[Dev] WSO2 Committers += Theviyanthan Krishnamohan

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Theviyanthan Krishnamohan as a WSO2 Committer.
He has been a valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of his contribution, dedication, and commitment he has been
voted as a WSO2 committer.

Congratulations Theviyanthan and keep up the good work...!!!

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Binding access token to the browser for new IAM Portal Applications

[Thanuja Jayasinghe]

Hi Dinali,

Please refer "Access Token Binding Type" row in [1].

[1]
https://is.docs.wso2.com/en/5.10.0/learn/configuring-oauth2-openid-connect-single-sign-on/

Thanks,
Thanuja

On Tue, Mar 24, 2020 at 8:40 PM Dinali Dabarera  wrote:

> Hi all,
>
> Do we have an official public documents related to this approach,  the
> token binding mechanism used and other information?
>
> Thank you!
> Dinali
>
> On Wed, Nov 20, 2019 at 7:55 PM Janak Amarasena  wrote:
>
>> Hi All,
>>
>> Currently, there is an OAuth2 Spec[1] under development with the key
>> intention of sender-constraining OAuth 2.0 tokens via a proof-of-possession
>> mechanism. Few takeaways from that which we could also use.
>> We could introduce a new *token_type*[2] (like
>> token_type=bound+cookie) for the cookie bound access token instead of the
>> current bearer token as these tokens should be processed in a different way
>> than the normal bearer tokens.
>> Also if the service provider supports multiple token types we can let the
>> application request a token type it wants by indicating it in some
>> parameter when the application initiates a token requesting flow.
>>
>> [1] - https://tools.ietf.org/html/draft-fett-oauth-dpop
>> [2] - https://tools.ietf.org/html/rfc6749#section-7.1
>>
>> Best Regards,
>> Janak
>>
>> On Thu, Oct 31, 2019 at 9:42 AM Johann Nallathamby 
>> wrote:
>>
>>> Hi Darshana,
>>>
>>> On Sat, Sep 28, 2019 at 8:29 PM Darshana Gunawardana 
>>> wrote:
>>>
>>>> Hi Johann,
>>>>
>>>> On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby 
>>>> wrote:
>>>>
>>>>> Hi Thanuja,
>>>>>
>>>>> Did we consider sending the access token itself as a secure, http-only
>>>>> cookie to the browser instead of binding it to a separate cookie? This 
>>>>> will
>>>>> also simplify the development on the client side, in case someone wants to
>>>>> build their own SPA.
>>>>>
>>>>
>>>> Here which domain you assumed that the cookie will be set to?
>>>>
>>>
>>> I meant to the IS server domain which is the domain where the APIs are
>>> hosted.
>>>
>>>
>>>>
>>>> Assuming it the client's domain, there are two limitations.
>>>>
>>>>1. Setting the token as a cookie is an additional task that client
>>>>had to do since OP (in this case IS) cannot set cookies for some 
>>>> external
>>>>client domain.
>>>>2. Having the token stored in http-only cookie block accessing it's
>>>>from client-side scripts, which is a main blocker for SPAs.
>>>>
>>>>
>>> Not client domain.
>>>
>>>
>>>>
>>>> Assuming it the server-side domain and assuming you want to
>>>> automatically handle authorization for the API based on the access token
>>>> that already present in the cookie, there are two concerns,
>>>>
>>>>1. This will open up CSRF vulnerability as any malicious client
>>>>running on the same browser can also access APIs successfully.
>>>>
>>>> Yes, your approach will prevent CSRF as well. +1.
>>>
>>>>
>>>>1. If the API gateway handling authorization in back-channel mode,
>>>>   1. The cookie has to set to the API gateway's domain
>>>>   2. API gateway has to do an additional non-standard way of
>>>>   handing this cookie and attach it to the authorization header.
>>>>
>>>> Yes, this is a possibility. But I wasn't proposing it in this case.
>>>
>>> Thanks for the clarification.
>>>
>>> Regards,
>>> Johann.
>>>
>>>
>>>>
>>>> Thanks,
>>>>
>>>>>
>>>>> Regards,
>>>>> Johann.
>>>>>
>>>>> On Mon, Sep 2, 2019 at 12:26 PM Thanuja Jayasinghe 
>>>>> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> With the introduction of new IAM portal applications, there is a
>>>>>> requirement to provide additional security measures to secure these SPAs.
>>>>>> We have already implemented the OAuth2 authorization code flow(public
>>>>>> client) with PKCE for these applications and with this feature, it will 
>>>>>> be

[Dev] WSO2 Committers += Nipuni Paaris

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Nipuni Paaris as a WSO2 Committer. She has
been a valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of her contribution, dedication, and commitment she has been
voted as a WSO2 committer.

Congratulations Nipuni and keep up the good work...!!!

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Brion Silva

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Brion Silva as a WSO2 Committer. He has been a
valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of his contribution, dedication, and commitment he has been
voted as a WSO2 committer.

Congratulations Brion and keep up the good work...!!!

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.11.0 M6 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.11.0 M6!

Download

You can download WSO2 Identity Server 5.11.0 M6 from here

.
How
to run

   1. Extract the downloaded zip file.
   2. Go to the *bin* directory in the extracted folder.
   3. Run the *wso2server.sh* file if you are on a Linux/Mac OS or run the
   *wso2server.bat* file if you are on a Windows OS.
   4. Optionally, if you need to start the OSGi console with the server,
   use the *-DosgiConsole* property when starting the server.

What's
new in WSO2 Identity Server 5.11.0 M6

A list of all the new features and bug fixes shipped with this release can
be found in the following locations:


   - IS Runtime 
   - IAM Portals
   

Known
Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following locations:

   - IS Runtime 
   - IAM Portals
   

Contribute
to WSO2 Identity Server
Mailing
Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   - Developer List: dev@wso2.org
   - Architecture List: architect...@wso2.org
   - User Forum: StackOverflow
   

Slack
Channels

Join us via our wso2is.slack.com

for
even better communication. You can talk to our developers directly
regarding any issues, concerns about the product. We encourage you to start
discussions or join any ongoing discussions with the team, via our slack
channels.

   - Discussions about developments: Dev Channel
   
   - New releases: Release Announcement Channel
   

Reporting
Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

*Important: Please be advised that security issues must be reported
to secur...@wso2.com , not as GitHub issues, in order to
reach the proper audience. We strongly advise following the WSO2 Security
Vulnerability Reporting Guidelines

when
reporting the security issues.*

For more information about WSO2 Identity Server, please see
 https://wso2.com/identity-and-access-management
 or visit the WSO2 Oxygen
Tank  developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Sominda Gamage

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Sominda Gamage as a WSO2 Committer. He has
been a valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of his contribution, dedication, and commitment he has been
voted as a WSO2 committer.

Congratulations Sominda and keep up the good work...!!!

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Piraveena Paralogarajah

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Piraveena Paralogarajah as a WSO2 Committer.
She has been a valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of her contribution, dedication, and commitment she has been
voted as a WSO2 committer.

Congratulations Piraveena and keep up the good work...!!!

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Tharmakulasingham Inthirakumaaran

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Tharmakulasingham Inthirakumaaran as
a WSO2 Committer. He has been a valuable contributor and enthusiast to
the WSO2 IAM team.

In recognition of his contribution, dedication, and commitment he has been
voted as a WSO2 committer.

Congratulations Inthirakumaaran and keep up the good work...!!!

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS - SAML SSO External IdP: handling several AttributeConsumingServiceIndex

[Thanuja Jayasinghe]

Hi Angelo,

If I summarize what you are trying to achieve,

  - SP sends a SAML2 Authentication request
with AttributeConsumingServiceIndex value.
  - A federated IdP is configured for authentication for this SP.
  - Identity Server needs to pass the
received AttributeConsumingServiceIndex value with an authentication
request to federated IdP.
  - Federated IdP will send back the user attributes based on the
AttributeConsumingServiceIndex.

To get a better understanding of the requirement, can you please provide
information on the following as well,
  - How the SP identifies required AttributeConsumingServiceIndex? Also the
requirement for the multiple AttributeConsumingServiceIndex.
  - Is there an AttributeConsumingServiceIndex which can be used to get the
union of the above-mentioned attributes from the IdP?

