond with the developers directly. We also encourage you to take part in discussions related to the product in the architecture mailing list. If you have any questions regarding the product you can use our StackOverflow forum to raise them as well. - Developer List: dev@wso2.org - Architecture List: architect...@wso2.org - User Forum: StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues We encourage you to report issues, improvements, and feature requests regarding WSO2 Identity Server through our public WSO2 Identity Server GIT Issues <https://github.com/wso2/product-is/issues>. ~ The WSO2 Identity and Access Management Team ~ -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Yammer Authenticator
Hi Isuru, I also tried with IS5.4.0 GA pack, it works fine. Could you try to download the authenticator[1] again and try?, sometimes your downloaded authenticator may corrupted. [1] https://store.wso2.com/store/assets/isconnector/details/0e1f0ba7-c4dc-4826-afa7-ba3adef00e7b Thanks, Nila. On Mon, Dec 18, 2017 at 11:24 AM, Isuru Uyanage <isur...@wso2.com> wrote: > Hi Omidu, > I tried with the 5.4.0 pack. > > Thanks > Isuru > > > > *Thanks and Best Regards,* > > *Isuru Uyanage* > *Software Engineer - QA | WSO2* > *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* > *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ > <https://www.linkedin.com/in/isuru-uyanage/>* > > > > > On Mon, Dec 18, 2017 at 11:16 AM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> Hi Isuru, >> >> What's the IS version you are trying this with ? I tried with a 5.4.0 and >> server started up just fine and could see the authenticator configs in IDP >> UI. >> >> Regards, >> Omindu. >> >> On Mon, Dec 18, 2017 at 10:58 AM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi All, >>> >>> I'm trying to set up Yammer as the federated authenticator[1]. Once the >>> authenticator >>> .jar file is placed in /repository/components/dropins directory >>> and restarted the IS, the following error is printed. >>> >>> java.lang.NoClassDefFoundError: org/wso2/carbon/identity/authe >>> nticator/YammerOAuth2Authenticator >>> >>> at org.wso2.carbon.identity.authenticator.internal.YammerAuthen >>> ticatorServiceComponent.activate(YammerAuthenticatorServiceC >>> omponent.java:39) >>> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> >>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce >>> ssorImpl.java:62) >>> >>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe >>> thodAccessorImpl.java:43) >>> >>> at java.lang.reflect.Method.invoke(Method.java:498) >>> >>> at org.eclipse.equinox.internal.ds.model.ServiceComponent.activ >>> ate(ServiceComponent.java:260) >>> >>> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.a >>> ctivate(ServiceComponentProp.java:146) >>> >>> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.b >>> uild(ServiceComponentProp.java:345) >>> >>> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone >>> nt(InstanceProcess.java:620) >>> >>> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone >>> nts(InstanceProcess.java:197) >>> >>> at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied >>> (Resolver.java:473) >>> >>> at org.eclipse.equinox.internal.ds.Resolver.enableComponents(Re >>> solver.java:217) >>> >>> at org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRMa >>> nager.java:816) >>> >>> at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatc >>> h(SCRManager.java:783) >>> >>> at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) >>> >>> at java.lang.Thread.run(Thread.java:748) >>> >>> Caused by: java.lang.ClassNotFoundException: >>> org.wso2.carbon.identity.authenticator.YammerOAuth2Authenticator cannot >>> be found by org.wso2.carbon.identity.authenticator.yammer_1.0.0 >>> >>> at org.eclipse.osgi.internal.loader.BundleLoader.findClassInter >>> nal(BundleLoader.java:455) >>> >>> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(Bund >>> leLoader.java:421) >>> >>> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(Bund >>> leLoader.java:412) >>> >>> at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loa >>> dClass(DefaultClassLoader.java:107) >>> >>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357) >>> >>> >>> >>> >>> >>> [1] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Yam >>> mer+Authenticator >>> >>> >>> Any thoughts about this would be appreciated. >>> >>> >>> >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >> >> >> -- >> Omindu Rathnaweera >> Senior Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 <+94%2077%20119%207211> >> > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Login to Identity Server using another Identity Server - OAuth2
