Re: [Dev] WSO2 Committers += Ashen De Silva

2020-09-28 Thread Pushpalanka Jayawardhana 
+iam-...@wso2.org 

On Mon, 28 Sep 2020 at 12:04, Pushpalanka Jayawardhana 
wrote:

> Hi All,
>
> It's my pleasure to announce Ashen De Silva as a WSO2 Committer. He has
> been a valuable contributor and enthusiast to the WSO2 Identity & Access
> Management Team.
> In recognition of his contribution, dedication, and commitment he has been
> voted as a WSO2 committer.
>
> Congratulations Ashen and keep up the good work...!!!
>
> Cheers,
> --
> Pushpalanka.
> --
> Pushpalanka Jayawardhana | Associate Tech Lead | WSO2 Inc.
> Mobile: +94779716248 | Email: la...@wso2.com
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
>

-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana | Associate Tech Lead | WSO2 Inc.
Mobile: +94779716248 | Email: la...@wso2.com
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Ashen De Silva

2020-09-28 Thread Pushpalanka Jayawardhana 
Hi All,

It's my pleasure to announce Ashen De Silva as a WSO2 Committer. He has
been a valuable contributor and enthusiast to the WSO2 Identity & Access
Management Team.
In recognition of his contribution, dedication, and commitment he has been
voted as a WSO2 committer.

Congratulations Ashen and keep up the good work...!!!

Cheers,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana | Associate Tech Lead | WSO2 Inc.
Mobile: +94779716248 | Email: la...@wso2.com
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Dinika Senarath

2020-09-21 Thread Pushpalanka Jayawardhana 
Hi All,

It's my pleasure to announce Dinika Senarath as a WSO2 Committer. She has
been a valuable contributor and enthusiast to the WSO2 Identity & Access
Management Team.
In recognition of her contribution, dedication, and commitment she has been
voted as a WSO2 committer.

Congratulations Dinika and keep up the good work...!!!

Cheers,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana | Associate Tech Lead | WSO2 Inc.
Mobile: +94779716248 | Email: la...@wso2.com
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Architecture - API to Retrieve Authentication Session Information

2018-09-10 Thread Pushpalanka Jayawardhana 
> *Solution*
>>>>>>>>>
>>>>>>>>> Develop an API to provide following functionalities.
>>>>>>>>>
>>>>>>>>>- Retrieve information of currently logged in and recently used
>>>>>>>>>sessions since last password changes.
>>>>>>>>>- Retrieve Time, location, OS and browser details of each
>>>>>>>>>session Logged in and recently used.
>>>>>>>>>- Terminate a particular logged in account.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Retrieve session information*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> * - User can view his currently logged in details and recently
>>>>>>>>> used session information. In each session, information about last time
>>>>>>>>> used, location, browser and OS details.- To view information, user 
>>>>>>>>> has to
>>>>>>>>> request HTTP GET request with SessionID and can query by 
>>>>>>>>> ServiceProvider
>>>>>>>>> detail for particular account. Then API will query alive UserID for 
>>>>>>>>> given
>>>>>>>>> details and produce required information for user.*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Terminate a particular account*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>- If a user or admin wants to logged out from a logged in
>>>>>>>>>account, he can terminate particular account session.
>>>>>>>>>    - If Identity Provider/ Service Provider/ User Account is
>>>>>>>>>deleted by admin, session will be automatically terminated by event
>>>>>>>>>listeners.
>>>>>>>>> - *To terminate an account, user has to request HTTP POST request
>>>>>>>>>with SessionID and can query by ServiceProvider detail for 
>>>>>>>>> particular
>>>>>>>>>account. Then API will query alive UserID for given details and 
>>>>>>>>> terminate
>>>>>>>>>account.*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Database design*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>- *UserID* which is mapped to* IDP, IDP UserID* and *Service
>>>>>>>>>Provider* is used to identify unique account.
>>>>>>>>>- Through *UserID*, information of particular account will be
>>>>>>>>>provided.
>>>>>>>>>- In *Session* table, details of *Browser, OS* and *Location*
>>>>>>>>>will not be used in query. So we can store this information as 
>>>>>>>>> JSON object.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Chuhaashanan
>>>>>>>>> Intern - Software Engineering
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> *Ruwan Abeykoon*
>>>>>>>> *Associate Director/Architect**,*
>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>>> *lean.enterprise.middleware.*
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Chuhaashanan
>>>>>>> Intern - Software Engineering
>>>>>>>
>>>>>>>
>>>>>>> ___
>>>>>>> Dev mailing list
>>>>>>> Dev@wso2.org
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks & Regards,
>>>>>> Dulanja Liyanage
>>>>>> Lead, Platform Security Team
>>>>>> WSO2 Inc.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Chuhaashanan
>>>>> Intern - Software Engineering
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks & Regards,
>>>> Dulanja Liyanage
>>>> Lead, Platform Security Team
>>>> WSO2 Inc.
>>>>
>>>
>>>
>>>
>>> --
>>> Chuhaashanan
>>> Intern - Software Engineering
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC2

2018-03-14 Thread Pushpalanka Jayawardhana 
;> *Darshana Gunawardana*Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>>
>>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>> Middleware
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Best Regards,
>>>
>>> Nuwandi Wickramasinghe
>>>
>>> Senior Software Engineer
>>>
>>> WSO2 Inc.
>>>
>>> Web : http://wso2.com
>>>
>>> Mobile : 0719214873 <071%20921%204873>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>>
>>
>> *Kind Regards,Nipuni Bhagya*
>>
>> *Software Engineering Intern*
>> *WSO2*
>>
>>
>>
>> *Mobile : +94 0779028904 <+94%2077%20767%201807>*
>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
> Mobile: +94770198933 <077%20019%208933>
>
>
>
>
> <https://lk.linkedin.com/in/dinalidabarera>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1

2018-03-14 Thread Pushpalanka Jayawardhana 
Hi,

Thanks for the information Darshana. Didn't know it was decided to be
rectified in an RC2.
Thanks for the fix.

On Thu, Mar 15, 2018 at 1:39 AM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> Hi Lanka,
>
> This issue is now fixed in the latest oauth version (v5.6.63) and will be
> available with RC2.
>
> Regards,
> Omindu.
>
>
> On Wed, Mar 14, 2018 at 10:32 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Hi Lanka,
>>
>> As you already know, we are working on rectifying this NPE in the RC2.
>>
>> Thanks,
>>
>> On Wed, Mar 14, 2018 at 10:25 PM, Pushpalanka Jayawardhana <
>> la...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> On Wed, Mar 14, 2018 at 10:14 PM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Mar 14, 2018 at 10:09 PM, Pushpalanka Jayawardhana <
>>>> la...@wso2.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Tested OIDC hybrid flow with "code idtoken" response type. This is
>>>>> breaking with "Invalid response type" error message.
>>>>> Could do a bit of debugging and it seems that at [1], it failing to
>>>>> identify the existing key for "code idtoken" type.
>>>>>
>>>>> In the HashTable returned at
>>>>> OAuthServerConfiguration.getInstance().getSupportedResponseTypeValidators()
>>>>>   execution, "code idtoken" key has the hashCode of '-1819461976' while
>>>>> input key 'code idtoken' produce the hashcode of '-732188021'. In plain
>>>>> Java code, if we generate the hashCode for 'code idtoken' it also 
>>>>> generates
>>>>> this. This result in not identifying the sending response type properly.
>>>>> Appreciate if this can be further investigated.
>>>>>
>>>>> [1] - https://github.com/wso2-extensions/identity-inbound-auth-o
>>>>> auth/blob/5.6.x/components/org.wso2.carbon.identity.oauth/sr
>>>>> c/main/java/org/wso2/carbon/identity/oauth2/model/CarbonOAut
>>>>> hAuthzRequest.java#L49
>>>>>
>>>>
>>>> Please ignore this, just realised it should be id_token. Sorry for the
>>>> noise.
>>>>
>>> Even with this fix the flow is failing with below error,
>>>
>>> java.lang.NullPointerException
>>> 
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.getIdTokenFromRedirectURL(OAuth2AuthzEndpoint.java:2321)
>>> 
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.storeSidClaim(OAuth2AuthzEndpoint.java:2225)
>>> 
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.manageOIDCSessionState(OAuth2AuthzEndpoint.java:2050)
>>> 
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleSuccessfulAuthentication(OAuth2AuthzEndpoint.java:607)
>>> 
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleAuthenticationResponse(OAuth2AuthzEndpoint.java:574)
>>> 
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:199)
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> 
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> java.lang.reflect.Method.invoke(Method.java:498)
>>> 
>>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
>>> 
>>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
>>> org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
>>> org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
>>> 
>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
>>> 
>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
>>> 
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>>> 
>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>>> 
>>> org.apache.cxf.transport.http.

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1

2018-03-14 Thread Pushpalanka Jayawardhana 
Hi,

On Wed, Mar 14, 2018 at 10:14 PM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:

>
>
> On Wed, Mar 14, 2018 at 10:09 PM, Pushpalanka Jayawardhana <la...@wso2.com
> > wrote:
>
>> Hi All,
>>
>> Tested OIDC hybrid flow with "code idtoken" response type. This is
>> breaking with "Invalid response type" error message.
>> Could do a bit of debugging and it seems that at [1], it failing to
>> identify the existing key for "code idtoken" type.
>>
>> In the HashTable returned at
>> OAuthServerConfiguration.getInstance().getSupportedResponseTypeValidators()
>>   execution, "code idtoken" key has the hashCode of '-1819461976' while
>> input key 'code idtoken' produce the hashcode of '-732188021'. In plain
>> Java code, if we generate the hashCode for 'code idtoken' it also generates
>> this. This result in not identifying the sending response type properly.
>> Appreciate if this can be further investigated.
>>
>> [1] - https://github.com/wso2-extensions/identity-inbound-auth-
>> oauth/blob/5.6.x/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/model/C
>> arbonOAuthAuthzRequest.java#L49
>>
>
> Please ignore this, just realised it should be id_token. Sorry for the
> noise.
>
Even with this fix the flow is failing with below error,

java.lang.NullPointerException

org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.getIdTokenFromRedirectURL(OAuth2AuthzEndpoint.java:2321)

org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.storeSidClaim(OAuth2AuthzEndpoint.java:2225)

org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.manageOIDCSessionState(OAuth2AuthzEndpoint.java:2050)

org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleSuccessfulAuthentication(OAuth2AuthzEndpoint.java:607)

org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleAuthenticationResponse(OAuth2AuthzEndpoint.java:574)

org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:199)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)

org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)

org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)

org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)

org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)

org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)

org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)

org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)

org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)

org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)

org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)

org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)

org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
javax.servlet.http.HttpServlet.service(HttpServlet.java:624)

org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:85)

org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)

org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)


This is only when the user login is performed in the flow. If the
authorization request is sent in a browser where user is already loggedin,
the issue is not occurring and flow works fine.

>
>> ​
>>
>> On Wed, Mar 14, 2018 at 7:52 PM, Sagara Gunathunga <sag...@wso2.com>
>> wrote:
>>
>>>
>>&

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1

2018-03-14 Thread Pushpalanka Jayawardhana 
On Wed, Mar 14, 2018 at 10:09 PM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:

> Hi All,
>
> Tested OIDC hybrid flow with "code idtoken" response type. This is
> breaking with "Invalid response type" error message.
> Could do a bit of debugging and it seems that at [1], it failing to
> identify the existing key for "code idtoken" type.
>
> In the HashTable returned at
> OAuthServerConfiguration.getInstance().getSupportedResponseTypeValidators()
>   execution, "code idtoken" key has the hashCode of '-1819461976' while
> input key 'code idtoken' produce the hashcode of '-732188021'. In plain
> Java code, if we generate the hashCode for 'code idtoken' it also generates
> this. This result in not identifying the sending response type properly.
> Appreciate if this can be further investigated.
>
> [1] - https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/5.6.x/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/model/
> CarbonOAuthAuthzRequest.java#L49
>

Please ignore this, just realised it should be id_token. Sorry for the
noise.

>
> ​
>
> On Wed, Mar 14, 2018 at 7:52 PM, Sagara Gunathunga <sag...@wso2.com>
> wrote:
>
>>
>>
>> On Wed, Mar 14, 2018 at 7:46 PM, Jayanga Kaushalya <jayan...@wso2.com>
>> wrote:
>>
>>> Hi Sagara,
>>>
>>> Yes I have suggested other teams also to follow the IS convention in
>>> [1]. APIM team told me offline that they already changed. Hope others will
>>> do the same.
>>>
>>
>> Great.
>>
>> Thanks !
>>
>>>
>>> [1] [GDPR] Anonymization Tool default configurations/references are
>>> differed over the Products
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Senior Software Engineer
>>> Mobile: +94777860160 <+94%2077%20786%200160>
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>>
>>>
>>> On Wed, Mar 14, 2018 at 7:37 PM, Sagara Gunathunga <sag...@wso2.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Mar 14, 2018 at 7:27 PM, Sathya Bandara <sat...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> We are calling-off this vote as we have found an issue,
>>>>>
>>>>>- for user-mgt ui component in EI product
>>>>>- in Windows environment
>>>>>
>>>>> Since we want to align same component versions among EI & IS, we will
>>>>> fix this and update versions in IS as well. Additionally we will fix the
>>>>> issue in README.txt along with this.
>>>>>
>>>> Ruwan/Jayanga, shall we also look into the suggestion made by Lanka in
>>>> the "GDPR compliance for WSO2 products" thread ?
>>>>
>>>> Thanks !
>>>>
>>>>> We will do a RC2 and call for a vote soon.
>>>>>
>>>>> [1] https://github.com/wso2/product-ei/issues/2004
>>>>>
>>>>> On Wed, Mar 14, 2018 at 6:29 PM, Nilasini Thirunavukkarasu <
>>>>> nilas...@wso2.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have tested the following flows in mysql.
>>>>>>
>>>>>>- User management, role management (Primary + Secondary user
>>>>>>store)
>>>>>>- OIDC flow (password grant, authorization code)(Primary +
>>>>>>Secondary user store)
>>>>>>- consent management with SAML SSO for primary and secondary
>>>>>>users.
>>>>>>- SAML assertion encryption and response signing.
>>>>>>
>>>>>>
>>>>>> I have tested the following flow with h2
>>>>>>
>>>>>>- federated scenario with two IS
>>>>>>
>>>>>> +1 to go ahead and release
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Nila.
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 14, 2018 at 6:15 PM, Darshana Gunawardana <
>>>>>> darsh...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi Dilini,
>>>>>>>
>>>>>>> We will fix this, if we noted any blocker for RC1 release.. If not,
>>>>>

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1

2018-03-14 Thread Pushpalanka Jayawardhana 
t;>>>>> Regards,
>>>>>>> Dilini
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Mar 14, 2018 at 5:23 PM, Farasath Ahamed <farasa...@wso2.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Tested Below scenario on the IS 5.5.0-RC1 pack with MSSQL database
>>>>>>>>
>>>>>>>>- Create an OAuth app using Dynamic Client Registration endpoint
>>>>>>>>- Configured mandatory claims for the service provider
>>>>>>>>- Tested OIDC Implicit flow with user consent management enabled
>>>>>>>>- Verified that the user claims sent in the id_token are
>>>>>>>>filtered based on user consent.
>>>>>>>>
>>>>>>>> +1 to go ahead and release
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Mar 14, 2018 at 11:16 AM, Sathya Bandara <sat...@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> We are pleased to announce the first release candidate of WSO2
>>>>>>>>> Identity Server 5.5.0.
>>>>>>>>>
>>>>>>>>> This is the first release candidate (RC) of the WSO2 Identity
>>>>>>>>> Server 5.5.0 release.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This release fixes the following issues
>>>>>>>>>
>>>>>>>>>- 5.5.0-RC1 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1>
>>>>>>>>>- 5.5.0-Beta fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta>
>>>>>>>>>- 5.5.0-Alpha3 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3>
>>>>>>>>>- 5.5.0-Alpha2 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2>
>>>>>>>>>- 5.5.0-Alpha fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha>
>>>>>>>>>- 5.5.0-M4 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4>
>>>>>>>>>- 5.5.0-M3 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3>
>>>>>>>>>- 5.5.0-M2 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2>
>>>>>>>>>- 5.5.0-M1 fixes
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Source and distribution
>>>>>>>>>
>>>>>>>>> Runtime - https://github.com/wso2/produc
>>>>>>>>> t-is/releases/tag/v5.5.0-rc1
>>>>>>>>> Analytics - https://github.com/wso2/analyt
>>>>>>>>> ics-is/releases/tag/v5.5.0-rc1
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Please download, test the product and vote.
>>>>>>>>>
>>>>>>>>> [+] Stable - go ahead and release
>>>>>>>>> [-] Broken - do not release (explain why)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> - WSO2 Identity and Access Management Team -
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Sathya Bandara
>>>>>>>>> Software Engineer
>>>>>>>>> WSO2 Inc. http://wso2.com
>>>>>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>>>>>>>
>>>>>>>>> <+94%2071%20411%205032>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Farasath Ahamed
>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>> Mobile: +94777603866
>>>>>>>> Blog: blog.farazath.com
>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>> <http://wso2.com/signature>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ___
>>>>>>>> Architecture mailing list
>>>>>>>> architect...@wso2.org
>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518>
>>>>>>> dili...@wso2.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ___
>>>>>>> Architecture mailing list
>>>>>>> architect...@wso2.org
>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> *Darshana Gunawardana*Technical Lead
>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>
>>>>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>>>> Middleware
>>>>>>
>>>>>> ___
>>>>>> Architecture mailing list
>>>>>> architect...@wso2.org
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Nilasini Thirunavukkarasu
>>>>> Software Engineer - WSO2
>>>>>
>>>>> Email : nilas...@wso2.com
>>>>> Mobile : +94775241823 <+94%2077%20524%201823>
>>>>> Web : http://wso2.com/
>>>>>
>>>>>
>>>>> <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Sathya Bandara
>>>> Software Engineer
>>>> WSO2 Inc. http://wso2.com
>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>>
>>>> <+94%2071%20411%205032>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Sagara Gunathunga
>>>
>>> Director; WSO2, Inc.;  http://wso2.com
>>> Linkedin; http://www.linkedin.com/in/ssagara
>>> Blog ;  http://ssagara.blogspot.com
>>> Mobile : +9471 <+94%2071%20565%209887>2149951
>>>
>>>
>>
>
>
> --
> Sagara Gunathunga
>
> Director; WSO2, Inc.;  http://wso2.com
> Linkedin; http://www.linkedin.com/in/ssagara
> Blog ;  http://ssagara.blogspot.com
> Mobile : +9471 <+94%2071%20565%209887>2149951
>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] OAuth2 Client Authentication Error Response when authorization header is malformed

2018-01-19 Thread Pushpalanka Jayawardhana 
Hi Hasintha,

On Fri, Jan 19, 2018 at 3:32 PM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

> WDYT about the $subject ? Below quoted the descriptions of two types of
> error codes from spec [1]. It looks like "invalid_request" is more
> appropriate here. Any thoughts ? . An example authorization header is
> Base64Encoded (randomString which doesn't have the format
> clientid:clientSecret format)
>
>
>  invalid_request
>The request is missing a required parameter, includes an
>unsupported parameter value (other than grant type),
>repeats a parameter, includes multiple credentials,
>utilizes more than one mechanism for authenticating the
>client, or is otherwise malformed.
>
>  invalid_client
>Client authentication failed (e.g., unknown client, no
>client authentication included, or unsupported
>authentication method).  The authorization server MAY
>return an HTTP 401 (Unauthorized) status code to indicate
>which HTTP authentication schemes are supported.  If the
>client attempted to authenticate via the "Authorization"
>request header field, the authorization server MUST
>respond with an HTTP 401 (Unauthorized) status code and
>include the "WWW-Authenticate" response header field
>matching the authentication scheme used by the client.
>
>
+1 for using 'invalid request' in this case, where client authentication is
happening with the method 'client password'.
We will have consider that other authentication mechanism can also be
available as per [2], which won't adhere this format of
'Base64Encoded(clientid:clientSecret).


>
> [1] https://tools.ietf.org/html/rfc6749
>
[2] - https://tools.ietf.org/html/rfc6749#section-2.3

>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <077%20189%202453>
>
>

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Resolving ClasscastException caused due to different classloaders

2017-12-04 Thread Pushpalanka Jayawardhana 
Hi,

The problem was caused by backend bundle been packed with the endpoint.
After excluding it from .war file issue got resolved.

Thanks Rushmin for the clue.

Thanks,

On Mon, Dec 4, 2017 at 9:05 PM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:

> Hi,
>
> I am facing below issue, trying to cast the retrieved object at a webapp
> application.
>
> java.lang.ClassCastException: org.wso2.SomeServiceImpl cannot be cast to 
> org.wso2.SomeService
> which is the interface it extends.
> This is registered into OSGI environment from a separate component and
> here I am trying to capture it to be used in an endpoint.
>
> When I check the classLoaders of the classes,
> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@58e1a6d3[
> com.wso2.finance.open.banking.consent.mgt:1.0.0.SNAPSHOT(id=30)]   is
> used in the backend module,
>
> while inside the webapp it is,
> CarbonWebappClassLoader
>   context: /consent
>   delegate: false
>   repositories:
> /WEB-INF/classes/
> --> Parent Classloader:
> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@20b6b38d[
> tomcat:7.0.73.wso2v1(id=527)]
>
> The difference in the class loaders seems to be reason for
> ClassCastException.
> Appreciate any inputs to resolve this.
>
> Thanks,
> --
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
> pushpalanka/ | Twitter: @pushpalanka
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Resolving ClasscastException caused due to different classloaders

2017-12-04 Thread Pushpalanka Jayawardhana 
Hi,

I am facing below issue, trying to cast the retrieved object at a webapp
application.

java.lang.ClassCastException: org.wso2.SomeServiceImpl cannot be cast
to org.wso2.SomeService
which is the interface it extends.
This is registered into OSGI environment from a separate component and here
I am trying to capture it to be used in an endpoint.

When I check the classLoaders of the classes,
org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@58e1a6d3[com.wso2.finance.open.banking.consent.mgt:1.0.0.SNAPSHOT(id=30)]
  is used in the backend module,

while inside the webapp it is,
CarbonWebappClassLoader
  context: /consent
  delegate: false
  repositories:
/WEB-INF/classes/
--> Parent Classloader:
org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@20b6b38d
[tomcat:7.0.73.wso2v1(id=527)]

The difference in the class loaders seems to be reason for
ClassCastException.
Appreciate any inputs to resolve this.

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Purpose of "TOKEN_ID" and "CODE_ID"

2017-10-31 Thread Pushpalanka Jayawardhana 
Hi,

On Tue, Oct 31, 2017 at 8:20 PM, Prabath Siriwardena <prab...@wso2.com>
wrote:

> IIRC TOKEN_ID is how you uniquely refer an access token from other places
> - and CODE_ID is how you refer an authorization code uniquely from other
> places...
>
Yes, with the option we have to encrypt and store access tokens and
authorization codes, ACCESS_TOKEN and CODE columns need more length. Hence
using those as primary keys and then making foreign key reference from
other tables to exact values is not convenient and won't be correct to
store these sensitive values in multiple places.

>
> Thanks & regards,
> -Prabath
>
> On Mon, Oct 30, 2017 at 6:31 PM, Sagara Gunathunga <sag...@wso2.com>
> wrote:
>
>> Can someone explain  the exact design goals of following  two columns on
>> identity  DB ?
>>
>> 1.   "TOKEN_ID" on IDN_OAUTH2_ACCESS_TOKEN
>>
>> 2. "CODE_ID " on IDN_OAUTH2_AUTHORIZATION_CODE
>>
>>
>>
>> Thanks !
>> --
>> Sagara Gunathunga
>>
>> Director; WSO2, Inc.;  http://wso2.com
>> V.P Apache Web Services;http://ws.apache.org/
>> Linkedin; http://www.linkedin.com/in/ssagara
>> Blog ;  http://ssagara.blogspot.com
>> Mobile : +9471 <+94%2071%20565%209887>2149951
>>
>>
>
>
> --
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950 <+1%20650-625-7950>
>
> http://facilelogin.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to send subject in a XACML request

2017-10-31 Thread Pushpalanka Jayawardhana 
Hi Dinali,

You can find few details on writing XACML policies here [1]. The sample
policies have several sample requests that shows how the attributes are
sent in the XACML request. I think we can fit in the topic you mentioned,
around this location.

[1] -
https://docs.wso2.com/display/IS530/Writing+XACML3+Policies+in+WSO2+Identity+Server

Thanks,
Pushpalanka

On Tue, Oct 31, 2017 at 10:24 PM, Dinali Dabarera <din...@wso2.com> wrote:

> Hi Godwin,
>
> As you mentioned in your offline chats, there is no mention about "how to
> send the subject in the XACML Request" in our Docs.
>
> I did a small research on XACML spec and figured out we could send the
> subject in the XACML request as follows,
>
> I changed the sample request on my blog [1] with the Subject attribute as
> follows
>
> Request:
>
>  xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
>   Category="urn:oasis:names:tc:xacml:3.0:subject-category:access-subject">
>AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
>   DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">b...@simpsons.com
>   
>
>  Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
>  AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" 
> IncludeInResult="false">
>  DataType="http://www.w3.org/2001/XMLSchema#string;>read
> 
> 
>  Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
>  AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
> IncludeInResult="false">
>  DataType="http://www.w3.org/2001/XMLSchema#string;>http://127.0.0.1/service/very_secure/
>  
> 
> 
> 
>
> I will update XACML docs with this information.
> Please let me know if you have any concerns on this! I hope this is what
> you expected.
>
> [1] https://medium.com/@gdrdabarera/how-entitlement-
> management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-
> 7a60940d040c
>
> Thank you!
> Dinali
> ​
> -
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
> Mobile: +94770198933 <077%20019%208933>
>
>
>
>
> <https://lk.linkedin.com/in/dinalidabarera>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Unable to load UserStoreCountRetriever implementation

2017-09-13 Thread Pushpalanka Jayawardhana 
Hi Hartley,

It is not directly the retriever class that you have to write. As we have
followed factory pattern here, you have to write the factory class and
configure that in the advanced property.

Code segment at [1] with help you understand how the factory is registered
to OSGI runtime and [2] can be referred as sample implementation.
Hope this will help.

[1] -
https://github.com/wso2/carbon-identity-framework/blob/master/components/user-store/org.wso2.carbon.identity.user.store.count/src/main/java/org/wso2/carbon/identity/user/store/count/internal/UserStoreCountDSComponent.java#L92-L99
[2] -
https://github.com/wso2/carbon-identity-framework/tree/master/components/user-store/org.wso2.carbon.identity.user.store.count/src/main/java/org/wso2/carbon/identity/user/store/count/jdbc

Thanks,

On Mon, Sep 11, 2017 at 11:14 PM, J R Hartley <jrhartleys...@gmail.com>
wrote:

> I have successfully created a UserStoreManager implementation which loads
> correctly via a component class. However, I need a UserStoreCountRetriever
> implementation to allow the user store to work correctly. I have extended 
> JDBCUserStoreCountRetriever
> and added the class name to the Count Implementation advanced property. I
> have also registered the service in my component.
>
> When I do a user search I get the following message: "Error while listing
> users. Error is : Exception occurred while trying to invoke service method
> countUsers".
>
> On the console, I get the following stack trace:
> Caused by: java.lang.NullPointerException
> at org.wso2.carbon.identity.user.store.count.util.
> UserStoreCountUtils.getCounterInstanceForDomain(
> UserStoreCountUtils.java:136)
>
> It looks like it can't find, or can't load the class required to implement
> the count. The class is in the same jar file as the user store.
>
> Many thanks
>
> Jeff
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Improvements to OAuth Dynamic Client Registration

2017-05-25 Thread Pushpalanka Jayawardhana 
Hi Abilashini,

As per the discussion we had short while ago, let's prioritize implementing
the APIs required for DCRM functionality.

Support for multiple locales in not a critical requirement for us at the
moment, hence moved that to a separate task as at [1]. You can add your
current findings there so we can later attend that.
You can send a PR for current progress for the issue, so that you can start
working on DCRM.