Thanks,
Thanuja


On Mon, Oct 28, 2019 at 11:41 PM Farasath Ahamed  wrote:

>
>
> On Monday, October 28, 2019, Angelo Immediata  wrote:
>
>> Hi all.
>>
>> I'm using WSO2 Identity Server version 5.8.0 and 5.9.0
>>
>> I have this scenario: I have external IdPs and I want to allow SAML
>> integration with these IdPs. I can register them in WSO2 and all works
>> pretty good.
>>
>> I was facing the following issue: I need to handle several
>> AttributeConsumingService. So the first thing I created the WSO2
>> ServiceProvider metadata file that I gave to the IdPs. This is the metadata
>> content:
>>
>>> 
>>> >> ID="_3574ad74-ba7a-4ea5-b3e8-dbb2dafb55df" entityID="http://wso2_590_ai
>>> ">
>>>>> WantAssertionsSigned="true"
>>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>>>   
>>>  http://www.w3.org/2000/09/xmldsig#;>
>>> 
>>>
>>> 
>>>  
>>>   
>>>   >> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
>>> https://localhost:9443/samlsso; />
>>>
>>> urn:oasis:names:tc:SAML:2.0:nameid-format:transient
>>>   >> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
>>> https://localhost:9443/commonauth; index="0" isDefault="true" />
>>>   
>>>  set0
>>>  
>>>  >> />
>>>  >> Name="fiscalNumber" />
>>>  >> Name="email" />
>>>  >> />
>>>   
>>>   
>>>  set1
>>>  
>>>  >> />
>>>  >> Name="fiscalNumber" />
>>>  >> Name="email" />
>>>  >> />
>>>  
>>>  >> Name="dateOfBirth" />
>>>  >> Name="placeOfBirth" />
>>>   
>>>   
>>>  set2
>>>  
>>>  >> />
>>>  >> Name="fiscalNumber" />
>>>  >> Name="email" />
>>>  >> />
>>>  
>>>  >> Name="dateOfBirth" />
>>>  >> Name="placeOfBirth" />
>>>  >> Name="countyOfBirth" />
>>>   
>>>   
>>>  set3
>>>  
>>>  >> />
>>>  >> Name="fiscalNumber" />
>>>  >> Name="email" />
>>>  >> />
>>>  
>>>  >> Name="dateOfBirth" />
>>>  >> Name="placeOfBirth" />
>>>  >> Name="countyOfBirth" />
>>>  >> Name="mobilePhone" />
>>>   
>>>   
>>>  set4
>>>  
>>>  >> />
>>>  >> Name="fiscalNumber" />
>>>  >> />
>>>   
>>>   
>>>  set5
>>>  
>>>  >> />
>>>  >> Name="fiscalNumber" />
>>>  >> />
>>>  >> Name="companyName" />
>>>  >> Name="registeredOffice" />
>>>  >> Name="ivaCode" />
>>>   
>>>
>>>
>>>   Service provider WSO2
>>> 590
>>>   WSO2
>>> 590
>>>   https://localhost:9443/
>>> 
>>>
>>> 
>>
>>
>> As you can see I have six AttributeConsumingService. So far so good...
>> the problem was how to solve this issue: let's suppose I have a Service
>> Provider registered inside WSO2 IS and let's suppose the application
>> related to this SP sends in the SAML Request the AttributeConsumingService
>> index. How can I pass this AttributeConsumingService to the SAML request
>> that WSO2 sends to the external IdPs? I found only one way: to modify the
>>>
>>> org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager.buildAuthnRequest(HttpServletRequest,
>>> boolean, String, AuthenticationContext)
>>
>> method. Just after this instruction
>>
>>> //Get the inbound SAMLRequest
>>> AuthnRequest inboundAuthnRequest = getAuthnRequest(context);
>>
>>
>> I added the following code:
>>
>>> Integer attrConsServiceIndex =
>>> inboundAuthnRequest.getAttributeConsumingServiceIndex();
>>> if( attrConsServiceIndex != null && attrConsServiceIndex > 0 ) {
>>>if( log.isInfoEnabled() ) {
>>> log.info("Inbound SAML Request AttributeConsumingServiceIndex "+
>>> attrConsServiceIndex+" Settato nella auth request SAML");
>>> }
>>> authRequest.setAttributeConsumingServiceIndex(attrConsServiceIndex);
>>> }
>>
>>
>> In this way if the Application handled by a Service Provider sends an
>> 

Re: [Dev] [VOTE] Release WSO2 Identity Server 5.9.0 RC2

[Thanuja Jayasinghe]

Hi All,

I have tested the following API implementations and no blocking issues found.

- Session management API
- User Account Association API
- Export User profile
- Consent Management API

[+] Stable - go ahead and release

Thanks,
Thanuja


On Thu, Oct 3, 2019 at 6:16 PM Piraveena Paralogarajah
 wrote:
>
> Hi all.
>
> I have tested the following scenarios:
>
>
> Scope Management REST API
> XACML based scope validation for token issuing phase in the following OAuth 
> grant types
>
> Authorization code flow
> password grant
> client_credentials
> Implicit flow
>
> XACML based authorization
>
> No blocker issues found
> [+] Stable - go ahead and release
>
> Thanks,
> Piraveena
>
> Piraveena Paralogarajah
> Software Engineer | WSO2 Inc.
> (m) +94776099594 | (e) pirave...@wso2.com
>
>
>
> On Thu, Oct 3, 2019 at 3:45 PM Ashen Weerathunga  wrote:
>>
>> Hi All,
>>
>> I have tested the following scenarios and no blocking issues found.
>>
>> SSO with SAML
>> Federated authentication with Google
>> Federated authentication with Facebook
>> SSO with multi-option and multi-step authentication
>> Role-based Adaptive authentication
>>
>> [+] Stable - go ahead and release
>>
>> Thanks,
>> Ashen
>>
>>
>> On Thu, Oct 3, 2019 at 2:34 PM Shanika Wickramasinghe  
>> wrote:
>>>
>>> Hi All,
>>>
>>>
>>> I have tested the following features and no issues found
>>>
>>>
>>> Ubuntu 16.04 | MSSQL | Embedded Ldap Primary User Store | Super Tenant
>>>
>>>
>>> Manage roles with SCIM 2.0 Create Group, Delete Group, Filter Groups, 
>>> Search Groups, Update Group - PATCH, Update Group - PUT
>>>
>>> Manage users with SCIM 2.0 Create User Delete User by ID Filter Users 
>>> Search Users Update User - PATCH Update User - PUT
>>>
>>> Recover Username with dashboard
>>>
>>> Recover Password with dashboard
>>>
>>>
>>> Ubuntu 16.04 |  MSSQL | SecondaryUser Store | Super Tenant
>>>
>>>
>>> SP pagination with UI
>>>
>>> SP pagination with Admin Services
>>>
>>> Account Lock
>>>
>>> Recaptcha with Single Sign On
>>>
>>>
>>> Ubuntu 16.04 | H2/MSSQL | Embedded Ldap Primary User Store | Super Tenant
>>>
>>>
>>> Manage Workflows
>>>
>>>
>>> Ubuntu 16.04 | H2 | Embedded Ldap Primary User Store | Super Tenant
>>>
>>>
>>> Manage Workflows with QSG sample
>>>
>>> User self-registration via REST APIs
>>>
>>> User self-registration via user portal
>>>
>>> User manage his own user account, Update user profile
>>>
>>> OAuth 1.0 SP Creation/ Update
>>>
>>>
>>> +1 Go ahead and release.
>>>
>>>
>>> Thanks,
>>>
>>> Shanika
>>>
>>>
>>> On Thu, Oct 3, 2019 at 9:16 AM Achini Jayasena  wrote:

 Hi All,

 Tested and verified with performance test and long running test. Test 
 result match with the expectations.

 Performance test

 Summary:  Performance has been improved comparing to the product version 
 5.8

 Deployment

 OS: Ubuntu
 DB: Mysql
 Heap: 4G/2G
 CPU cores: 4
 Concurrent users: 50, 100, 150, 300, 500

 Scenarios:

 Authenticate_Super_Tenant_User
 OAuth_AuthCode_Redirect_WithConsent
 OAuth_Client_Credentials_Grant
 OAuth_Implicit_Redirect_WithConsent
 OAuth_Password_Grant
 OIDC_AuthCode_Redirect_WithConsent
 OIDC_AuthCode_Request_Path_Authenticator_WithConsent
 OIDC_Implicit_Redirect_WithConsent
 OIDC_Password_Grant
 SAML2_SSO_Redirect_Binding
 Challenge questions by super tenant users
 Refresh token refresh grant - Renewal false

 Long running test

 Summery: No issue reported.

 Deployment :

 IS node

 Instance type: c5.xlarge
 vCPU:4
 RAM: 8GB
 Heap: 2G allocated for IS

 RDS as the MySQL DB

 Mysql engine version : 5.7.22
 vCPU: 4
 Instance class : db.m4.xlarge
 RAM: 16 GB
 Storage: 100 GiB

 Executing test scenarios:

 Authenticate_Super_Tenant_User
 OAuth_AuthCode_Redirect_WithConsent
 OAuth_Password_Grant
 OIDC_AuthCode_Redirect_WithConsent
 OIDC_Implicit_Redirect_WithConsent
 OIDC_Password_Grant
 OIDC_AuthCode_Request_Path_Authenticator_WithConsent
 SAML2_SSO_Redirect_Binding

 Concurrency : 20
 TPS: 240 per minute

 No blocking issue reported. +1 for proceed. :)

 Thanks & Best Regards!
 Achini Jayasena
 Software Engineer - QA | WSO2

 Email: achi...@wso2.com
 Mobile: +94 713 882 897




 On Wed, Oct 2, 2019 at 10:31 PM Mathuriga Thavarajah  
 wrote:
>
> Hi All,
>
> Security Scanning reports (Static and Dynamic) were analyzed and 
> reviewed. Hence +1 from the Platform Security Team for proceeding with 
> the release.
>
> Thanks.
>
> Regards,
> Mathuriga.
>
> On Wed, Oct 2, 2019 at 10:08 PM Niluka Sripali Monnankulama 
>  wrote:
>>
>> Hi all,
>>
>>
>> Verified and validated below listed features are working as expected.
>>
>>
>> 

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

[Thanuja Jayasinghe]

Update:

Table structure will be updated as follows,

IDN_OAUTH2_ACCESS_TOKEN (
TOKEN_ID VARCHAR (255),
ACCESS_TOKEN VARCHAR(2048),
REFRESH_TOKEN VARCHAR(2048),
CONSUMER_KEY_ID INTEGER,
AUTHZ_USER VARCHAR (100),
TENANT_ID INTEGER,
USER_DOMAIN VARCHAR(50),
USER_TYPE VARCHAR (25),
GRANT_TYPE VARCHAR (50),
TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
REFRESH_TOKEN_TIME_CREATED TIMESTAMP NOT NULL DEFAULT
CURRENT_TIMESTAMP,
VALIDITY_PERIOD BIGINT,
REFRESH_TOKEN_VALIDITY_PERIOD BIGINT,
TOKEN_SCOPE_HASH VARCHAR(32),
TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE',
TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE',
SUBJECT_IDENTIFIER VARCHAR(255),
ACCESS_TOKEN_HASH VARCHAR(512),
REFRESH_TOKEN_HASH VARCHAR(512),
IDP_ID INTEGER,
*TOKEN_BINDING_REF VARCHAR(32) DEFAULT 'NONE',*
PRIMARY KEY (TOKEN_ID),
FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES
IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
CONSTRAINT CON_APP_KEY UNIQUE
(CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,