On Fri, Dec 15, 2017 at 5:45 PM, Sherene Mahanama <sher...@wso2.com> wrote: > > > On Fri, Dec 15, 2017 at 5:09 PM, Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi Sherene, >> >> On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama <sher...@wso2.com> >> wrote: >> >>> Hi Nilasini/Isuru >>> >>> AFAIU, the doc jira states that we have to create an SP in each instance >>> of IS and that the doc bug is that we have missed mentioning the SP created >>> in IS1 (playground sample). >>> >>> In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in >>> step 5 we have said to set up the playground sample in IS1 (9443). To set >>> up the playground sample, we have pointed to this doc [2] which instructs >>> the user to create an SP. So if the user follows the steps, he/she will end >>> up creating an SP in each instance. >>> >> >> But in that case, before telling to create a service provider in step 5 >> we have mentioned to configure federated identity provider for the service >> provider in step(4). Ideally the IS which have playground is the one must >> be configured with an IDP. Also in step 4 we have mentioned to edit the >> service provider which created for first IS but we didn't create a service >> provider in first IS until that step. I will include these details in the >> jira itself. >> > > Ah yes that's true. Step 4 should ideally come after step 5. Will fix > this..and as @Farasath suggested, lets add a diagram to make it clear. > Thanks Sherene. > > Thanks all, > Sherene > >> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Login to Identity Server using another Identity Server - OAuth2
Hi Sherene, On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama <sher...@wso2.com> wrote: > Hi Nilasini/Isuru > > AFAIU, the doc jira states that we have to create an SP in each instance > of IS and that the doc bug is that we have missed mentioning the SP created > in IS1 (playground sample). > > In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in > step 5 we have said to set up the playground sample in IS1 (9443). To set > up the playground sample, we have pointed to this doc [2] which instructs > the user to create an SP. So if the user follows the steps, he/she will end > up creating an SP in each instance. > But in that case, before telling to create a service provider in step 5 we have mentioned to configure federated identity provider for the service provider in step(4). Ideally the IS which have playground is the one must be configured with an IDP. Also in step 4 we have mentioned to edit the service provider which created for first IS but we didn't create a service provider in first IS until that step. I will include these details in the jira itself. > > However, I guess this can be made a bit more clearer in the doc. Will look > into that. > Thanks Sherene. > > [1] https://docs.wso2.com/display/IS540/Login+to+ > Identity+Server+using+another+Identity+Server+-+OAuth2 > [2] https://docs.wso2.com/display/IS540/Setting+Up+the+Sample+Webapp > > Thanks, > Sherene > > On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake <shavin...@wso2.com > > wrote: > >> Ack for docs! We will look into this. There were a few doc JIRAs created >> over the week for this scenario (OAuth and SAML2 both). >> >> Thanks & Regards >> Shavindri Dissanayake >> Senior Technical Writer >> >> WSO2 Inc. >> lean.enterprise.middleware >> >> On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi Nilasini/Hasanthi, >>> Thank you for the clarification. >>> >>> >>> Thanks, >>> Isuru >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >>> On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu < >>> nilas...@wso2.com> wrote: >>> >>>> Created a documentation jira[1] to track this. >>>> >>>> >>>> [1] https://wso2.org/jira/browse/DOCUMENTATION-7409 >>>> >>>> On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu < >>>> nilas...@wso2.com> wrote: >>>> >>>>> Hi Isuru, >>>>> >>>>> Actual steps must be. >>>>> >>>>> 1) create a sp(sp name:-sample) in second one(9444) >>>>> 2) create a sp(spname:- playground) in the first one(9443) >>>>> 3) create an IDP in the first one(9443) by giving the second one(9444) >>>>> authorization endpoint and etc as mentioned in the doc. Also fill the >>>>> client_id & secret from the second one's(9444) SP you got by the step 1. >>>>> >>>>> >>>>> Documentation is only mention about one service provider. We need to >>>>> correct it. I will create a doc jira for that >>>>> >>>>> >>>>> Thanks, >>>>> Nila. >>>>> >>>>> >>>>> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <isur...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I'm trying to login to Identity Server using another Identity Server. >>>>>> I followed doc[1]. >>>>>> It has been asked to follow the below steps. >>>>>> >>>>>>- Configure an IDP(Idp9443) in Identity Server1. >>>>>>- Configure an SP(SP9444) in Identity Server2. >>>>>>- In the second Identity Server, in Service Provider >>>>>>Configuration, select Idp9443, which is created in first IS, as the >>>>>>federated authenticator in Local and Outbound Authentication >>>>>> Configuration. >>>>>> >>>>>> >>>>>> My question is it only displays the IDPs created in its own Identity >>>>>> Server in Service Pro
Re: [Dev] Login to Identity Server using another Identity Server - OAuth2