[1] - https://wso2.org/jira/browse/IDENTITY-5979

Thanks,
Pushpalanka

On Thu, May 25, 2017 at 10:50 AM, Abilashini Thiyagarajah <
abilashini...@cse.mrt.ac.lk> wrote:

> Hi Pushpalanka,
>
> Thanks for your reply. I have already referred this section to understand
> the concept. But in the specific issue, it has been mentioned only for
> redirect URI.
>
> To consider local specific values for all the Human-readable client
> metadata, can we fix it as a separate issue rather than including it in the
> [1].
>
> The problems arise on fixing this are,
>
>1. If there are local specific values for redirect uris, should it be
>added to the typical redirect uris list when building the registration
>request object.
>2. If there are multiple values for a specific meta data (eg.
>client_name) in different languages, then which to be considered during
>registration.
>
> I found a library [2] which supports for language tags. Can we use it for
> the implementation?
>
> [1] https://wso2.org/jira/browse/IDENTITY-5879
> [2] https://www.connect2id.com/blog/language-tags-rfc-5646-for-java
>
> Thanks,
> Abilashini
>
> *Thiyagarajah Abilashini*
> Student
> Department of Computer Science and Engineering
> University of Moratuwa, Sri Lanka
>
> On 25 May 2017 at 09:54, Pushpalanka Jayawardhana <la...@wso2.com> wrote:
>
>> Hi Abilashini,
>>
>> This section in the specification elaborates more in this[1].
>> This is not limited to redirect URI, but for all Human-readable client
>> metadata.
>>
>> [1] - https://tools.ietf.org/html/rfc7591#section-2.2
>>
>> Thanks,
>> Pushpalanka
>>
>> On Tue, May 23, 2017 at 2:09 PM, Abilashini Thiyagarajah <
>> abilashini...@cse.mrt.ac.lk> wrote:
>>
>>> Hi all,
>>>
>>> I am currently working on the issue [1]. Specifically the point 4 in the
>>> description, it has been mentioned as the implementation should allow
>>> multiple locale-specific values for redirect URI. According to my
>>> understanding on the implementation of DCR, if there are any
>>> locale-specific values for the redirect URI in the registration request
>>> (eg. redirect_uris#en), it will be added to the list of redirect URI's
>>> while building the registration request profile. Is that the expected
>>> outcome? Please provide your insights.
>>>
>>> [1] https://wso2.org/jira/browse/IDENTITY-5879
>>>
>>>
>>> *Thiyagarajah Abilashini*
>>> Student
>>> Department of Computer Science and Engineering
>>> University of Moratuwa, Sri Lanka
>>>
>>> On 15 May 2017 at 23:51, Maduranga Siriwardena <madura...@wso2.com>
>>> wrote:
>>>
>>>> Thanks Abilashini for the PR. We will review and merge.
>>>>
>>>> In the mean time, please work on the other issue too.
>>>>
>>>> On Fri, May 12, 2017 at 1:30 PM, Abilashini Thiyagarajah <
>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Please review - https://github.com/wso2-exte
>>>>> nsions/identity-inbound-auth-oauth/pull/353
>>>>>
>>>>> Best Regards,
>>>>> Abilashini
>>>>>
>>>>> *Thiyagarajah Abilashini*
>>>>> Student
>>>>> Department of Computer Science and Engineering
>>>>> University of Moratuwa, Sri Lanka
>>>>>
>>>>> On 10 May 2017 at 15:54, Abilashini Thiyagarajah <
>>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>>
>>>>>> Hi Dimuthu,
>>>>>>
>>>>>> Thank you for sharing these informative sources.
>>>>>>
>>>>>> Best Regards,
>>>>>>
>>>>>> *Thiyagarajah Abilashini*
>>>>>> Student
>>>>>> Department of Computer Science and Engineering
>>>>>> University of Moratuwa, Sri Lanka
>>>>>>
>>>>>> On 10 May 2017 at 13:45, Dimuthu De Lanerolle <dimut...@wso2.com>
>>>>>> wrote:
&

Re: [Dev] Improvements to OAuth Dynamic Client Registration

2017-05-24 Thread Pushpalanka Jayawardhana 
Hi Abilashini,

This section in the specification elaborates more in this[1].
This is not limited to redirect URI, but for all Human-readable client
metadata.

[1] - https://tools.ietf.org/html/rfc7591#section-2.2

Thanks,
Pushpalanka

On Tue, May 23, 2017 at 2:09 PM, Abilashini Thiyagarajah <
abilashini...@cse.mrt.ac.lk> wrote:

> Hi all,
>
> I am currently working on the issue [1]. Specifically the point 4 in the
> description, it has been mentioned as the implementation should allow
> multiple locale-specific values for redirect URI. According to my
> understanding on the implementation of DCR, if there are any
> locale-specific values for the redirect URI in the registration request
> (eg. redirect_uris#en), it will be added to the list of redirect URI's
> while building the registration request profile. Is that the expected
> outcome? Please provide your insights.
>
> [1] https://wso2.org/jira/browse/IDENTITY-5879
>
>
> *Thiyagarajah Abilashini*
> Student
> Department of Computer Science and Engineering
> University of Moratuwa, Sri Lanka
>
> On 15 May 2017 at 23:51, Maduranga Siriwardena <madura...@wso2.com> wrote:
>
>> Thanks Abilashini for the PR. We will review and merge.
>>
>> In the mean time, please work on the other issue too.
>>
>> On Fri, May 12, 2017 at 1:30 PM, Abilashini Thiyagarajah <
>> abilashini...@cse.mrt.ac.lk> wrote:
>>
>>> Hi all,
>>>
>>> Please review - https://github.com/wso2-exte
>>> nsions/identity-inbound-auth-oauth/pull/353
>>>
>>> Best Regards,
>>> Abilashini
>>>
>>> *Thiyagarajah Abilashini*
>>> Student
>>> Department of Computer Science and Engineering
>>> University of Moratuwa, Sri Lanka
>>>
>>> On 10 May 2017 at 15:54, Abilashini Thiyagarajah <
>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>
>>>> Hi Dimuthu,
>>>>
>>>> Thank you for sharing these informative sources.
>>>>
>>>> Best Regards,
>>>>
>>>> *Thiyagarajah Abilashini*
>>>> Student
>>>> Department of Computer Science and Engineering
>>>> University of Moratuwa, Sri Lanka
>>>>
>>>> On 10 May 2017 at 13:45, Dimuthu De Lanerolle <dimut...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Abilashini,
>>>>>
>>>>> I have attached some info links with might be useful to you.
>>>>>
>>>>> [1] https://docs.wso2.com/display/IS530/OpenID+Connect+Dynam
>>>>> ic+Client+Registration
>>>>> [2] http://openid.net/specs/openid-connect-registration-1_0.html
>>>>> [3] Doc Attached. Also you may find more info related to DCR requests
>>>>> and responses using previous JIra (eg: IDENTITY-5436, IDENTITY-5435
>>>>> etc.)
>>>>>
>>>>> Regards
>>>>> DimuthuD
>>>>>
>>>>> On Wed, May 10, 2017 at 12:59 PM, Abilashini Thiyagarajah <
>>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>>
>>>>>> Hi Maduranga,
>>>>>>
>>>>>> I will work on it and get back to you soon.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> *Thiyagarajah Abilashini*
>>>>>> Student
>>>>>> Department of Computer Science and Engineering
>>>>>> University of Moratuwa, Sri Lanka
>>>>>>
>>>>>> On 9 May 2017 at 09:16, Maduranga Siriwardena <madura...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Abilashini,
>>>>>>>
>>>>>>> As discussed can you start working on [1] and [2] to improve the
>>>>>>> existing DCR functionality. If you need any clarification or help, 
>>>>>>> please
>>>>>>> get back to us.
>>>>>>>
>>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-5529
>>>>>>> [2] https://wso2.org/jira/browse/IDENTITY-5185
>>>>>>>
>>>>>>> Thanks,
>>>>>>> --
>>>>>>> Maduranga Siriwardena
>>>>>>> Senior Software Engineer
>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>
>>>>>>> Email: madura...@wso2.com
>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>> Blog: *https://madurangasiri

Re: [Dev] GSOC : OAuth 2.0 Dynamic Client Registration Management Protocol Support

2017-05-22 Thread Pushpalanka Jayawardhana 
Hi Abilashini,

On Mon, May 22, 2017 at 4:25 PM, Abilashini Thiyagarajah <
abilashini...@cse.mrt.ac.lk> wrote:

> Hi Pushpalanka,
>
> Currently I am working on "Allow multiple locale-specific values for
> redirect URI like human-readable values in the client meta data section"
> in the issue https://wso2.org/jira/browse/IDENTITY-5879. Once I complete
> this part, I will be able to send a pull request as I have fixed the other
> parts of the specific issue.
>
> Yeah I can work on the DCRM specification as well as the DCR issue fixing.
>
That's great! Thanks for the quick reply.
Hope others will also agree that it will be good if we can prioritize DCRM
implementation to be completed first, so that it can be tested for issues
while others been fixed. WDYT?


> Thanks,
>
> *Thiyagarajah Abilashini*
> Student
> Department of Computer Science and Engineering
> University of Moratuwa, Sri Lanka
>
> On 22 May 2017 at 15:12, Pushpalanka Jayawardhana <la...@wso2.com> wrote:
>
>> Hi Abilashini,
>>
>> Appreciate if you can give an update on the current progress of the
>> project.
>> Were you able to work on DCRM specification and other DCR stabilization
>> issues.
>>
>> This is just to know the information for planning activities.
>>
>> Thanks,
>>
>> On Fri, May 5, 2017 at 11:01 AM, Abilashini Thiyagarajah <
>> abilashini...@cse.mrt.ac.lk> wrote:
>>
>>> Yeah sure.
>>>
>>> Thank you
>>>
>>> *Thiyagarajah Abilashini*
>>> Student
>>> Department of Computer Science and Engineering
>>> University of Moratuwa, Sri Lanka
>>>
>>> On 5 May 2017 at 10:59, Ishara Karunarathna <isha...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Fri, May 5, 2017 at 10:53 AM, Abilashini Thiyagarajah <
>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>
>>>>> Yeah we can have.
>>>>>
>>>> Then lets arrange a hangout from 2-3 pm
>>>>
>>>>>
>>>>> *Thiyagarajah Abilashini*
>>>>> Student
>>>>> Department of Computer Science and Engineering
>>>>> University of Moratuwa, Sri Lanka
>>>>>
>>>>> On 5 May 2017 at 10:25, Ishara Karunarathna <isha...@wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, May 5, 2017 at 10:21 AM, Abilashini Thiyagarajah <
>>>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>>>
>>>>>>> Hi Ishara,
>>>>>>>
>>>>>>> Thank you.
>>>>>>>
>>>>>>> Tomorrow in the sense do you mean Saturday(6.4.2017)?
>>>>>>>
>>>>>> Its today 5/5/2017 if you available we can have a meeting in the
>>>>>> evening.
>>>>>>
>>>>>> -Ishara
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *Thiyagarajah Abilashini*
>>>>>>> Student
>>>>>>> Department of Computer Science and Engineering
>>>>>>> University of Moratuwa, Sri Lanka
>>>>>>>
>>>>>>> On 5 May 2017 at 00:51, Ishara Karunarathna <isha...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Congratz Abilashini,
>>>>>>>>
>>>>>>>> On Thu, May 4, 2017 at 11:42 PM, Abilashini Thiyagarajah <
>>>>>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> Thank you so much for accepting my proposal and selecting me to
>>>>>>>>> work on the project "*OAuth 2.0 Dynamic Client Registration
>>>>>>>>> Management Protocol support for WSO2 Identity Server*" in GSOC
>>>>>>>>> 2017. I am so happy to work on a WSO2 project after the internship.
>>>>>>>>>
>>>>>>>>> I would like to clarify the plan through out the program. Shall we
>>>>>>>>> stick to my project plan in my proposal?
>>>>>>>>>
>>>>>>>> We may have to do some slight modification. Shall we arrange a
>>>>>>>> m

Re: [Dev] [IS] Error codes in issuing access token

2017-05-22 Thread Pushpalanka Jayawardhana 
Hi Nilasini,

Yes, your understanding is correct. We are not doing scope validations in
IS as of now.
There is a separate scope validator that get engaged in the scenarios
relevant with APIM as of [1], which does scope validation.

[1] - https://github.com/wso2-extensions/identity-inbound-
auth-oauth/blob/master/components/org.wso2.carbon.
identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/
JDBCScopeValidator.java

Thanks,

On Mon, May 22, 2017 at 3:28 PM, Nilasini Thirunavukkarasu <
nilas...@wso2.com> wrote:

>
>
> On Mon, May 22, 2017 at 2:55 PM, Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Hi,
>> According to the specification[1] invalid_scope error code must be shown
>> when we give invalid scope, unknown scope and etc. As we need to support
>> custom scope as well, so we can't have a predefined list of scopes. From
>> the current implementation it doesn't prompt the error code.
>>
>> As shown in [2], the scope is always set to true. So as far as I can
>> understand it's not validating the scope in a correct manner. Any insight
>> on this will be highly appreciated.
>>
>> [1] https://tools.ietf.org/html/rfc6749#section-5.2
>> [2]https://github.com/wso2-extensions/identity-inbound-auth-
>> oauth/blob/master/components/org.wso2.carbon.identity.oauth/
>> src/main/java/org/wso2/carbon/identity/oauth/callback/
>> DefaultCallbackHandler.java#L37
>>
>> Thank you,
>> Nila.
>>
>> --
>> Nilasini Thirunavukkarasu
>> Software Engineer - WSO2
>>
>> Email : nilas...@wso2.com
>> Mobile : +94775241823 <+94%2077%20524%201823>
>> Web : http://wso2.com/
>>
>>
>> <http://wso2.com/signature>
>>
>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <077%20524%201823>
> Web : http://wso2.com/
>
>
> <http://wso2.com/signature>
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSOC : OAuth 2.0 Dynamic Client Registration Management Protocol Support

2017-05-22 Thread Pushpalanka Jayawardhana 
gt;>>>>>>> [2017-01-31 21:07:39,525]  INFO
>>>>>>>>>>>>>>>> {org.wso2.carbon.server.util.PatchUtils.console} -  Patch
>>>>>>>>>>>>>>>> verification started {org.wso2.carbon.server.util.P
>>>>>>>>>>>>>>>> atchUtils.console}
>>>>>>>>>>>>>>>> [2017-01-31 21:07:39,530]  INFO
>>>>>>>>>>>>>>>> {org.wso2.carbon.server.util.PatchUtils.console} -  Patch
>>>>>>>>>>>>>>>> verification successfully completed. 
>>>>>>>>>>>>>>>> {org.wso2.carbon.server.util.P
>>>>>>>>>>>>>>>> atchUtils.console}
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Sat, Mar 18, 2017 at 7:26 AM, Abilashini Thiyagarajah <
>>>>>>>>>>>>>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I have worked to understand the specifications and code
>>>>>>>>>>>>>>>>> base related to OAuth 2.0 DCR protocol management. Now I am 
>>>>>>>>>>>>>>>>> trying to fix
>>>>>>>>>>>>>>>>> some of the issues that you have shared with me. Can I know 
>>>>>>>>>>>>>>>>> the location of
>>>>>>>>>>>>>>>>> dcr component in the server? Or else the way to try my code 
>>>>>>>>>>>>>>>>> changes in the
>>>>>>>>>>>>>>>>> dcr component?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks in advance,
>>>>>>>>>>>>>>>>> Abilashini
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> *Thiyagarajah Abilashini*
>>>>>>>>>>>>>>>>> Student
>>>>>>>>>>>>>>>>> Department of Computer Science and Engineering
>>>>>>>>>>>>>>>>> University of Moratuwa, Sri Lanka
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On 15 March 2017 at 10:26, Abilashini Thiyagarajah <
>>>>>>>>>>>>>>>>> abilashini...@cse.mrt.ac.lk> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Maduranga,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thank you so much for your reply and references. I will
>>>>>>>>>>>>>>>>>> work on to understand the code and fix jira as you said.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>>>> Abilashini
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> *Thiyagarajah Abilashini*
>>>>>>>>>>>>>>>>>> Student
>>>>>>>>>>>>>>>>>> Department of Computer Science and Engineering
>>>>>>>>>>>>>>>>>> University of Moratuwa, Sri Lanka
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On 15 March 2017 at 01:52, Maduranga Siriwardena <
>>>>>>>>>>>>>>>>>> madura...@wso2.com> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Abilashini,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> We are glad to see your interest in doing GSoC with
>>>>>>>>>>>>>>>>>>> WSO2.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> The requirement of the project is to fully implement
>>>>>>>>>>>>>>>>>>> the Dynamic Client Registration Management Protocol [1]. 
>>>>>>>>>>>>>>>>>>> The current
>>>>>>>>>>>>>>>>>>> implementation of Dynamic Client Registration is in repo 
>>>>>>>>>>>>>>>>>>> [2] and
>>>>>>>>>>>>>>>>>>> particularly component in [3]. Documentation for OpenID 
>>>>>>>>>>>>>>>>>>> Connect Dynamic
>>>>>>>>>>>>>>>>>>> Client Registration is in [4].
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> If you need to get familiarize with the code, you can
>>>>>>>>>>>>>>>>>>> fix jira already reported regarding dcr implementation 
>>>>>>>>>>>>>>>>>>> which are in [5] (or
>>>>>>>>>>>>>>>>>>> you can fix any jira in Identity Server project as a start).
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> [1] https://tools.ietf.org/html/rfc7592
>>>>>>>>>>>>>>>>>>> [2] https://github.com/wso2-ex
>>>>>>>>>>>>>>>>>>> tensions/identity-inbound-auth-oauth
>>>>>>>>>>>>>>>>>>> [3] https://github.com/wso2-ex
>>>>>>>>>>>>>>>>>>> tensions/identity-inbound-auth
>>>>>>>>>>>>>>>>>>> -oauth/tree/master/components/
>>>>>>>>>>>>>>>>>>> org.wso2.carbon.identity.oauth.dcr
>>>>>>>>>>>>>>>>>>> [4] https://docs.wso2.com/disp
>>>>>>>>>>>>>>>>>>> lay/IS530/OpenID+Connect+Dynamic+Client+Registration
>>>>>>>>>>>>>>>>>>> [5] https://goo.gl/ghqqgE
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Tue, Mar 14, 2017 at 1:06 AM, Abilashini Thiyagarajah
>>>>>>>>>>>>>>>>>>> <abilashini...@cse.mrt.ac.lk> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> I am Abilashini from Department of Computer Science and
>>>>>>>>>>>>>>>>>>>> Engineering, University of Moratuwa. I have done my 
>>>>>>>>>>>>>>>>>>>> internship at WSO2 last
>>>>>>>>>>>>>>>>>>>> year (July - December) and worked in the implementation of 
>>>>>>>>>>>>>>>>>>>> tomcat extension
>>>>>>>>>>>>>>>>>>>> of OpenID Connect [1]. So I am a little bit familiar with 
>>>>>>>>>>>>>>>>>>>> OAuth 2.0 and
>>>>>>>>>>>>>>>>>>>> OpenID Connect protocols. I found the project 'OAuth
>>>>>>>>>>>>>>>>>>>> 2.0 Dynamic Client Registration Management Protocol 
>>>>>>>>>>>>>>>>>>>> Support'
>>>>>>>>>>>>>>>>>>>> as interesting to work on. Can I have some assistance to 
>>>>>>>>>>>>>>>>>>>> understand the
>>>>>>>>>>>>>>>>>>>> details and requirements more clearly behind this project 
>>>>>>>>>>>>>>>>>>>> idea?
>>>>>>>>>>>>>>>>>>>> Also can I have the locations of documentation and code
>>>>>>>>>>>>>>>>>>>> base related to dynamic client registration?
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> [1] https://github.com/wso2-ex
>>>>>>>>>>>>>>>>>>>> tensions/tomcat-extension-openidsso
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks and Regards
>>>>>>>>>>>>>>>>>>>> Abilashini
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> *Thiyagarajah Abilashini*
>>>>>>>>>>>>>>>>>>>> Student
>>>>>>>>>>>>>>>>>>>> Department of Computer Science and Engineering
>>>>>>>>>>>>>>>>>>>> University of Moratuwa, Sri Lanka
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>> Maduranga Siriwardena
>>>>>>>>>>>>>>>>>>> Software Engineer
>>>>>>>>>>>>>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Email: madura...@wso2.com
>>>>>>>>>>>>>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>>>>>>>>>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>>>>>>>>>>>>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Maduranga Siriwardena
>>>>>>>>>>>>>>>> Software Engineer
>>>>>>>>>>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Email: madura...@wso2.com
>>>>>>>>>>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>>>>>>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>>>>>>>>>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Maduranga Siriwardena
>>>>>>>>>>>>>> Software Engineer
>>>>>>>>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Email: madura...@wso2.com
>>>>>>>>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>>>>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>>>>>>>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Maduranga Siriwardena
>>>>>>>>>>>> Senior Software Engineer
>>>>>>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>>>>>>
>>>>>>>>>>>> Email: madura...@wso2.com
>>>>>>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>>>>>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Maduranga Siriwardena
>>>>>>>>> Senior Software Engineer
>>>>>>>>> WSO2 Inc; http://wso2.com/
>>>>>>>>>
>>>>>>>>> Email: madura...@wso2.com
>>>>>>>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>>>>>>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>>>>>>>> <https://madurangasiriwardena.wordpress.com/>*
>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> ___
>>>>>>> Dev mailing list
>>>>>>> Dev@wso2.org
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Ishara Karunarathna
>>>>>> Associate Technical Lead
>>>>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>>>>
>>>>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>>>>> +94717996791 <+94%2071%20799%206791>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Ishara Karunarathna
>>>> Associate Technical Lead
>>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>>
>>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>>> +94717996791 <+94%2071%20799%206791>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Ishara Karunarathna
>> Associate Technical Lead
>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>
>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>> +94717996791 <+94%2071%20799%206791>
>>
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Validating OAuth App state during Token Requests

2017-05-18 Thread Pushpalanka Jayawardhana 
Hi,

On Thu, May 18, 2017 at 4:58 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

> Hi,
>
> With our current implementation, we check whether an OAuth app is active
> at [1]. This happens before we complete client authentication at [2].
>
> Therefore even for an invalid client_id value, the error message that we
> would get will be "Oauth App is not in active state." which is not the
> expected behaviour.
>
> To fix this I see two options,
>
> 1. Handle the APP_STATE value being NULL (ie. no app was found for given
> consumer key) properly. APP_STATE column allows NULL as a value so we can't
> exactly say that APP_STATE == 'NULL' would imply that there is no app for a
> give consumer key
>
+1 for this approach. With this we can avoid some processing done in vain
and respond invalid requests much early. Saving NULL for APP_STATE seems
something we should investigate and fix.

>
> 2. Move the APP_STATE validation logic to be done after [2]
>
> WDYT?
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth.endpoint/src/main/java/org/wso2/carbon/
> identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L87-L97
>
> [2] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/
> AccessTokenIssuer.java#L168
>
> Thanks,
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Implemeting Scope Validator

2017-05-16 Thread Pushpalanka Jayawardhana 
Hi,

On Tue, May 16, 2017 at 10:56 PM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi Farasath, Lanka
>>
>> What about extension grant types like SAML2BearerGrant, JWTBearer or any
>> other custom grant type we write?
>> AFAIR we do issue id_tokens to any grant type when "openid" scope is
>> present.
>
>
> IMO using "openid" scope to issue id_tokens like SAML2Bearer ,etc is not
> required.
>
> If our current implementation allows id_token generation for all types
>> wouldn't this break existing clients?
>
>
> This is an optional configuration, so we don't break any existing clients
> here.
>
> @Lanka,
>
>>
>> 
>> 
>> authorization_code
>> org
>> .wso2.carbon.identity.oauth2.token.handlers.grant.Authoriza
>> tionCodeGrantHandler
>> *true*
>> 
>> ..
>> 
>>
>> We can ship default configuration as the behavior we currently have, so
>> none of the existing scenarios break.
>> OIDC scope validator can consume this information from here.
>>
>
> We already have below configuration for the APIM for JDBC Scope validation.
>
>

Re: [Dev] Implemeting Scope Validator

2017-05-16 Thread Pushpalanka Jayawardhana 
Hi All,

On Tue, May 16, 2017 at 8:15 PM, Ishara Karunarathna 
wrote:

> intension of using scope validate is to handle OIDC support in a single
> place.
>
>
> On Tue, May 16, 2017 at 7:52 PM, Farasath Ahamed 
> wrote:
>
>>
>> On Tue, May 16, 2017 at 7:38 PM, Hasanthi Purnima Dissanayake <
>> hasan...@wso2.com> wrote:
>>
>>> Hi All,
>>> In our current OIDC implementation we support below four grant types and
>>> issue id tokens and user info claims for all the below grant type.
>>>
>>>- authorization_code
>>>- implicit
>>>- client_credential
>>>- password
>>>
>>> What about extension grant types like SAML2BearerGrant, JWTBearer or any
>> other custom grant type we write?
>> AFAIR we do issue id_tokens to any grant type when "openid" scope is
>> present.
>>
>>
>>> Among those 4 grant types that we have implemented, OIDC spec discusses
>>> about only implict and authorization_code grant types. According to the
>>> spec "openid" scope value is a must to Inform the Authorization Server
>>> that the client is making an OpenID Connect request. So we have introduced
>>> a new property in identity.xml as below and we have implemented a scope
>>> validator to validate whether the grant types are authorization_code ,
>>> implicit or password if the scope is openid.
>>>
>>
>>> 
>>>

Re: [Dev] Clarification on 'Use tenant domain in local subject identifier' attribute

2017-05-09 Thread Pushpalanka Jayawardhana 
>> claim uri.
>>>>>
>>>> This is little bit tricky. If we think of an occasion without a local
association in a federated scenario, does it really make sense to append
our local user store domain or tenant domain to user name? I think it's an
invalid information, as a federated user is not present in our user stores
unless provisioned or associated.

We can argue, if the SP is configured with federated authentication we
shouldn't select the above options. But the concerns around this become
more complex when we consider this together with multi-option
authentication. An SP can allow user to select authentication from either
local or federated. As such case we should be able to dynamically decide we
shouldn't be attaching user store and tenant names to federated user
attributes. WDYT?

>
>>>>> If the above attribute is unchecked :
>>>>> - The tenant domain should not append with the sub claim even when the
>>>>> user name is subject claim uri or a requested claim.
>>>>>
>>>>
>>>>> [1] https://wso2.org/jira/browse/IDENTITY-5013
>>>>> [2] https://wso2.org/jira/browse/IDENTITY-4931
>>>>> [3]https://wso2.org/jira/browse/IDENTITY-4956
>>>>> [4]https://wso2.org/jira/browse/IDENTITY-4470
>>>>>
>>>>> Please let me know if the behavior of this attribute is something
>>>>> different.
>>>>>
>>>> Yes. That is the behavior of 'Use tenant domain in local subject
>>>> identifier" attribute.
>>>>
>>>> Thanks
>>>> Isura.
>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Hasanthi Dissanayake
>>>>>
>>>>> Software Engineer | WSO2
>>>>>
>>>>> E: hasan...@wso2.com
>>>>> M :0718407133 <071%20840%207133>| http://wso2.com <http://wso2.com/>
>>>>>
>>>>> ___
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Isura Dilhara Karunaratne*
>>>> Senior Software Engineer | WSO2
>>>> Email: is...@wso2.com
>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>> Blog : http://isurad.blogspot.com/
>>>>
>>>>
>>>>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Simplifying the claim-config.xml file in Identity Server

2017-05-04 Thread Pushpalanka Jayawardhana 
Hi All,

As we know we define default claim mappings between dialects in this file
named calim-config.xml.
There we have default claim dialect(wso2.org) defined with all its required
attributes. Then we also define other dialects and map each claim dialect
URI to some local claim URI as suitable.
Following is a fraction of such from SCIM dialect mapping.

>From 5.3.0 onwards we are depending on mapping the localClaim to other
external claims URIs.
In such case it seems '**' is not really neccessary to define
here, as it is already defined in local claim definition.


urn:scim:schemas:core:1.0:name.givenName
Name - Given Name
*givenName*
Given Name

1

http://wso2.org/claims/givenname


This is not a critical issue, but would be better to simplify the file
removing this, if we can agree this is not necessary here.

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Client credential grant type for ID token generation

2017-05-04 Thread Pushpalanka Jayawardhana 
Hi All,

This is in relation to issue [1] which happened when we issue ID_token for
client credentials grant.

Client credentials grant type is not really a part of OpenID Connect
specification, as it only mentions of authorization code grant flow(Basic
Profile) and implicit grant flow (Implicit profile), and hybrid flow.
This is an additional thing when we issue id_token for client credentials
grant.

Also this does not make much sense when we issue an ID_token to an
application which is presented in client credentials grant.
In my opinion we should get rid of this, if noone is currently using it.
Appreciate your inputs.