 TOKEN_STATE,TOKEN_STATE_ID,IDP_ID, *TOKEN_BINDING_REF*)
)

// New Table
IDN_OAUTH2_ACCESS_TOKEN_BINDING (
TOKEN_ID VARCHAR (255),
TOKEN_BINDING_TYPE VARCHAR (32),
TOKEN_BINDING_REF VARCHAR (32),
TOKEN_BINDING_VALUE VARCHAR (1024),
TENANT_ID INTEGER DEFAULT -1,
PRIMARY KEY (TOKEN_ID),
FOREIGN KEY (TOKEN_ID) REFERENCES
IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE
)

Thanks,
Thanuja

On Thu, Sep 5, 2019 at 12:41 PM Thanuja Jayasinghe  wrote:

> Hi Hasintha,
>
> We are going to introduce the capability to bind the token to an external
> attribute as a part of this feature. So the updated schemas will be as
> follows,
>
> IDN_OAUTH2_ACCESS_TOKEN (
> TOKEN_ID VARCHAR (255),
> ACCESS_TOKEN VARCHAR(2048),
> REFRESH_TOKEN VARCHAR(2048),
> CONSUMER_KEY_ID INTEGER,
> AUTHZ_USER VARCHAR (100),
> TENANT_ID INTEGER,
> USER_DOMAIN VARCHAR(50),
> USER_TYPE VARCHAR (25),
> GRANT_TYPE VARCHAR (50),
> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
> REFRESH_TOKEN_TIME_CREATED TIMESTAMP NOT NULL DEFAULT
> CURRENT_TIMESTAMP,
> VALIDITY_PERIOD BIGINT,
> REFRESH_TOKEN_VALIDITY_PERIOD BIGINT,
> TOKEN_SCOPE_HASH VARCHAR(32),
> TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE',
> TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE',
> SUBJECT_IDENTIFIER VARCHAR(255),
> ACCESS_TOKEN_HASH VARCHAR(512),
> REFRESH_TOKEN_HASH VARCHAR(512),
> IDP_ID INTEGER,
> *TOKEN_BINDING_HASH VARCHAR(255) DEFAULT 'NONE',*
> PRIMARY KEY (TOKEN_ID),
> FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES
> IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
> CONSTRAINT CON_APP_KEY UNIQUE
> (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,
>
>  TOKEN_STATE,TOKEN_STATE_ID,IDP_ID, *TOKEN_BIND_HASH*)
> )
>
> *// New Table*
> IDN_OAUTH2_ACCESS_TOKEN_BINDING (
> TOKEN_ID VARCHAR (255),
> TOKEN_BINDING VARCHAR (1024),
> TENANT_ID INTEGER DEFAULT -1,
> PRIMARY KEY (TOKEN_ID),
> FOREIGN KEY (TOKEN_ID) REFERENCES
> IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE
> )
>
> So with this implementation, each new binding will receive a new access
> token.
>
> In the user portal case, a new cookie will be created for each new browser
> instance and cookie value will be stored in
> the IDN_OAUTH2_ACCESS_TOKEN_BINDING table. Hash of this value will be added
> to IDN_OAUTH2_ACCESS_TOKEN table, creating a new access token for each new
> browser instance.
>
> Existing behavior also preserved when there are no token bindings provided.
>
> Thanks,
> Thanuja
>
> On Tue, Sep 3, 2019 at 12:19 PM Hasintha Indrajee 
> wrote:
>
>> Hi Thanuja,
>>
>> I have few questions on this.
>>
>> How are we going to bind the token to the cookie (Is this a new entry to
>> a table) ? Is this an existing cookie (may be commonAuth ID) or a  new
>> cookie ?. Furthermore, How are we going to handle the scenario where the
>> same user logs in from multiple browsers ? Are we going to have multiple
>> active tokens for same client, user with random scopes ? Or are we just
>> revoking the old token if the same scopes are being used ?.
>>
&g

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

[Thanuja Jayasinghe]

Hi Hasintha,

We are going to introduce the capability to bind the token to an external
attribute as a part of this feature. So the updated schemas will be as
follows,

IDN_OAUTH2_ACCESS_TOKEN (
TOKEN_ID VARCHAR (255),
ACCESS_TOKEN VARCHAR(2048),
REFRESH_TOKEN VARCHAR(2048),
CONSUMER_KEY_ID INTEGER,
AUTHZ_USER VARCHAR (100),
TENANT_ID INTEGER,
USER_DOMAIN VARCHAR(50),
USER_TYPE VARCHAR (25),
GRANT_TYPE VARCHAR (50),
TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
REFRESH_TOKEN_TIME_CREATED TIMESTAMP NOT NULL DEFAULT
CURRENT_TIMESTAMP,
VALIDITY_PERIOD BIGINT,
REFRESH_TOKEN_VALIDITY_PERIOD BIGINT,
TOKEN_SCOPE_HASH VARCHAR(32),
TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE',
TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE',
SUBJECT_IDENTIFIER VARCHAR(255),
ACCESS_TOKEN_HASH VARCHAR(512),
REFRESH_TOKEN_HASH VARCHAR(512),
IDP_ID INTEGER,
*TOKEN_BINDING_HASH VARCHAR(255) DEFAULT 'NONE',*
PRIMARY KEY (TOKEN_ID),
FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES
IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
CONSTRAINT CON_APP_KEY UNIQUE
(CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,

 TOKEN_STATE,TOKEN_STATE_ID,IDP_ID, *TOKEN_BIND_HASH*)
)

*// New Table*
IDN_OAUTH2_ACCESS_TOKEN_BINDING (
TOKEN_ID VARCHAR (255),
TOKEN_BINDING VARCHAR (1024),
TENANT_ID INTEGER DEFAULT -1,
PRIMARY KEY (TOKEN_ID),
FOREIGN KEY (TOKEN_ID) REFERENCES
IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE
)

So with this implementation, each new binding will receive a new access
token.

In the user portal case, a new cookie will be created for each new browser
instance and cookie value will be stored in
the IDN_OAUTH2_ACCESS_TOKEN_BINDING table. Hash of this value will be added
to IDN_OAUTH2_ACCESS_TOKEN table, creating a new access token for each new
browser instance.

Existing behavior also preserved when there are no token bindings provided.

Thanks,
Thanuja

On Tue, Sep 3, 2019 at 12:19 PM Hasintha Indrajee  wrote:

> Hi Thanuja,
>
> I have few questions on this.
>
> How are we going to bind the token to the cookie (Is this a new entry to a
> table) ? Is this an existing cookie (may be commonAuth ID) or a  new cookie
> ?. Furthermore, How are we going to handle the scenario where the same user
> logs in from multiple browsers ? Are we going to have multiple active
> tokens for same client, user with random scopes ? Or are we just revoking
> the old token if the same scopes are being used ?.
>
> Or else do we have the facility to have multiple active tokens for the
> same user, application with same scopes in latest IS versions ?
>
> On Mon, Sep 2, 2019 at 3:56 PM Thanuja Jayasinghe 
> wrote:
>
>> Hi All,
>>
>> With the introduction of new IAM portal applications, there is a
>> requirement to provide additional security measures to secure these SPAs.
>> We have already implemented the OAuth2 authorization code flow(public
>> client) with PKCE for these applications and with this feature, it will be
>> possible to bind the access token to the browser instance. So, an
>> additional security measure will be enforced as the combination of the
>> access token and browser token(cookie) validated while accessing the IS
>> APIs.
>> Support for configuring this option using OAuth2 application
>> configuration and browser token persistence will be added as well.
>>
>> Updated request/response flow is as follows,
>> [image: Blank Diagram (1).png]
>>
>> Thanks,
>> Thanuja
>>
>> --
>> *Thanuja Lakmal*
>> Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453
>
>

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Binding access token to the browser for new IAM Portal Applications

[Thanuja Jayasinghe]

Hi All,

With the introduction of new IAM portal applications, there is a
requirement to provide additional security measures to secure these SPAs.
We have already implemented the OAuth2 authorization code flow(public
client) with PKCE for these applications and with this feature, it will be
possible to bind the access token to the browser instance. So, an
additional security measure will be enforced as the combination of the
access token and browser token(cookie) validated while accessing the IS
APIs.
Support for configuring this option using OAuth2 application configuration
and browser token persistence will be added as well.

Updated request/response flow is as follows,
[image: Blank Diagram (1).png]

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Pamoda Wimalasiri

[Thanuja Jayasinghe]

Hi All,

It's my pleasure to announce Pamoda Wimalasiri as a WSO2 Committer. She has
been a valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of her contribution, dedication, and commitment she has been
voted as a WSO2 committer.

Congratulations Pamoda and keep up the good work...!!!

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.8.0 RC3

[Thanuja Jayasinghe]

Hi All,

Tested following scenarios,

- Local user account association
- OAuth2 grat types (code, implicit, password, client credential)
- SAML2 SSO & SLO

[+] Stable - go ahead and release.