Created a documentation jira[1] to track this. [1] https://wso2.org/jira/browse/DOCUMENTATION-7409 On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote: > Hi Isuru, > > Actual steps must be. > > 1) create a sp(sp name:-sample) in second one(9444) > 2) create a sp(spname:- playground) in the first one(9443) > 3) create an IDP in the first one(9443) by giving the second one(9444) > authorization endpoint and etc as mentioned in the doc. Also fill the > client_id & secret from the second one's(9444) SP you got by the step 1. > > > Documentation is only mention about one service provider. We need to > correct it. I will create a doc jira for that > > > Thanks, > Nila. > > > On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi All, >> >> I'm trying to login to Identity Server using another Identity Server. I >> followed doc[1]. >> It has been asked to follow the below steps. >> >>- Configure an IDP(Idp9443) in Identity Server1. >>- Configure an SP(SP9444) in Identity Server2. >>- In the second Identity Server, in Service Provider Configuration, >>select Idp9443, which is created in first IS, as the federated >>authenticator in Local and Outbound Authentication Configuration. >> >> >> My question is it only displays the IDPs created in its own Identity >> Server in Service Provider/Outbound Authentication Configuration. We >> created the IDP in IS1. How is it going to be displayed in Federated >> Authenticators in IS2? >> >> It would be highly appreciated if these steps can be verified and specify >> if I have missed any configuration step here. >> >> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+ >> Server+using+another+Identity+Server+-+OAuth2 >> >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Login to Identity Server using another Identity Server - OAuth2
Hi Isuru, Actual steps must be. 1) create a sp(sp name:-sample) in second one(9444) 2) create a sp(spname:- playground) in the first one(9443) 3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1. Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that Thanks, Nila. On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <isur...@wso2.com> wrote: > Hi All, > > I'm trying to login to Identity Server using another Identity Server. I > followed doc[1]. > It has been asked to follow the below steps. > >- Configure an IDP(Idp9443) in Identity Server1. >- Configure an SP(SP9444) in Identity Server2. >- In the second Identity Server, in Service Provider Configuration, >select Idp9443, which is created in first IS, as the federated >authenticator in Local and Outbound Authentication Configuration. > > > My question is it only displays the IDPs created in its own Identity > Server in Service Provider/Outbound Authentication Configuration. We > created the IDP in IS1. How is it going to be displayed in Federated > Authenticators in IS2? > > It would be highly appreciated if these steps can be verified and specify > if I have missed any configuration step here. > > [1]- https://docs.wso2.com/display/IS540/Login+to+ > Identity+Server+using+another+Identity+Server+-+OAuth2 > > > > *Thanks and Best Regards,* > > *Isuru Uyanage* > *Software Engineer - QA | WSO2* > *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* > *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ > <https://www.linkedin.com/in/isuru-uyanage/>* > > > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Email OTP - Step 2 - Configure the EmailOTP provider, Step 12 - Error
Hi Isuru,
I have followed the steps. I could able to get the access token with out
any errors. Seems like the error is due to invalid authorization code.
Could you please check on that?. You can get another authorization code
using step 10 and try the request.
Thanks,
NIla.
On Mon, Dec 11, 2017 at 7:10 PM, Isuru Uyanage <isur...@wso2.com> wrote:
> Hi All,
>
> I'm trying to implement Configuring Email OPT scenario and followed upto
> *Step2* - Step 12 mentioned in the doc [1]. In *Step 2 - Configure the
> EmailOTP provider, *step 12, I tried executing the mentioned curl command
> in the doc replacing my client id, client secret, and authorization_code.
>
> curl -v -X POST --basic -u : -H "Content-Type:
> application/x-www-form-urlencoded;charset=UTF-8" -k -d
> "grant_type=authorization_code=_uri=
> https://localhost:9443/commonauth; <https://localhost:9443/commonauth> htt
> ps://www.googleapis.com/oauth2/v3/token
> curl -v -X POST --basic -u 854665841399-l13g81ri4q98elpen1i1uhsdjulhp7
> ha.apps.googleusercontent.com:MK3h4fhSUT-aCTtSquMB3Vll -H "Content-Type:
> application/x-www-form-urlencoded;charset=UTF-8" -k -d
> "grant_type=authorization_code=4/KEDlA2KjGtib4KlyzaKzVNuDfvAmFZ
> 10T82usT-6llY#_uri=https://localhost:9443/commonauth;
> <https://localhost:9443/commonauth> https://www.
> googleapis.com/oauth2/v3/token
>
>
> I get the following error.
>
> Trying 74.125.24.95...
>
> * TCP_NODELAY set
>
> * Connected to www.googleapis.com (74.125.24.95) port 443 (#0)
>
> * ALPN, offering h2
>
> * ALPN, offering http/1.1
>
> * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@
> STRENGTH
>
> * successfully set certificate verify locations:
>
> * CAfile: /etc/ssl/cert.pem
>
> CApath: none
>
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
>
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>
> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
>
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
>
> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
>
> * TLSv1.2 (IN), TLS handshake, Finished (20):
>
> * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
>
> * ALPN, server accepted to use h2
>
> * Server certificate:
>
> * subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.