[1] - https://wso2.org/jira/browse/IDENTITY-4915

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-25 Thread Pushpalanka Jayawardhana 
Hi,

On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby <joh...@wso2.com> wrote:

> +1. However we have to make sure that if we update the application with
> authorization_code or implicit grant type, then we have to validate that at
> least one redirect_uri is also provided.
>
> Regards,
> Johann.
>
> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <nuwan...@wso2.com
> > wrote:
>
>> Hi,
>>
>> As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
>> at least one redirect uri for any grant type and otherwise will give
>> following error response.
>>
>> {
>> "error_description": "RedirectUris property must have at least one URI
>> value.",
>> "error": "invalid_client_metadata"
>> }
>>
>>
>> AFAIU there is no significance of a redirect URI for grant types that do
>> not have a redirection in the flow. Shall we allow client registration
>> without redirect URI for the other grant types such as password, client
>> credentials and SAML2
>>
>> [1] states that
>>
>> The implementation and use of all client metadata
>>fields is OPTIONAL, unless stated otherwise.
>>
>>
>> ..
>>
>>
>> redirect_uris
>>   Array of redirection URI strings for use in redirect-based flows
>>   such as the authorization code and implicit flows.  As required by
>>   Section 2 <https://tools.ietf.org/html/rfc7591#section-2> of OAuth 2.0 
>> [RFC6749 <https://tools.ietf.org/html/rfc6749>], clients using flows with
>>   redirection MUST register their redirection URI values.
>>   Authorization servers that support dynamic registration for
>>   redirect-based flows MUST implement support for this metadata
>>   value.
>>
>>
>> [1] https://tools.ietf.org/html/rfc7591#section-2
>>
> +1.
We already have a task to track and fix on these compliancy issues as at
[1]. Please create or add these details there too, so we can make sure we
address this and rectify.

[1] - https://wso2.org/jira/browse/IDENTITY-5879

>
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873 <071%20921%204873>
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Technical Lead & Product Lead of WSO2 Identity Server
> Governance Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Writing a custom OAuth2 token generator/issuer for IS 5.3.0

2017-04-06 Thread Pushpalanka Jayawardhana 
Hi,

* *is the latest addition from the two options
which we should continue to use.
*IdentityOAuthTokenGenerator *seems to be introduced to resolve some
limitations in *OAuthTokenGenerator, *but not totally removed for
backward compatibility.

Anyway logs seems to be misleading and needs correction.

Thanks,

On Fri, Apr 7, 2017 at 9:50 AM, Tharindu Edirisinghe <tharin...@wso2.com>
wrote:

> Hi Devs,
>
> I need to implement my own OAuth2 token generator/issuer for IS 5.3.0.
>
> For that I wrote a class extending 
> *org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl
> *class and put the component into lib directory (non OSGI).
>
> Then in identity.xml file, under  tag, I add the tag
> ** and engage my custom token
> generator/issuer by adding the fully qualified class name as the value of
> the tag.
>
> Using the playground2 sample, I got the entire flow to working where all
> the methods I have overridden are hit properly.
>
> However, I see the following INFO log.
>
> *[2017-04-07 09:32:32,334]  INFO
> {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -  The
> default OAuth token issuer will be used. No custom token generator is set.*
>
> I went through the code in [1] and found that the reason for the log is
> that there is no ** tag in identity.xml which I have
> defined.
>
> So my question is, are the tags *IdentityOAuthTokenGenerator *and 
> *OAuthTokenGenerator
> *both serve the same purpose ? or what is the difference.
>
> Also since I have got the flow to working, can I ignore the above info log
> although I am using my own token issuer ?
>
> [1] https://github.com/wso2/carbon-identity/blob/master/
> components/oauth/org.wso2.carbon.identity.oauth/src/
> main/java/org/wso2/carbon/identity/oauth/config/
> OAuthServerConfiguration.java
>
> Thanks,
> TharinduE
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : http://tharindue.blogspot.com
> mobile : +94 775181586 <077%20518%201586>
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 6.0.0] Making native claim dialect configurable

2017-03-23 Thread Pushpalanka Jayawardhana 
On Fri, Mar 24, 2017 at 10:14 AM, Prabath Siriwardena <prab...@wso2.com>
wrote:

> Well... I doubt we should make it configurable... Its the claim dialect
> for the WSO2 products (or IS)... In any federation scenario - we do support
> claim mappings for custom dialects...
>
One advantage Omindu highlighted in this thread, is avoiding this claim
transformation.
If we imagine a bank using IS 6.0.0, which wants to issue claims as '
http://xyzbank.com/' to all it's service providers(which can be 100s in
number), it is convenient, if the default dialect itself can be configured
to http://xyzbank.com. This avoid configuration overhead for 100 service
providers and the claim transformation effort.

So this is a trade off between the convenience and performance of few cases
against the design and coding complexities.
+1 to keep the design simple, given that the advantage of supporting this
will be only at few special cases.


> Thanks & regards,
> -Prabath
>
> On Thu, Mar 23, 2017 at 9:14 PM, Pushpalanka Jayawardhana <la...@wso2.com>
> wrote:
>
>>
>>
>> On Fri, Mar 24, 2017 at 9:18 AM, Sagara Gunathunga <sag...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Thu, Mar 23, 2017 at 12:27 PM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Tue, Mar 21, 2017 at 10:56 AM, Godwin Shrimal <god...@wso2.com>
>>>> wrote:
>>>>
>>>>> If we make native claim dialect configurable, will product work by
>>>>> changing to different claim dialect ?
>>>>>
>>>> That should be the expectation if we make the native claim dialect
>>>> configurable.
>>>>
>>>> As of now, we have the native dialect hard coded as at [1]. If make it
>>>> configurable, it should come from a configuration file, most suitably
>>>> 'domain-config.yaml' file.
>>>> Appreciate your inputs soon to move forward, as lot of codes and
>>>> designs will be affected by this decision.
>>>>
>>>
>>> Some users may not want to use/return claims with WSO2 prefix (
>>> http://wso2.org/claims) instead they want to use their own prefix (
>>> http://mycompany.com/attributes) so better to make the prefix of
>>> default claim dialect configurable.
>>>
>>> ATM we have hard coded this value and what we should do is provide a
>>> ability to override this prefix value per server basis through
>>> deployment.yaml, I don't see any reason to related this configuration with
>>> domains.
>>>
>> ATM domain-config.yaml file defines the default claims implicitly as at
>> [1].
>> So are we suggesting to put this prefix configuration at deployment.yaml
>> file and configure this 'domain-config.yaml' file with same dialect prefix
>> in claim URI?
>>
>> [1] - https://github.com/wso2/carbon-identity-mgt/blob/master/
>> tests/osgi-tests/src/test/resources/carbon-home/conf/
>> identity/domain-config.yaml
>> <https://github.com/wso2/carbon-identity-mgt/blob/master/tests/osgi-tests/src/test/resources/carbon-home/conf/identity/domain-config.yaml>
>>
>>>
>>> Thanks !
>>>
>>>>
>>>> [1] - https://github.com/wso2/carbon-identity-mgt/blob/master/co
>>>> mponents/org.wso2.carbon.identity.mgt/src/main/java/org/wso2
>>>> /carbon/identity/mgt/impl/util/IdentityMgtConstants.java#L44-L46
>>>>
>>>>>
>>>>> Thanks
>>>>> Godwin
>>>>>
>>>>>
>>>>> On Mon, Mar 20, 2017 at 4:34 PM, Pushpalanka Jayawardhana <
>>>>> la...@wso2.com> wrote:
>>>>>
>>>>>> +Prabath
>>>>>>
>>>>>> On Mon, Mar 20, 2017 at 4:33 PM, Pushpalanka Jayawardhana <
>>>>>> la...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> Have we made a conclusion on this? Are we expecting to make the
>>>>>>> native dialect configurable?
>>>>>>> Given that we have claim mapping functionality this won't be a
>>>>>>> mandatory requirement. But this has the advantage Omindu mentioned 
>>>>>>> against
>>>>>>> the complexities introduced by letting this configurable for username,
>>>>>>> groupname etc.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> On Thu, Feb 23, 20

Re: [Dev] [IS 6.0.0] Making native claim dialect configurable

2017-03-23 Thread Pushpalanka Jayawardhana 
On Fri, Mar 24, 2017 at 9:18 AM, Sagara Gunathunga <sag...@wso2.com> wrote:

>
>
> On Thu, Mar 23, 2017 at 12:27 PM, Pushpalanka Jayawardhana <la...@wso2.com
> > wrote:
>
>>
>>
>> On Tue, Mar 21, 2017 at 10:56 AM, Godwin Shrimal <god...@wso2.com> wrote:
>>
>>> If we make native claim dialect configurable, will product work by
>>> changing to different claim dialect ?
>>>
>> That should be the expectation if we make the native claim dialect
>> configurable.
>>
>> As of now, we have the native dialect hard coded as at [1]. If make it
>> configurable, it should come from a configuration file, most suitably
>> 'domain-config.yaml' file.
>> Appreciate your inputs soon to move forward, as lot of codes and designs
>> will be affected by this decision.
>>
>
> Some users may not want to use/return claims with WSO2 prefix (
> http://wso2.org/claims) instead they want to use their own prefix (
> http://mycompany.com/attributes) so better to make the prefix of default
> claim dialect configurable.
>
> ATM we have hard coded this value and what we should do is provide a
> ability to override this prefix value per server basis through
> deployment.yaml, I don't see any reason to related this configuration with
> domains.
>
ATM domain-config.yaml file defines the default claims implicitly as at
[1].
So are we suggesting to put this prefix configuration at deployment.yaml
file and configure this 'domain-config.yaml' file with same dialect prefix
in claim URI?

[1] -
https://github.com/wso2/carbon-identity-mgt/blob/master/tests/osgi-tests/src/test/resources/carbon-home/conf/identity/domain-config.yaml
<https://github.com/wso2/carbon-identity-mgt/blob/master/tests/osgi-tests/src/test/resources/carbon-home/conf/identity/domain-config.yaml>

>
> Thanks !
>
>>
>> [1] - https://github.com/wso2/carbon-identity-mgt/blob/master/
>> components/org.wso2.carbon.identity.mgt/src/main/java/
>> org/wso2/carbon/identity/mgt/impl/util/IdentityMgtConstants.java#L44-L46
>>
>>>
>>> Thanks
>>> Godwin
>>>
>>>
>>> On Mon, Mar 20, 2017 at 4:34 PM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
>>>> +Prabath
>>>>
>>>> On Mon, Mar 20, 2017 at 4:33 PM, Pushpalanka Jayawardhana <
>>>> la...@wso2.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Have we made a conclusion on this? Are we expecting to make the native
>>>>> dialect configurable?
>>>>> Given that we have claim mapping functionality this won't be a
>>>>> mandatory requirement. But this has the advantage Omindu mentioned against
>>>>> the complexities introduced by letting this configurable for username,
>>>>> groupname etc.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Thu, Feb 23, 2017 at 2:13 PM, Omindu Rathnaweera <omi...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> One of the advantages would be that we can avoid the overhead of
>>>>>> claim transformation.
>>>>>>
>>>>>> Regards,
>>>>>> Omindu.
>>>>>>
>>>>>> On Thu, Feb 23, 2017 at 1:53 PM, Omindu Rathnaweera <omi...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Do we need to make the native claim dialect configurable ? AFAIK it
>>>>>>> is not configurable and we are using a hardcoded constant for the 
>>>>>>> dialect
>>>>>>> URI (http://wso2.org/claims).
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Omindu
>>>>>>>
>>>>>>> --
>>>>>>> Omindu Rathnaweera
>>>>>>> Software Engineer, WSO2 Inc.
>>>>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Omindu Rathnaweera
>>>>>> Software Engineer, WSO2 Inc.
>>>>>> Mobile: +94 771 197 211 <077%20119%207211>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Pushpalanka.
>>>>> --
>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2

[Dev] [IS 6.0.0][M5] Ensuring Proper Internationalization of UIs in Portal Apps

2017-03-23 Thread Pushpalanka Jayawardhana 
Hi All,

Do we have any automated mechanism to check the UIs for proper
internationalization support ?
Or do we have to make sure of this manually and validate at code reviews?

Thanks,
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 6.0.0] Making native claim dialect configurable

2017-03-23 Thread Pushpalanka Jayawardhana 
On Tue, Mar 21, 2017 at 10:56 AM, Godwin Shrimal <god...@wso2.com> wrote:

> If we make native claim dialect configurable, will product work by
> changing to different claim dialect ?
>
That should be the expectation if we make the native claim dialect
configurable.

As of now, we have the native dialect hard coded as at [1]. If make it
configurable, it should come from a configuration file, most suitably
'domain-config.yaml' file.
Appreciate your inputs soon to move forward, as lot of codes and designs
will be affected by this decision.

[1] -
https://github.com/wso2/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/impl/util/IdentityMgtConstants.java#L44-L46

>
> Thanks
> Godwin
>
>
> On Mon, Mar 20, 2017 at 4:34 PM, Pushpalanka Jayawardhana <la...@wso2.com>
> wrote:
>
>> +Prabath
>>
>> On Mon, Mar 20, 2017 at 4:33 PM, Pushpalanka Jayawardhana <la...@wso2.com
>> > wrote:
>>
>>> Hi All,
>>>
>>> Have we made a conclusion on this? Are we expecting to make the native
>>> dialect configurable?
>>> Given that we have claim mapping functionality this won't be a mandatory
>>> requirement. But this has the advantage Omindu mentioned against the
>>> complexities introduced by letting this configurable for username,
>>> groupname etc.
>>>
>>> Thanks,
>>>
>>> On Thu, Feb 23, 2017 at 2:13 PM, Omindu Rathnaweera <omi...@wso2.com>
>>> wrote:
>>>
>>>> One of the advantages would be that we can avoid the overhead of claim
>>>> transformation.
>>>>
>>>> Regards,
>>>> Omindu.
>>>>
>>>> On Thu, Feb 23, 2017 at 1:53 PM, Omindu Rathnaweera <omi...@wso2.com>
>>>> wrote:
>>>>
>>>>> Do we need to make the native claim dialect configurable ? AFAIK it is
>>>>> not configurable and we are using a hardcoded constant for the dialect 
>>>>> URI (
>>>>> http://wso2.org/claims).
>>>>>
>>>>>
>>>>> Regards,
>>>>> Omindu
>>>>>
>>>>> --
>>>>> Omindu Rathnaweera
>>>>> Software Engineer, WSO2 Inc.
>>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Omindu Rathnaweera
>>>> Software Engineer, WSO2 Inc.
>>>> Mobile: +94 771 197 211 <077%20119%207211>
>>>>
>>>
>>>
>>>
>>> --
>>> Pushpalanka.
>>> --
>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>> Mobile: +94779716248
>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>>> ushpalanka/ | Twitter: @pushpalanka
>>>
>>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>> ushpalanka/ | Twitter: @pushpalanka
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 6.0.0] Making native claim dialect configurable

2017-03-20 Thread Pushpalanka Jayawardhana 
Hi All,

Have we made a conclusion on this? Are we expecting to make the native
dialect configurable?
Given that we have claim mapping functionality this won't be a mandatory
requirement. But this has the advantage Omindu mentioned against the
complexities introduced by letting this configurable for username,
groupname etc.

Thanks,
On Thu, Feb 23, 2017 at 2:13 PM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> One of the advantages would be that we can avoid the overhead of claim
> transformation.
>
> Regards,
> Omindu.
>
> On Thu, Feb 23, 2017 at 1:53 PM, Omindu Rathnaweera <omi...@wso2.com>
> wrote:
>
>> Do we need to make the native claim dialect configurable ? AFAIK it is
>> not configurable and we are using a hardcoded constant for the dialect URI (
>> http://wso2.org/claims).
>>
>>
>> Regards,
>> Omindu
>>
>> --
>> Omindu Rathnaweera
>> Software Engineer, WSO2 Inc.
>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>
>
>
>
> --
> Omindu Rathnaweera
> Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <077%20119%207211>
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 6.0.0] Making native claim dialect configurable

2017-03-20 Thread Pushpalanka Jayawardhana 
+Prabath

On Mon, Mar 20, 2017 at 4:33 PM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:

> Hi All,
>
> Have we made a conclusion on this? Are we expecting to make the native
> dialect configurable?
> Given that we have claim mapping functionality this won't be a mandatory
> requirement. But this has the advantage Omindu mentioned against the
> complexities introduced by letting this configurable for username,
> groupname etc.
>
> Thanks,
>
> On Thu, Feb 23, 2017 at 2:13 PM, Omindu Rathnaweera <omi...@wso2.com>
> wrote:
>
>> One of the advantages would be that we can avoid the overhead of claim
>> transformation.
>>
>> Regards,
>> Omindu.
>>
>> On Thu, Feb 23, 2017 at 1:53 PM, Omindu Rathnaweera <omi...@wso2.com>
>> wrote:
>>
>>> Do we need to make the native claim dialect configurable ? AFAIK it is
>>> not configurable and we are using a hardcoded constant for the dialect URI (
>>> http://wso2.org/claims).
>>>
>>>
>>> Regards,
>>> Omindu
>>>
>>> --
>>> Omindu Rathnaweera
>>> Software Engineer, WSO2 Inc.
>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>
>>
>>
>>
>> --
>> Omindu Rathnaweera
>> Software Engineer, WSO2 Inc.
>> Mobile: +94 771 197 211 <077%20119%207211>
>>
>
>
>
> --
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
> pushpalanka/ | Twitter: @pushpalanka
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [UUF] Exception Handling in UUF app

2017-03-19 Thread Pushpalanka Jayawardhana 
Hi All,

Shall we add a section on 'Error handling' to the UUF best practices
documentation to capture information on this?

On Thu, Feb 2, 2017 at 8:43 AM, Dakshika Jayathilaka <daksh...@wso2.com>
wrote:

> +1 for KasunGs suggestion.
>
> Even UIExceptions can be different.
>
> *Types of UI errors*
>
>- User input errors
>- App errors
>- Incompatible state errors
>
> IMHO depending on the permission level, above error messages can be
> optimized to give optimal user experience.
>
> Regards,
>
> *Dakshika Jayathilaka*
> PMC Member & Committer of Apache Stratos
> Associate Technical Lead
> WSO2, Inc.
> lean.enterprise.middleware
> 0771100911 <077%20110%200911>
>
> On Wed, Feb 1, 2017 at 12:31 PM, KasunG Gajasinghe <kas...@wso2.com>
> wrote:
>
>>
>> To not disclose the back-end server details to the user, we should always
>> catch the exceptions in the UUF app. If it is a UIException, then we can
>> show the error message to the user. Otherwise, we should show a generic
>> error message - something like "An error has occurred while processing your
>> request."
>>
>> If we know how to handle it, it is best if we handle it within the same
>> page where the error has occurred. We already do this in multiple places.
>> For example, see the code for user portal's login page when you enter
>> invalid credentials.
>>
>> For unexpected errors, we can customize the error pages via the
>> app.yaml's errorPages config.
>>
>> app.yaml:
>> errorPages:
>>   404: "/foundation/error/404"
>>   401: "/login"
>>   default: "/foundation/error/default"
>>
>> On Wed, Feb 1, 2017 at 12:20 PM, Ayesha Dissanayaka <aye...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> What are the good practices around exception handling in UUF in
>>> scenarios like handling exceptions thrown when callOSGiService.
>>>
>>> for example consider below method.
>>>
>>>> /**
>>>>  * Check whether the notification based password recovery enabled
>>>>  */
>>>>
>>>> function isNotificationBasedPasswordRecoveryEnabled() {
>>>> var checkMethod = "isNotificationBasedPasswordRecoveryEnabled";
>>>> return callOSGiService("org.wso2.is.p
>>>> ortal.user.client.api.RecoveryMgtService",
>>>> checkMethod, []);
>>>>
>>>> }
>>>>
>>>
>>> If I don't catch exceptions within this method or whenever using 
>>> *isNotificationBasedPasswordRecoveryEnabled
>>> *method, in the UI I get below page.
>>>
>>>
>>> ​What is the recommended way to handle this?
>>>
>>>1. Handle exceptions around callOSGiService.
>>>   - Then we'll have to repeat the same whenever we call osgi from a
>>>   uuf app
>>>   2. Handle at method invocation, and redirect to error page.
>>>3. Provide a generic message in the UI from UUF in such cases,
>>>unless handled in the app.
>>>4. Do we have to handle exceptions from osgi service itself?
>>>5. Other?
>>>
>>> ​Thanks!
>>> -Ayesha
>>>
>>> --
>>> *Ayesha Dissanayaka*
>>> Software Engineer,
>>> WSO2, Inc : http://wso2.com
>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
>>> 20, Palmgrove Avenue, Colombo 3
>>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc.
>> email: kasung AT spamfree wso2.com
>> linked-in: http://lk.linkedin.com/in/gajasinghe
>> blog: http://kasunbg.org
>> phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Shall we implement transformation methods in claim API.

2017-03-14 Thread Pushpalanka Jayawardhana 
On Wed, Mar 15, 2017 at 11:07 AM, Harsha Thirimanna <hars...@wso2.com>
wrote:

> Yes, as you said, we have to provide a service by merging the dialect and
> profile. We can provide different service for that and there will more
> aggregate method that can be reusable in future.
>
+1. To avoid multiple service calls, it will be OK to provide the
functionality as mentioned, in service layer.

>
> On Wed, Mar 15, 2017 at 10:42 AM, Pushpalanka Jayawardhana <la...@wso2.com
> > wrote:
>
>> Hi Harsha,
>>
>> Please find the comments inline.
>>
>> On Tue, Mar 14, 2017 at 4:32 PM, Harsha Thirimanna <hars...@wso2.com>
>> wrote:
>>
>>> Hi Lanka,
>>>
>>> Shall we implement these two methods also in claim service side by
>>> merging dialect and profile ?
>>>
>>> public Set transformToNativeDialect(Set otherDialectClaims, 
>>> String claimDialect, Optional
>>> profile) {
>>>
>>> Assume the usage is given a set of external claim URIs, the dialect URI
>> and a profile, get a set of claims which are mapped to default claim
>> dialect and filtered by the profile. So that only the claims defined in
>> profile will be returned. Please correct me if this understanding is
>> incorrect.
>>
>> If that is the case aren't we merging two functionalities here? Mapping
>> from one dialect to another is a task the claim mapping service, while
>> filtering according to the profile should be done by a service for profile.
>> This same applies to below method too.
>>
>>> public Set transformToOtherDialect(Set nativeDialectClaims, 
>>> String dialect, Optional
>>> profile) {
>>>
>>>
>>> thanks
>>>
>>> *Harsha Thirimanna*
>>> *Associate Tech Lead | WSO2*
>>>
>>> Email: hars...@wso2.com
>>> Mob: +94715186770 <071%20518%206770>
>>> Blog: http://harshathirimanna.blogspot.com/
>>> Twitter: http://twitter.com/harshathirimann
>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha
>>> rsha-thirimanna/10/ab8/122
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>> ushpalanka/ | Twitter: @pushpalanka
>>
>>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Shall we implement transformation methods in claim API.

2017-03-14 Thread Pushpalanka Jayawardhana 
Hi Harsha,

Please find the comments inline.

On Tue, Mar 14, 2017 at 4:32 PM, Harsha Thirimanna <hars...@wso2.com> wrote:

> Hi Lanka,
>
> Shall we implement these two methods also in claim service side by merging
> dialect and profile ?
>
> public Set transformToNativeDialect(Set otherDialectClaims, 
> String claimDialect, Optional
> profile) {
>
> Assume the usage is given a set of external claim URIs, the dialect URI
and a profile, get a set of claims which are mapped to default claim
dialect and filtered by the profile. So that only the claims defined in
profile will be returned. Please correct me if this understanding is
incorrect.

If that is the case aren't we merging two functionalities here? Mapping
from one dialect to another is a task the claim mapping service, while
filtering according to the profile should be done by a service for profile.
This same applies to below method too.

> public Set transformToOtherDialect(Set nativeDialectClaims, 
> String dialect, Optional
> profile) {
>
>
> thanks
>
> *Harsha Thirimanna*
> *Associate Tech Lead | WSO2*
>
> Email: hars...@wso2.com
> Mob: +94715186770 <071%20518%206770>
> Blog: http://harshathirimanna.blogspot.com/
> Twitter: http://twitter.com/harshathirimann
> Linked-In: linked-in: http://www.linkedin.com/pub/
> harsha-thirimanna/10/ab8/122
> <http://wso2.com/signature>
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] User profile functionality in admin portal and user portal

2017-03-07 Thread Pushpalanka Jayawardhana 
Hi All,

In the user portal we already have functionality implemented for 'account
settings' shown in top right-hand, along with the logout option for
logged-in user.
Using this option the logged-in user can update the profile details,
security questions etc.

When we come down to the admin users, they may also need to update their
user profiles, security questions etc. Ideally in that case they should
also go via this 'account settings' option in top right-hand side.
At this point we have several options.

- Should we redirect the admin users to user-portal to complete this
operation of updating their own user profile or
- Should we implement that same profile update functionalities within
admin-portal?

- If we are to go with this approach, if will be good if we can place the
common code in some other place where both apps(admin-portal and
user-portal) can reuse.

Appreciate you inputs.

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] MongoDB user store manager

2017-02-13 Thread Pushpalanka Jayawardhana 
Hi Asantha/All,

Regarding the MongoDB user store manager implemented at [1], is there a
specific reason why it can not be used as the primary user store?

[1] - https://github.com/asanthamax/mongodbuserstore
[2] -
http://asanthamax.blogspot.com/2016/06/mongodb-user-store-development-for-wso2.html

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Username Recovery Feature in IS 6.0.0

2017-01-21 Thread Pushpalanka Jayawardhana 
Hi All,

On Sat, Jan 21, 2017 at 1:35 PM, Isura Karunaratne <is...@wso2.com> wrote:

> Hi Dinali,
>
> On Sat, Jan 21, 2017 at 12:33 PM, Dinali Dabarera <din...@wso2.com> wrote:
>
>> Hi all,
>>
>> We are working on implementing username recovery feature for IS 6.0.0
>>
>> *The admin has to enable the Username Recovery*
>>
>>
>> *When Username Recovery enabled:*
>>
>>- User portal user can click on the forget username option.
>>- The User can enter his details of the default profile.
>>- The System will match the entered details with the claims available
>>and if they matched, the relevant username will email to his email address
>>and prompt a notification saying that an email is sent to his mail.
>>- If it doesn't match, the user will notify telling that relevant
>>user is not registered in the system.
>>
>> We need to inform user, if multiple users matching to the given criteria.
> Then the user can fiill additional details to recover username.
>
We should have a mechanism like captcha verification here, to avoid
possible brute force attack.

>
>
>> *When Username Recovery is disabled:*
>>
>>- User portal user may not be able to recover his username.
>>- The User needs to contact the admin of the system to recover his
>>username.
>>
>> The admin enables the username recovery in the identity.yaml file for
>> the users in the domain.  Since we have different user stores available in
>> IS 6.0.0,
>>   *Does the admin need to enable username recovery in user store
>> wise or Does he need to configure it for the whole domain at once?*
>>
>>
> We need to have a global configuration identity.yaml file for all the
> domains. It is better to have domain/roles/group wise configuration for all
> the identity managment scenarios like account lock, password policy,
> password recovery, idle account suspenstion, force password reset, user
> onbording with ask paassword.
>
>
> Thanks
> Isura.
>
>>
>> Please provide us your comments on this point.
>>
>> Thanks,
>>
>> Dina.
>> --
>> *Dinali Rosemin Dabarera*
>> Software Engineer
>> WSO2 Lanka (pvt) Ltd.
>> Web: http://wso2.com/
>> Email : gdrdabar...@gmail.com
>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
>> Mobile: +94770198933 <+94%2077%20019%208933>
>>
>>
>>
>>
>> <https://lk.linkedin.com/in/dinalidabarera>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)

2016-08-12 Thread Pushpalanka Jayawardhana 
Hi Manujith,

Good to see the project reaching final stages.
Please find the comments inline.

Thanks,
Pushpalanka

On Thu, Aug 11, 2016 at 1:23 PM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> UPDATE
>
> Adding missing links
> [1] http://docs.oasis-open.org/xacml/xacml-rest/v1.0/csprd03
> /xacml-rest-v1.0-csprd03.html
> [2] http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/
> xacml-json-http-v1.0.html
> [3] http://manzzup.github.io/wso2-entitlement-endpoint/devdoc
>
> On Thu, Aug 11, 2016 at 1:22 PM, Manujith Pallewatte <
> manujith...@gmail.com> wrote:
>
>> Hi all,
>>
>> To update on the current status
>> 1) The endpoint is fully compliant with the XACML REST profile as stated
>> here [1]
>> 2) It is also in accordance with the JSON XACML request/response profile
>> as stated in [2], except few things that require changes to balana
>>
> Can you please list down these things and the changes required in Balana,
so that we can address them at least later.

> 3) Developer documentation was generated after fully commenting the
>> important codes and available for now at [3]
>>
> Additionally would be good to have the design details at github it self as
well or linked to your blog at
http://manzzup.blogspot.com/2016/08/gsoc-2016-rest-implementation-for-wso2.html
.