Thanks,
Thanuja

On Wed, May 22, 2019 at 8:07 PM Farasath Ahamed  wrote:

> Hi All,
>
> Test the below scenarios in IS 5.8.0 RC3 pack.
>
>- Token revocation with authorization code reuse
>- OIDC UserInfo with token sent in the request body and as bearer
>header
>- OAuth Application Owner update
>- Verified no username enumeration attacks possible during password
>recovery flows.
>
>
> [+] Stable - go ahead and release.
>
>
> Regards,
> Farasath
>
> On Wed, May 22, 2019 at 5:41 PM Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi All,
>>
>> I have tested following features.
>>
>>1. OIDC backchannel logout
>>2. SAML front channel logout.
>>
>> No blocking issues found.
>>
>> [+] Stable - go ahead and release.
>>
>> Thanks,
>> Hasanthi
>>
>>
>>
>> On Wed, May 22, 2019 at 8:03 AM Isuranga Perera 
>> wrote:
>>
>>> All:
>>> I have tested Federated Authentication
>>> [+] Stable - go ahead and release.
>>>
>>> Best Regards
>>> Isuranga Perera
>>>
>>> On Sun, May 19, 2019 at 7:30 PM Shanika Wickramasinghe <
>>> shani...@wso2.com> wrote:
>>>
 Hi All,

 I have tested the SAML SSO with POST binding and Redirect binding flows
 and no issues found.

 +1 Go Ahead and Release


 Thanks,

 Shanika

 On Thu, May 16, 2019 at 12:33 PM Hasanthi Purnima Dissanayake <
 hasan...@wso2.com> wrote:

> Hi All,
>
> The reason of breaking the RC2 vote is because it is reported an
> unused commented configuration description in carbon.xml [1]. From RC3
> release that commented line in the configuration file is removed and no
> other code level changes done.
>
> Further in the Analytics-IS pack, the versions are updated according
> to the latest released SP pack versions [2].
>
> [1] [Dev][VOTE] Release WSO2 Identity Server 5.8.0 RC2
> [2] [VOTE] Release of WSO2 Stream Processor 4.4.0 RC6
>
> Thanks,
> Hasanthi
>
> On Thu, May 16, 2019 at 12:30 PM Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi all,
>>
>> We are pleased to announce the third release candidate of WSO2
>> Identity Server 5.8.0.
>>
>> This release fixes the following issues,
>>
>>- 5.8.0-RC3 fixes
>>
>>- 5.8.0-RC2 fixes
>>
>>- 5.8.0-RC1 fixes
>>
>>- 5.8.0-Beta5 fixes
>>
>>- 5.8.0-Beta4 fixes
>>
>>- 5.8.0-Beta3 fixes
>>
>>- 5.8.0-Beta fixes
>>
>>- 5.8.0-Alpha5 fixes
>>
>>- 5.8.0-Alpha4 fixes
>>
>>- 5.8.0-Alpha3 fixes
>>
>>- 5.8.0-Alpha2 fixes
>>
>>- 5.8.0-Alpha fixes
>>
>>- 5.8.0-M26 fixes
>>
>>- 5.8.0-M25 fixes
>>
>>- 5.8.0-M24 fixes
>>
>>- 5.8.0-M6 fixes
>>
>>- 5.8.0-M5 fixes
>>
>>- 5.8.0-M4 fixes
>>
>>- 5.8.0-M3 fixes
>>
>>- 5.8.0-M2 fixes
>>
>>- 5.8.0-M1 fixes
>>
>>
>>
>> Source and distribution
>>
>> Runtime - https://github.com/wso2/product-is/releases/tag/v
>> 
>> 5.8.0-rc3
>> 
>> Analytics -
>> https://github.com/wso2/analytics-is/releases/tag/v5.8.0-rc3
>> 

[Dev] WSO2 Identity Server 5.8.0-alpha2 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.8.0 alpha2!
Download

You can download WSO2 Identity Server 5.8.0 alpha2 from here

.

You can download WSO2 Identity Server Analytics 5.8.0 alpha2 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.8.0 alpha2

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see https://wso2
.com/identity-and-access-management or visit the WSO2 Oxygen Tank
 developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.8.0-M25 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.8.0 M25!
Download

You can download WSO2 Identity Server 5.8.0 M25 from here

.

You can download WSO2 Identity Server Analytics 5.8.0 M25 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.8.0 M25

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see https://wso2
.com/identity-and-access-management or visit the WSO2 Oxygen Tank
 developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.8.0-M24 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.8.0 M24!
Download

You can download WSO2 Identity Server 5.8.0 M24 from here

.

You can download WSO2 Identity Server Analytics 5.8.0 M24 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.8.0 M24

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see https://wso2
.com/identity-and-access-management or visit the WSO2 Oxygen Tank
 developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~

-- 
*Thanuja Lakmal*
Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.8.0-M3 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.8.0 M3!
Download

You can download WSO2 Identity Server 5.8.0 M3 from here

.

You can download WSO2 Identity Server Analytics 5.8.0 M3 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.8.0 M3

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see https://wso2
.com/identity-and-access-management or visit the WSO2 Oxygen Tank
 developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Custom captcha with WSO2 Identity Server

[Thanuja Jayasinghe]

Hi Jorge,

Identity Server only supports reCaptcha in the password recovery flow. But
you can implement CaptchaConnector[1] interface and have a custom captcha
which does not require an internet connection. You can refer [2] which is
the reCaptcha implementation for password recovery flow.

[1]
https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.captcha/src/main/java/org/wso2/carbon/identity/captcha/connector/CaptchaConnector.java
[2]
https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.captcha/src/main/java/org/wso2/carbon/identity/captcha/connector/recaptcha/PasswordRecoveryReCaptchaConnector.java
[3]
https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.captcha/src/main/java/org/wso2/carbon/identity/captcha/internal/CaptchaComponent.java#L90

Thanks,
Thanuja

On Thu, Oct 4, 2018 at 9:01 PM Farasath Ahamed  wrote:

>
>
> On Wed, Oct 3, 2018 at 7:52 PM Jorge  wrote:
>
>> Hi all.
>>
>> Can I use an offline captcha with WSO2 Identity Server if my servers
>> cannot connect to the internet? In the password recovery process I see that
>> IS use re-captcha, which requires access to google servers.
>>
>> Regards,
>>Jorge.
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> Farasath Ahamed
> Senior Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
>

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.8.0-M2 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.8.0 M2!
Download

You can download WSO2 Identity Server 5.8.0 M2 from here

.

You can download WSO2 Identity Server Analytics 5.8.0 M2 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.8.0 M2

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see https://wso2
.com/identity-and-access-management or visit the WSO2 Oxygen Tank
 developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.8.0-M1 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.8.0 M1!
Download

You can download WSO2 Identity Server 5.8.0 M1 from here

.

You can download WSO2 Identity Server Analytics 5.8.0 M1 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.8.0 M1

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see https://wso2
.com/identity-and-access-management or visit the WSO2 Oxygen Tank
 developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release of WSO2 Identity Server Analytics 5.7.0 RC3

[Thanuja Jayasinghe]

Hi All,

I have tested the following and no issues were found.

   - Overall login attempts dashboard
   - Suspicious login attempts dashboard

[+] Stable - go ahead and release

Thanks,
Thanuja

On Tue, Sep 18, 2018 at 5:07 PM Chamath Samarawickrama 
wrote:

> Hi,
>
> I have tested the following on WSO2 Identity Server Analytics 5.7.0 RC3.
>
>- Overall login attempts dashboard
>- Suspicious login attempts dashboard
>- Login sessions dashboard
>- Configuring risk-based Adaptive Authentication
>
> No blocking issues were found.
>
> *[+] Stable - go ahead and release*
>
> Thanks,
> Chamath
>
> On Tue, Sep 18, 2018 at 3:42 PM Nuwandi Wickramasinghe 
> wrote:
>
>> Hi All,
>>
>>
>> We are pleased to announce the third release candidate of WSO2 Identity
>> Server Analytics 5.7.0.
>>
>>
>> This release fixes the following issues,
>>
>>
>>
>>- 5.7.0-RC3 Fixes
>>
>>- 5.7.0-RC2 Fixes
>>
>>- 5.7.0-RC1 Fixes
>>
>>
>>
>>
>> Source and distribution,
>>
>>
>>- https://github.com/wso2/analytics-is/releases/v5.7.0-rc3
>>
>>
>>
>> Please download, test the product and vote.
>>
>>
>>[+] Stable - go ahead and release
>>
>>[-] Broken - do not release (explain why)
>>
>>
>>
>> Thanks,
>>
>> - WSO2 Identity and Access Management Team -
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Senior Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873
>>
>
>
> --
> *C**h**amath Samarawickrama*
> Intern | WSO2, Inc.
> Mobile : +94772598944
> Twitter   LinkedIn
>   GitHub
> 
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release of WSO2 Identity Server Analytics 5.7.0 RC2

[Thanuja Jayasinghe]

Hi All,

I have tested the following and no issues were found.

   - Overall login attempts dashboard
   - Suspicious login attempts dashboard

[+] Stable - go ahead and release

Thanks,
Thanuja

On Sat, Sep 15, 2018 at 12:45 PM Dilin Dampahalage  wrote:

> Hi all,
>
>
> We are pleased to announce the second release candidate of WSO2 Identity
> Server Analytics 5.7.0.
>
>
> This release fixes the following issues,
>
>-
>
>5.7.0-RC2 fixes
>
>-
>
>5.7.0-RC1 fixes
>
> 
>
>
> Source and distribution,
>
>
>Runtime - https://github.com/wso2/analytics-is/releases/v5.7.0-rc2
>
>
>
> Please download, test the product and vote.
>
>
>[+] Stable - go ahead and release
>
>[-] Broken - do not release (explain why)
>
>
>
> Thanks,
>
> - WSO2 Identity and Access Management Team -
>
> --
>
> *Dilin Dampahalage*
> Software Engineer | WSO2
>
> Email : di...@wso2.com
> Mobile : +94 771 462939
> web : http://wso2.com
>
> 
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.7.0 RC3

[Thanuja Jayasinghe]

Hi All,

Thanks for testing WSO2 Identity Server 5.7.0-RC3.