> googleapis.com
>
> * start date: Dec 5 09:28:00 2017 GMT
>
> * expire date: Feb 27 09:28:00 2018 GMT
>
> * issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
>
> * SSL certificate verify ok.
>
> * Using HTTP2, server supports multi-use
>
> * Connection state changed (HTTP/2 confirmed)
>
> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade:
> len=0
>
> * Server auth using Basic with user '437826768736-
> gs2r8gf418g7drt019s5hi8gt0q1ni4p.apps.googleusercontent.com'
>
> * Using Stream ID: 1 (easy handle 0x7fb6a4805400)
>
> > POST /oauth2/v3/token HTTP/2
>
> > Host: www.googleapis.com
>
> > Authorization: Basic NDM3ODI2NzY4NzM2LWdzMnI4Z2Y0MT
> hnN2RydDAxOXM1aGk4Z3QwcTFuaTRwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbn
> QuY29tOndBOEJPTzVJby0zX3dkUGdfQ2tqNkpqdA==
>
> > User-Agent: curl/7.54.0
>
> > Accept: */*
>
> > Content-Type: application/x-www-form-urlencoded;charset=UTF-8
>
> > Content-Length: 128
>
> >
>
> * Connection state changed (MAX_CONCURRENT_STREAMS updated)!
>
> * We are completely uploaded and fine
>
> < HTTP/2 400
>
> < vary: X-Origin
>
> < vary: Origin,Accept-Encoding
>
> < content-type: application/json; charset=UTF-8
>
> < date: Mon, 11 Dec 2017 13:30:01 GMT
>
> < expires: Mon, 11 Dec 2017 13:30:01 GMT
>
> < cache-control: private, max-age=0
>
> < x-content-type-options: nosniff
>
> < x-frame-options: SAMEORIGIN
>
> < x-xss-protection: 1; mode=block
>
> < server: GSE
>
> < alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339;
> quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000;
> v="41,39,38,37,35"
>
> < accept-ranges: none
>
> <
>
> {
>
> "error": "invalid_grant",
>
> "error_description": "Bad Request"
>
> }
>
> * Connection #0 to host www.googleapis.com left intact
>
>
>
> Could you please help me with this.
>
>
>
> [1] - https://docs.wso2.com/display/IS530/Configuring+Email+OTP
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> <https://www.linkedin.com/in/isuru-uyanage/>*
>
>
>
>
--
Nilasini Thirunavukkarasu
Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Minimum permission required to view a Service provider application in management console
Thank you Omindu for the clarification. Thanks, Nila. On Wed, Dec 6, 2017 at 6:10 PM, Omindu Rathnaweera <omi...@wso2.com> wrote: > There's a limitation managing applications in a fine grained manner from > the management console. As per [1] you'll have to > give /permission/admin/manage/identity/applicationmgt permission in order > to view the menu option in the console, meaning giving only application > read permission for a role will not be enough to list/view the applications > in management console. However, this limitation is not there for the soap > services. > > AFAIK this is something we are planning to address in one of the upcoming > releases. > > [1] - https://github.com/wso2/carbon-identity-framework/ > blob/v5.7.5/components/application-mgt/org.wso2. > carbon.identity.application.mgt.ui/src/main/resources/ > META-INF/component.xml#L30 > > On Wed, Dec 6, 2017 at 5:54 PM, Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi, >> >> I wanted to know the minimum permission required in order to view a >> service provider application? >> >> The scenario I tried is >> >> 1) Create a service provider travelocity using user1. (It creates an >> application specific role Application/travelocity) >> 2) Create another user from user1 let's say the created user is user2. >> 3) Assigned login permission, Application Management->view permission >> to Application/travelocity role and assigned Application/travelocity role >> to user2. >> 4) Logged in as user 2 but couldn't able to view the Service provider >> travelocity. >> 5) If I assign Application Management permission to >> Application/travelocity role only I could able to view the service provider >> travelocity. >> >> So is there any way that we can allow to only view the service provider >> but not allow to edit the service provider? If I use point (5) then there >> is no way for this option. >> >> >> Any help on this would be highly appreciated. >> >> Thanks, >> Nila. >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : nilas...@wso2.com >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Minimum permission required to view a Service provider application in management console
Hi, I wanted to know the minimum permission required in order to view a service provider application? The scenario I tried is 1) Create a service provider travelocity using user1. (It creates an application specific role Application/travelocity) 2) Create another user from user1 let's say the created user is user2. 3) Assigned login permission, Application Management->view permission to Application/travelocity role and assigned Application/travelocity role to user2. 4) Logged in as user 2 but couldn't able to view the Service provider travelocity. 5) If I assign Application Management permission to Application/travelocity role only I could able to view the service provider travelocity. So is there any way that we can allow to only view the service provider but not allow to edit the service provider? If I use point (5) then there is no way for this option. Any help on this would be highly appreciated. Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Roles and Groups in IS