>
>> Hoping to work on user documentation and integration tests and submit a
>> new PR within next week
>> Any ideas for improvements / ideas / changes to be done prior to the PR?
>>
>> Thank You
>> Manujith
>>
>>
>>
>> On Wed, Jul 13, 2016 at 2:49 PM, Manujith Pallewatte <
>> manujith...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> With the previous suggestions i'm currently working on having Swagger
>>> integrated to the service. According to the Apache CXF documentation [1]
>>> Swagger can be implemented easily by using its Swagger2Feature library. But
>>> their documentation provides no integration details.
>>>
>>> So i integrated the library using some other docs [2], which now shows
>>> no errors in integration, but when I try to access the api-docs usrl (ex:
>>> https://localhost:9443/wso2-entitlement/api-docs) it simply shows
>>>
>>> *"No service was found." * in the browser and gives [3] in the console
>>> as a warning.
>>> Please let me know if there's any solutions or any idea why this might
>>> be occurring.
>>>
>>> Thank You
>>> Manujith
>>>
>>> [1] https://cwiki.apache.org/confluence/pages/viewpage.actio
>>> n?pageId=61318164
>>> [2] http://stackoverflow.com/questions/36035393/how-to-integ
>>> rate-swagger-tool-with-apache-cxf-rest-web-service-using-cxfnonsprin
>>> [3]
>>> [http-nio-9443-exec-31] WARN 
>>> org.apache.cxf.transport.servlet.ServletController
>>> - Can't find the the request forhttps://localhost:9443/wso2
>>> -entitlement/entitlement/api-docs's
>>> <https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Fwso2-entitlement%2Fentitlement%2Fapi-docs%27s=D=1=AFQjCNF1VqSODX6CxpcxwdMMPvQb_6OE9Q>
>>> Observer
>>>
>>> On Wed, Jul 6, 2016 at 6:24 PM, Manujith Pallewatte <
>>> manujith...@gmail.com> wrote:
>>>
>>>> Hi Pushpalanka,
>>>>
>>>> Thank you for the comments, I'm currently looking into Swagger
>>>> Since it's already used in WSO2 API Manager, can i know if it's built
>>>> on CXF as well? In that case I can use existing swagger libraries than
>>>> introducing new ones. I found Swagger2Feature [1] library as in the Apache
>>>> CXF documentation.
>>>>
>>>> Hi Prabath,
>>>> Sorry i'm not familiar with those mentioned, can you clarify a bit
>>>> more, I would like to help in making any improvements
>>>>
>>>> Thank You
>>>> Manujith
>>>>
>>>> [1] http://cxf.apache.org/docs/swagger2feature.html
>>>>
>>>> On Tue, Jul 5, 2016 at 8:42 PM, Prabath Siriwardana <prab...@wso2.com>
>>>> wrote:
>>>>
>>>>> When we are implementing the REST profile XACML - can we implement it
>>>>> as a microservice on MSF4J? It needs to be an independent deployable unit 
>>>>> -
>>>>> which should function with a set of policies loaded from the filesystem...
>>>>> Can we do this..?
>>>>>
>>>>> Thanks & regards,
>>>>> -Prbath
>>>>>
>

Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)

2016-07-05 Thread Pushpalanka Jayawardhana 
gt; wrote:
>>>>>
>>>>>> Hi Manujith,
>>>>>>
>>>>>> Please have a look at WSO2 REST API guideline [1]. This will help you
>>>>>> to improve the URL nameing.
>>>>>>
>>>>>> [1] http://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/
>>>>>>
>>>>>> On Thu, Jun 9, 2016 at 3:49 PM, Manujith Pallewatte <
>>>>>> manujith...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Pushpalanka,
>>>>>>>
>>>>>>> Was confused in the PR procedure, and figured that I forgot to
>>>>>>> initialize the github repo as you have mentioned in a previous message.
>>>>>>> So the new location of the codebase is at [1]
>>>>>>> Over the weekend, I'll fix any remaining issues and send the PR
>>>>>>> For now I have used the wso2-codestyle given by Omindu and
>>>>>>> reformatted the code
>>>>>>> and added Findbug as well.
>>>>>>>
>>>>>>> Thank You
>>>>>>> Manujith
>>>>>>>
>>>>>>> [1]
>>>>>>> https://github.com/ManZzup/identity-framework/tree/master/components/entitlement/org.wso2.carbon.identity.entitlement.endpoint
>>>>>>>
>>>>>>> On Wed, Jun 8, 2016 at 11:35 AM, Pushpalanka Jayawardhana <
>>>>>>> la...@wso2.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jun 7, 2016 at 11:01 AM, Manujith Pallewatte <
>>>>>>>> manujith...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> Code is almost all refracted (apart from the part where
>>>>>>>>> authenticators are hard coded) and it' is available at [1]
>>>>>>>>> I have attached a readme so everyone can help with testing it. But
>>>>>>>>> there's still an issue remaining to debug with the *entitled-attribs
>>>>>>>>> *service call, that came up in preliminary testing by Omindu.
>>>>>>>>>
>>>>>>>>> Thank You Omindu, I will use the formatting configs and format the
>>>>>>>>> code asap. For now i added a gitignore as in the sample you sent, but 
>>>>>>>>> I
>>>>>>>>> left *target *directory intact so that i can share the war file
>>>>>>>>> through the repo.
>>>>>>>>>
>>>>>>>>> Also for the PR, to which repo should I send the PR for? Or shall
>>>>>>>>> I wait for further testing of the code so that we can minimize any 
>>>>>>>>> bugs?
>>>>>>>>>
>>>>>>>> If code refactoring, formatting, cleanup are done, you have run
>>>>>>>> Findbug plugin(This is a plugin that can integrate to IDE. If you 
>>>>>>>> already
>>>>>>>> haven't try it.) and fixed any issues reported against code and
>>>>>>>> functionality is working, we are OK to review the code. You can further
>>>>>>>> test the code and fix the bugs while integrating any review comments 
>>>>>>>> we put
>>>>>>>> on the PR.
>>>>>>>>
>>>>>>>> "Please share the code progress via Github, once you are satisfied
>>>>>>>> with refactoring.
>>>>>>>> Please fork [1] to your private repo, and at location [2], you may
>>>>>>>> have a new component named 
>>>>>>>> 'org.wso2.carbon.identity.entitlement.endpoint'
>>>>>>>> where the implementation can reside.
>>>>>>>>
>>>>>>>> [1] - https://github.com/wso2/carbon-identity-framework
>>>>>>>> [2] -
>>>>>>>> https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement
>>>>>>>> "
>>>>>>>>
>>>>>>>>>
>>>>>>>>> [1] https://github.com/ManZzup/identity-entitlement-endpoint
>>>>>>>>>
>>>>>>>&g

Re: [Dev] [Architecture] Force Password Reset and Password History validation

2016-06-20 Thread Pushpalanka Jayawardhana 
Hi Isura,

On Mon, Jun 20, 2016 at 10:52 AM, Isura Karunaratne <is...@wso2.com> wrote:

> HI all,
>
> I am working on $subject for WSO2 Identity Sever 5.3.0 release. Following
> are the currently identified improvements,
>
>
>- Password History -
>
> Last 'n' number of passwords need to be maintained in user's history. When
> user updates his password we don't allow him to choose one of these 'n'
> passwords again.
>
>
>- Periodic Password Reset -
>
> Force the user to periodically (configurable period) reset his password.
> When doing this we need to leverage the password history feature as well.
>
>
> CREATE TABLE IF NOT EXISTS idn_password_history_data
>  (
>   user_name   *VARCHAR*(255) NOT NULL,
>   user_domain *VARCHAR*(255) NOT NULL,
>   tenant_id   *INTEGER* DEFAULT -1,
>   hash*VARCHAR*(255) NOT NULL,
>   time_created *TIMESTAMP* NOT NULL DEFAULT
> CURRENT_TIMESTAMP,
>   PRIMARY KEY (user_name,user_domain,tenant_id,
> hash),
>  )
>
>
> All the passwords which are supposed to store in this table are old
> passwords (expired).
>
> - I think we don't need to use the same  password hashing algorithm (with
> or without salted value) which is defined user-mgt.xml for password history
> validation.
> - admin users can change other user's passwords without giving their old
> passwords. In that case, how can we find the old password hash value to
> store for password history validation?
>
In the given table schema we may need to pay special attention to handle
user_domain, as secondary user store domain can be changed. Ideally we
should incorporate a *unique user store domain id* than using user domain
here.

>
>
> Your comments and suggestions are highly appreciated.
>
> Thanks
> Isura.
>
>
> Isura Dilhara Karunaratne
> Senior Software Engineer
>
> Mob +94 772 254 810
>
>
> _______
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fixing IDENTITY-4588 for 5.2

2016-06-13 Thread Pushpalanka Jayawardhana 
Hi Samisa,

It was not prioritized, as the functionality is not broken and can still
proceed with the workaround of making identity provider name as same as iss
values of JWT. A proper fix would need few other changes to the design of
OAuth grant handlers as well, which was too tight to proceed with time
lines of 5.2.0 GA.

Thanks,
Pushpalanka

On Mon, Jun 13, 2016 at 11:15 AM, Samisa Abeysinghe <sam...@wso2.com> wrote:

> Why not?
>
> Thanks,
> Samisa...
>
>
> Samisa Abeysinghe
>
> Vice President Delivery
>
> WSO2 Inc.
> http://wso2.com
>
>
> On Mon, Jun 13, 2016 at 10:52 AM, Pushpalanka Jayawardhana <la...@wso2.com
> > wrote:
>
>> Hi Samisa,
>>
>> This was not prioritized to be included in 5.2.0 GA.
>>
>> Thanks,
>> Pushpalanka
>>
>> On Mon, Jun 13, 2016 at 10:37 AM, Samisa Abeysinghe <sam...@wso2.com>
>> wrote:
>>
>>> Hi All
>>>$subject
>>>
>>>Will this be available in 5.2 GA
>>>
>>> Thanks,
>>> Samisa...
>>>
>>>
>>> Samisa Abeysinghe
>>>
>>> Vice President Delivery
>>>
>>> WSO2 Inc.
>>> http://wso2.com
>>>
>>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>
>>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fixing IDENTITY-4588 for 5.2

2016-06-12 Thread Pushpalanka Jayawardhana 
Hi Samisa,

This was not prioritized to be included in 5.2.0 GA.

Thanks,
Pushpalanka

On Mon, Jun 13, 2016 at 10:37 AM, Samisa Abeysinghe <sam...@wso2.com> wrote:

> Hi All
>$subject
>
>Will this be available in 5.2 GA
>
> Thanks,
> Samisa...
>
>
> Samisa Abeysinghe
>
> Vice President Delivery
>
> WSO2 Inc.
> http://wso2.com
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)

2016-06-08 Thread Pushpalanka Jayawardhana 
On Tue, Jun 7, 2016 at 11:01 AM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi all,
>
> Code is almost all refracted (apart from the part where authenticators are
> hard coded) and it' is available at [1]
> I have attached a readme so everyone can help with testing it. But there's
> still an issue remaining to debug with the *entitled-attribs *service
> call, that came up in preliminary testing by Omindu.
>
> Thank You Omindu, I will use the formatting configs and format the code
> asap. For now i added a gitignore as in the sample you sent, but I left 
> *target
> *directory intact so that i can share the war file through the repo.
>
> Also for the PR, to which repo should I send the PR for? Or shall I wait
> for further testing of the code so that we can minimize any bugs?
>
If code refactoring, formatting, cleanup are done, you have run Findbug
plugin(This is a plugin that can integrate to IDE. If you already haven't
try it.) and fixed any issues reported against code and functionality is
working, we are OK to review the code. You can further test the code and
fix the bugs while integrating any review comments we put on the PR.

"Please share the code progress via Github, once you are satisfied with
refactoring.
Please fork [1] to your private repo, and at location [2], you may have a
new component named 'org.wso2.carbon.identity.entitlement.endpoint' where
the implementation can reside.

[1] - https://github.com/wso2/carbon-identity-framework
[2] -
https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement
"

>
> [1] https://github.com/ManZzup/identity-entitlement-endpoint
>
> Thank You,
> Best Regards
> Manujith
>
> On Tue, Jun 7, 2016 at 10:30 AM, Omindu Rathnaweera <omi...@wso2.com>
> wrote:
>
>> Adding a .gitignore to the repo will be the easiest way to keep the
>> unwanted files away from the repo. See [1].
>>
>> [1] -
>> https://github.com/wso2/carbon-identity-framework/blob/master/.gitignore
>>
>> Regards,
>> Omindu
>>
>> On Tue, Jun 7, 2016 at 10:26 AM, Pushpalanka Jayawardhana <la...@wso2.com
>> > wrote:
>>
>>> Hi Manujith,
>>>
>>> The IDE specific files(.iml) or code can be removed from the repository.
>>> Once the code refactoring is done and code is cleaned please feel free
>>> to send the PR. Then we can easily comment on the code.
>>>
>>> Thanks,
>>> Pushpalanka
>>>
>>>
>>> On Tue, Jun 7, 2016 at 10:12 AM, Omindu Rathnaweera <omi...@wso2.com>
>>> wrote:
>>>
>>>> Hi Manujith,
>>>>
>>>> Better if you can clean up the unnecessary code and do some code
>>>> refactoring. We can do another round of testing once you fix the issues I
>>>> have mention. You can use the attached Idea Code Formatting Template [1].
>>>>
>>>> To apply the template, follow the steps below.
>>>>
>>>> 1. In IDEA settings, goto Editor -> Code Style.
>>>> 2. Click 'Manage' then 'Save As...' an existing scheme with the name
>>>> 'wso2-codestyle' and Close the IDE.
>>>> 3. Goto ~/.IntelliJIdea16/config/codestyles directory and replace the
>>>> 'wso2-codestyle.xml' file with the attached one.
>>>>
>>>> [1] -
>>>> https://drive.google.com/file/d/0BzRDbfbIaYjCSzhGRUR1aGdlTXM/view?usp=sharing
>>>>
>>>> Regards,
>>>> Omindu.
>>>>
>>>>
>>>> On Mon, Jun 6, 2016 at 8:29 AM, Manujith Pallewatte <
>>>> manujith...@gmail.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> After a bit of refactoring I added the code to [1]. Please feel free
>>>>> to check the source and give your ideas to improve, specially on the
>>>>> service related code. All the service related code is available at [2]
>>>>>
>>>>> Also Omindu tested the initial war file and reported several issues
>>>>> with it, hoping to debug those within the week
>>>>>
>>>>>
>>>>> [1] https://github.com/ManZzup/identity-entitlement-endpoint
>>>>> [2]
>>>>> https://github.com/ManZzup/identity-entitlement-endpoint/blob/master/src/main/java/org/wso2/carbon/identity/entitlement/provider/resources/DecisionResource.java
>>>>>
>>>>> On Wed, Jun 1, 2016 at 10:21 AM, Pushpalanka Jayawardhana <
>>>>> la...@wso2.com> wrote:
>>>>>
>>>>>> Hi Manujith,
>>>>>>
>>>>>&

Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)

2016-06-06 Thread Pushpalanka Jayawardhana 
Hi Manujith,

The IDE specific files(.iml) or code can be removed from the repository.
Once the code refactoring is done and code is cleaned please feel free to
send the PR. Then we can easily comment on the code.

Thanks,
Pushpalanka

On Tue, Jun 7, 2016 at 10:12 AM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> Hi Manujith,
>
> Better if you can clean up the unnecessary code and do some code
> refactoring. We can do another round of testing once you fix the issues I
> have mention. You can use the attached Idea Code Formatting Template [1].
>
> To apply the template, follow the steps below.
>
> 1. In IDEA settings, goto Editor -> Code Style.
> 2. Click 'Manage' then 'Save As...' an existing scheme with the name
> 'wso2-codestyle' and Close the IDE.
> 3. Goto ~/.IntelliJIdea16/config/codestyles directory and replace the
> 'wso2-codestyle.xml' file with the attached one.
>
> [1] -
> https://drive.google.com/file/d/0BzRDbfbIaYjCSzhGRUR1aGdlTXM/view?usp=sharing
>
> Regards,
> Omindu.
>
>
> On Mon, Jun 6, 2016 at 8:29 AM, Manujith Pallewatte <manujith...@gmail.com
> > wrote:
>
>> Hi all,
>>
>> After a bit of refactoring I added the code to [1]. Please feel free to
>> check the source and give your ideas to improve, specially on the service
>> related code. All the service related code is available at [2]
>>
>> Also Omindu tested the initial war file and reported several issues with
>> it, hoping to debug those within the week
>>
>>
>> [1] https://github.com/ManZzup/identity-entitlement-endpoint
>> [2]
>> https://github.com/ManZzup/identity-entitlement-endpoint/blob/master/src/main/java/org/wso2/carbon/identity/entitlement/provider/resources/DecisionResource.java
>>
>> On Wed, Jun 1, 2016 at 10:21 AM, Pushpalanka Jayawardhana <la...@wso2.com
>> > wrote:
>>
>>> Hi Manujith,
>>>
>>> Please share the code progress via Github, once you are satisfied with
>>> refactoring.
>>> Please fork [1] to your private repo, and at location [2], you may have
>>> a new component named 'org.wso2.carbon.identity.entitlement.endpoint' where
>>> the implementation can reside.
>>>
>>> [1] - https://github.com/wso2/carbon-identity-framework
>>> [2] -
>>> https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement
>>>
>>> Thanks,
>>> Pushpalanka
>>>
>>> On Wed, Jun 1, 2016 at 10:00 AM, Manujith Pallewatte <
>>> manujith...@gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> So I have roughly finished up the following 5 services in REST
>>>> getDecision
>>>> getDecisionByAttibutes
>>>> getBooleanDecision
>>>> getEntitledAttributes
>>>> getAllEntitlements
>>>>
>>>> The service is packed to a war file deployable to IS 5.2.0
>>>> It's still in primary testing, so once it's confirmed working it will
>>>> be released to the community to get their ideas
>>>> the URIs and methods should be adjusted with the community suggestions
>>>>
>>>> Hoping to release the war file in coming week as well as the code. The
>>>> code have to be refracted first.
>>>>
>>>> Thank You
>>>>
>>>> On Mon, May 23, 2016 at 2:05 PM, Manujith Pallewatte <
>>>> manujith...@gmail.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> To update on the progress so far, after having a chat with
>>>>> Pushpalanka, I started with the project code. Basic setups are done.
>>>>> Necessary entry points for the service was identified and now I'm
>>>>> familiar with the process of deploying the REST service as a Web app to 
>>>>> the
>>>>> IS.
>>>>>
>>>>> Right now, the getDecision method is implemented in a RESTful manner,
>>>>> using Apache cxf (following the guidelines of SCIM implementation as
>>>>> suggested by Pushpalanka and Omindu). The implementation works, yet it's
>>>>> only a test implementation.
>>>>>
>>>>> We are expecting to consult the community on the actual implementation
>>>>> of the service, focusing on points like
>>>>> 1) End point URLs
>>>>> 2) Resource identification
>>>>> 3) Service method definitions
>>>>>
>>>>> At the moment I'm struggling with implementations of some methods
>>>>> using the current C

Re: [Dev] Unexpected error occured when generating SAML2 bearer token using API manager- IS integrated setup.

2016-06-01 Thread Pushpalanka Jayawardhana 
Hi Sewmini,

Please try sending the tenantDomain as a query param in the cURL command's
token endpoint as below.

https://localhost:9443/oauth2/token?tenantDomain=


Thanks,

On Wed, Jun 1, 2016 at 8:15 PM, Sewmini Jayaweera <sewm...@wso2.com> wrote:

> Adding dev@wso2.org
>
> Sewmini Jayaweera
> *Software Engineer - QA Team*
> Mobile: +94 (0) 773 381 250
> sewm...@wso2.com
>
> On Wed, Jun 1, 2016 at 8:13 PM, Sewmini Jayaweera <sewm...@wso2.com>
> wrote:
>
>> Hi APIM / IS teams,
>>
>> I am testing 'Exchanging SAML2 Bearer Tokens with OAuth2' (SAML Extension
>> Grant Type) scenario for tenant user. I followed API manager documentation
>> available [1] and scenario worked fine for the super tenant. When I try the
>> tenant scenario I noticed when service provider and IDP created in IS
>> tenant domain token generation fails. Reason is that even though SP is in
>> the tenant domain system expects IDP in carbon.super tenant.
>>
>> Are there any specific configurations which should be done, in order to
>> get the tenant scenario working ?
>>
>> I have also reported a Jira [2] on this explaining full scenario.
>>
>> [2]. https://wso2.org/jira/browse/APIMANAGER-4929
>> [1].
>> https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type
>>
>> Kind Regards,
>> Sewmini.
>>
>> Sewmini Jayaweera
>> *Software Engineer - QA Team*
>> Mobile: +94 (0) 773 381 250
>> sewm...@wso2.com
>>
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)

2016-05-31 Thread Pushpalanka Jayawardhana 
Hi Manujith,

Please share the code progress via Github, once you are satisfied with
refactoring.
Please fork [1] to your private repo, and at location [2], you may have a
new component named 'org.wso2.carbon.identity.entitlement.endpoint' where
the implementation can reside.

[1] - https://github.com/wso2/carbon-identity-framework
[2] -
https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement

Thanks,
Pushpalanka

On Wed, Jun 1, 2016 at 10:00 AM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi all,
>
> So I have roughly finished up the following 5 services in REST
> getDecision
> getDecisionByAttibutes
> getBooleanDecision
> getEntitledAttributes
> getAllEntitlements
>
> The service is packed to a war file deployable to IS 5.2.0
> It's still in primary testing, so once it's confirmed working it will be
> released to the community to get their ideas
> the URIs and methods should be adjusted with the community suggestions
>
> Hoping to release the war file in coming week as well as the code. The
> code have to be refracted first.
>
> Thank You
>
> On Mon, May 23, 2016 at 2:05 PM, Manujith Pallewatte <
> manujith...@gmail.com> wrote:
>
>> Hi all,
>>
>> To update on the progress so far, after having a chat with Pushpalanka, I
>> started with the project code. Basic setups are done.
>> Necessary entry points for the service was identified and now I'm
>> familiar with the process of deploying the REST service as a Web app to the
>> IS.
>>
>> Right now, the getDecision method is implemented in a RESTful manner,
>> using Apache cxf (following the guidelines of SCIM implementation as
>> suggested by Pushpalanka and Omindu). The implementation works, yet it's
>> only a test implementation.
>>
>> We are expecting to consult the community on the actual implementation of
>> the service, focusing on points like
>> 1) End point URLs
>> 2) Resource identification
>> 3) Service method definitions
>>
>> At the moment I'm struggling with implementations of some methods using
>> the current CXF version, hoping to resolve it ASAP.
>>
>> Thanks,
>> Manujith
>>
>> On Mon, May 16, 2016 at 11:18 AM, Pushpalanka Jayawardhana <
>> la...@wso2.com> wrote:
>>
>>> Hi Manujith,
>>>
>>> Good progress in getting familiar with the environment.
>>> So let's try to start with the scope of the project too.
>>>
>>> Since we are to work on implementing REST service, it is better to go
>>> through WSO2 guidelines for REST service implementation. Please find the
>>> white paper at[1] and the relevant discussion can be found at architecture
>>> mailing list under "REST API Guidelines". Then we can work on defining the
>>> API definition for the endpoint.
>>>
>>> You can also have a look at the existing WSO2 REST implementation to
>>> capture the followed patterns referring the SCIM[2] and OAuth endpoints[3].
>>>
>>>
>>> [1] - http://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/
>>> [2] -
>>> https://github.com/wso2-extensions/identity-inbound-provisioning-scim/tree/master/components/org.wso2.carbon.identity.scim.provider
>>> [3] -
>>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/tree/master/components/org.wso2.carbon.identity.oauth.endpoint
>>>
>>> Thanks,
>>> Pushpalanka
>>>
>>> On Wed, May 11, 2016 at 3:23 PM, Manujith Pallewatte <
>>> manujith...@gmail.com> wrote:
>>>
>>>> Hi Pushpalanka,
>>>>
>>>> I managed to setup the development environment and build all the
>>>> sources (thanks to Omindu :))
>>>> Then I made the PEP client using the entitlement stubs as you have
>>>> mentioned in a previous thread. It's working in an accepted state. But I
>>>> encountered some questions during the process, so I'm currently building a
>>>> doc with all the questions so I can document them and their answers for
>>>> future reference.
>>>> Other than that I'm trying to write different policies using XACML
>>>>
>>>> Also please let me know of any other steps i can follow to get familiar
>>>> with the components, specially the code since I'm only focusing on
>>>> Entitlement service right now
>>>>
>>>> Thank You
>>>> Manujith
>>>> --
>>>>
>>>>
>>>>
>>>> [image: Manujith Pallewatte on about.me]
>>>>
>>>> Manujith P

Re: [Dev] Identity Server 5.0.0 as API-M Key Manager

2016-05-23 Thread Pushpalanka Jayawardhana 
On Mon, May 23, 2016 at 5:43 PM, rohit <rohitab...@gmail.com> wrote:

> Havent had much progress since then. Im still stuck. Hoping to find some
> help
> here
>

Hi Rohit,

What is the server that runs on port 9443 in your setup?
Also it would be a good idea to verify and confirm the step 5 again for API
Manager.

Thanks,

>
>
>
> --
> View this message in context:
> http://wso2-oxygen-tank.10903.n7.nabble.com/Identity-Server-5-0-0-as-API-M-Key-Manager-tp136062p136924.html
> Sent from the WSO2 Development mailing list archive at Nabble.com.
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)

2016-05-15 Thread Pushpalanka Jayawardhana 
Hi Manujith,

Good progress in getting familiar with the environment.
So let's try to start with the scope of the project too.

Since we are to work on implementing REST service, it is better to go
through WSO2 guidelines for REST service implementation. Please find the
white paper at[1] and the relevant discussion can be found at architecture
mailing list under "REST API Guidelines". Then we can work on defining the
API definition for the endpoint.

You can also have a look at the existing WSO2 REST implementation to
capture the followed patterns referring the SCIM[2] and OAuth endpoints[3].


[1] - http://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/
[2] -
https://github.com/wso2-extensions/identity-inbound-provisioning-scim/tree/master/components/org.wso2.carbon.identity.scim.provider
[3] -
https://github.com/wso2-extensions/identity-inbound-auth-oauth/tree/master/components/org.wso2.carbon.identity.oauth.endpoint

Thanks,
Pushpalanka

On Wed, May 11, 2016 at 3:23 PM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi Pushpalanka,
>
> I managed to setup the development environment and build all the sources
> (thanks to Omindu :))
> Then I made the PEP client using the entitlement stubs as you have
> mentioned in a previous thread. It's working in an accepted state. But I
> encountered some questions during the process, so I'm currently building a
> doc with all the questions so I can document them and their answers for
> future reference.
> Other than that I'm trying to write different policies using XACML
>
> Also please let me know of any other steps i can follow to get familiar
> with the components, specially the code since I'm only focusing on
> Entitlement service right now
>
> Thank You
> Manujith
> --
>
>
>
> [image: Manujith Pallewatte on about.me]
>
> Manujith Pallewatte
> about.me/manzzup
>   <http://about.me/manzzup>
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-05-11 Thread Pushpalanka Jayawardhana 
Hi Manujith,

Hope you progressing with the initial steps of the project.
Please start a new thread to track the progress, so that we can finish this
off within time.