Since this vote passed with 28 +1s and 0 -1s, we’re hereby closing this
vote and proceeding with the Identity Server 5.7.0 GA release.

Thanks,
Thanuja

On Mon, Sep 17, 2018 at 10:01 AM Dilin Dampahalage  wrote:

> Hi all,
>
> I have tested IS 5.7.0-RC3 with IS Analytics 5.7.0 Beta and it works fine.
>
> No issues were found.
>
>  [+] Stable - go ahead and release
>
> Thanks,
> Dilin
>
>
> On Sun, Sep 16, 2018 at 9:09 AM Abilashini Thiyagarajah <
> abilash...@wso2.com> wrote:
>
>> Hi all,
>>
>> I have tested the following scenarios,
>>
>> - Role-based adaptive authentication
>> - User-age-based adaptive authentication
>> - Tenant-based adaptive authentication
>> - New-device-based adaptive authentication
>> - ACR-based adaptive authentication
>> - Self-registration and account confirmation with & without consent
>> purposes
>> - Account recovery
>>
>> - username
>> - password - using mail notification and challenge question
>>
>> - Creating users using the ask password option
>>
>> No issues were found.
>>
>>  [+] Stable - go ahead and release
>>
>> Thanks,
>> Abilashini
>>
>>
>> On Sat, Sep 15, 2018 at 3:27 PM Sarubi Thillainathan 
>> wrote:
>>
>>> Hi All,
>>>
>>> I have tested the following on both LDAP and JDBC user stores and no
>>> issues were found.
>>>
>>> * Multi-attribute filter search with and without pagination
>>> * All the available SCIM2 endpoints which are given in doc [1]
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> [1] https://docs.wso2.com/display/IS570/apidocs/SCIM2-endpoints/
>>>
>>> On Sat, Sep 15, 2018 at 2:24 AM Mathuriga Thavarajah 
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> I have tested the following and no issues were found.
>>>>
>>>> * Settip up MySQL 5.7
>>>> * Configuring a Read-write Active Directory User Store as a
>>>> secondary user store
>>>> * Configuring Multi-factor Authentication (Basic and Google as
>>>> a federated authenticator)
>>>> * Configuring LDAP Active Directory as a primary store in WSO2
>>>> Identity Server 5.7.0 RC3 on windows instance.
>>>>
>>>> [+] Stable - go ahead and release.
>>>>
>>>> Regards,
>>>> Mathuriga.
>>>>
>>>>
>>>> On Fri, Sep 14, 2018 at 5:23 PM Thanuja Jayasinghe 
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> I have tested the following and no issues were found.
>>>>>
>>>>>- User account association
>>>>>- Workflow management
>>>>>- Adaptive authentication
>>>>>- Role-based
>>>>>   - User age based
>>>>>
>>>>> [+] Stable - go ahead and release
>>>>>
>>>>> Thanks,
>>>>> Thanuja
>>>>> ___
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Mathuriga Thavarajah*
>>>> Software Engineer
>>>> WSO2 Inc. - http ://wso2.com
>>>>
>>>> Email : mathur...@wso2.com
>>>> Mobile  : +94778191300
>>>>
>>>>
>>>>
>>>> *[image: http://wso2.com/signature] <http://wso2.com/signature>*
>>>> ___
>>>> Architecture mailing list
>>>> architect...@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>
>>>
>>> --
>>> *Sarubi Thillainathan *
>>> *Software Engineer - WSO2 Inc.*
>>>
>>> *Mobile : +94 (0) 76 68 49 101*
>>> ___
>>> Architecture mailing list
>>> architect...@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>
>>
>> --
>> Abilashini Thiyagarajah
>> Software Engineer
>> WSO2, Inc.
>> Mobile: +94 778983001
>> <http://wso2.com/signature>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
>
> *Dilin Dampahalage*
> Software Engineer | WSO2
>
> Email : di...@wso2.com
> Mobile : +94 771 462939
> web : http://wso2.com
>
> <http://wso2.com/signature>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.7.0 RC3

[Thanuja Jayasinghe]

Hi All,

I have tested the following and no issues were found.

   - User account association
   - Workflow management
   - Adaptive authentication
   - Role-based
  - User age based

[+] Stable - go ahead and release

Thanks,
Thanuja
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release of WSO2 Identity Server 5.7.0 RC1

[Thanuja Jayasinghe]

Hi All,

We are closing the vote as we found an issue while working with the
PostgreSQL database. We will fix the issue and release another release
candidate as soon as possible.

Thanks,
Thanuja

On Sat, Sep 8, 2018 at 6:34 AM Thanuja Jayasinghe  wrote:

> Hi All,
>
> We are pleased to announce the first release candidate(RC) of WSO2
> Identity Server 5.7.0.
>
> This release fixes the following issues,
>
>- 5.7.0-RC Fixes
><https://github.com/wso2/product-is/milestone/52?closed=1>
>- 5.7.0-Beta2 Fixes
><https://github.com/wso2/product-is/milestone/57?closed=1>
>- 5.7.0-Beta Fixes
><https://github.com/wso2/product-is/milestone/54?closed=1>
>- 5.7.0-Alpha3 Fixes
><https://github.com/wso2/product-is/milestone/53?closed=1>
>- 5.7.0-Alpha2 Fixes
><https://github.com/wso2/product-is/milestone/51?closed=1>
>- 5.7.0-Alpha Fixes
><https://github.com/wso2/product-is/milestone/50?closed=1>
>- 5.7.0-M5 Fixes
><https://github.com/wso2/product-is/milestone/49?closed=1>
>- 5.7.0-M4 Fixes
><https://github.com/wso2/product-is/milestone/48?closed=1>
>- 5.7.0-M3 Fixes
><https://github.com/wso2/product-is/milestone/47?closed=1>
>- 5.7.0-M2 Fixes
><https://github.com/wso2/product-is/milestone/46?closed=1>
>- 5.7.0-M1 Fixes
><https://github.com/wso2/product-is/milestone/45?closed=1>
>
> Source and distribution,
>  - https://github.com/wso2/product-is/releases/tag/v5.7.0-rc1
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> ~ The WSO2 Identity and Access Management Team ~
>
>

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release of WSO2 Identity Server Analytics 5.7.0 RC1

[Thanuja Jayasinghe]

Hi All,

We are closing the vote as we found an issue while configuring it for
risk-based adaptive authentication. We will fix the issue and release
another release candidate as soon as possible.

Thanks,
Thanuja

On Sat, Sep 8, 2018 at 11:17 PM Thanuja Jayasinghe  wrote:

> Hi All,
>
> We are pleased to announce the first release candidate(RC) of WSO2
> Identity Server Analytics 5.7.0.
>
> This release fixes the following issues,
>
>- 5.7.0-RC Fixes
><https://github.com/wso2/analytics-is/milestone/2?closed=1>
>
>
> Source and distribution,
>  - https://github.com/wso2/analytics-is/releases/tag/v5.7.0-rc1
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> ~ The WSO2 Identity and Access Management Team ~
>
>

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [VOTE] Release of WSO2 Identity Server Analytics 5.7.0 RC1

[Thanuja Jayasinghe]

Hi All,

We are pleased to announce the first release candidate(RC) of WSO2 Identity
Server Analytics 5.7.0.

This release fixes the following issues,

   - 5.7.0-RC Fixes
   


Source and distribution,
 - https://github.com/wso2/analytics-is/releases/tag/v5.7.0-rc1

Please download, test the product and vote.

[+] Stable - go ahead and release
[-] Broken - do not release (explain why)

Thanks,
~ The WSO2 Identity and Access Management Team ~
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [VOTE] Release of WSO2 Identity Server 5.7.0 RC1

[Thanuja Jayasinghe]

Hi All,

We are pleased to announce the first release candidate(RC) of WSO2 Identity
Server 5.7.0.

This release fixes the following issues,

   - 5.7.0-RC Fixes
   
   - 5.7.0-Beta2 Fixes
   
   - 5.7.0-Beta Fixes
   
   - 5.7.0-Alpha3 Fixes
   
   - 5.7.0-Alpha2 Fixes
   
   - 5.7.0-Alpha Fixes
   
   - 5.7.0-M5 Fixes
   
   - 5.7.0-M4 Fixes
   
   - 5.7.0-M3 Fixes
   
   - 5.7.0-M2 Fixes
   
   - 5.7.0-M1 Fixes
   

Source and distribution,
 - https://github.com/wso2/product-is/releases/tag/v5.7.0-rc1

Please download, test the product and vote.

[+] Stable - go ahead and release
[-] Broken - do not release (explain why)

Thanks,
~ The WSO2 Identity and Access Management Team ~
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.7.0-beta2 Released!

[Thanuja Jayasinghe]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.7.0 Beta2!
Download

You can download WSO2 Identity Server 5.7.0 beta2 from here

.

You can download WSO2 Identity Server Analytics 5.7.0 beta2 from here

.
How to run

   1.

   Extract the downloaded zip file.
   2.

   Go to the bin directory in the extracted folder.
   3.