Thanks Thanuja for the explanation. On Mon, Nov 20, 2017 at 6:50 AM, Thanuja Jayasinghe <than...@wso2.com> wrote: > Hi Nila, > > In C4, we consider roles and groups are the same. That's why when you add > groups to a user, IS set those values as roles to that user. > > But in C5, we will have two separate concepts for Group and Role. > Group - Collection of users > Role - Collection of permissions > We can assign roles to a group. > > Thanks, > Thanuja > > On Sun, Nov 19, 2017 at 6:06 PM, Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi, >> >> I have added a group with a user by invoking scim group endpoint. It has >> been added under roles and shown as below in user profile (As we expected). >> >> >> Here >> 1) What is the use case of 'Groups' attribute in the above user profile? >> 2) Why we are having two local claims (groups & role)? >> 3) Why we are having two claims (groups & roles) for scim as follows:- >> 1. >> Claim URI urn:scim:schemas:core:1.0:groups >> Mapped Local Claim http://wso2.org/claims/groups >> >> 2. >> Claim URI urn:scim:schemas:core:1.0:roles >> Mapped Local Claim http://wso2.org/claims/role >> >> >> 4) How can we give values for Groups through SCIM? >> >> Tried the scenario with both LDAP and JDBC in IS 5.3.0. >> >> Please correct me If I have misunderstood. Any help on this would be >> highly appreciated. >> >> Thanks, >> Nila. >> >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : nilas...@wso2.com >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> >> > > > > -- > *Thanuja Lakmal* > Associate Technical Lead > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Roles and Groups in IS
Hi, I have added a group with a user by invoking scim group endpoint. It has been added under roles and shown as below in user profile (As we expected). Here 1) What is the use case of 'Groups' attribute in the above user profile? 2) Why we are having two local claims (groups & role)? 3) Why we are having two claims (groups & roles) for scim as follows:- 1. Claim URI urn:scim:schemas:core:1.0:groups Mapped Local Claim http://wso2.org/claims/groups 2. Claim URI urn:scim:schemas:core:1.0:roles Mapped Local Claim http://wso2.org/claims/role 4) How can we give values for Groups through SCIM? Tried the scenario with both LDAP and JDBC in IS 5.3.0. Please correct me If I have misunderstood. Any help on this would be highly appreciated. Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] Why do we need to configure email configurations in multiple locations
Hi Shashika, The correct way is to configure through *output-event-adapters.xml .* It should be corrected in the documentation. The restructuring of these docs will solve the issue. During the restructuring the common configurations will be placed appropriately. It is taking over by Samuel. Thanks, Nila. On Tue, Nov 14, 2017 at 12:02 PM, Sashika Wijesinghe <sash...@wso2.com> wrote: > Hi Team, > > When I configured the 'ask password' option I had to configure the email > sender configurations in *output-event-adapters.xml *file and to generate > email notifications on user operations, email sender configurations should > be configured in *axis2.**xm*l [2]. May I know the purpose of maintaining > the email configuration details in two separate configurations files? > > [1] https://docs.wso2.com/display/IS530/Creating+Users+ > using+the+Ask+Password+Option > [2] https://docs.wso2.com/display/IS530/Enabling+Notifications+for+User+ > Operations > > Thanks > Sashika > -- > > *Sashika WijesingheSoftware Engineer - QA Team* > Mobile : +94 (0) 774537487 > sash...@wso2.com > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Resolving a confusion about Openid as an inbound authentication
-- >>> *Shanika Wickramasinghe* >>> Software Engineer - QA Team >>> >>> Email: shani...@wso2.com >>> Mobile : +94713503563 <+94%2071%20350%203563> >>> Web : http://wso2.com >>> >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> *Godwin Amila Shrimal* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> > > > > -- > *Shanika Wickramasinghe* > Software Engineer - QA Team > > Email: shani...@wso2.com > Mobile : +94713503563 <+94%2071%20350%203563> > Web : http://wso2.com > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Bulk user deletion using SCIM in WSO2 Identity server
Same way for scim2 also we have the code[1] for bulk user deletion but it
doesn't work.Found the bulk user creation curl request from[2] since there
is no bulk user delete request change the request as[3] and tried, it is
not working.
Any help on this is highly appreciated.