Thanks,
Pushpalanka

On Fri, Mar 25, 2016 at 10:22 PM, Manujith Pallewatte <manujith...@gmail.com
> wrote:

> Hi all,
>
> I added the final proposal to the gsoc site, thank you all for the support
> and guidance.
>
> On Fri, Mar 25, 2016 at 11:26 AM, Manujith Pallewatte <
> manujith...@gmail.com> wrote:
>
>> Hi Chamila,
>>
>> I added the draft to GSoC site and selected the share draft option as well
>> But didn't upload the FInal PDF still, since there's still 13 hours
>> remaining
>>
>> Thanks
>>
>> On Fri, Mar 25, 2016 at 11:23 AM, Chamila Wijayarathna <cham...@wso2.com>
>> wrote:
>>
>>> Hi Manujith,
>>>
>>> I strongly suggest you to submit your proposal to GSoC site with current
>>> progress. You can update it until the deadline.
>>>
>>> Thank You!
>>>
>>> On Fri, Mar 25, 2016 at 11:17 AM, Manujith Pallewatte <
>>> manujith...@gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I added the automated unit test and integration tests under the
>>>> implementation phase. Since I'm still in process of doing the PEP client
>>>> simulation, I couldn't enter it in the blog, so I didn't mention in it the
>>>> proposal. If I'm to find it before the deadline I will blog and insert it.
>>>> Thank you all again for the many support and guidance!
>>>>
>>>> On Thu, Mar 24, 2016 at 3:12 PM, Omindu Rathnaweera <omi...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Manujith,
>>>>>
>>>>> It's better to include implementation of automation tests in your
>>>>> proposal. The automation tests include unit & integration tests and if
>>>>> needed, UI tests.  Also you can start blogging about your findings so far
>>>>> and add them in your proposal.
>>>>>
>>>>> Regards,
>>>>> Omindu.
>>>>>
>>>>> On Thu, Mar 24, 2016 at 2:27 AM, Manujith Pallewatte <
>>>>> manujith...@gmail.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Thank you very much for the comments, I revised and changed as much
>>>>>> as possible.
>>>>>> About the confusion by Entitlement Engine I wanted to refer to the
>>>>>> EntitlementEngine.java class in src since it has the main entry points to
>>>>>> the service
>>>>>> But it is really a confusing detail and i changed it to Identity
>>>>>> Server instead
>>>>>> Also i added a few illustrations to make some points clear
>>>>>> Please give me feedback on the revised proposal
>>>>>>
>>>>>>
>>>>>> https://docs.google.com/document/d/1dz8FcqUHargRM1q0UG0Ln4FHo_zHH-ENz6oc1hjeLYY/edit?usp=sharing
>>>>>>
>>>>>> Thankx alot again!
>>>>>>
>>>>>> On Wed, Mar 23, 2016 at 3:41 PM, Pushpalanka Jayawardhana <
>>>>>> la...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi Manujith,
>>>>>>>
>>>>>>> Added the comments and suggestions. Please have a look and correct.
>>>>>>> Please also note that the entitlement engine we have in PDP
>>>>>>> component is the Balana engine and there is no seperate entitlelment 
>>>>>>> engine
>>>>>>> within IS.
>>>>>>> IS provides XACML support on top of Balana engine, with other
>>>>>>> required functionality for PEP, PAP and PIP.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Pushpalanka
>>>>>>>
>>>>>>> On Wed, Mar 23, 2016 at 3:13 PM, Manujith Pallewatte <
>>>>>>> manujith...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> Thankx alot for the input and I added them in the proposal so far
>>>>>>>> I have attached the proposal with the mail
>>>>>>>> Please review it and let me know points of improvement and any
>>>>>>>> additional details I'm missing in it
>>>>>>>>
>&

[Dev] WSO2 Identity Server 5.2.0 Beta Released

2016-04-14 Thread Pushpalanka Jayawardhana 
ustom
   Response Type Validator class is not read under SupportedGrantTypes in
   Identity.xml
   - IDENTITY-4381 <https://wso2.org/jira/browse/IDENTITY-4381>
   NullPointerException could happen in e.getCause().getCause()
   - IDENTITY-4377 <https://wso2.org/jira/browse/IDENTITY-4377> Session
   Hijacking vulnerability at Identity Server's PassiveSTS endpoint
   - IDENTITY-4371 <https://wso2.org/jira/browse/IDENTITY-4371>
   InfoRecoverySample build breaks
   - IDENTITY-4361 <https://wso2.org/jira/browse/IDENTITY-4361> Error when
   adding default bps profile when database is DB2
   - IDENTITY-4333 <https://wso2.org/jira/browse/IDENTITY-4333> validating
   the Refresh Token with database Oracle
   - IDENTITY-4314 <https://wso2.org/jira/browse/IDENTITY-4314>
   IDENTITY-3729 Features for nested.category must use "perfect" match
   - IDENTITY-4305 <https://wso2.org/jira/browse/IDENTITY-4305> Provide a
   target date to share the finalized 2016 IS roadmap
   - IDENTITY-4255 <https://wso2.org/jira/browse/IDENTITY-4255>
   IDENTITY-3729 Define importFeatureDef with version match rule in
   carbon-identity
   - IDENTITY-3948 <https://wso2.org/jira/browse/IDENTITY-3948> Required
   validations are not done for Callback URL for Oauth as Service Provider
   - IDENTITY-3894 <https://wso2.org/jira/browse/IDENTITY-3894> [Request
   Path Authentication] User credential prompted even after sending right
   access token
   - IDENTITY-3730 <https://wso2.org/jira/browse/IDENTITY-3730>
   IDENTITY-3729 POMs of "wso2-rampart", "wso2-wss4j", "balana" and "charon"
   need to be reviewed and fixed for WSO2 best practices
   - IDENTITY-3648 <https://wso2.org/jira/browse/IDENTITY-3648> Update
   OpenSAML version to 2.6.4.


Improvements


   - IDENTITY-4497 <https://wso2.org/jira/browse/IDENTITY-4497> Add PKCE
   Support Detection
   - IDENTITY-4459 <https://wso2.org/jira/browse/IDENTITY-4459> Add the
   session data persistence pool size to the identity.xml
   - IDENTITY-4442 <https://wso2.org/jira/browse/IDENTITY-4442> Users can
   disable their own accounts via the MC and Dashboard


New Features


   - IDENTITY-4453 <https://wso2.org/jira/browse/IDENTITY-4453> - Add PKCE
   Support for OAuth 2.0 Authorization Code Grant Type
   - IDENTITY-4096 <https://wso2.org/jira/browse/IDENTITY-4096> - SAML 2.0
   token support for WS-Federation (Passive)


Patches


   - IDENTITY-4449 <https://wso2.org/jira/browse/IDENTITY-4449> Data
   persistence is not working properly for AuthorizationGrantCache
   - IDENTITY-4443 <https://wso2.org/jira/browse/IDENTITY-4443> Identity
   server Tenant management servlet failure
   - IDENTITY-4440 <https://wso2.org/jira/browse/IDENTITY-4440> SCIM bulk
   update error masked by null pointer exception
   - IDENTITY-4398 <https://wso2.org/jira/browse/IDENTITY-4398> Authorization
   code can be sent in to get access token multiple times
   - IDENTITY-4395 <https://wso2.org/jira/browse/IDENTITY-4395> Identity
   Server URL must be configured inside EndpointConfig.properties
   - IDENTITY-4393 <https://wso2.org/jira/browse/IDENTITY-4393> Openid
   connect is failing when using implicit grant with custom claims.
   - IDENTITY-4386 <https://wso2.org/jira/browse/IDENTITY-4386> When role
   list have more than a single page, user can't select roles from 2 pages.
   - IDENTITY-4319 <https://wso2.org/jira/browse/IDENTITY-4319> Database
   read inside sync block in SecurityDeploymentInterceptor

Thanks,
-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Upgrading App Manager to user Carbon Kernel 4.4.5

2016-04-11 Thread Pushpalanka Jayawardhana 
On Tue, Apr 12, 2016 at 6:58 AM, Johann Nallathamby <joh...@wso2.com> wrote:

> @Pushpalanka: Isn't the repo versions (all the repos, now that we have 46
> IINM maintained by IS team) going to be 5.10.0 since we have backward
> compatible API additions ?
>
Yes my mistake.. Next release version will be *5.1.0.*

>
> On Mon, Apr 11, 2016 at 3:40 AM, Pushpalanka Jayawardhana <la...@wso2.com>
> wrote:
>
>>
>>
>> On Mon, Apr 11, 2016 at 1:53 PM, Dinusha Senanayaka <dinu...@wso2.com>
>> wrote:
>>
>>> Hi IS Team,
>>>
>>> Do you have release date for identity-5.0.9 ? This fix is critical for
>>> App manager release.
>>>
>> We are working on to release the beta pack tomorrow.  Identity-5.0.9
>> release will be done with the RC pack, which will be by 25th in best case.
>>
>>>
>>> Regards,
>>> Dinusha.
>>>
>>> On Mon, Apr 4, 2016 at 10:34 AM, Rushmin Fernando <rush...@wso2.com>
>>> wrote:
>>>
>>>> Thanks Pulasthi !
>>>>
>>>> App Manager WIP code can be found in [1] and [2]
>>>>
>>>> Thanks
>>>> Rushmin
>>>>
>>>> [1] -
>>>> https://github.com/wso2/carbon-appmgt/tree/feature/kernel-4.4.5-upgrade
>>>>
>>>> [2]  -
>>>> https://github.com/wso2/product-app-manager/tree/feature/kernel-4.4.5-upgrade
>>>>
>>>> On Fri, Apr 1, 2016 at 4:52 PM, Pulasthi Mahawithana <
>>>> pulast...@wso2.com> wrote:
>>>>
>>>>> Yes, we no longer use the wso2/carbon-identity repo for development.
>>>>> We use the repos in 'wso2-extensions'. However the group ids, artifact ids
>>>>> and versions follow the same from carbon-identity.
>>>>>
>>>>> On Fri, Apr 1, 2016 at 3:56 PM, Rushmin Fernando <rush...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Thanks Supun !
>>>>>>
>>>>>> So is [1] obsolete now since the connector code resides in
>>>>>> 'wso2-extensions' account now ?
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> Rushmin
>>>>>>
>>>>>> [1] -
>>>>>> https://github.com/wso2/carbon-identity/blob/master/features/provisioning/org.wso2.carbon.identity.provisioning.connector.salesforce.server.feature
>>>>>>
>>>>>> On Fri, Apr 1, 2016 at 3:47 PM, Pulasthi Mahawithana <
>>>>>> pulast...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi Rushmin,
>>>>>>>
>>>>>>> This issue was due to that component being moved from carbon-commons
>>>>>>> to analytic commons. Isura fixed that issue with [1] and [2]. Can you
>>>>>>> please try now?
>>>>>>>
>>>>>>> [1]
>>>>>>> https://github.com/wso2-extensions/identity-extension-parent/pull/6
>>>>>>> [2]
>>>>>>> https://github.com/wso2-extensions/identity-outbound-provisioning-salesforce/pull/6
>>>>>>>
>>>>>>> On Fri, Apr 1, 2016 at 12:21 PM, Rushmin Fernando <rush...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Hi Devs,
>>>>>>>>
>>>>>>>> We are in the process of upgrading the Carbon Kernel version to
>>>>>>>> 4.4.5
>>>>>>>>
>>>>>>>> During this upgrade we found out that
>>>>>>>> "org.wso2.carbon.identity.provisioning.connector.salesforce.server" 
>>>>>>>> feature
>>>>>>>> is dependenct on a non-existing feature version of
>>>>>>>> "org.wso2.carbon.databridge.commons.server"
>>>>>>>>
>>>>>>>> I opened a Jira to track this. [1]
>>>>>>>>
>>>>>>>> Had a chat with Pulasthi and this will be fixed with IS 5.2.0
>>>>>>>> release which will happen in the next week.
>>>>>>>>
>>>>>>>> Until this is fixed, I'm proceeding with the identity
>>>>>>>> 5.0.9-SNAPSHOT having the issue fixed locally.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Rushmin
>>>>>>

Re: [Dev] Upgrading App Manager to user Carbon Kernel 4.4.5

2016-04-11 Thread Pushpalanka Jayawardhana 
On Mon, Apr 11, 2016 at 1:53 PM, Dinusha Senanayaka <dinu...@wso2.com>
wrote:

> Hi IS Team,
>
> Do you have release date for identity-5.0.9 ? This fix is critical for App
> manager release.
>
We are working on to release the beta pack tomorrow.  Identity-5.0.9
release will be done with the RC pack, which will be by 25th in best case.

>
> Regards,
> Dinusha.
>
> On Mon, Apr 4, 2016 at 10:34 AM, Rushmin Fernando <rush...@wso2.com>
> wrote:
>
>> Thanks Pulasthi !
>>
>> App Manager WIP code can be found in [1] and [2]
>>
>> Thanks
>> Rushmin
>>
>> [1] -
>> https://github.com/wso2/carbon-appmgt/tree/feature/kernel-4.4.5-upgrade
>>
>> [2]  -
>> https://github.com/wso2/product-app-manager/tree/feature/kernel-4.4.5-upgrade
>>
>> On Fri, Apr 1, 2016 at 4:52 PM, Pulasthi Mahawithana <pulast...@wso2.com>
>> wrote:
>>
>>> Yes, we no longer use the wso2/carbon-identity repo for development. We
>>> use the repos in 'wso2-extensions'. However the group ids, artifact ids and
>>> versions follow the same from carbon-identity.
>>>
>>> On Fri, Apr 1, 2016 at 3:56 PM, Rushmin Fernando <rush...@wso2.com>
>>> wrote:
>>>
>>>> Thanks Supun !
>>>>
>>>> So is [1] obsolete now since the connector code resides in
>>>> 'wso2-extensions' account now ?
>>>>
>>>>
>>>> Thanks
>>>> Rushmin
>>>>
>>>> [1] -
>>>> https://github.com/wso2/carbon-identity/blob/master/features/provisioning/org.wso2.carbon.identity.provisioning.connector.salesforce.server.feature
>>>>
>>>> On Fri, Apr 1, 2016 at 3:47 PM, Pulasthi Mahawithana <
>>>> pulast...@wso2.com> wrote:
>>>>
>>>>> Hi Rushmin,
>>>>>
>>>>> This issue was due to that component being moved from carbon-commons
>>>>> to analytic commons. Isura fixed that issue with [1] and [2]. Can you
>>>>> please try now?
>>>>>
>>>>> [1]
>>>>> https://github.com/wso2-extensions/identity-extension-parent/pull/6
>>>>> [2]
>>>>> https://github.com/wso2-extensions/identity-outbound-provisioning-salesforce/pull/6
>>>>>
>>>>> On Fri, Apr 1, 2016 at 12:21 PM, Rushmin Fernando <rush...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> Hi Devs,
>>>>>>
>>>>>> We are in the process of upgrading the Carbon Kernel version to 4.4.5
>>>>>>
>>>>>> During this upgrade we found out that
>>>>>> "org.wso2.carbon.identity.provisioning.connector.salesforce.server" 
>>>>>> feature
>>>>>> is dependenct on a non-existing feature version of
>>>>>> "org.wso2.carbon.databridge.commons.server"
>>>>>>
>>>>>> I opened a Jira to track this. [1]
>>>>>>
>>>>>> Had a chat with Pulasthi and this will be fixed with IS 5.2.0 release
>>>>>> which will happen in the next week.
>>>>>>
>>>>>> Until this is fixed, I'm proceeding with the identity 5.0.9-SNAPSHOT
>>>>>> having the issue fixed locally.
>>>>>>
>>>>>> Thanks
>>>>>> Rushmin
>>>>>>
>>>>>> [1] - https://wso2.org/jira/browse/IDENTITY-4465
>>>>>>
>>>>>> --
>>>>>> *Rushmin Fernando*
>>>>>> *Technical Lead*
>>>>>>
>>>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>>>>
>>>>>> email : rush...@wso2.com
>>>>>> mobile : +94772310855
>>>>>>
>>>>>>
>>>>>>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Pulasthi Mahawithana*
>>>>> Software Engineer
>>>>> WSO2 Inc., http://wso2.com/
>>>>> Mobile: +94-71-5179022
>>>>> Blog: http://blog.pulasthi.org
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Rushmin Fernando*
>>>> *Technical Lead*
>>>>
>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>>
>>>> email : rush...@wso2.com
>>>> mobile : +94772310855
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> *Pulasthi Mahawithana*
>>> Software Engineer
>>> WSO2 Inc., http://wso2.com/
>>> Mobile: +94-71-5179022
>>> Blog: http://blog.pulasthi.org
>>>
>>
>>
>>
>> --
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>
>> email : rush...@wso2.com
>> mobile : +94772310855
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Dinusha Dilrukshi
> Associate Technical Lead
> WSO2 Inc.: http://wso2.com/
> Mobile: +94725255071
> Blog: http://dinushasblog.blogspot.com/
>



-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Question about GSoC

2016-03-23 Thread Pushpalanka Jayawardhana 
+ Dev

On Wed, Mar 23, 2016 at 10:13 AM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:

> Hi QunWei,
>
> Glad to hear about your interest.
> Yes this idea is still available.
>
> If you are interested on it, please  start working on it starting from
> going through the specification and raise any questions if you have any.
> In order to get familiar with WSO2 development environment and existing
> code base, get back to us. We are happy to guide you. Since the application
> deadline falls on 25th, you have less than 3 days to work on proposal for
> this. We will try our best to promptly reply to your concerns from our side.
>
> Thanks,
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
> On Wed, Mar 23, 2016 at 1:03 AM, QunWei Lin <lin919980...@gmail.com>
> wrote:
>
>> Dear madam, I'm writing to confirm a idea of GSoC.
>> Google summer of Code idea:
>> Proposal 23: [IS] Policy Administration and Delegation Profile for XACML
>>
>> Does this idea still available to apply?
>>
>> skills:
>>
>> good at :   Java and Test-Driven Development.
>>
>> FrameWork:  Hibernate, Struts 2, Spring.
>>
>> experience with MySQL, JavaScript,HTML+CSS, Gradle,Git.
>>
>> basic knowledge about SOA.
>>
>>
>> // if not available, could you recommend other idea in WSO2 for me to do?
>>
>> After reading all the Organization in GSoC, I was attracted by WSO2.
>>
>>
>> Thanks a lot and look forward to hearing from you soon.
>> Best Regards  Sincerely yours QunWei
>>
>
>


-- 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-03-23 Thread Pushpalanka Jayawardhana 
Hi Manujith,

Added the comments and suggestions. Please have a look and correct.
Please also note that the entitlement engine we have in PDP component is
the Balana engine and there is no seperate entitlelment engine within IS.
IS provides XACML support on top of Balana engine, with other required
functionality for PEP, PAP and PIP.

Thanks,
Pushpalanka

On Wed, Mar 23, 2016 at 3:13 PM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi all,
>
> Thankx alot for the input and I added them in the proposal so far
> I have attached the proposal with the mail
> Please review it and let me know points of improvement and any additional
> details I'm missing in it
>
> Thank You
>
> On Wed, Mar 23, 2016 at 12:05 PM, Pushpalanka Jayawardhana <la...@wso2.com
> > wrote:
>
>>
>>
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>
>>
>> On Wed, Mar 23, 2016 at 11:58 AM, Manujith Pallewatte <
>> manujith...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I will certainly start off with the client, would be a good starting
>>> point to observer the responses I think.
>>> Thank to Omindu I was able to use SoapUI to simulate a request for now,
>>> I'm trying to develop on that as well. Should those things go in the
>>> proposal as well?
>>> I have a drafted a basic proposal which I will send asap for your
>>> feedback, then once I complete task 1, I can document it too
>>>
>> This is good progress. It is better to mention what you have tried upto
>> now regarding the project in brief, in the proposal.
>>
>>>
>>> Thank You
>>>
>>> On Wed, Mar 23, 2016 at 11:35 AM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> Pushpalanka.
>>>> --
>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>>> Mobile: +94779716248
>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>>>
>>>>
>>>> On Wed, Mar 23, 2016 at 2:05 AM, Manujith Pallewatte <
>>>> manujith...@gmail.com> wrote:
>>>>
>>>>> Hi Pushpalanka,
>>>>>
>>>>> Sorry for spamming the inbox like this, but since I'm already behind
>>>>> the schedule I have to get things resolved as fast as possible. Please
>>>>> don't mind it.
>>>>> One more thing as I finally got to the conclusion, the objective is to
>>>>> implement RESTful service to the PDP of IS so that any PEP can access them
>>>>> in a RESTful manner? In other words the REST service should be
>>>>> implemented to facilitate the information exchange between the PEP and PDP
>>>>> Is that correct? please correct me if i'm wrong
>>>>>
>>>>
>>>>
>>>>
>>>>> Thanks alot
>>>>>
>>>>> On Wed, Mar 23, 2016 at 1:39 AM, Manujith Pallewatte <
>>>>> manujith...@gmail.com> wrote:
>>>>>
>>>>>> Hi Pushpalanka,
>>>>>>
>>>>>> I tried examining the PDP and PAP of IS to get an idea of how things
>>>>>> work and i followed the blog article [
>>>>>> http://pushpalankajaya.blogspot.com/2013/06/working-with-xacml-30-policies-for-fine.html].
>>>>>> I tested out few policies and all seems fine. Now I want to test the
>>>>>> policies using a PEP
>>>>>> Is there any way to simulate a authorization request? (may be using
>>>>>> curl as we use to test RESP APIs)
>>>>>> If there's any such way, where should I point the requests at?
>>>>>> ex: I added a policy for the resource url
>>>>>> http://localhost/services/secret
>>>>>> and the IS server is hosted at http://localhost:9443/
>>>>>> now i want to do a authorized requests to the 1st mentioned service
>>>>>> through the IS server, i sense i'm missing a piece here. Please help me 
>>>>>> to
>>>>>> clarify this point
>>>>>>
>>>>>
>>>> Hi Manujith,
>>>

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-03-23 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Mar 23, 2016 at 11:58 AM, Manujith Pallewatte <manujith...@gmail.com
> wrote:

> Hi all,
>
> I will certainly start off with the client, would be a good starting point
> to observer the responses I think.
> Thank to Omindu I was able to use SoapUI to simulate a request for now,
> I'm trying to develop on that as well. Should those things go in the
> proposal as well?
> I have a drafted a basic proposal which I will send asap for your
> feedback, then once I complete task 1, I can document it too
>
This is good progress. It is better to mention what you have tried upto now
regarding the project in brief, in the proposal.

>
> Thank You
>
> On Wed, Mar 23, 2016 at 11:35 AM, Pushpalanka Jayawardhana <la...@wso2.com
> > wrote:
>
>>
>>
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>
>>
>> On Wed, Mar 23, 2016 at 2:05 AM, Manujith Pallewatte <
>> manujith...@gmail.com> wrote:
>>
>>> Hi Pushpalanka,
>>>
>>> Sorry for spamming the inbox like this, but since I'm already behind the
>>> schedule I have to get things resolved as fast as possible. Please don't
>>> mind it.
>>> One more thing as I finally got to the conclusion, the objective is to
>>> implement RESTful service to the PDP of IS so that any PEP can access them
>>> in a RESTful manner? In other words the REST service should be
>>> implemented to facilitate the information exchange between the PEP and PDP
>>> Is that correct? please correct me if i'm wrong
>>>
>>
>>
>>
>>> Thanks alot
>>>
>>> On Wed, Mar 23, 2016 at 1:39 AM, Manujith Pallewatte <
>>> manujith...@gmail.com> wrote:
>>>
>>>> Hi Pushpalanka,
>>>>
>>>> I tried examining the PDP and PAP of IS to get an idea of how things
>>>> work and i followed the blog article [
>>>> http://pushpalankajaya.blogspot.com/2013/06/working-with-xacml-30-policies-for-fine.html].
>>>> I tested out few policies and all seems fine. Now I want to test the
>>>> policies using a PEP
>>>> Is there any way to simulate a authorization request? (may be using
>>>> curl as we use to test RESP APIs)
>>>> If there's any such way, where should I point the requests at?
>>>> ex: I added a policy for the resource url
>>>> http://localhost/services/secret
>>>> and the IS server is hosted at http://localhost:9443/
>>>> now i want to do a authorized requests to the 1st mentioned service
>>>> through the IS server, i sense i'm missing a piece here. Please help me to
>>>> clarify this point
>>>>
>>>
>> Hi Manujith,
>>
>> There are no cURL commands available as we do not have REST
>> implementation as of now.
>> In order to get familiar with the code base and development environment
>> and to try out the scenario you suggested follow the below steps.
>>
>> 1 - Try to write a Java client for EntitlementService (SOAP service) [1]
>>
>> Please find the relevant service at [1]. This is the service that needs
>> to be cosumed in order to get the XACML policy decision from PDP for a
>> given XACML request.
>>
>> Specific method to call is "public String getDecision(String request)
>> throws EntitlementException " giving the XACML request as a String. The
>> relevant stub classes can be found at [2] that can be used at client side.
>> Try to get client code written for this which can be placed in PEP when
>> required. You can further publish a blogpost with this client code which
>> can strengthen your proposal further.
>>
>> 2 - In production scenarioes usually ESB acts as the PEP creating the
>> XACML request and calling the PDP via code similar to client code you would
>> develop in the above point.
>>
>> The article at [3], describes this use case, but it has older content.
>> You can try out same things with latest product versions. If you encounter
>> any issues get back to us. We will try to find a solution.
>>
>>
>> I think you would be in a good position to st

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-03-23 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Mar 23, 2016 at 12:00 PM, Manujith Pallewatte <manujith...@gmail.com
> wrote:

> Hi all,
>
> Also since REST has no restriction on the media type it should use, is it
> okay to have a JSON implementation as well? Should it be strictly XML?
>
No restriction on it to be XML. Since this is REST implementation JSON is
favored.
Please refer [1] as well, which defines a standards representation of XACML
request and responses in JSON.

[1] -
http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html
<http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html>

>
> On Wed, Mar 23, 2016 at 11:58 AM, Manujith Pallewatte <
> manujith...@gmail.com> wrote:
>
>> Hi all,
>>
>> I will certainly start off with the client, would be a good starting
>> point to observer the responses I think.
>> Thank to Omindu I was able to use SoapUI to simulate a request for now,
>> I'm trying to develop on that as well. Should those things go in the
>> proposal as well?
>> I have a drafted a basic proposal which I will send asap for your
>> feedback, then once I complete task 1, I can document it too
>>
>> Thank You
>>
>> On Wed, Mar 23, 2016 at 11:35 AM, Pushpalanka Jayawardhana <
>> la...@wso2.com> wrote:
>>
>>>
>>>
>>> Pushpalanka.
>>> --
>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>> Mobile: +94779716248
>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>>
>>>
>>> On Wed, Mar 23, 2016 at 2:05 AM, Manujith Pallewatte <
>>> manujith...@gmail.com> wrote:
>>>
>>>> Hi Pushpalanka,
>>>>
>>>> Sorry for spamming the inbox like this, but since I'm already behind
>>>> the schedule I have to get things resolved as fast as possible. Please
>>>> don't mind it.
>>>> One more thing as I finally got to the conclusion, the objective is to
>>>> implement RESTful service to the PDP of IS so that any PEP can access them
>>>> in a RESTful manner? In other words the REST service should be
>>>> implemented to facilitate the information exchange between the PEP and PDP
>>>> Is that correct? please correct me if i'm wrong
>>>>
>>>
>>>
>>>
>>>> Thanks alot
>>>>
>>>> On Wed, Mar 23, 2016 at 1:39 AM, Manujith Pallewatte <
>>>> manujith...@gmail.com> wrote:
>>>>
>>>>> Hi Pushpalanka,
>>>>>
>>>>> I tried examining the PDP and PAP of IS to get an idea of how things
>>>>> work and i followed the blog article [
>>>>> http://pushpalankajaya.blogspot.com/2013/06/working-with-xacml-30-policies-for-fine.html].
>>>>> I tested out few policies and all seems fine. Now I want to test the
>>>>> policies using a PEP
>>>>> Is there any way to simulate a authorization request? (may be using
>>>>> curl as we use to test RESP APIs)
>>>>> If there's any such way, where should I point the requests at?
>>>>> ex: I added a policy for the resource url
>>>>> http://localhost/services/secret
>>>>> and the IS server is hosted at http://localhost:9443/
>>>>> now i want to do a authorized requests to the 1st mentioned service
>>>>> through the IS server, i sense i'm missing a piece here. Please help me to
>>>>> clarify this point
>>>>>
>>>>
>>> Hi Manujith,
>>>
>>> There are no cURL commands available as we do not have REST
>>> implementation as of now.
>>> In order to get familiar with the code base and development environment
>>> and to try out the scenario you suggested follow the below steps.
>>>
>>> 1 - Try to write a Java client for EntitlementService (SOAP service) [1]
>>>
>>> Please find the relevant service at [1]. This is the service that needs
>>> to be cosumed in order to get the XACML policy decision from PDP for a
>>> given XACML request.
>>>
>>> Specific method to call is "public String getDecision(String request)
>>> throws EntitlementException " giving the XA

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-03-23 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Mar 23, 2016 at 2:05 AM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi Pushpalanka,
>
> Sorry for spamming the inbox like this, but since I'm already behind the
> schedule I have to get things resolved as fast as possible. Please don't
> mind it.
> One more thing as I finally got to the conclusion, the objective is to
> implement RESTful service to the PDP of IS so that any PEP can access them
> in a RESTful manner? In other words the REST service should be implemented
> to facilitate the information exchange between the PEP and PDP
> Is that correct? please correct me if i'm wrong
>



> Thanks alot
>
> On Wed, Mar 23, 2016 at 1:39 AM, Manujith Pallewatte <
> manujith...@gmail.com> wrote:
>
>> Hi Pushpalanka,
>>
>> I tried examining the PDP and PAP of IS to get an idea of how things work
>> and i followed the blog article [
>> http://pushpalankajaya.blogspot.com/2013/06/working-with-xacml-30-policies-for-fine.html].
>> I tested out few policies and all seems fine. Now I want to test the
>> policies using a PEP
>> Is there any way to simulate a authorization request? (may be using curl
>> as we use to test RESP APIs)
>> If there's any such way, where should I point the requests at?
>> ex: I added a policy for the resource url
>> http://localhost/services/secret
>> and the IS server is hosted at http://localhost:9443/
>> now i want to do a authorized requests to the 1st mentioned service
>> through the IS server, i sense i'm missing a piece here. Please help me to
>> clarify this point
>>
>
Hi Manujith,

There are no cURL commands available as we do not have REST implementation
as of now.
In order to get familiar with the code base and development environment and
to try out the scenario you suggested follow the below steps.

1 - Try to write a Java client for EntitlementService (SOAP service) [1]

Please find the relevant service at [1]. This is the service that needs to
be cosumed in order to get the XACML policy decision from PDP for a given
XACML request.