   Run the wso2server.sh file if you are on a Linux/Mac OS or run the
   wso2server.bat file if you are on a Windows OS.
   4.

   Optionally, if you need to start the OSGi console with the server, use
   the -DosgiConsole property when starting the server.

What's new in WSO2 Identity Server 5.7.0 Beta2

A list of all the new features and bug fixes shipped with this release can
be found here 

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 

Contribute to WSO2 Identity ServerMailing Lists

Join our mailing lists and correspond with the developers directly. We also
encourage you to take part in discussions related to the product in the
architecture mailing list. If you have any questions regarding the product
you can use our StackOverflow forum to raise them as well.

   -

   Developer List: dev@wso2.org
   -

   Architecture List: architect...@wso2.org
   -

   User Forum: StackOverflow
   

Reporting Issues

We encourage you to report issues, improvements, and feature requests
regarding WSO2 Identity Server through our public WSO2 Identity Server GIT
Issues .

For more information about WSO2 Identity Server, please see
https://wso2.com/identity-and-access-management or visit the WSO2 Oxygen
Tank  developer portal for additional resources.

~ The WSO2 Identity and Access Management Team ~
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

[Thanuja Jayasinghe]

Hi All,

Tested user account association scenarios. No blocking issues found.

[+] Stable - Go ahead and release

Thanks,
Thanuja

On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha  wrote:

> Hi all,
>
> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>
>- SAML to SAML federation flow.
>- Publish and Update XACML policies.
>- OAuth token revocation.
>
> No blocking issues found.
>
> [+] Stable
>
> Thanks
> Isuri.
>
> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera 
> wrote:
>
>> Hi All,
>>
>> Tested SCIM 2.0 basic operations. No blocking issues found
>>
>> [+] Stable - Go ahead and release
>>
>> Regards,
>> Omindu.
>>
>>
>>
>>
>>
>> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya  wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>>- Configuring Single-Sign-On with SAML2
>>>- Configuring Single-Sign-On with OIDC
>>>- Configuring Multi-Factor Authentication
>>>- Configuring Twitter as a Federated Authenticator
>>>- Setting up Self-Signup
>>>- Creating a workflow
>>>- Tested Consent management API (Add/Retrieve purposes, Add/revoke
>>>consents.)
>>>
>>> No blocking issues found.
>>>
>>> [+] Stable
>>>
>>> Thanks,
>>>
>>>
>>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana 
>>> wrote:
>>>
 Hi,

 Tested SSO with Multi step/multi option authentication, Google
 and Twitter authenticators

 No blocking issues found.

 [+] Stable - Go ahead and release


 On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake <
 hasan...@wso2.com> wrote:

> Hi,
>
> Tested below scenarios on IS 5.6.0-RC3 pack,
>
> - Register a service provider
> - Obtain an access token using JWT grant type
> - Invoke user info endpoint using the token.
>
> No blocking issues found.
>
> [+] Stable - Go ahead and release
>
> Thanks,
> Hasanthi
>
> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman 
> wrote:
>
>> Hi,
>>
>> Tested below scenarios on IS 5.6.0-RC3 pack,
>>
>>- Invoke the OAuth Introspection Endpoint.
>>- OAuth token revocation.
>>- Entitlement policy creation using write policy in xml and
>>publishing.
>>- Using REST APIs via XACML to manage entitlement.
>>- Create, update, get, delete an OAuth app using Dynamic Client
>>Registration endpoint.
>>
>>
>> No blocking issues found.
>>
>> [+] Stable - Go ahead and release
>>
>> Thanks,
>> Dewni
>>
>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara 
>> wrote:
>>
>>> Hi all,
>>>
>>> I've tested following scenarios on the IS 5.6.0-RC3 pack.
>>>
>>> User management (add/update/remove users).
>>> User management in secondary userstores (Read-Write LDAP).
>>> Consent Management in SAML SSO.
>>> SAML to SAML federation.
>>> Creating workflows definitions for primary userstore users.
>>> Engaging/Disabling workflows on user-store operations.
>>> Enable role based authorization using XACML for service providers.
>>> Tenant creation/update/disabling.
>>>
>>> No blocking issues are found.
>>>
>>> [+] Stable - go ahead and release.
>>>
>>> Thanks,
>>> Sathya
>>>
>>>
>>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage >> > wrote:
>>>
 Hi all,

 I've tested following scenarios on the IS 5.6.0-RC3 pack with
 default database setup.

- Enable user self-registration and self-register a new user.
- Add multiple consent purposes with multiple PII categories.
- Login to dashboard and see whether we can see the default
consent and above added PII categories.
- Confirm claims are getting filtered based on consents.
- Configure a service provider with OpenID Connect and acquire
access tokens via Authorization Code, Implicit, Client Credential 
 and
Password grant types.
- Enable ID token encryption for the service provider and test
the flow with decryption for all grant types.
- Delete the self-signed up user, create another user with the
exact same username, log in to the dashboard and see what are the
consents shown.
- Revoke consents of the user via the dashboard and try
accessing the SP to verify the consents are asked again.
- Delete the SP, login to the dashboard and see whether the
consents are deleted for that SP.

 No blocking issues are found.

 [+] Stable - go ahead and release.

 Thanks,
 Vihanga.

 On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa 
 wrote:

> Hi all,
>
> We are pleased to announce the third 

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC2

[Thanuja Jayasinghe]

Hi,

Tested following scenarios on RC2 pack.

   - User account association(Local/Federated)
   - SAML2 IdP creation with metadata file
   - Workflow management

[+] Stable - Go ahead and release.

Thanks,
Thanuja


On Thu, Mar 15, 2018 at 2:52 PM, Prakhash Sivakumar 
wrote:

> Hi all,
>
> I have reviewed the following reports prepared by the product team.
>
> 1. Dynamic analysis report
> 2. Static analysis report.
>
> no issues with the analysis reports.
>
> +1, Go ahead and release.
>
> Thanks,
> Prakhash
>
>
>
>
> On Thu, Mar 15, 2018 at 2:45 PM, Jayanga Kaushalya 
> wrote:
>
>> Hi all,
>>
>> I have tested the following,
>>
>> 1. Forget-me tool in IS RC2 pack.
>> 2. Forget-me tool in IS Analytics RC2 pack.
>>
>> No blocking issues found.
>>
>> [+] Go ahead and release.
>>
>> Thanks!
>>
>> *Jayanga Kaushalya*
>> Senior Software Engineer
>> Mobile: +94777860160 <+94%2077%20786%200160>
>> WSO2 Inc. | http://wso2.com
>> lean.enterprise.middleware
>>
>>
>>
>> On Thu, Mar 15, 2018 at 1:26 PM, Ishara Karunarathna 
>> wrote:
>>
>>> HI,
>>>
>>> Tested the consent mgt feature with SAML SSO. and basic user mgt
>>> features.
>>> No blocking issues found.
>>>
>>> [+] Stable - Go ahead and release
>>>
>>> -Ishara
>>>
>>> On Thu, Mar 15, 2018 at 1:08 PM, Pulasthi Mahawithana <
>>> pulast...@wso2.com> wrote:
>>>
 Tested below scenarios and no blocking issues found.,

- Adding multi-Step workflow definitions
- Adding workflow associations and Multi step approval for user add
operation
- Federation with twitter
- Login analytics
- Session Analytics

 No blocking issues found.

 [+] Stable - Go ahead and release

 On Thu, Mar 15, 2018 at 12:33 PM, Hasintha Indrajee 
 wrote:

> Tested below scenarios with MySQL database
>
> Authentication data publishing.
> Custom OAuth client authenticators (Private key JWT client
> authenticator.)
>
> Self registration with consents (for super and non super tenants)
> SSO with missing mandatory claims and consents for SaaS apps. (SAML,
> with and without mandatory claims)
> Updating and revoking consents through dashboard for super tenant and
> non super tenant users.
> Consent erasure while apps (for SaaS scenarios) are deleted and users
> are deleted.
>
> No blocking issues found and +1 to proceed with release.
>
>
> On Thu, Mar 15, 2018 at 5:19 AM, Darshana Gunawardana <
> darsh...@wso2.com> wrote:
>
>> Hi all,
>>
>> We are pleased to announce the second release candidate of WSO2
>> Identity Server 5.5.0.
>>
>> This release fixes the following issues,
>>
>>-
>>- 5.5.0-RC2 fixes
>>
>> 
>>- 5.5.0-RC1 fixes
>>
>> 
>>- 5.5.0-Beta fixes
>>
>> 
>>- 5.5.0-Alpha3 fixes
>>
>> 
>>- 5.5.0-Alpha2 fixes
>>
>> 
>>- 5.5.0-Alpha fixes
>>
>> 
>>- 5.5.0-M4 fixes
>>
>> 
>>- 5.5.0-M3 fixes
>>
>> 
>>- 5.5.0-M2 fixes
>>
>> 
>>- 5.5.0-M1 fixes
>>
>> 
>>
>>
>> Source and distribution
>>
>> Runtime - https://github.com/wso2/product-is/releases/v5.5.0-rc2
>> Analytics - https://github.com/wso2/anal
>> ytics-is/releases/v5.5.0-rc2
>>
>>
>> Please download, test the product and vote.
>>
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>>
>> Thanks,
>> - WSO2 Identity and Access Management Team -
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com *
>> *Mobile: +94718566859 <071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>
> 

Re: [Dev] Set captcha on by default for tenants

[Thanuja Jayasinghe]

On Fri, Feb 23, 2018 at 8:55 AM, Isura Karunaratne  wrote:

> According to the code [1], we should call the method
> setSSOLoginConnectorConfigs from CaptchaUtil.buildReC
> aptchaFilterProperties method to get the default values from 
> captcha-config.properties
> file. So, currently, we cannot set default values from a config file.
>
> @Thanuja,
> Please confirm?
>

Yes.  You need to enable it from the UI.