[1] https://github.com/wso2/charon/blob/master/modules/
charon-core/src/main/java/org/wso2/charon3/core/protocol/
BulkRequestProcessor.java
[2]https://docs.wso2.com/display/ISCONNECTORS/Configuring+SCIM+2.0+
Provisioning+Connector#ConfiguringSCIM2.0ProvisioningConnector-/BulkEndpoint
[3]
curl -v -k --user admin:admin --data
'{"failOnErrors":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkRequest"],"Operations":[{"method":
"DELETE","path": "/Users","bulkId":
"qwerty","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":
"Kris","password":"krispass"}},{"method": "DELETE","path":
"/Users","bulkId":"ytrewq","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"userName":"Jesse","password":"jessepass","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":
"11250","manager": {"value": "bulkId:qwerty"]}' --header
"Content-Type:application/json" https://localhost:9443/scim2/Bulk
On Thu, Aug 31, 2017 at 10:51 AM, Nilasini Thirunavukkarasu <
nilas...@wso2.com> wrote:
> Hi,
>
> I have tried to use bulk user deletion according to the blog[1] since we
> don't have documentation on it yet. I couldn't get the response as we
> expect. The bulk user deletion request is not working. It seems we didn't
> implement the bulk user deletion part according to [2]. Is there any way to
> get this confirmed? Does anybody have any idea how did this work previously?
>
>
> [1] https://malalanayake.wordpress.com/2013/05/28/scim-bulk-
> endpoint-operations-in-wso2-identity-server/
>
> [2] https://github.com/wso2/charon/blob/v2.1.0/modules/charon-
> core/src/main/java/org/wso2/charon/core/protocol/BulkReque
> stProcessor.java#L110-L127
>
>
> Thanks,
> T.Nila.
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <+94%2077%20524%201823>
> Web : http://wso2.com/
>
>
> <http://wso2.com/signature>
>
--
Nilasini Thirunavukkarasu
Software Engineer - WSO2
Email : nilas...@wso2.com
Mobile : +94775241823 <+94%2077%20524%201823>
Web : http://wso2.com/
<http://wso2.com/signature>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Please review and merge the PR
thanks. On Tue, Sep 19, 2017 at 5:02 PM, Thusitha Thilina Dayaratne < thusit...@wso2.com> wrote: > Hi Nila, > > Merged the PR > > Thanks > Thusitha > > On Tue, Sep 19, 2017 at 4:56 PM, Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi, >> >> Can you please review and merge the following PR. >> [1] - https://github.com/wso2/carbon-kernel/pull/1533 >> >> >> Thanks, >> Nila. >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : nilas...@wso2.com >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> > > > > -- > Thusitha Dayaratne > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > Mobile +94712756809 <+94%2071%20275%206809> > Blog alokayasoya.blogspot.com > Abouthttp://about.me/thusithathilina > <http://wso2.com/signature> > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Please review and merge the PR
Hi, Can you please review and merge the following PR. [1] - https://github.com/wso2/carbon-kernel/pull/1533 Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IDENTITY-6405 seems to be a duplicate of IDENTITY-3966
Hi, Thanks for pointing out. Seems like the fix for IDENTITY-3966 will cover IDENTITY-6405 scenario as well . I have updated the jira IDENTITY-3966 with a comment. [1 ]https://wso2.org/jira/browse/IDENTITY-3966 Thanks, Nila On Sat, Sep 16, 2017 at 9:02 PM, Johann Nallathamby <joh...@wso2.com> wrote: > Hi Nila, > > IDENTITY-6405 seems to be a duplicate of IDENTITY-3966. At least they seem > to be very much related. Therefore I have resolved as duplicate. Please > reopen if that isn't the case. > > Regards, > Johann. > > -- Forwarded message -- > From: Nilasini Thirunavukkarasu (JIRA) <j...@wso2.org> > Date: Mon, Sep 11, 2017 at 2:05 PM > Subject: [Carbon-jira] [jira] (IDENTITY-6405) Could able to degrade the > permission of the logged in user's role it makes some unexpected behaviours > To: carbon-j...@wso2.org > > > Nilasini Thirunavukkarasu > <https://wso2.org/jira/secure/ViewProfile.jspa?name=nilasini%40wso2.com> > *created* an issue > > WSO2 Identity Server <https://wso2.org/jira/browse/IDENTITY> / [image: > Bug] <https://wso2.org/jira/browse/IDENTITY-6405> IDENTITY-6405 > <https://wso2.org/jira/browse/IDENTITY-6405> > Could able to degrade the permission of the logged in user's role it makes > some unexpected behaviours <https://wso2.org/jira/browse/IDENTITY-6405> > Issue Type: [image: Bug] Bug > Affects Versions: 5.4.0-Alpha2 > Assignee: Darshana Gunawardana > <https://wso2.org/jira/secure/ViewProfile.jspa?name=darshana%40wso2.com> > Attachments: first_window, second_window.png > Components: user-mgt > Created: 11/Sep/17 2:04 PM > Fix Versions: 5.4.0-GA > Priority: [image: Highest] Highest > Reporter: Nilasini Thirunavukkarasu > <https://wso2.org/jira/secure/ViewProfile.jspa?name=nilasini%40wso2.com> > > 1) Add a role with all permission > 2) Assign the role to a user (say the user as nila) > 3) Try to logged in with nila > 4) Update the role by un tick all the permission or keep only login > permission > 5) See the attachment for the output. (Attachments are added for the > scenario "keeping only login permission") > [image: Add Comment] > <https://wso2.org/jira/browse/IDENTITY-6405#add-comment> Add Comment > <https://wso2.org/jira/browse/IDENTITY-6405#add-comment> > > This message was sent by Atlassian JIRA (v7.2.2#72004-sha1:9d51328) > [image: Atlassian logo] > > ___ > Carbon-jira mailing list > carbon-j...@wso2.org > https://wso2.org/cgi-bin/mailman/listinfo/carbon-jira > > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+9476950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] DB2 script have some issues
Hi, I have tried to configure DB2 as the database with IS 5.4.0-Alpha2. When I try to execute identity DB2 scripts, I came across the following errors. I have attached the corrected scripts here with. Created the following jira to track this [1]. 1) CREATE TABLE IDN_RECOVERY_DATA ( ... *TENANT_ID INTEGER DEFAULT -1,* ... REMAINING_SETS VARCHAR(2500) *DEFAULT NULL)*, PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP), UNIQUE(CODE) Errors:- 1. The column named "TENANT_ID" cannot be a column of a primary key or unique key constraint because it can contain null values. 2. Mistakenly used DEFAULT NULL. Syntax error is here. Either it should be "WITH DEFAULT NULL" or no need to specify the default value as null because implicitly it will be NULL anyhow. 3. Closing bracket was misplaced. 2) CREATE TABLE :- IDN_PASSWORD_HISTORY_DATA Error:- The columns named "TENANT_ID" and "SALT_VALUE" cannot be a column of a primary key or unique key constraint because it can contain null values. 3) CREATE TABLE :- IDN_CLAIM Error:- The column named "DIALACT_ID" cannot be a column of a primary key or unique key constraint because it can contain null values. 4) CREATE TABLE :-IDN_CLAIM_MAPPED_ATTRIBUTE Error:- The column named LOCAL_CLAIM_ID cannot be a column of a primary key or unique key constraint because it can contain null values. 5) CREATE TABLE :-IDN_CLAIM_PROPERTY Error:- The column named LOCAL_CLAIM_ID cannot be a column of a primary key or unique key constraint because it can contain null values. 6) CREATE TABLE IDN_SAML2_ASSERTION_*STORE (* ID INTEGER NOT NULL, SAML2_ID VARCHAR(255) , SAML2_ISSUER VARCHAR(255) , SAML2_SUBJECT VARCHAR(255) , SAML2_SESSION_INDEX VARCHAR(255) , SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255) , SAML2_ASSERTION VARCHAR(4096) , *PRIMARY KEY (ID)* Error:- Closing bracket was missed [1] https://wso2.org/jira/browse/IDENTITY-6377 <https://wso2.org/jira/browse/IDENTITY-6377> Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 <+94%2077%20524%201823> Web : http://wso2.com/ <http://wso2.com/signature> db2_identity.sql Description: application/sql ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] NULL as default value in DB2
Thanks Hasanthi for the detail explanation. Thanks, T.Nila. On Fri, Sep 8, 2017 at 6:38 PM, Hasanthi Purnima Dissanayake < hasan...@wso2.com> wrote: > Hi Nilasini, > > The IBM documentations states below when we don't define any default value > after the column name [1] . > > "Omission of NOT NULL and DEFAULT from a column-definition, for a column > other than an identity column, is an implicit specification of DEFAULT > NULL. For an identity column, it is an implicit specification of NOT NULL, > and DB2 generates default values." > > So in your case as *'REMAINING_SETS' *is not a primary key column then, > if we don't define anything it will take 'Null' as the default value. But > if you don't define a default value for a primary key column, then the > default value will be NOT NULL. > > [1] https://www.ibm.com/support/knowledgecenter/en/SSEPEK_10. > 0.0/sqlref/src/tpc/db2z_sql_createtable.html > > Thanks, > > > Hasanthi Dissanayake > > Software Engineer | WSO2 > > E: hasan...@wso2.com > M :0718407133| http://wso2.com <http://wso2.com/> > > On Fri, Sep 8, 2017 at 5:56 PM, Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi, >> >> In DB2 if we want to set default value as null for a column, do we need >> to specify it explicitly?. According to the following[1] blog we don't need >> to specify the NULL as default since it will implicitly take the default >> value as NULL if we didn't specify it. >> >> For the following script do we need to specify the default value as null >> for the column *REMAINING_SETS?* >> >> CREATE TABLE IDN_RECOVERY_DATA ( >> USER_NAME VARCHAR(255) NOT NULL, >> USER_DOMAIN VARCHAR(127) NOT NULL, >> TENANT_ID INTEGER DEFAULT -1 NOT NULL, >> CODE VARCHAR(255) NOT NULL, >> SCENARIO VARCHAR(255) NOT NULL, >> STEP VARCHAR(127) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> * REMAINING_SETS VARCHAR(2500) WITH DEFAULT NULL,* >> PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP), >> UNIQUE(CODE)) >> >> [1] https://www.datavail.com/blog/using-nulls-db2/ >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : nilas...@wso2.com >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] NULL as default value in DB2