Specific method to call is "public String getDecision(String request) throws
EntitlementException " giving the XACML request as a String. The relevant
stub classes can be found at [2] that can be used at client side. Try to
get client code written for this which can be placed in PEP when required.
You can further publish a blogpost with this client code which can
strengthen your proposal further.

2 - In production scenarioes usually ESB acts as the PEP creating the XACML
request and calling the PDP via code similar to client code you would
develop in the above point.

The article at [3], describes this use case, but it has older content. You
can try out same things with latest product versions. If you encounter any
issues get back to us. We will try to find a solution.


I think you would be in a good position to start with the proposal once the
first point is done as 2nd is a extended version of that.
Do get back with any problems you face. We will try our best to get back as
soon as possible.


[1] -
https://github.com/wso2/identity-framework/blob/master/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementService.java
[2] -
https://github.com/wso2/identity-framework/tree/master/service-stubs/identity/org.wso2.carbon.identity.entitlement.stub
[3] -
http://wso2.com/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform/
[4] -
http://wso2.com/library/tutorials/2012/12/providing-xacml-fine-grained-authorization-webapps/

Thanks,
Pushpalanka

>
>> Thank You
>>
>>
>> On Tue, Mar 22, 2016 at 10:47 PM, Manujith Pallewatte <
>> manujith...@gmail.com> wrote:
>>
>>> Hi Pushpalanka,
>>>
>>> Thank you for the resources, I will for sure start working on the
>>> proposal. I was trying to get the basic implementation details straight
>>> before jumping into the proposal
>>> so I could include a better plan in the proposal.  But it seems with the
>>> time constraints I would have to speed it up. Trying my best to deliver the
>>> proposal by
>>> tomorrow.
>>>
>>> Thank you
>>>
>>> On Tue, Mar 22, 2016 at 10:32 PM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
>>>> Hi Manujith,
>>>>
>>>> If you haven't already try go through instructions provided at Dev list
>>>> under the thread "GSoC project pro

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-03-22 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Mar 23, 2016 at 2:05 AM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi Pushpalanka,
>
> Sorry for spamming the inbox like this, but since I'm already behind the
> schedule I have to get things resolved as fast as possible. Please don't
> mind it.
> One more thing as I finally got to the conclusion, the objective is to
> implement RESTful service to the PDP of IS so that any PEP can access them
> in a RESTful manner? In other words the REST service should be implemented
> to facilitate the information exchange between the PEP and PDP
> Is that correct? please correct me if i'm wrong
>
Hi Manujith,

Yes this understanding is correct.

Thanks,
Pushpalanka

>
> Thanks alot
>
> On Wed, Mar 23, 2016 at 1:39 AM, Manujith Pallewatte <
> manujith...@gmail.com> wrote:
>
>> Hi Pushpalanka,
>>
>> I tried examining the PDP and PAP of IS to get an idea of how things work
>> and i followed the blog article [
>> http://pushpalankajaya.blogspot.com/2013/06/working-with-xacml-30-policies-for-fine.html].
>> I tested out few policies and all seems fine. Now I want to test the
>> policies using a PEP
>> Is there any way to simulate a authorization request? (may be using curl
>> as we use to test RESP APIs)
>> If there's any such way, where should I point the requests at?
>> ex: I added a policy for the resource url
>> http://localhost/services/secret
>> and the IS server is hosted at http://localhost:9443/
>> now i want to do a authorized requests to the 1st mentioned service
>> through the IS server, i sense i'm missing a piece here. Please help me to
>> clarify this point
>>
>> Thank You
>>
>>
>> On Tue, Mar 22, 2016 at 10:47 PM, Manujith Pallewatte <
>> manujith...@gmail.com> wrote:
>>
>>> Hi Pushpalanka,
>>>
>>> Thank you for the resources, I will for sure start working on the
>>> proposal. I was trying to get the basic implementation details straight
>>> before jumping into the proposal
>>> so I could include a better plan in the proposal.  But it seems with the
>>> time constraints I would have to speed it up. Trying my best to deliver the
>>> proposal by
>>> tomorrow.
>>>
>>> Thank you
>>>
>>> On Tue, Mar 22, 2016 at 10:32 PM, Pushpalanka Jayawardhana <
>>> la...@wso2.com> wrote:
>>>
>>>> Hi Manujith,
>>>>
>>>> If you haven't already try go through instructions provided at Dev list
>>>> under the thread "GSoC project proposal questions" for this proposal
>>>> as well.
>>>>
>>>> Hope you are getting up with the pace as the proposal deadline is
>>>> falling on 25th March(this Friday). While you try get familiar with the
>>>> development procedure and other resources, please try to go ahead with
>>>> drafting the proposal as well. This will allow us to give some early feed
>>>> back and time for you to adjust. Following resources might help you.
>>>>
>>>> [1] -
>>>> http://cdwijayarathna.blogspot.com/2016/02/how-to-get-proposal-ready-for-gsoc.html.
>>>> (Later part starting from "Now you need to start work, you may have "
>>>> will guide you)
>>>> [2] - Sample proposal - http://www.slideshare.net/Pushpalanka/gsoc-2012
>>>> <http://www.slideshare.net/Pushpalanka/gsoc-2012>
>>>>
>>>> Thanks,
>>>> Pushpalanka.
>>>> --
>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>>>> Mobile: +94779716248
>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>>>>
>>>>
>>>> On Tue, Mar 22, 2016 at 8:57 PM, Manujith Pallewatte <
>>>> manujith...@gmail.com> wrote:
>>>>
>>>>> Hi Chamila,
>>>>>
>>>>> Thank a bunch, that cleared a lot of doubts i was having
>>>>> I would try with the patch9000 method so that i dont have to build the
>>>>> product-is every time
>>>>> And then try the other method as well
>>>>>
>>>>> Thankx again!
>>>>>
>>>>>
>>>>> On Tue

Re: [Dev] Fwd: [GSoC 16'] Proposal 20: [IS] SCIM 2.0 Support to WSO2 Identity Server

2016-03-22 Thread Pushpalanka Jayawardhana 
Hi Manujith,

If you haven't already try go through instructions provided at Dev list
under the thread "GSoC project proposal questions" for this proposal as
well.

Hope you are getting up with the pace as the proposal deadline is falling
on 25th March(this Friday). While you try get familiar with the development
procedure and other resources, please try to go ahead with drafting the
proposal as well. This will allow us to give some early feed back and time
for you to adjust. Following resources might help you.

[1] -
http://cdwijayarathna.blogspot.com/2016/02/how-to-get-proposal-ready-for-gsoc.html.
(Later part starting from "Now you need to start work, you may have " will
guide you)
[2] - Sample proposal - http://www.slideshare.net/Pushpalanka/gsoc-2012
<http://www.slideshare.net/Pushpalanka/gsoc-2012>

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, Mar 22, 2016 at 8:57 PM, Manujith Pallewatte <manujith...@gmail.com>
wrote:

> Hi Chamila,
>
> Thank a bunch, that cleared a lot of doubts i was having
> I would try with the patch9000 method so that i dont have to build the
> product-is every time
> And then try the other method as well
>
> Thankx again!
>
>
> On Tue, Mar 22, 2016 at 8:40 PM, Chamila Wijayarathna <cham...@wso2.com>
> wrote:
>
>> Hi Manujith,
>>
>> identity-framework [1] contains the code base of the features of Identity
>> Server, and product-is [2] contains the code which install features at
>> identity-framework to Identity Server. Component specific code is available
>> at identity-framework repo, because some of these features are not only
>> used in Identity Server, but in some other carbon based products as well.
>> So you need to work with the code at identity-framework mainly.
>>
>> But for building the Identity Server using source, first you need to run
>> identity-framework, then build identity-extensions [3] which get packed
>> into Identity server (You can find this list at [4], you can use scripts at
>> there to clone and build those extensions). Then build product-is. When you
>> are building identity-framework and extensions, maven save those artifacts
>> in your M2_HOME and when you are building product-is, it use these
>> artifacts. If you only build product-is, since there are no artifacts in
>> M2_HOME, it will download artifacts available online, so if you have done
>> any changes they will not appear in Identity Server pack you build.
>>
>> Additionally, if you are changing only entitlement component in identity
>> server, without following above mentioned process, you can just build a
>> pack by building product-is, then build the component you change (eg:
>> components/entitlement/org.wso2.carbon.identity.entitlement) and copy the
>> jar file build at target folder (eg:
>> components/entitlement/org.wso2.carbon.identity.entitlement) into > Server Home>/repository/components/patches/patch9000 (You'll have to create
>> patch9000 folder ). In this way also you can test any changes you are doing
>> to code.
>>
>> This may be bit complex task, try it and if you find anything difficult,
>> please put a mail here.
>>
>> [1]. https://github.com/wso2/identity-framework
>> [2]. https://github.com/wso2/product-is
>> [3]. https://github.com/wso2-extensions
>> [4]. https://gist.github.com/pulasthi7/3d365a3345371fd63f74
>>
>> Cheers!
>>
>> On Tue, Mar 22, 2016 at 8:09 PM, Manujith Pallewatte <
>> manujith...@gmail.com> wrote:
>>
>>> Hi Omindu,
>>>
>>> Thank alot, I will look into those.
>>> also should I be working on the
>>> https://github.com/wso2/identity-framework codebase or
>>> https://github.com/wso2/product-is codebase
>>> i was under the impression that the latter is what I should focus on
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Mar 22, 2016 at 7:55 PM, Omindu Rathnaweera <omi...@wso2.com>
>>> wrote:
>>>
>>>> Hi Manujith,
>>>>
>>>> Pushpalanka will be able to provide you more details on this.
>>>>
>>>> For the time being, you can try out the current XACML implementation by
>>>> following the resources at [1].
>>>>
>>>> The documentation related to XACML architecture [2] will help you to
>>>> understand the current implementation. The feature codebase can be found at
>>>> [3]. In t

Re: [Dev] WSO2 Identity Provider: Claims only returns: { sub: "admin@carbon.super" }

2016-03-21 Thread Pushpalanka Jayawardhana 
Hi Ignacio,

I assume you are using authorization code grant type or implicit grant type.
In that case please do configuration for requested claims under service
provider configuration.

In the above grant types we only return the claims added as requested by
the service provider.
Instructions to do this configuration can be found at [1] (*Use Local Claim
Dialect*).

[1] -
https://docs.wso2.com/display/IS510/Configuring+Claims+for+a+Service+Provider

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Mar 21, 2016 at 1:04 PM, Ignacio Ocampo <naf...@gmail.com> wrote:

> Hello Maduranga,
>
> Thanks for your info, I saw these bugs reported in Stackoverflow.
>
> I'm using: wso2is-5.2.0-SNAPSHOT.
>
> When I do: curl -k -H "Authorization: Bearer
> defbb069decad5e9f584280f9371fd24"
> https://localhost:9443/oauth2/userinfo?schema=openid
>
> I get: {"sub":"admin@carbon.super"}
>
> To obtain the Access Token, I'm using the scope: openid.
>
> I updated the user profile in the /dashboard app, and I verified that the
> information was stored in the LDAP server.
>
> When I registered the Service Provider, I configured only the OAuth/OpenID
> Connect Configuration to obtain the Client and Secret key.
>
> Is there any additional configuration that I should do?
>
> Thanks in advance.
>
> Regards.
>
> On Mon, Mar 21, 2016 at 12:24 AM, Maduranga Siriwardena <
> madura...@wso2.com> wrote:
>
>> Hi Ignacio,
>>
>> This a known issue in IS 5.1.0 reported at [1]. The issue is already
>> fixed in IS 5.2.0 Alpha and you can download it from [2].
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-4250
>> [2] https://github.com/wso2/product-is/releases/tag/v5.2.0-alpha
>>
>> Thanks,
>> Maduranga.
>>
>> On Mon, Mar 21, 2016 at 12:33 PM, Ignacio Ocampo <naf...@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I'm testing WSO2 Identity Provider.
>>>
>>> My problem is that when I request to
>>> https://localhost:9443/oauth2/userinfo?schema=openid, I only get the *sub
>>> *field.
>>>
>>> I expect to receive others such mail, phone, etc, that I already defined
>>> in the profile for the user.
>>>
>>> Thanks in advance.
>>>
>>> Regards.
>>>
>>> --
>>> Ignacio Ocampo Millán
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Maduranga Siriwardena
>> Software Engineer
>> WSO2 Inc.
>>
>> email: madura...@wso2.com
>> mobile: +94718990591
>>
>
>
>
> --
> Ignacio Ocampo Millán
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSoC project proposal questions

2016-03-19 Thread Pushpalanka Jayawardhana 
Hi Ahish,

Glad to here your interest on the project. I have here added the dev
mailing list of wso2, where further discussion can be made and visible to
the community.
Please find the comments inline.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Mar 16, 2016 at 8:49 AM, Ashish Tiwari <ashishtiwarig...@gmail.com>
wrote:

> Hi All,
>
> My name is Ashish and I am interested in working on the project "REST
> Profile of XACML v3.0 Version". I have started working on the proposal and
> would like to get started by:
>
> 1. I would like to have a basic understanding the ecosystem of WSO2
> projects (which will involved in this project) to figure of where this
> project falls and what are the use cases.
>   -  Would be awesome to get a requirements doc on this, if its already
> created. If not, I would like to create one.
>
As of now we don't have a requirements doc created other than the task of
implementing the REST profile for XACML on top of WSO2 Identity Server.
Would be a good start to go through the specification have a summarized
view of what needs to be done though.

>
> 2. Defining the scope of this project and possibly create subtasks.
>  - The description talks about the current SOAP implementation. It will be
> helpful to go through current SOAP integration to understand the
> interactions. However, this is something to be layed out in the design
> (proposal).
>
Yes, there is a SOAP implementation that already exists. In order to
understand how it works, better to first try it out and then look into the
implementation details. Will provide the resources for this below.

>
> 3. Setup local build and explore the codebase to get an idea of
> technologies, complexity and potential designs to implement this feature.
>  - Are there dev docs to get started, which include required repository
> informations?
>
You can find the developer targetted documentation at [1].
In brief,
The relevant code for this feature resides at [2] which have SOAP service
implementation as [3].
The architecture details and other related information can be found at [4].


>
> 4. Is there a public/test environment of WSO2 with respect to this
> project, that is available for training/testing purposes. This can help me
> to understand the use case even better.
>
> I was also wondering if there is a doc/JIRA/git issues already created for
> this project, which can get me to addres specific issues in my proposal.
>
Here[1] is the public jira ticket. It currently does not carry much useful
information. Still you can use it for further discussions too.
=

As first step, I would suggest you try out the SOAP based scenario with
WSO2 Identity Server.
You can download it from the site[6], and to try out the XACML scenario
refering the docs at [7]. Basically what you need to do is create a XACML
policy and evaluate it via a sample XACML request.

Do get back if you face any issues completing this step and we can then
move forward to next steps.

[1] - https://docs.wso2.com/display/IS510/Getting+Involved
[2] -
https://github.com/wso2/identity-framework/tree/master/components/entitlement
[3] -
https://github.com/wso2/identity-framework/blob/master/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementService.java
[4] - https://docs.wso2.com/display/IS510/Access+Control
[5] - https://wso2.org/jira/browse/IDENTITY-247
[6] - http://wso2.com/products/identity-server/
[7] -
https://docs.wso2.com/display/IS510/Configuring+the+Policy+Administration+Point
,
http://pushpalankajaya.blogspot.com/2013/06/try-out-xacml-policies-with-wso2.html


> *About me:*
> I have an undergraduate degree in computer science and starting my
> master's degree in computer science from Arizona State University. I also
> have 5 years of professional (relevant) work experience developing
> enterprise web applications in J2EE, and I previous worked with SOAP and
> REST to integrate third party solutions.
>
> Thanks,
> Ashish
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Retrieving OAuth applications by consumer key

2016-03-19 Thread Pushpalanka Jayawardhana 
Hi Vinod,

This[1], should cater for your requirement.

[1] -
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java#L142-L162

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Mar 18, 2016 at 12:34 PM, Vinod Kavinda <vi...@wso2.com> wrote:

> Hi IS team,
> Is there any API or Admin service to get the registered oAuth application
> information using the consumer key?
> This is required for a APIM, IS integration as a third party key manager.
> I found that it is possible to get all the application data from
> oAuthAdminService. This won't be a proper solution in performance
> wise since we have to iterate through the list.
>
>
> Please help me on this.
>
> Regards,
> Vinod
>
> --
> Vinod Kavinda
> Software Engineer
> *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.*
> Mobile : +94 (0) 712 415544
> Blog : http://soatechflicks.blogspot.com/
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] User's can disable their own accounts

2016-03-10 Thread Pushpalanka Jayawardhana 
Hi Dilini,

Intended use of this feature is only for administrators/users with user-mgt
previlleges to disable/enable user accounts.
Therefore a user should not be able to disable own account. We discussed to
hide this claim from user profile UI by default and move the disable/enable
click to user list view. This is not done yet though.

Will get to you after discussing with the team on our stand on this.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Mar 11, 2016 at 12:30 PM, Dilini Gunatilake <dili...@wso2.com>
wrote:

> Hi IS Team,
>
> When identifying test scenarios for User Account Disability feature in IS
> 520, I noticed that users can disable their own accounts and carry out work
> until the session expires or they log out. But the system will throw
> exceptions for the operations they do in both management console and
> dashboard. eg: change the password
>
> What should be the ideal behaviour in this scenario? Should the user have
> privileges to disable their own account?
>
> Thank you,
>
> Regards,
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94 (0) 771 162518
> dili...@wso2.com
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Missing DB Scripts in Identity Server

2016-01-07 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Jan 8, 2016 at 10:04 AM, Anupama Pathirage <anup...@wso2.com> wrote:

> Hi,
>
> When Setting up MySQL with Identity Server(wso2is-5.1.0) as described in
> [1], it gives the following error on server startup. This error occurs only
> when we create the database tables using the scripts located at
> "/dbscripts/mysql.sql" using the following command as
> mentioned in the documentation.[1]
>
>
> *Command:*
>
> mysql -u regadmin -p -Dregdb < '/dbscripts/mysql.sql';
>
>
> *Error:*
>
> [2016-01-07 18:07:10,230] ERROR
> {org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent} -  Error
> while activating Identity Provider Management bundle
> org.wso2.carbon.idp.mgt.IdentityProviderManagementE xception: Error
> occurred while retrieving Identity Provider information for tenant :
> carbon.super and Identity Provider name : LOCAL
> ...
> ...
> Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:
> Table 'regdb.IDP' doesn't exist.
>
>
> That /dbscripts/mysql.sql script in the Identity server
> bundle doesn't contain the scripts for tables IDN_*, IDP_*, SP_*, and WF_*.
> Even though table creation can be done by -Dsetup option at runtime without
> any issue, when following the documentation users gets this error.
>
> Thought to mention this since I found several forum posts regarding the
> same issue. So my suggestion is to either,
>
>- update /dbscripts/mysql.sql (and scripts for other
>dbs as well ) with all the required tables OR
>- update the documentation to work with -Dsetup option only
>instead of using script based method
>
> The Identity related tables are created from the scripts located at
wso2is-5.1.0/dbscripts/identity folder. The subtopic 'Changing the database
for identity-related data' talks about it, but not clearly state those
scripts are required to be executed as well.
+1 to update the docs with -Dsetup option and improve the docs to mention
the need of running identity scripts as well.

> because the users who follows the steps in the document gets this error
> for the first time.
>
> *[1] *https://docs.wso2.com/display/IS510/Setting+up+MySQL
>
> Thank You,
>
> --
> Anupama Pathirage
> Associate Technical Lead
> WSO2, Inc.  http://wso2.com/
> Email: anup...@wso2.com
> Mobile:+94 71 8273 979
> Blog:http://mycodeideas.blogspot.com/
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Identity Server 5.1.0 RC2

2015-12-22 Thread Pushpalanka Jayawardhana 
Hi,

Tested SAML2BearerGrant type in tenant mode secondary user stores, with
claims requested and signing enabled. No issues found.

[X]  Stable - go ahead and release

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Dec 21, 2015 at 6:29 PM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

> Hi Devs,
>
> This is the second release candidate of WSO2 Identity Server 5.1.0.
>
> This release fixes the following issues:
> https://wso2.org/jira/issues/?filter=12586
>
> Please download, test and vote.
>
> Source & binary distribution files:
> https://github.com/wso2/product-is/releases/tag/v5.1.0-rc2
>
> Maven staging repo:
> http://maven.wso2.org/nexus/content/repositories/orgwso2is-218/
>
> The tag to be voted upon:
> https://github.com/wso2/product-is/tree/v5.1.0-rc2
>
>
> [ ]  Stable - go ahead and release
> [ ]  Broken - do not release (explain why)
>
> Thanks and Regards,
> WSO2 Identity Server Team.
>
> --
> Hasintha Indrajee
> Software Engineer
> WSO2, Inc.
> Mobile:+94 771892453
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Signature Validation in "Configuring SSO with SAML 2.0" sample

2015-12-08 Thread Pushpalanka Jayawardhana 
Hi Pulasthi,

The validation happens in the sso agent jar which is used by the webapp as
a library.
Please find the code at [1].

[1] -
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.sso.agent/
[2] -
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.sso.agent/1.4.0/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Dec 9, 2015 at 12:01 PM, Pulasthi Harasgama <pulast...@wso2.com>
wrote:

> Hi,
>
> I was following the Single Sign On with SAML 2.0 sample [1] to configure
> SSO for my web application, and I am having difficulty finding out where
> the signature in the SAML Token received by travelocity.com is validated.
> Once the user is authenticated at the identity Server, I think the SAML
> token issued to the user should be validated by travelocity but I can't
> seem to locate where this is done in the webapp.
>
> If possible, please do let me know if I am missing something here or how
> this is done by travelocity.
>
> [1]
> https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0
>
> Thanks,
> --
> *Pulasthi Harasgama*
> Software Engineering Intern
> Mobile: +94774978735
> WSO2 Inc.: http://wso2.com
> Blog: https://pulasthiharasgama.wordpress.com/
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] ApplicationDAOImpl trying to query UM_PERMISSION tables against the Identity DB

2015-11-29 Thread Pushpalanka Jayawardhana 
Hi Lakmali,

This is do be fixed with PR:
https://github.com/wso2/carbon-identity/pull/1489

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Nov 30, 2015 at 11:27 AM, Lakmali Baminiwatta <lakm...@wso2.com>
wrote:

> Hi IS team,
>
> Can we get this fixed?
>
> Thanks,
> Lakmali
>
> On 24 November 2015 at 16:24, Lakmali Baminiwatta <lakm...@wso2.com>
> wrote:
>
>> Created a Jira.
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-4128
>>
>> On 23 November 2015 at 16:35, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> Looks like a bug to me. This would require the Identity and UM tables to
>>> be on a single schema, which would be wrong.
>>>
>>> Thanks,
>>> NuwanD.
>>>
>>> On Mon, Nov 23, 2015 at 4:28 PM, Lakmali Baminiwatta <lakm...@wso2.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> In APIM 1.10.0, when we try to rename an Application, below error is
>>>> thrown. When I checked the code, there are queries to UM_PERMISSION table
>>>> against the Identity DB [1]. Shouldn't we use existing UM APIs or run these
>>>> against the UM DB?
>>>>
>>>> Caused by: org.h2.jdbc.JdbcSQLException: Table "UM_PERMISSION" not
>>>> found; SQL statement:
>>>> SELECT UM_ID, UM_RESOURCE_ID FROM UM_PERMISSION WHERE UM_RESOURCE_ID
>>>> LIKE ? [42102-140]
>>>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
>>>> at org.h2.message.DbException.get(DbException.java:167)
>>>> at org.h2.message.DbException.get(DbException.java:144)
>>>> at org.h2.command.Parser.readTableOrView(Parser.java:4498)
>>>> at org.h2.command.Parser.readTableFilter(Parser.java:1011)
>>>> at org.h2.command.Parser.parseSelectSimpleFromPart(Parser.java:1577)
>>>> at org.h2.command.Parser.parseSelectSimple(Parser.java:1682)
>>>> at org.h2.command.Parser.parseSelectSub(Parser.java:1571)
>>>> at org.h2.command.Parser.parseSelectUnion(Parser.java:1416)
>>>> at org.h2.command.Parser.parseSelect(Parser.java:1404)
>>>> at org.h2.command.Parser.parsePrepared(Parser.java:392)
>>>> at org.h2.command.Parser.parse(Parser.java:275)
>>>> at org.h2.command.Parser.parse(Parser.java:247)
>>>> at org.h2.command.Parser.prepare(Parser.java:201)
>>>> at org.h2.command.Parser.prepareCommand(Parser.java:214)
>>>> at org.h2.engine.Session.prepareLocal(Session.java:434)
>>>> at org.h2.engine.Session.prepareCommand(Session.java:384)
>>>> at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1071)
>>>> at
>>>> org.h2.jdbc.JdbcPreparedStatement.(JdbcPreparedStatement.java:71)
>>>> at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:234)
>>>> at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.ProxyConnection.invoke(ProxyConnection.java:126)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
>>>> at
>>>> org.wso2.carbon.ndatasource.rdbms.ConnectionRollbackOnReturnInterceptor.invoke(ConnectionRollbackOnReturnInterceptor.java:51)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.interceptor.AbstractCreateStatementInterceptor.invoke(AbstractCreateStatementInterceptor.java:67)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.interceptor.ConnectionState.invoke(ConnectionState.java:153)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.TrapException.invoke(TrapException.java:41)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
>>>> at
>>>> org.apache.tomcat.jdbc.pool.DisposableConnectionFacade.invoke(DisposableConnectionFacade.java:80)
>>>> at com.sun.proxy.$P

Re: [Dev] OAuth clientId in SP_INBOUND_AUTH

2015-11-17 Thread Pushpalanka Jayawardhana 
Hi Nuwan,

We have done a immediate fix for the issue(by Darshana) with PR :
https://github.com/wso2/carbon-identity/pull/1432.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, Nov 17, 2015 at 3:30 PM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:

> Hi Nuwan,
>
> We are going forward with not encrypting the consumer key.  Started
> working on this will be tracked via [1].
> There are few more encryption concerns related to session store and
> authorization code storage as well. Will provide the details of the
> approach to be taken ASAP.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-4088
>
> Thanks,
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
> On Tue, Nov 17, 2015 at 10:39 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi IS folks,
>>
>> We talked about avoiding the encryption of the consumer key to avoid the
>> issue originally raised on this mail thread. Are we going ahead with that
>> decision? It still encrypts it on carbon-identity_5.0.2 release.
>>
>> Please note that this results in a blocking issue for the release of API
>> Manager 1.10.0. Therefore we either need to stop encrypting it altogether
>> or find another solution for this problem. And we need it ASAP :)
>>
>> Thanks,
>> NuwanD.
>>
>> On Tue, Oct 20, 2015 at 2:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> When we enable key encryption for OAuth keys, the clientId is encrypted
>>> in the IDN_OAUTH_CONSUMER_APPS table. But it is left in plain text in the
>>> INBOUND_AUTH_KEY column of the SP_INBOUND_AUTH table. This happens in
>>> carbon-identity_4.6.0-M2 release. Should not values in both columns be
>>> encrypted?
>>>
>>> Thanks,
>>> NuwanD.
>>>
>>> --
>>> Nuwan Dias
>>>
>>> Technical Lead - WSO2, Inc. http://wso2.com
>>> email : nuw...@wso2.com
>>> Phone : +94 777 775 729
>>>
>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Technical Lead - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] [IS] [OAuth] Could not generate access token with token encryption

2015-11-17 Thread Pushpalanka Jayawardhana 
Hi Kavitha,

I tried the scenario with both the token processors and it worked fine for
me while encrytpting as expected.
There are no specific configuration needed other than what you have done.

*Note:* After doing the config change in identity.xml we should create a
new Service provider and try. This is because we generate and store the
client id and secret at the time of service provider creation and store.
Changing the token processor after this does not affect the values already
stored in dtabase.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, Nov 17, 2015 at 3:46 PM, Kavitha Subramaniyam <kavi...@wso2.com>
wrote:

> Hi IS team,
>
> I have tried access token generation with token encryption as below and I
> couldn't generate a token: jira raised for this issue[1]
>
> Can you please let me know if there are any more configuration needs to be
> done ?
>
> Steps:
> --
>
> - Modify the configuration for TokenPersistenceProcessor in the
> identity.xml.
> change this
>
> org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor
>
> to this
>
> org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor
>
>
> - Run the server and create a SP
> - Configure OAuth/OpenID connect configuration with OAuth-2.0
> - Try access token generation by curl
>
> curl -v -X POST --basic -u
> jW5fQYoSfdhzrnGVXTjmnPW23EMa:sZ3M13Bjdd3zWvR6vfdE5qaJZjEa -H
> "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d
> "grant_type=password=openid=admin=admin"
> https://localhost:9443/oauth2/token
>
>
>
> There is no description in IS doc for token encryption: a documentation
> jira raised for this[2]
>
>
> [1] https://wso2.org/jira/browse/IDENTITY-4089
>
> [2] https://wso2.org/jira/browse/DOCUMENTATION-2719
>
>
> --
> Kavitha.S
> *Software Engineer -QA*
> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
> kavi...@wso2.com <thili...@wso2.com>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] OAuth clientId in SP_INBOUND_AUTH

2015-11-17 Thread Pushpalanka Jayawardhana 
Hi Nuwan,

We are going forward with not encrypting the consumer key.  Started working
on this will be tracked via [1].
There are few more encryption concerns related to session store and
authorization code storage as well. Will provide the details of the
approach to be taken ASAP.