>
>
> [1] https://github.com/wso2-extensions/identity-governance/blob/master/
> components/org.wso2.carbon.identity.captcha/src/main/
> java/org/wso2/carbon/identity/captcha/util/CaptchaUtil.java#L365
>
>
> Thanks
> Isura.
>
> On Fri, Feb 23, 2018 at 6:29 AM, Pulasthi Mahawithana 
> wrote:
>
>> Hi,
>>
>> What is the configuration we need to add for $subject? Need to get this
>> enabled as below by default for the (newly created) tenants. I searched the
>> documentation and code, but can't find where it is being set by default.
>>
>> [image: Inline image 1]
>>
>> --
>> *Pulasthi Mahawithana*
>> Associate Technical Lead
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: https://medium.com/@pulasthi7/
>>
>> 
>>
>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Wso2_5.4.0-update-4

[Thanuja Jayasinghe]

Hi Deepak,

Can you please provide the following information,

   1. Is the user authenticated from WSO2 IS or from a federated IdP?
   2. Do you see this warning log for all users or is it for some users?
   3. Is the warning log intermittent?
   4. Can you share the service provider configuration?

Thanks,
Thanuja

On Tue, Feb 20, 2018 at 11:39 AM, Deepak Singla 
wrote:

> Hello Thanuja
>
>
>
> I have installed Wso2_5.4.0-update-4 IS on window environment with
> SQLServer-2014. I am getting below error in carbon logs after some time:
>
>
>
> TID: [-1234] [] [2018-02-12 19:03:48,972]  WARN {org.wso2.carbon.identity.
> application.authentication.framework.handler.claims.impl.DefaultClaimHandler}
> -  Subject claim could not be found amongst service provider mapped
> unfiltered local claims
>
>
>
> TID: [-1234] [] [2018-02-12 19:03:48,972]  WARN {org.wso2.carbon.identity.
> application.authentication.framework.handler.sequence.impl.
> DefaultStepBasedSequenceHandler} -  Subject claim could not be found.
> Defaulting to Name Identifier.
>
> You have mentioned that it is resolved here https://wso2.org/jira/browse/
> IDENTITY-5073, but it is still reproduce able.
>
>
>
> Any suggestion?
>
>
>
> Thanks
>
> Deepak
>



-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [TokenBinding][OAuth] Need to add a sample application to IS

[Thanuja Jayasinghe]

Hi Inthirakumaaran,

You need to add your sample to
https://github.com/wso2/product-is/tree/5.x.x/modules/samples/oauth2.
Please send a pull request.

Thanks,
Thanuja

On Mon, Nov 20, 2017 at 3:17 PM, Inthirakumaaran Tharmakulasingham <
inthirakumaa...@wso2.com> wrote:

> Hi all,
> I developed a sample application to send OAuth requests to IS server with
> token binding support.Need to add that to product IS samples.
>
> git hub link for that application: https://github.com/inthirakumaaran/
> TokenBindingSample
>
> Thank you,
>
> Regards,
> kumar
>
> --
> Inthirakumaaran
> Software Engineering - Intern | WSO2
>
> Email: inthirakumaa...@wso2.com
> Mobile:0766598050
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Does WSO2 Identity Server support IDP initiated logout from federated IDP?

[Thanuja Jayasinghe]

Hi Roman,

On Thu, Nov 16, 2017 at 5:56 PM, Roman CHRENKO 
wrote:

> Hello.
>
> We are using WSO2 Identity Server 5.3.0.
>
> I configured trust between WSO2 IDP (symbolic name "IDP1") and the Service
> Provider (Shibboleth, symbolic name "SP1").
>
> Then I configured second trust between WSO2 acting as a service provider
> ("SP2") and federated IDP (symbolic name "IDP2", some public/gov service).
>
> I followed instructions at https://docs.wso2.com/display/
> IS530/Configuring+Shibboleth+IdP+as+a+Trusted+Identity+Provider.
>
> SP1 protects some resources, access to them is granted only when users are
> authenticated to IDP2. Everything is based on SAML protocol.
>
> Login works fine - login requests are redirected from WSO2(=IDP1) to IDP2.
>
> IDP1 initiated logout works fine too (user is sending GET to
> https://idp1.mydomain.com/samlsso?slo=true=
> https://sp1.mydomain.com/shibboleth ).
>
> But IDP2 initiated logout fails with message (in a browser): "Attention:
> Something went wrong during the authentication process. Please try signing
> in again."
>
> It generates record to the WSO2 log: "{...DefaultRequestCoordinator}
> Context does not exist. Probably due to invalidated cache".
>
> During the IDP2 initiated logout correct LogoutRequest is sent from IDP2
> to WSO2 (to https://amsrv.mydomain.com:9443/commonauth).
>
> (Our WSO2 is only one of many Service Providers which trust IDP2. IDP2 is
> central identity provider for government institutions.
>
> IDP2 supports SSO, so logout can be initiated from many independent
> applications (Service providers). But from out point of view it is
> initiated from IDP2.)
>
> Does WSO2 support such scenario (IDP2 initiated logout)?
>

No. This is not supported.


> If not, when will it be supported?
>

Created JIRA [1] to track this feature.


> If yes, where is it documented?
>
>
>
> Best regards,
>
> Roman
>
>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
As a workaround can you try sending modified IdP initiated logout request
to the /samlsso endpoint from the IDP2?
- In this case, WSO2 IS(IDP1) will send a logout request to IDP2 and IDP2
need to handle it and send back a successful response.
- In the SP1 configuration of WSO2 IS(IDP1), you need to configure a
landing URL in IDP2 as a "Return to URL" after the single logout.
  Ex:
https://idp1.mydomain.com/samlsso?slo=true=https://sp1.mydomain.com/shibboleth=https://idp2/logout-success
(IDP2 can't send an SP initiated logout request since the session index
will not be available at /samlsso endpoint (inbound) side)

[1] - https://wso2.org/jira/browse/IDENTITY-6929

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Roles and Groups in IS

[Thanuja Jayasinghe]

Hi Nila,

In C4, we consider roles and groups are the same. That's why when you add
groups to a user, IS set those values as roles to that user.

But in C5, we will have two separate concepts for Group and Role.
Group - Collection of users
Role - Collection of permissions
We can assign roles to a group.

Thanks,
Thanuja

On Sun, Nov 19, 2017 at 6:06 PM, Nilasini Thirunavukkarasu <
nilas...@wso2.com> wrote:

> Hi,
>
> I have added a group with a user by invoking scim group endpoint. It has
> been added under roles and shown as below in user profile (As we expected).
>
> ​
> Here
> 1) What is the use case of 'Groups' attribute in the above user profile?
> 2) Why we are having two local claims (groups & role)?
> 3) Why we are having two claims (groups & roles) for scim as follows:-
> 1.
> Claim URI urn:scim:schemas:core:1.0:groups
> Mapped Local Claim http://wso2.org/claims/groups
>
> 2.
> Claim URI urn:scim:schemas:core:1.0:roles
> Mapped Local Claim http://wso2.org/claims/role
>
>
> 4) How can we give values for Groups through SCIM?
>
> Tried the scenario with both LDAP and JDBC in IS 5.3.0.
>
> Please correct me If I have misunderstood. Any help on this would be
> highly appreciated.
>
> Thanks,
> Nila.
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <+94%2077%20524%201823>
> Web : http://wso2.com/
>
>
> 
> ​
>



-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Exposing WorkflowImplService as a OSGi service

[Thanuja Jayasinghe]

Hi Harsha,

Methods such as listBPSProfiles() and getBPSProfile() can be reused when we
write a custom workflow implementation extending AbstractWorkflow.
Otherwise, we have to write those functionalities again in the custom
implementation.

Thanks,
Thanuja

On Mon, Nov 13, 2017 at 8:28 PM, Harsha Thirimanna <hars...@wso2.com> wrote:

> Hi Thanjua,
>
> IS workflow implementation is bit different.
>
> There is a core framework part with the framework repo itself and this [3]
> repo contain WSO2 BPS server specific implementation for workflow. It is
> very tightly coupled with that.
>
> If some one want to write custom one, then they can write a component and
> have to implement AbstractWorkflow and other related deployers, services.
> That may be rely on either another task server or may be sync/async JVM
> process.
>
> So yes theoretically I am also +1 to have a OSGi service to above service,
> but i can't see any usage of that.
>
> [3]
> ​
>  https://github.com/wso2-extensions/identity-workflow-impl-bps
> <https://github.com/wso2-extensions/identity-workflow-impl-bps/blob/master/components/org.wso2.carbon.identity.workflow.impl/src/main/java/org/wso2/carbon/identity/workflow/impl/WorkflowImplService.java>
>
> On Mon, Nov 13, 2017 at 6:50 PM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi All,
>>
>> Is it possible to register WorkflowImplService[1] as OSGi service? It
>> will be really useful when we write custom workflow templates.
>>
>> [1] -
>> ​​
>>  https://github.com/wso2-extensions/identity-workflow-impl-b
>> ps/blob/master/components/org.wso2.carbon.identity.workflow.
>> impl/src/main/java/org/wso2/carbon/identity/workflow/impl/
>> WorkflowImplService.java
>> [2] - https://github.com/wso2-extensions/identity-workflow-impl-
>> bps/blob/master/components/org.wso2.carbon.identity.workflow
>> .impl/src/main/java/org/wso2/carbon/identity/workflow/impl/
>> internal/WorkflowImplServiceComponent.java#L96
>>
>> Thanks,
>> Thanuja
>> --
>> *Thanuja Lakmal*
>> Associate Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

[Thanuja Jayasinghe]

Hi Hasintha,

This is the session created by Travelocity app(SP session) and Travelocity
keeps SAML2 assertion in that session. So better have look at the logic
which Travelocity set the cookie after receiving the SAML2 response from
the Identity Server.