Hi, In DB2 if we want to set default value as null for a column, do we need to specify it explicitly?. According to the following[1] blog we don't need to specify the NULL as default since it will implicitly take the default value as NULL if we didn't specify it. For the following script do we need to specify the default value as null for the column *REMAINING_SETS?* CREATE TABLE IDN_RECOVERY_DATA ( USER_NAME VARCHAR(255) NOT NULL, USER_DOMAIN VARCHAR(127) NOT NULL, TENANT_ID INTEGER DEFAULT -1 NOT NULL, CODE VARCHAR(255) NOT NULL, SCENARIO VARCHAR(255) NOT NULL, STEP VARCHAR(127) NOT NULL, TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, * REMAINING_SETS VARCHAR(2500) WITH DEFAULT NULL,* PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP), UNIQUE(CODE)) [1] https://www.datavail.com/blog/using-nulls-db2/ -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Bulk user deletion using SCIM in WSO2 Identity server
Hi, I have tried to use bulk user deletion according to the blog[1] since we don't have documentation on it yet. I couldn't get the response as we expect. The bulk user deletion request is not working. It seems we didn't implement the bulk user deletion part according to [2]. Is there any way to get this confirmed? Does anybody have any idea how did this work previously? [1] https://malalanayake.wordpress.com/2013/05/28/scim-bulk-endpoint-operations-in-wso2-identity-server/ [2] https://github.com/wso2/charon/blob/v2.1.0/modules/charon-core/src/main/java/org/wso2/charon/core/protocol/BulkRequestProcessor.java#L110-L127 Thanks, T.Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] View the group (role) id through management console
Hi, We have a way to view user id through management console. By enabling "supported by default" for user id claim we could able to view the user id. Likewise are we having any configurations to see the group id through management console? Thanks, T.Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] SonarQube issues vary with local
Hi, I have tried to build the projects with sonarqube locally. It seems the results of local sonarqube and remote one are different. In addition, for example in remote sonarqube some issues are shown as "critical" even though the rules state them as "info". I have used the same sonarqube version(5.6.6) and quality profile(finbug-3.4.4). Could you please provide a solution for this? Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Error codes in issuing access token
On Mon, May 22, 2017 at 2:55 PM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote: > Hi, > According to the specification[1] invalid_scope error code must be shown > when we give invalid scope, unknown scope and etc. As we need to support > custom scope as well, so we can't have a predefined list of scopes. From > the current implementation it doesn't prompt the error code. > > As shown in [2], the scope is always set to true. So as far as I can > understand it's not validating the scope in a correct manner. Any insight > on this will be highly appreciated. > > [1] https://tools.ietf.org/html/rfc6749#section-5.2 > [2]https://github.com/wso2-extensions/identity-inbound- > auth-oauth/blob/master/components/org.wso2.carbon. > identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/callback/ > DefaultCallbackHandler.java#L37 > > Thank you, > Nila. > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IS] Error codes in issuing access token
Hi, According to the specification[1] invalid_scope error code must be shown when we give invalid scope, unknown scope and etc. As we need to support custom scope as well, so we can't have a predefined list of scopes. From the current implementation it doesn't prompt the error code. As shown in [2], the scope is always set to true. So as far as I can understand it's not validating the scope in a correct manner. Any insight on this will be highly appreciated. [1] https://tools.ietf.org/html/rfc6749#section-5.2 [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/callback/DefaultCallbackHandler.java#L37 Thank you, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