[1] - https://wso2.org/jira/browse/IDENTITY-4088

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, Nov 17, 2015 at 10:39 AM, Nuwan Dias <nuw...@wso2.com> wrote:

> Hi IS folks,
>
> We talked about avoiding the encryption of the consumer key to avoid the
> issue originally raised on this mail thread. Are we going ahead with that
> decision? It still encrypts it on carbon-identity_5.0.2 release.
>
> Please note that this results in a blocking issue for the release of API
> Manager 1.10.0. Therefore we either need to stop encrypting it altogether
> or find another solution for this problem. And we need it ASAP :)
>
> Thanks,
> NuwanD.
>
> On Tue, Oct 20, 2015 at 2:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi,
>>
>> When we enable key encryption for OAuth keys, the clientId is encrypted
>> in the IDN_OAUTH_CONSUMER_APPS table. But it is left in plain text in the
>> INBOUND_AUTH_KEY column of the SP_INBOUND_AUTH table. This happens in
>> carbon-identity_4.6.0-M2 release. Should not values in both columns be
>> encrypted?
>>
>> Thanks,
>> NuwanD.
>>
>> --
>> Nuwan Dias
>>
>> Technical Lead - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729
>>
>
>
>
> --
> Nuwan Dias
>
> Technical Lead - WSO2, Inc. http://wso2.com
> email : nuw...@wso2.com
> Phone : +94 777 775 729
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Invalid tenant domain in the AUTHZ_USER column of the IDN_OAUTH2_ACCESS_TOKEN table

2015-10-28 Thread Pushpalanka Jayawardhana 
Hi,

This was fixed by Maduranga.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Oct 28, 2015 at 3:45 PM, Nuwan Dias <nuw...@wso2.com> wrote:

> Hi IS folks,
>
> I'm on carbon-identity_4.6.0-SNAPSHOT. When I create tokens using a tenant
> user, the tenant domain of the user gets recorded as carbon.super in the
> AUTHZ_USER column of the IDN_OAUTH2_ACCESS_TOKEN table. Can you please
> check if this has been fixed in the latest branch?
>
> Thanks,
> NuwanD.
>
> --
> Nuwan Dias
>
> Technical Lead - WSO2, Inc. http://wso2.com
> email : nuw...@wso2.com
> Phone : +94 777 775 729
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Identity Server - Customize SAMLSSOAuthenticator

2015-10-21 Thread Pushpalanka Jayawardhana 
Hi John,

Yes we do support customization of SAMLSSOAuthenticator. Ideally your first
approach should have catered for the requirement.
I have replied in stackoverflow.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Oct 21, 2015 at 6:40 PM, John Lee <jhn134...@gmail.com> wrote:

> I've posted details of my problem on stack overflow:
>
> http://stackoverflow.com/questions/33256571/wso2-identity-server-customize-samlssoauthenticator
>
> Asking the same question on this forum, as suspect it may be more
> responsive.
> Is customization of SAMLSSOAuthenticator supported?
>
> Thanks,
> //John.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Removing default service provider from IS 5.1.0 onwards

2015-10-16 Thread Pushpalanka Jayawardhana 
Hi All,

We are to remove default service provider from IS 5.1.0 version.
This default service provider was added in IS 5.0.0 to make the migration
process easier from IS 4.6.0.
This has resulted in few validations been complex and skipped in scenarios.
Eg: OAuth client id
validation for SaaS, non-SaaS applications.

Please raise if you notice any concerns with the $subject.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV][IS] Getting an error when try to rtriw a Oauth token from IS server.

2015-10-07 Thread Pushpalanka Jayawardhana 
Hi,

Optionally, can you try with below command format and check,

curl --user Client_Id:Client_Secret  -k -d
"grant_type=password=admin=admin" -H
"Content-Type:application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa <sachi...@wso2.com>
wrote:

> Hi,
> I am currently using a locally build of IS Server from the latest
> code.When i try to get a OAuth Access token via a curl execution i am
> getting an error.
>
> Curl Format used :
>
> *curl-k-d***
>> *"grant_type=password=userNamepasswork&=**passWord*
>> *=carbon.super"-H"Authorization:Basic*
>> ***Base 64 encoded clientID:clientSecret,Content-Type:*
>> ***application/x-www-form-urlencoded"https://localhost:9443/oauth2/token
>> <https://localhost:9443/oauth2/token>*
>
>
> Actual command :
>
> curl -k -d
>> "grant_type=password=x=x=carbon.super"
>> -H "Authorization: Basic xx,
>> Content-Type: application/x-www-form-urlencoded"
>> https://localhost:9443/oauth2/token
>
>
> Error :
>
> "Error decoding authorization header. Space delimited \"
>> \" format violated."
>
>
>
> Is there is a issue with the curl command i am using here ?
>
> Thanks and Regards.
> Kamidu Sachith Punchihewa
> *Software Engineer*
> WSO2, Inc.
> lean . enterprise . middleware
> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] - Clarification on Duplicate entries in SAML Authentication Response

2015-10-01 Thread Pushpalanka Jayawardhana 
Hi Nadeesha,

The specification[1] mentions  element as optional. Please refer
section "3.2.2 Complex Type StatusResponseType" in the specification.
Also there is sample SAML Response in the section "5.4.6 Example" of the
spec for quick reference.

This issuer element defines who issued the SAML Assertion and in SAML
Response who issued the SAML Response. Hence there is the possibility for
one party to issue the SAML assertion and another party to issue the SAML
Response, seperately signing each element.

[1] - https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Oct 2, 2015 at 10:36 AM, Nadeesha Meegoda <nadees...@wso2.com>
wrote:

> Hi Danushka,
>
> Thanks for the response! I tested this without enabling the response
> signing and assertion signing, but still the saml2:Issuer is duplicated in
> both response and assertion. As per my reading on the saml spec in [1] the
> Response doesn't contain an issuer, only the assertion contains the issuer
> element which is noted in 3.4 Responses section. Please correct me if I'm
> wrong.
>
> Full Response is attached for the above scenario mentioned (  without
> enabling the response signing and assertion signing )
>
> [1] - http://saml.xml.org/saml-specifications
>
> Thanks!
>
> On Thu, Oct 1, 2015 at 8:33 PM, Danushka Fernando <danush...@wso2.com>
> wrote:
>
>> Hi Nadeesha
>> The duplicate entry meant by you is under the saml assertion. Saml
>> response object contains a saml assertion. And when you sign both response
>> and assertion this entry includes into both objects. For more details you
>> can refer to saml spec. [1]
>>
>> [1] http://saml.xml.org/saml-specifications
>>
>> Thanks & Regards
>> Danushka Fernando
>> Senior Software Engineer
>> WSO2 inc. http://wso2.com/
>> Mobile : +94716332729
>>
>>
>> On Oct 1, 2015 7:10 PM, "Nadeesha Meegoda" <nadees...@wso2.com> wrote:
>>
>>> Hi IS team,
>>>
>>> I am testing SAML SSO with travelocity app and when I signed in to the
>>> app I noticed in the SAML authentication response getting duplicate entries
>>> for saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same
>>> response data. Is there a special reason these are duplicated? Just need to
>>> clarify!
>>>
>>> Noted below is the section that is duplicated in the response:
>>>
>>> >>   xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>>>   >mgt.is.wso2.com
>>> http://www.w3.org/2000/09/xmldsig#;>
>>> 
>>> http://www.w3.org/2001/10/xml-exc-c14n#; />
>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1; />
>>> >> URI="#bnlofhdfbehmnhiajimjohbkhepimciajocfmdkl">
>>> 
>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature; />
>>> http://www.w3.org/2001/10/xml-exc-c14n#; />
>>> 
>>> http://www.w3.org/2000/09/xmldsig#sha1; />
>>>
>>> fiOel63mdz3HsEz2JrSbUgBvYDw=
>>> 
>>> 
>>>
>>> VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q=
>>> 
>>> 
>>>
>>> MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc
>>> 
>>> 
>>> 
>>>
>>> Full Response is attached with the mail.
>>>
>>> Highly appreciate an explanation on this!
>>>
>>>
>>> Thanks
>>>
>>> --
>&

Re: [Dev] [IS] [DEV] Getting "localhost" as the saml2:Issuer in SAML authentication response

2015-09-30 Thread Pushpalanka Jayawardhana 
Hi Nadeesha,

This issuer value implies which party issues the SAML request or the
response. If you look at the SAML flow, Authentation request is issued by
the service provider who is requesting the authentication of an entity from
the IDP. SAML Response is issued by the IDP in response to this
authentication request received from SP. Hence the issuer of SAML Response
is the IDP entity ID. In WSO2 Identity Server you can configure this value
under Resident Identity Provider.

For more information refer the SAML2 specification[1], 2.2.5 Element
.

[1] - https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Sep 30, 2015 at 11:48 AM, Nadeesha Meegoda <nadees...@wso2.com>
wrote:

> Hi IS team,
>
> I have configured a SAML SSO service provider (travelocity.com) in tenant
> mode (ymc.com). My IS is running in cluster environment it's
> https://mgt.is.wso2.com. When I was signing in to travelocity.com in the
> SAML AuthnRequest the samlp:issuer is as follows :
>
> 
> travelocity@ymc.com
>
> However in the SAML Response to the authentication request the
> saml2:issuer is as follows:
>
>xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>   >localhost
>
> May I know why the saml2:Issuer is localhost here? Do I need to do more
> configurations to get it right? Can anyone explain please?
>
> I have attached the full authentication request and response with the mail.
>
>
> Thanks
>
> --
> *Nadeesha Meegoda*
> Software Engineer - QA
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
> email : nadees...@wso2.com
> mobile: +94783639540
> <%2B94%2077%202273555>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] "[DEV] [IS] [oauth2] Error occurred for custom grant type

2015-09-28 Thread Pushpalanka Jayawardhana 
Hi Kavitha,

Please replace the existing setAuthorized(String str) method as per below
code. We have changed it to be like setAuthorized(User user) now.

if (username.indexOf(CarbonConstants.DOMAIN_SEPARATOR) < 0 &&
UserCoreUtil.getDomainFromThreadLocal()
!= null && !"".equals(UserCoreUtil.getDomainFromThreadLocal())) { username =
UserCoreUtil.getDomainFromThreadLocal() + CarbonConstants.DOMAIN_SEPARATOR +
username; } tokReqMsgCtx.setAuthorizedUser(OAuth2Util.
getUserFromUserName(username));

[1] -
https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java#L114-#L120

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Sep 28, 2015 at 3:46 PM, Kavitha Subramaniyam <kavi...@wso2.com>
wrote:

> Hi IS team,
>
> I'm getting an error[1] for Oauth2 custom grant type when generating
> access token for grant type-mobile in IS-5.1.0-Alpha and I have noticed
> that there is a resolved jira[2] says that "..fix provides support to add
> custom grant types by allowing to add grant type validators..". I have been
> added custom type following below steps.
> Appreciate if you can look into this issue and clarify for me?
>
> Steps:
> - altered identity.xml by including
> 
> mobile
>
> org.soasecurity.is.oauth.grant.mobile.MobileGrant
>
> org.soasecurity.is.oauth.grant.mobile.MobileGrantValidator
> 
>
> - copied .jar into /repository/components/lib
>  (accessed .jar, MobileGrant and MobileGrantValidator from here:
> https://svn.wso2.org/repos/wso2/people/asela/oauth/custom-grant/)
> - Start server and Created oauth app (here cuss)
> - execute below curl with relavant client_id:client_secret
>
> $ curl --user VmmZNaIRJ0U3Iz_Tanh6uH3go2ga:_yIJQ5lLVfQ_XylSguwE05rDjBYa -k
> -d "grant_type=mobile=0333444" -H "Content-Type:
> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
>
> [2] https://wso2.org/jira/browse/IDENTITY-2925
> [1]
> --
>
> [2015-09-28 14:13:31,916] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  Received a request : /oauth2/token
> [2015-09-28 14:13:31,917] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  --logging request headers.--
> [2015-09-28 14:13:31,917] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  authorization : Basic
> Vm1tWk5hSVJKMFUzSXpfVGFuaDZ1SDNnbzJnYTpfeUlKUTVsTFZmUV9YeWxTZ3V3RTA1ckRqQllh
> [2015-09-28 14:13:31,917] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  user-agent : curl/7.35.0
> [2015-09-28 14:13:31,917] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  host
> : localhost:9443
> [2015-09-28 14:13:31,917] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  accept : */*
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  content-type : application/x-www-form-urlencoded;charset=UTF-8
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  content-length : 38
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  --logging request parameters.--
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  grant_type - mobile
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  client_id - null
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  code
> - null
> [2015-09-28 14:13:31,918] DEBUG
> {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
>  redirect_uri - null
> [2015-09-28 14:13:31,929] DEBUG
> {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Access Token request
> received for Client ID VmmZNaIRJ0U3Iz_Tanh6uH3go2ga, User ID null, Scope :
> [] and Grant Type : mobile
> [2015-09-28 14:13:31,931] DEBUG
> {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler}
> -  Can authenticate with client ID and Secret. Client ID:
> VmmZNaIRJ0U3Iz_Tanh6uH3go2ga
> [2015-09-28 14:13:31,932] DEBUG
> {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.AbstractClientAuthHandler}
> -  Grant type : mobile Strict client validati

Re: [Dev] IS 5.0 - Token endpoint doesn't validate Authorization header

2015-07-16 Thread Pushpalanka Jayawardhana 
Hi Sajith,

Yes, I could also observe the same behavior.
We do validate the authorization header before issuing token, this request
fails if you insert 123 in the middle and gives Client Authentication
failed. error.
I doubt whether there is a cut off done by length. Have to investigate
further.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Thu, Jul 16, 2015 at 1:32 PM, Sajith Kariyawasam saj...@wso2.com wrote:

 Hi all,

 I registered a service provider in IS 5.0 from admin user, and configured
 OAuth.

 Using following curl command I obtained the access token
 curl -k -d grant_type=passwordusername=adminpassword=admin -H
 Authorization: Basic
 *Z3hqMUs3MGxmU0lweEc0M2xhMnplbUZ4ZGtVYTpDVWhsUXl5NTJsbTYwVFlQUndlUzRYUVlGWHdh*,
 Content-Type: application/x-www-form-urlencoded
 https://localhost:9445/oauth2/token

 {token_type:bearer,expires_in:3299,refresh_token:ec7fe1ba34d96255b9a4c2d68f25a728,access_token:bdc812ca2cb1a554e911a5c7bb1930}

 Thereafter I issued the same command with the Authorization header value
 modified. (Appended 123)

 curl -k -d grant_type=passwordusername=adminpassword=admin -H
 Authorization: Basic
 *Z3hqMUs3MGxmU0lweEc0M2xhMnplbUZ4ZGtVYTpDVWhsUXl5NTJsbTYwVFlQUndlUzRYUVlGWHdh123*,
 Content-Type: application/x-www-form-urlencoded
 https://localhost:9445/oauth2/token

 But still the access token was returned without an issue

  
 {token_type:bearer,expires_in:2031,refresh_token:ec7fe1ba34d96255b9a4c2d68f25a728,access_token:bdc812ca2cb1a554e911a5c7bb1930}

 Shouldn't this validate the Authorization header value and throw an
 exception?

 Thanks,
 Sajith

 --
 Sajith Kariyawasam
 *Committer and PMC member, Apache Stratos, *
 *WSO2 Inc.; http://wso2.com http://wso2.com*
 *Mobile: 0772269575 0772269575*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Introduce new table to the embedded database

2015-06-15 Thread Pushpalanka Jayawardhana 
Hi Damith,

All the required tables are created through the scripts located at
'wso2is-5.0.0/dbscripts/'. Usually these IDN_* tables reside in identity
data-source, created with the scripts at
'wso2is-5.0.0/dbscripts/identity/'. When introducing a new table to a data
source, you should
- include the create table query in all the relevant script types (It's not
enough just to add this in H2. Should include in all the scripts for the
database types we support (MySQL, MSSQL etc..))
- should wait for identity.core to be active, in your feature, as that is
the component which initialize the database for identity data source.

Hope this helps.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Jun 15, 2015 at 11:50 AM, Damith Senanayake dami...@wso2.com
wrote:

 Hi,

 I am trying to implement a new feature and I need to introduce a new table
 to the embedded database. (namely, IDN_UID_USER).


 What is the normal way to properly do this rather than logging into the H2
 Console through the web interface?

 Thanks in advance
 --
 *-Damith Senanayake-*
 +94712205272

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Writing a custom user store manager for JIT Provisioning - without user passwords

2015-06-11 Thread Pushpalanka Jayawardhana 
Hi Suhan,

Since you are anyway customizing the user store manager, you can modify the
addUser method functionality to accept an empty password and generate a
random password within the method.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Thu, Jun 11, 2015 at 10:31 AM, Suhan Dharmasuriya suh...@wso2.com
wrote:

 Hi,

 [image: Inline image 1]

 I will be using JIT provisioning such that the WSO2 IS will be connected
 to an external
 IdP.
 I want to perform actions more than simply inserting claims to the user
 store.
 Goal is to connect already existing user data which we already have in our
 system
 into user profiles.
 Therefore I want to extend the IS functionality by writing a custom user
 store manager.

 How ever we will not be given passwords for JIT provisioned users.

 When considering user store managers these are at the lowest level.
 As per the design, at this level IS is expecting a password value in this
 scenario.
 In SCIM protocol connector level when there is no password, IS generates a
 random password and pass to the user store manager level.

 protected String getPassword(MapClaimMapping, ListString attributeMap)
 {
 ListString claimValue =
 ProvisioningUtil.getClaimValues(attributeMap,
 IdentityProvisioningConstants.PASSWORD_CLAIM_URI,
 getUserStoreDomainName());

 if (claimValue != null  claimValue.size()  0 
 claimValue.get(0) != null) {
 return claimValue.get(0);
 }

 return UUID.randomUUID().toString();

 }

 Therefore in our custom user store manager when we try to add users
 with empty passwords we are getting an exception.

 How can we configure our custom user store to accept empty passwords?
 What is the best way to do this?

 Thanks,
 Suhan


 --
 Suhan Dharmasuriya
 Software Engineer - Test Automation

 *WSO2, Inc. *

 lean . enterprise . middleware
 Tel: +94 112 145345
 Mob: +94 779 869138
 Blog: http://suhan-opensource.blogspot.com/

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] What should be the 3rd parameter of login in AuthenticationAdminStub?

2015-05-26 Thread Pushpalanka Jayawardhana 
Hi Sajith,

It should be either hostname/ip-address or OK to send in value null so that
internally it gets the originated IP address from message context.
Updated the linked doc with 'null' value passed in. This will work.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, May 26, 2015 at 1:36 PM, Sajith Ravindra saji...@wso2.com wrote:

 Hi IS Team,

 I was referring [1] and when going through the code sample provided I
 noticed that the 3rd parameter passed to the login of
 AuthenticationAdminStub is not hostname/ip-address of the client.

 authstub.login(admin, admin, APP_ID)

 Is this correct? If it's not hostname/ip-address what should be it?

 Please advice.

 [1] -
 https://docs.wso2.com/display/IS510/Managing+Users+and+Roles+with+APIs

 Thanks
 *,Sajith Ravindra*
 Senior Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: +94 77 2273550
 blog: http://sajithr.blogspot.com/
 http://lk.linkedin.com/pub/shani-ranasinghe/34/111/ab

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] OAuth issues

2015-05-17 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, May 18, 2015 at 10:28 AM, Ishara Karunarathna isha...@wso2.com
wrote:

 Hi Harshan,

 This works fine for me too,
 Could you please enable debug on
 org.wso2.carbon.identity.oauth2.token


Also please check for the following config in identity.xml under OAuth tag

ClientAuthHandlers

 
ClientAuthHandlerImplClassorg.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler/ClientAuthHandlerImplClass
/ClientAuthHandlers


 and try.

 Thanks,
 Ishara

 On Mon, May 18, 2015 at 10:24 AM, Sumedha Rubasinghe sume...@wso2.com
 wrote:

 Try this:

 curl --user ZCY3QCNjK9ujtKXoMzSjltPdVFga:RQvI0o1z8NwdYS9I2y35pwptMp4a -k
 -d grant_type=passwordusername=adminpassword=adminscope=openid -H
 Content-Type: application/x-www-form-urlencoded
 https://localhost:9443/oauth2/token



 On Mon, May 18, 2015 at 10:12 AM, Harshan Liyanage hars...@wso2.com
 wrote:

 Yes.

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 On Mon, May 18, 2015 at 10:11 AM, Sumedha Rubasinghe sume...@wso2.com
 wrote:

 Is your client credentials constructed like following?

 Base64encode (consumer Key:consumer secret)?


 On Mon, May 18, 2015 at 9:49 AM, Harshan Liyanage hars...@wso2.com
 wrote:

 Hi Sumedha,

 We tried it also. But it didn't work and giving the same issue.

 Thanks,

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 On Mon, May 18, 2015 at 9:47 AM, Sumedha Rubasinghe sume...@wso2.com
 wrote:

 Try sending without scope=openid.

 On Sat, May 16, 2015 at 6:22 AM, Prabath Abeysekera 
 praba...@wso2.com wrote:

 IS Team,

 Please review the issues reported below and see if you could help us
 resolving them. Appreciate if we can get some feedback on this some time
 soon.

 Cheers,
 Prabath

 On Fri, May 15, 2015 at 8:57 PM, Harshan Liyanage hars...@wso2.com
 wrote:

 Hi Guys,

 *Issue 1*

 When calling the token endpoints to generate oauth tokens using
 curl, i'm getting a unsupported_client_authentication_method 
 exception.
 Please find the request  response below.

 Request
 curl -v -X POST -H Authorization: Basic
 WkNZM1FDTmpLOXVqdEtYb016U2psdFBkVkZnYTpSUXZJMG8xejhOd2RZUzlJMnkzNXB3cHRNcDRh
 -k -d grant_type=passwordusername=adminpassword=adminscope=openid 
 -H
 Content-Type:application/x-www-form-urlencoded
 https://localhost:9443/oauth2/token

 Response
 {error:unsupported_client_authentication_method,error_description:Unsupported
 Client Authentication Method!}

 OAuth Debug logs
 [2015-05-15 20:32:30,103] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 Received a request : /oauth2/token
 [2015-05-15 20:32:30,103] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 --logging request headers.--
 [2015-05-15 20:32:30,104] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 user-agent : curl/7.37.1
 [2015-05-15 20:32:30,104] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  
 host
 : localhost:9763
 [2015-05-15 20:32:30,104] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 accept : */*
 [2015-05-15 20:32:30,104] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 authorization : Basic
 WkNZM1FDTmpLOXVqdEtYb016U2psdFBkVkZnYTpSUXZJMG8xejhOd2RZUzlJMnkzNXB3cHRNcDRh
 [2015-05-15 20:32:30,105] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 content-type : application/x-www-form-urlencoded
 [2015-05-15 20:32:30,105] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 content-length : 62
 [2015-05-15 20:32:30,105] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 --logging request parameters.--
 [2015-05-15 20:32:30,105] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 grant_type - password
 [2015-05-15 20:32:30,106] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 client_id - null
 [2015-05-15 20:32:30,106] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  
 code
 - null
 [2015-05-15 20:32:30,106] DEBUG
 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -
 redirect_uri - null
 [2015-05-15 20:32:30,107] DEBUG
 {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Access Token request
 received for Client ID ZCY3QCNjK9ujtKXoMzSjltPdVFga, User ID admin, 
 Scope :
 [Ljava.lang.String;@1ff58e2a

Re: [Dev] Scopes validation issue when Using WSO2 Identity Server as a Key Manager

2015-02-23 Thread Pushpalanka Jayawardhana 
Hi,

It seems we have missed to do this update yet.
Shall we do this asap.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Sun, Jan 25, 2015 at 9:46 AM, Nuwan Dias nuw...@wso2.com wrote:

 Yes, its the correct configuration. We need to update the IS as KM doc.

 Thanks,
 NuwanD.

 On Sun, Jan 25, 2015 at 6:44 AM, Nuwan Wimalasekara nuw...@wso2.com
 wrote:

 Hi

 I configured WSO2 Identity Server 5.0.0 as Key manager as the
 documentation[1]. The I created a API with api scope in WSO2 AM 1.7.0.
 However when generating the access token with the given scope It generate
 the access token for the given scope. But When invoking the API, There is
 no scope validation in identity server. I could invoke other resources
 having different scope.

 When looking at the identity.xml in identity server, I figured out below
 OAuthScopeValidator  configuration is missing in identity.xml. I added
 below configuration, Then scopes are validating properly. This is not
 mentioned even in the doc[1]

 OAuthScopeValidator
 class=org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator/

 @IS Team, AM Team,
 Can you confirm above is the correct configuration in Identity server to
 validate the API Scope ?

 [1]
 https://docs.wso2.com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the+Key+Manager

 Thanks,
 Nuwanw

 --
 Nuwan Wimalasekara
 Senior Software Engineer - Test Automation
 WSO2, Inc.: http://wso2.com
 lean. enterprise. middleware

 phone: +94 71 668 4620






 --
 Nuwan Dias

 Associate Tech Lead - WSO2, Inc. http://wso2.com
 email : nuw...@wso2.com
 Phone : +94 777 775 729

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Is there any osgi service to generate the OAuth token

2015-02-18 Thread Pushpalanka Jayawardhana 
Hi Gihan,

org.wso2.carbon.identity.oauth2.OAuth2Service has a method named
' public OAuth2AccessTokenRespDTO issueAccessToken(OAuth2AccessTokenReqDTO
tokenReqDTO)'.

Hope you can use it.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Thu, Feb 19, 2015 at 11:40 AM, Gihan Anuruddha gi...@wso2.com wrote:

 Hi All,

 $subject apart from oauth2/token REST endpoint?

 Regards,
 Gihan

 --
 W.G. Gihan Anuruddha
 Senior Software Engineer | WSO2, Inc.
 M: +94772272595

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Is there any osgi service to generate the OAuth token

2015-02-18 Thread Pushpalanka Jayawardhana 
Hi Gihan,

It depends on the grant type we use.
Basically, client ID should be there. You can get idea about the required
parameters from the cURL commands mentioned at [1] for each grant type.

[1] - https://docs.wso2.com/display/AM180/Token+API

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Thu, Feb 19, 2015 at 12:02 PM, Gihan Anuruddha gi...@wso2.com wrote:

 Thanks Pushpalanka. Can you please tell me what are the mandatory setter
 methods that need to fill in the OAuth2AccessTokenReqDTO class?

 Regards,
 Gihan

 On Thu, Feb 19, 2015 at 11:47 AM, Pushpalanka Jayawardhana la...@wso2.com
  wrote:

 Hi Gihan,

 org.wso2.carbon.identity.oauth2.OAuth2Service has a method named
 ' public OAuth2AccessTokenRespDTO
 issueAccessToken(OAuth2AccessTokenReqDTO tokenReqDTO)'.

 Hope you can use it.

 Thanks,
 Pushpalanka.
 --
 Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
 Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
 Mobile: +94779716248
 Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
 lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


 On Thu, Feb 19, 2015 at 11:40 AM, Gihan Anuruddha gi...@wso2.com wrote:

 Hi All,

 $subject apart from oauth2/token REST endpoint?

 Regards,
 Gihan

 --
 W.G. Gihan Anuruddha
 Senior Software Engineer | WSO2, Inc.
 M: +94772272595





 --
 W.G. Gihan Anuruddha
 Senior Software Engineer | WSO2, Inc.
 M: +94772272595

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Internal user roles are added/shown twice for users

2015-02-17 Thread Pushpalanka Jayawardhana 
Hi Nuwan,

I couldn't reproduce the error with IS 5.0.0 default pack. Is this after
the SP-01 applied or do you have any specific steps?

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Feb 18, 2015 at 3:46 AM, Nuwan Wimalasekara nuw...@wso2.com wrote:

 Hi
 I am getting this issue in Identity Server 5.0.0 as well. Is there any
 workaround to get rid of this issue

 Thanks,
 Nuwanw

 On Tue, Feb 17, 2015 at 5:18 AM, Lakmali Baminiwatta lakm...@wso2.com
 wrote:

 Hi IS team,

 In the latest APPM and APIM packs, if we create a user by assigning an
 Internal role, it lists the same role twice when viewing the roles of that
 user. This is reported in [1].

 Can you please have a look?

 [1] https://wso2.org/jira/browse/APPM-333

 Thanks,
 Lakmali
 https://wso2.org/jira/browse/APPM-333

 --
 Lakmali Baminiwatta
  Senior Software Engineer
 WSO2, Inc.: http://wso2.com
 lean.enterprise.middleware
 mobile:  +94 71 2335936
 blog : lakmali.com


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Nuwan Wimalasekara
 Senior Software Engineer - Test Automation
 WSO2, Inc.: http://wso2.com
 lean. enterprise. middleware

 phone: +94 71 668 4620




 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Secondary userstore] [UI] Disabled parameter is marked as mandatory with a checkbox to tick

2015-02-16 Thread Pushpalanka Jayawardhana 
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Feb 16, 2015 at 4:04 PM, Johann Nallathamby joh...@wso2.com wrote:

 But what about the backend? I guess it is still needed and we can have it
 under optional properties right ?

 On Mon, Feb 16, 2015 at 3:48 PM, Pushpalanka Jayawardhana la...@wso2.com
 wrote:

 Hi All,

 We have taken disable/enable functionality for user stores out into
 Listing space.
 Hence we can totally remove this property from listing in UI under
 properties. (Still we need the above modification)

 Yes, exactly that's what I wanted to mean here.


 Thanks,
 Pushpalanka.
 --
 Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
 Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
 Mobile: +94779716248
 Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
 lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


 On Mon, Feb 16, 2015 at 3:36 PM, Chanuka Dissanayake chan...@wso2.com
 wrote:

 Hi Johann,

 Following diff is the fix in user.core, and UI will be automatically
 populated accordingly.

 -
 setMandatoryProperty(UserStoreConfigConstants.disabled,Disabled,false,UserStoreConfigConstants.disabledDescription,
 false);

 +
 setProperty(UserStoreConfigConstants.disabled,Disabled,false,
 UserStoreConfigConstants.disabledDescription);

 Above fix was done only for 
 org.wso2.carbon.user.core.ReadWriteLDAPUserStoreManager,
 same can be done for ReadOnlyLDAPUserStoreManager.

 Apart from that same issue is there in
 org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager and
 org.wso2.carbon.identity.user.store.remote.CarbonRemoteUserStoreManager.
 Along with this, I will fix those as well and send the pull request.

 Thanks,
 Chanuka.

 On Mon, Feb 16, 2015 at 1:13 PM, Johann Nallathamby joh...@wso2.com
 wrote:

 [adding Pushpalanka to the thread]

 Why is disabled in mandadatory list in the backend. It can be optional.
 Default is 'enabled'.

 Can you explain. If there is not proper reason I think we can fix
 backend as well as front end correctly.

 Thanks.

 On Mon, Feb 16, 2015 at 12:55 PM, Chanuka Dissanayake chan...@wso2.com
  wrote:

 Hi Johann,

 I looked into this issue and found the followings,

 This Disabled property is in a property list named mandatories in
 the userstore-config.jsp file in
 org.wso2.carbon.identity.user.store.configuration.ui component. It
 retrieves the mandatory properties list by calling
 the 
 UserStoreManagerRegistry.getUserStoreProperties(userStoreClass).getMandatoryProperties()
 method in user.core.

 In the backend, this Disabled property is a mandatory property and
 it is correct. In the UI, having the red color asterisk for the checkbox
 may confuse the user where it suggests like it is mandatory to select the
 checkbox.

 However we don't need to change the backend code since it is correct.
 In UI, in order to remove the asterisk, a solution would be to remove this
 property from mandatory properties list and adding it to optional
 properties list. Should we proceed with this approach ?

 Thanks
 Chanuka

 On Fri, Feb 13, 2015 at 10:36 PM, Tharindu Edirisinghe 
 tharin...@wso2.com wrote:

 Hi Nirodha,

 Thanks for pointing this out. We'll get this fixed.

 Regards,
 TharinduE

 On Fri, Feb 13, 2015 at 5:53 PM, Nirodha Pramod niro...@wso2.com
 wrote:

 Hi,

 Please see the jira [1]. In the secondary userstore UI , the user is
 sort of asked to mark the newly created userstore as disabled, by 
 making it
 mandatory with a checkbox. Usually in UI forms a single checkbox field 
 is
 not marked as mandatory which makes no sense. So this disabled parameter
 should go as an optional.

 [1] https://wso2.org/jira/browse/IDENTITY-3048

 Thanks,
 Nirodha

 --

 *Nirodha Gallage*
 Senior Software Engineer, QA.
 WSO2 Inc.: http://wso2.com/
 Mobile: +94716429078

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --

 Tharindu Edirisinghe
 Software Engineer | WSO2 Inc
 Identity Server Team
 mobile : +94 775 181586

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Chanuka Dissanayake
 *Software Engineer | **WSO2 Inc.*; http://wso2.com

 Mobile: +94 71 33 63 596
 Email: chan...@wso2.com




 --
 Thanks  Regards,

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com*




 --
 Chanuka Dissanayake
 *Software Engineer | **WSO2 Inc.*; http://wso2.com

 Mobile: +94 71 33 63 596
 Email: chan...@wso2.com





 --
 Thanks  Regards,

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2

Re: [Dev] [Secondary userstore] [UI] Disabled parameter is marked as mandatory with a checkbox to tick

2015-02-16 Thread Pushpalanka Jayawardhana 
Hi All,

We have taken disable/enable functionality for user stores out into Listing
space.
Hence we can totally remove this property from listing in UI under
properties. (Still we need the above modification)

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Mon, Feb 16, 2015 at 3:36 PM, Chanuka Dissanayake chan...@wso2.com
wrote:

 Hi Johann,

 Following diff is the fix in user.core, and UI will be automatically
 populated accordingly.

 -
 setMandatoryProperty(UserStoreConfigConstants.disabled,Disabled,false,UserStoreConfigConstants.disabledDescription,
 false);

 +setProperty(UserStoreConfigConstants.disabled,Disabled,false,
 UserStoreConfigConstants.disabledDescription);

 Above fix was done only for 
 org.wso2.carbon.user.core.ReadWriteLDAPUserStoreManager,
 same can be done for ReadOnlyLDAPUserStoreManager.

 Apart from that same issue is there in
 org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager and
 org.wso2.carbon.identity.user.store.remote.CarbonRemoteUserStoreManager.
 Along with this, I will fix those as well and send the pull request.

 Thanks,
 Chanuka.

 On Mon, Feb 16, 2015 at 1:13 PM, Johann Nallathamby joh...@wso2.com
 wrote:

 [adding Pushpalanka to the thread]

 Why is disabled in mandadatory list in the backend. It can be optional.
 Default is 'enabled'.

 Can you explain. If there is not proper reason I think we can fix backend
 as well as front end correctly.

 Thanks.

 On Mon, Feb 16, 2015 at 12:55 PM, Chanuka Dissanayake chan...@wso2.com
 wrote:

 Hi Johann,

 I looked into this issue and found the followings,

 This Disabled property is in a property list named mandatories in
 the userstore-config.jsp file in
 org.wso2.carbon.identity.user.store.configuration.ui component. It
 retrieves the mandatory properties list by calling
 the 
 UserStoreManagerRegistry.getUserStoreProperties(userStoreClass).getMandatoryProperties()
 method in user.core.

 In the backend, this Disabled property is a mandatory property and it
 is correct. In the UI, having the red color asterisk for the checkbox may
 confuse the user where it suggests like it is mandatory to select the
 checkbox.

 However we don't need to change the backend code since it is correct. In
 UI, in order to remove the asterisk, a solution would be to remove this
 property from mandatory properties list and adding it to optional
 properties list. Should we proceed with this approach ?

 Thanks
 Chanuka

 On Fri, Feb 13, 2015 at 10:36 PM, Tharindu Edirisinghe 
 tharin...@wso2.com wrote:

 Hi Nirodha,

 Thanks for pointing this out. We'll get this fixed.

 Regards,
 TharinduE

 On Fri, Feb 13, 2015 at 5:53 PM, Nirodha Pramod niro...@wso2.com
 wrote:

 Hi,

 Please see the jira [1]. In the secondary userstore UI , the user is
 sort of asked to mark the newly created userstore as disabled, by making 
 it
 mandatory with a checkbox. Usually in UI forms a single checkbox field is
 not marked as mandatory which makes no sense. So this disabled parameter
 should go as an optional.

 [1] https://wso2.org/jira/browse/IDENTITY-3048

 Thanks,
 Nirodha

 --

 *Nirodha Gallage*
 Senior Software Engineer, QA.
 WSO2 Inc.: http://wso2.com/
 Mobile: +94716429078

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --

 Tharindu Edirisinghe
 Software Engineer | WSO2 Inc
 Identity Server Team
 mobile : +94 775 181586

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Chanuka Dissanayake
 *Software Engineer | **WSO2 Inc.*; http://wso2.com

 Mobile: +94 71 33 63 596
 Email: chan...@wso2.com




 --
 Thanks  Regards,

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com*




 --
 Chanuka Dissanayake
 *Software Engineer | **WSO2 Inc.*; http://wso2.com

 Mobile: +94 71 33 63 596
 Email: chan...@wso2.com

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Tenant creation issue with Active Directory

2015-02-10 Thread Pushpalanka Jayawardhana 
Hi Asanthi,

This has been detected previously as well.
Please refer the thread [Dev] Multi Tenant support with Active Directory
and public jira [1].

[1] - https://wso2.org/jira/browse/IDENTITY-2791

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, Feb 10, 2015 at 5:15 PM, Asanthi Kulasinghe asan...@wso2.com
wrote:

 Hi,

 We have setup  ESB 4.9.0 with Active Directory as the user store.

 The following have been updated accordingly.
 1. user-mgt.xml
 2. 'RootPartition' property in tenant-mgt.xml

 Error [1] is logged when creating a tenant. The tenant is created in the
 inactive mode. Certain tenant details are not saved ( tenant password /
 first name/ last name )

 Error [2] occurs in the attempt to update  tenant details. Therefore it is
 not possible even to update and login to the tenant.

 Does anyone have an idea of what could be causing this issue?  Are there
 any configuration changes we need to make apart from the above?


 *[1]
 *

 TID: [-1234] [] [2015-02-10 11:16:55,048] ERROR
 {org.wso2.carbon.tenant.mgt.ui.utils.TenantMgtUtil} -  Failed to add tenant
 config. tenant-domain: testtenant.com, tenant-admin: testtenant.
 {org.wso2.carbon.tenant.mgt.ui.utils.TenantMgtUtil}
 org.wso2.carbon.tenant.mgt.stub.TenantMgtAdminServiceExceptionException:
 TenantMgtAdminServiceExceptionException
 at java.lang.J9VMInternals.newInstanceImpl(Native Method)
 at java.lang.Class.newInstance(Class.java:1774)
 at
 org.wso2.carbon.tenant.mgt.stub.TenantMgtAdminServiceStub.addTenant(TenantMgtAdminServiceStub.java:2743)
 at
 org.wso2.carbon.tenant.mgt.ui.clients.TenantServiceClient.addTenant(TenantServiceClient.java:90)
 at
 org.wso2.carbon.tenant.mgt.ui.utils.TenantMgtUtil.addTenantConfigBean(TenantMgtUtil.java:67)
 at
 org.apache.jsp.tenant_002dmgt.submit_005ftenant_005fajaxprocessor_jsp._jspService(submit_005ftenant_005fajaxprocessor_jsp.java:136)
 at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
 at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
 at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
 at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at
 org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
 at
 org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
 at
 org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
 at
 org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at
 org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at
 org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
 at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
 at
 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
 at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
 at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
 at
 org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:183)
 at
 org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
 at
 org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:146)
 at
 org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159

Re: [Dev] [ES] Tenant couldn't login to publisher when SSO is enabled with IS

2015-01-23 Thread Pushpalanka Jayawardhana 
Hi Ruchira,

There is property introduced in IS 5.0.0 called 
UseAuthenticatedUserDomainCrypto to make it backward compatible.
Below link has a description of it's usage.

[1] - https://docs.wso2.com/display/IS500/Configuring+identity.xml

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Jan 23, 2015 at 3:02 PM, Ruchira Wageesha ruch...@wso2.com wrote:

 Hi Kasun,

 I worked with Senduran and it seemed like a certificate mismatch. AFAICR,
 due to the latest changes in IS code base, the tenant key store is used
 during SSO. Hence, ES, which is based on newer IS code expects tenants
 certs to be used where IS 5.0 expects super-tenant certs to be used. AFAIK,
 I think, this should be the issue here.

 Hence, can somebody from IS team verify my doubt please?

 @Kasun/Senduran,

 If it is my doubt, then you will have to use it with an IS pack which has
 that change.

 On Fri, Jan 23, 2015 at 1:58 PM, Kasun Indrasiri ka...@wso2.com wrote:

 Hi ES team,

 We have spent quite a lot of time on this issue but haven't found a
 resolution yet. This will be a blocker for ES as well as iPaaS milestones.
  Can we get somebody from ES team to look in to this ASAP please?

 On Wed, Jan 21, 2015 at 8:39 AM, Senduran Balasubramaniyam 
 sendu...@wso2.com wrote:

 Hi Sameera,

 Unfortunately the exception is still there, I tried as you instructed.
 What I guess is if a tenant is logged in ES is trying to verify the
 signature against the tenant's specific keystore, while IS consider the
 wso2carbon keystore
 Is there any configuration in ES to check with the wso2carbon keystore
 even for the tenant ?

 Thank you
 Senduran

 On Tue, Jan 20, 2015 at 9:07 PM, Sameera Medagammaddegedara 
 samee...@wso2.com wrote:

 Hi Senduran,

 Can we try the following:

 Export the primary key of the IS:

 keytool -export -keystore wso2carbon.jks -alias wso2carbon -file
 wso2.cert

 Then import the certificate to the tenant's key store

 (Home  Configure  KeyStores  Import Certificates To)


 Thank You,
 Sameera


 On Tue, Jan 20, 2015 at 6:43 AM, Senduran Balasubramaniyam 
 sendu...@wso2.com wrote:

 Hi,

 I debugged the org.wso2.store.sso.common.util.Util
 (product-es/modules/components/sso-common). Also I attached
 xmltooling-1.3.1-sources.jar and xmlsec-1.5.5-sources.jar to get the
 complete executing code.

 I compared the signingCert  variable (in the
 org.wso2.store.sso.common.util.X509CredentialImpl) when I log in as a
 tenant
 If I log in to ES's management console the subject of the certificate
 is *CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US*
 but when I log in to the publisher as the same tenant the subject of
 the certificate is *C=None, O=None L=None, OU=None, CN=istenant.com
 http://istenant.com*

 Please note that in the above both scenarios I am logging as a Tenant
 and when I try to log in to publisher the signature is trying to validate
 against the tenant specific certificate,
 Is this causing the  org.opensaml.xml.validation.ValidationException:
 Signature did not validate against the credential's key exception ?

 Thanks
 Senduran

 On Mon, Jan 19, 2015 at 11:31 PM, Senduran Balasubramaniyam 
 sendu...@wso2.com wrote:

 Hi,

 Thanks Malithi for the response.
 I tried, un-checking the Enable Response Signing , but even when I
 login as admin I got the following exception
 java.lang.NullPointerException
 at
 org.opensaml.xml.signature.SignatureValidator.buildSignature(SignatureValidator.java:91)
 at
 org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:55)
 at
 org.wso2.store.sso.common.util.Util.validateSignature(Util.java:290)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 .
 What I am missing here ?


 @ES Team, could you please help me on how to import the public
 certificate of a tenant to the publisher's key store. Where can I find 
 the
 tenant's public certificate

 Thank you
 Senduran



 On Mon, Jan 19, 2015 at 8:10 PM, Malithi Edirisinghe 
 malit...@wso2.com wrote:

 Hii Senduran,

 There's a separate primary keystore generated for the tenant. Since
 you have enabled response signing also, the service provider that you 
 have
 registered should know the public key of the IdP in order to validate.
 Hence, the service provider should have the public key of the IdP in
 it's keystore and validate the signature acquiring the respective 
 alias. So
 in this case I think that you should import the public cert of the
 respective tenant to your publisher's keystore.

 Thanks,
 Malithi.

 On Mon, Jan 19, 2015 at 12:35 PM, Senduran Balasubramaniyam 
 sendu...@wso2.com wrote:

 Hi,

 I am experiencing $subject, with ES 2.0.0 M5. Following are the
 changes I made to configure SSO.

- Shared registry and user database between ES and IS
- In ES's user

Re: [Dev] Service Provides are listed for pearticular users, not for tenanat in WSO2 Identity server

2015-01-22 Thread Pushpalanka Jayawardhana 
Hi Nuwan,

There is an internal role created for each service provider we register. In
order see this service provider in  the list, user should be allocated to
this role.

Thanks,
Pushpalanka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Cipher Tool] Persist the Key Store Password Permanently

2014-12-12 Thread Pushpalanka Jayawardhana 
Hi,

If this file is named 'password-persist', it will not be deleted.

[1] -
http://ajithvblogs.blogspot.com/2014/01/secure-custom-properties-file-using.html

Note:~ This temp file(password-tmp) will be delete after the server
started. It implied that you have to create that file for every restart.
But if you think your deployment system is secured, then create that temp
file name having password-persist, that file will be remain even after
the server started. Therefore  you don't need to create  for each restart.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Dec 12, 2014 at 5:05 PM, Isuru Haththotuwa isu...@wso2.com wrote:

 Hi,

 Is it possible to $subject, for the key store that is used to encrypt the
 plain text passwords? Currently AFAIU its stored in a temporary file, which
 will get deleted after the carbon server started.

 --
 Thanks and Regards,

 Isuru H.
 +94 716 358 048* http://wso2.com/*



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Cassandra User Store Manager - Code review

2014-10-15 Thread Pushpalanka Jayawardhana 
Hi Shani,

Ideally custom user store manager should be get appeared in the User Store
Configuration UI of the Mgt-console.
For this you should properly pack it into an OSGI bundle. You can refer [1]
to capture how to do this.

Please also note that we should define what are expected properties from
administrator in order to configure this user store. You should override
the method 'getDefaultUserStoreProperties' method and define these.

Other than that this looks fine.

[1] -
https://docs.wso2.com/display/IS500/Writing+a+Custom+User+Store+Manager

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Wed, Oct 15, 2014 at 5:38 PM, Shani Ranasinghe sh...@wso2.com wrote:

 Hi All,
 I have made some improvements to the cassandra queries in the class.
 Attached is the modified version. Basically I got rid of RangeSliceQueries
 and used other types of queries in instances when I could.

 On Wed, Oct 15, 2014 at 2:20 PM, Shani Ranasinghe sh...@wso2.com wrote:

 Hi,

 I have also attached the full source of the jar.

 On Wed, Oct 15, 2014 at 2:17 PM, Shani Ranasinghe sh...@wso2.com wrote:

 Please find the keyspace schema for the user store.

 CREATE TABLE UM_USER (
   KEY blob PRIMARY KEY
 ) WITH
   comment='' AND
   comparator=blob AND
   read_repair_chance=0.00 AND
   gc_grace_seconds=0 AND
   default_validation=blob AND
   min_compaction_threshold=4 AND
   max_compaction_threshold=32 AND
   replicate_on_write='false' AND
   compaction_strategy_class='SizeTieredCompactionStrategy' AND
   compression_parameters:sstable_compression='SnappyCompressor';

 CREATE TABLE UM_USER_ROLE (
   KEY blob PRIMARY KEY
 ) WITH
   comment='' AND
   comparator=blob AND
   read_repair_chance=0.00 AND
   gc_grace_seconds=0 AND
   default_validation=blob AND
   min_compaction_threshold=4 AND
   max_compaction_threshold=32 AND
   replicate_on_write='false' AND
   compaction_strategy_class='SizeTieredCompactionStrategy' AND
   compression_parameters:sstable_compression='SnappyCompressor';

 CREATE TABLE UM_ROLE_USER_INDEX (
   KEY blob PRIMARY KEY
 ) WITH
   comment='' AND
   comparator=blob AND
   read_repair_chance=0.00 AND
   gc_grace_seconds=0 AND
   default_validation=blob AND
   min_compaction_threshold=4 AND
   max_compaction_threshold=32 AND
   replicate_on_write='false' AND
   compaction_strategy_class='SizeTieredCompactionStrategy' AND
   compression_parameters:sstable_compression='SnappyCompressor';

 CREATE TABLE UM_ROLE (
   KEY blob PRIMARY KEY
 ) WITH
   comment='' AND
   comparator=blob AND
   read_repair_chance=0.00 AND
   gc_grace_seconds=0 AND
   default_validation=blob AND
   min_compaction_threshold=4 AND
   max_compaction_threshold=32 AND
   replicate_on_write='false' AND
   compaction_strategy_class='SizeTieredCompactionStrategy' AND
   compression_parameters:sstable_compression='SnappyCompressor';

 CREATE TABLE UM_USER_ATTRIBUTE (
   KEY blob PRIMARY KEY
 ) WITH
   comment='' AND
   comparator=blob AND
   read_repair_chance=0.00 AND
   gc_grace_seconds=0 AND
   default_validation=blob AND
   min_compaction_threshold=4 AND
   max_compaction_threshold=32 AND
   replicate_on_write='false' AND
   compaction_strategy_class='SizeTieredCompactionStrategy' AND
   compression_parameters:sstable_compression='SnappyCompressor';


 On Wed, Oct 15, 2014 at 2:15 PM, Deependra Ariyadewa d...@wso2.com
 wrote:

 @Shani Please share the user mgt schema.

 On Wed, Oct 15, 2014 at 12:37 PM, Prabath Abeysekera praba...@wso2.com
  wrote:

 If that's the case please get Deep/Bhathiya to do a quick review on
 the Cassandra related aspects of this. We can probably go for a much
 organized code review later.

 Cheers,
 Prabath

 On Wed, Oct 15, 2014 at 12:32 PM, Shani Ranasinghe sh...@wso2.com
 wrote:

 Hi Prabath,

 Actually this is quite urgent as this needs to be shared to two
 customers. Hence shared the code in this manner. I just scheduled the 
 code
 review for today.

 On Wed, Oct 15, 2014 at 12:26 PM, Shani Ranasinghe sh...@wso2.com
 wrote:

 [adding dev@]

 Just to add some context, the user store supports limited
 functionality. They are

 In super tenant mode
   - add/edit/delete user
   - add/edit/delete role
   - attach user to role
   - attach role to user
   - view users
   - view roles


 On Wed, Oct 15, 2014 at 12:22 PM, Shani Ranasinghe sh...@wso2.com
 wrote:


 Hi,

 Attached herewith is the CassandraUserStoreManager.java which I
 have implemented for Carbon 4.2.0.

 Would appreciate if I could get someone from the IS team and a
 cassandra expert to review the code.


 --
 Thanks and Regards
 *,Shani Ranasinghe*
 Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: +94 77 2273555
 linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab




 --
 Thanks and Regards

Re: [Dev] Self Signed JWT based Authenticator

2014-10-14 Thread Pushpalanka Jayawardhana 
Hi Danushka,

We have used 'nimbus' library in org.wso2.carbon.identity.oauth/4.2.4
component which is to be released.

1. 2.26.1 version has been used
2. since the library is to be used by more than one bundle I guess the
practice is to make it an orbit bundle.
3. You may find the usage at [1], specifically in the class
'org.wso2.carbon.identity.oauth/4.2.4/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java'.

[1] -
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.oauth/4.2.4/pom.xml

Hope this will help.
Adding Gayan as he worked on this.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Tue, Oct 14, 2014 at 8:22 PM, Danushka Fernando danush...@wso2.com
wrote:

 Hi
 I am currently working on the $subject. Here client will create a JWT and
 will sign and send to the server with HTTP authorization bearer header and
 IT will trigger this authenticator and will validate the JWT token and will
 log the user specified in the JWT to the system.

 So while working on this I ran in to following questions.
 1. Do I need to use nimbus library for this? If so what is the version I
 need to use?
 2. Since there is no orbit bundle for nimbus do I need to bundle the
 library in to my component? In my case its to both client side and
 authenticator side?
 3. Is there a place that I can look in to that we have already used nimbus
 libraries?

 Thanks  Regards
 Danushka Fernando
 Software Engineer
 WSO2 inc. http://wso2.com/
 Mobile : +94716332729

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on IS sample is needed - Configuring SAML2 SSO

2014-09-11 Thread Pushpalanka Jayawardhana 
Hi Asok,

This comes with the behavior of SSO.
When you register travelocity.com as a service provider in IS and point
travelocity.com webapp to use IS as the identity provider, authentication
process of webapp is totally handled by IS.
Even the page you enter username/password is submitted by IS. Webapp does
not have any idea on the valid user name and password of the user trying to
login as all these details are captured and authenticated at IS side. IS
then just let the webapp knows whether the user is authenticated or not.

This helps to keep the user passwords in a secured centralized place than
saving it in each webapp and helps to provide a better user experience by
not asking users to type username/password several times(If you are logged
into IS, you are automatically logged into travelocity.com as well.).

Therefore any other user in IS also can login to travelocity.com webapp
with his/her credentials.
This article[1] will provide more insight.
Hope this helps.

[1] -
http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka


On Fri, Sep 12, 2014 at 9:54 AM, Asok Perera as...@wso2.com wrote:

 Hi,

 This is a question occurred to me while working on 'Configuring SAML2 SSO'
 sample in Identity server. (link below)
 https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO

 According to that sample, a user can log into service provider's
 site/portal with Identity server's admin credentials. In this case, one can
 use admin/admin username/password to log into travelocity.com.

 The question is, can I assume that IS admin is treated as a super user who
 can log into all the service providers' web apps / services ?
 If not, can somebody explain me why we can use admin credentials in the
 above sample ?

 BR

 *Asok Aravinda Perera*
 Software Engineer
 WSO2, Inc.;http://wso2.com/
 http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2Fsa=Dsntz=1usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ
 lean.enterprise.middleware

 Mobile: +94722241032

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configuring Primary User Stores improvement

2014-07-17 Thread Pushpalanka Jayawardhana 
Hi Samuel,

Yes the process is pretty similar for setting up each of these user stores.

When going thorough the doc as a user who tries to configure IS on a
preferred user store, I think some end-to-end guide on setting up that
particular user store is what we should provide.
A clear separation will make it simpler.

As I remember we had several queries in support jira for 'ADIDASDEV'
related to this as well, mentioning this segment of documentation is not
clear.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka



On Wed, Jul 16, 2014 at 2:13 PM, Samuel Gnaniah sam...@wso2.com wrote:

 The process to do all three is very similar though. IMO it's better to
 have it all in one topic so that it's less repetitive. However, I agree
 that it's better to make it simpler for novice users.

 Johann/Pushpalanka, thoughts on this?

 *Samuel Gnaniah*
 Senior Technical Writer

 WSO2 (pvt.) Ltd.
 Colombo, Sri Lanka
 (+94) 773131798


 On Wed, Jul 16, 2014 at 2:01 PM, Prasad Tissera pras...@wso2.com wrote:

 Hi All,

 Structure of [1] in IS documentation is very confusing. It will be great
 if we can have separate pages for following sections covered in the
 document.

 1) Configuring LDAP as a primary user store.
 2) Configuring Active Directory as a primary user store.
 3) Configuring JDBC as a primary user store.

 Current document cover above all, but it is bit difficult to use for
 someone who is not very familiar with the things.

 --
 Prasad Tissera
 Software Engineer.
 Mobile : +94777223444

 --
 You received this message because you are subscribed to the Google Groups
 WSO2 Documentation group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to documentation+unsubscr...@wso2.com.
 For more options, visit https://groups.google.com/a/wso2.com/d/optout.



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to write a custom claim handler?

2014-06-28 Thread Pushpalanka Jayawardhana 
Hi Nirmal,

Please find some points below.

1. The custom implementation should either implement
'org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimHandler'
or default implementation of the interface 'DefaultClaimHandler'.

2. Following entry should be changed in
IS_HOME/repository/conf/security/application­authentication.xml to have the
new handler name.
(in 'ApplicationAuthentication.Extensions.ClaimHandler' element.)

ClaimHandlercom.wso2.sample.claim.handler.CustomClaimHandler/ClaimHandler

In the Map returned in the method 'handleClaimMappings(..)' the custom
attribute URI and value should be present. The values in this map is then
added to the SAMLResponse as attributes, by the framework.

Thanks,
Pushpalanka.
-- 
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka



On Sat, Jun 28, 2014 at 4:24 PM, Nirmal Fernando nir...@wso2.com wrote:

 Hi All,

 $Subject? What things one need to consider.

 Use case: adding a custom attribute to the SAML response.

 --

 Thanks  regards,
 Nirmal

 Senior Software Engineer- Platform Technologies Team, WSO2 Inc.
 Mobile: +94715779733
 Blog: http://nirmalfdo.blogspot.com/



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

  1   2   >