Thanks,
Thanuja

On Mon, Nov 13, 2017 at 9:30 PM, Hasintha Indrajee 
wrote:

> Hi Dilshani,
>
> In SAML bearer grant type, there is no session associated with. If you
> have a valid SAML assertion obtained from a trusted IDP (have to be
> configured in IS) it should work. What do you mean by session in this
> context ?.  Also the flow you have described seems unclear since you are
> using travelocity. Can you please elaborate more ?
>
>
> On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe 
> wrote:
>
>> Hi IS Team,
>>
>> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
>> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
>> moved the setup to cloud instance.
>>
>> When it is working in cloud set up, it identified that while sending the
>> SAML request it may not set the session. I used IP instead of hostname.
>> When we give hostname in assertion URL, it may attach session correctly in
>> the request.
>>
>> Is that the expected behavior? Why we can't attach session correctly with
>> IP.  I tried to use IP as we may have to add hostname as we accessing it
>> remotely. Any solution for that?
>>
>> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti
>> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity
>>
>> Thanks,
>> Dilshani
>>
>> --
>>
>> Dilshani Subasinghe
>> Software Engineer - QA *|* WSO2
>> lean *|* enterprise *|* middleware
>>
>> Mobile : +94773375185 <077%20337%205185>
>> Blog: dilshani.me
>>
>> 
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <077%20189%202453>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Exposing WorkflowImplService as a OSGi service

[Thanuja Jayasinghe]

Hi All,

Is it possible to register WorkflowImplService[1] as OSGi service? It will
be really useful when we write custom workflow templates.

[1] -
https://github.com/wso2-extensions/identity-workflow-impl-bps/blob/master/components/org.wso2.carbon.identity.workflow.impl/src/main/java/org/wso2/carbon/identity/workflow/impl/WorkflowImplService.java
[2] -
https://github.com/wso2-extensions/identity-workflow-impl-bps/blob/master/components/org.wso2.carbon.identity.workflow.impl/src/main/java/org/wso2/carbon/identity/workflow/impl/internal/WorkflowImplServiceComponent.java#L96

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS][SAML] Using different cert for SAML response signing

[Thanuja Jayasinghe]

Hi Danushka,

In the current implementation, it is not possible to set different keystore
for signing OOTB as it is not required in most of the cases.

But you can provide your own implementation for signing by implementing
org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner interface and
setting following property in the identity.xml,

org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner

Thanks,
Thanuja

On Wed, Nov 8, 2017 at 8:52 AM, Danushka Fernando 
wrote:

> Hi All
>
> Currently in Identity Server we use server's primary keystore's primary
> cert for response signing. Is it possible to use a different cert for this
> somehow?
>
> Thanks & Regards
> Danushka Fernando
> Associate Tech Lead
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>



-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

[Thanuja Jayasinghe]

Hi Mushthaq,

UserAccountAssociationService.switchLoggedInUser() service method is only
useful for users who has logged in session. Because this feature provides
support for switch between associated user accounts in that logged in
session. In order to create a session we need to call A
uthenticationAdmin.login() and in this service method, we do check whether
the user has permission/admin/login permission[1]. So it is a must to have
permission/admin/login permission for any user who is using
switchLoggedInUser method.

I think this gives the rationality for other methods which have the same
permission level.

[1] -
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java#L110

Thanks,
Thanuja

On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy  wrote:

> Hi All,
>
> Is there a specific reason to have "/permission/admin/login" in some of
> the operations in UserAccountAssociationService?
>
> This permission will allow the users to login to the Management Console
> and In case, if someone wants to use these operations of
> UserAccountAssociationService in a separate client application and he/she
> does not want to the users of this application to login to the Management
> Console, what would be the work around and how can we solve this?
>
> Your thoughts on this is highly appreciated.
>
> Thanks & Regards,
> Mushthaq
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> 
>



-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enable Response signing cannot be done through admin service when creating SAML2 Web SSO Configuraton for a Service Provider

[Thanuja Jayasinghe]

Hi Chamara,

SAML service provider UI uses the same admin service to add sp
configurations. So theoretically this should work.

So can you please attach the SOAP request used to create the SAML2 service
provider?

Thanks,
Thanuja

On Sun, Oct 22, 2017 at 10:19 PM, Chamara Ariyarathne 
wrote:

> Of course, the test was done with a WUM updated pack
>
> On Sun, Oct 22, 2017 at 10:17 PM, Hasintha Indrajee 
> wrote:
>
>> Did you observe this in a WUM updated pack ? If not can you please try
>> with a WUM updated pack as well ?
>>
>> On Sat, Oct 21, 2017 at 8:18 PM, Chamara Ariyarathne 
>> wrote:
>>
>>>
>>>
>>> On Sat, Oct 21, 2017 at 7:03 PM, Farasath Ahamed 
>>> wrote:
>>>
 I suspect a caching issue here.
 Was this a single node setup or a multi node cluster?

>>>
>>> Reproduced in Single node.
>>>

 Also when you try out next time. Can you simply view the SP config and
 click the update button (without ticking and unticking) and see it it 
 works?

>>>
>>> Sure.
>>>


 On Friday, October 20, 2017, Chamara Ariyarathne 
 wrote:

> Hi all,
>
> I'm using the IdentitySAMLSSOConfigService admin service to do the
> SAML2 Web SSO Configuration and later using 
> IdentityApplicationManagementService
> admin service to add it to a service provider configuration.
>
> I am using this tag to Enable Response Signing.
> true
>
> However when later checked with the travelocity webapp and the log
> in fails. When I checked the SP configuration, I can see the checkbox is
> ticked for Enable Response Signing in the UI.
>
> If I untick and tick again the checkbox and update the SP, then the
> scenario passes. What that means is, the admin service cannot be used to
> make the Enable Response Signing.
>
> This needs a fix.
>
> https://wso2.org/jira/browse/IDENTITY-6796
>
> --
> *Chamara Ariyarathne*
> WSO2 Inc; http://www.wso2.com/
> Mobile; *+94772786766 <077%20278%206766>*
>


 --
 Farasath Ahamed
 Software Engineer, WSO2 Inc.; http://wso2.com
 Mobile: +94777603866
 Blog: blog.farazath.com
 Twitter: @farazath619 
 




>>>
>>>
>>> --
>>> *Chamara Ariyarathne*
>>> WSO2 Inc; http://www.wso2.com/
>>> Mobile; *+94772786766 <077%20278%206766>*
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Hasintha Indrajee
>> WSO2, Inc.
>> Mobile:+94 771892453 <077%20189%202453>
>>
>>
>
>
> --
> *Chamara Ariyarathne*
> WSO2 Inc; http://www.wso2.com/
> Mobile; *+94772786766 <+94%2077%20278%206766>*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please review and merge the PRs

[Thanuja Jayasinghe]

Thanks.

On Tue, Sep 19, 2017 at 4:33 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Thanuja,
>
> Merged the PRs
>
> Thanks
> Thusitha
>
> On Tue, Sep 19, 2017 at 3:49 PM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi,
>>
>> Can you please review and merge the following PRs.
>>
>> [1] - https://github.com/wso2/carbon-kernel/pull/1535
>> [2] - https://github.com/wso2/carbon-kernel/pull/1531
>>
>> Thanks,
>> Thanuja
>>
>> --
>> *Thanuja Lakmal*
>> Associate Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>
>
>
> --
> Thusitha Dayaratne
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> <http://wso2.com/signature>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Please review and merge the PRs

[Thanuja Jayasinghe]

Hi,

Can you please review and merge the following PRs.

[1] - https://github.com/wso2/carbon-kernel/pull/1535
[2] - https://github.com/wso2/carbon-kernel/pull/1531

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please review and merge the pull request

[Thanuja Jayasinghe]

Thanks!

On Fri, Jul 21, 2017 at 10:17 AM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Thanuja,
>
> PR is merged to 4.4.x branch.
>
> Thanks
> Thusitha
>
> On Thu, Jul 20, 2017 at 6:31 PM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi Kishanthan,
>>
>> Please merge the pull request [1] which contains the fix for [2].
>>
>> [1] - https://github.com/wso2/carbon-kernel/pull/1445
>> [2] - https://github.com/wso2/carbon-kernel/issues/1444
>>
>> Thanks,
>> Thanuja
>>
>> --
>> *Thanuja Lakmal*
>> Associate Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thusitha Dayaratne
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> <http://wso2.com/signature>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Please review and merge the pull request

[Thanuja Jayasinghe]

Hi Kishanthan,

Please merge the pull request [1] which contains the fix for [2].

[1] - https://github.com/wso2/carbon-kernel/pull/1445
[2] - https://github.com/wso2/carbon-kernel/issues/1444

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why we use timestampSkew default value as 300 seconds in identity.xml, why not 0 seconds.

[Thanuja Jayasinghe]

Hi Dinali,

Consider the following calculation.

expiry time = issuedTimeInMillis + validityPeriodMillis -
(System.currentTimeMillis() - timestampSkew)

So actually token is valid for (validityPeriodMillis + timestampSkew)
seconds. This additional time is added to avoid the error occurred due to
the time synchronization issues between servers.

If your servers are perfectly synced then you can use timestampSkew value
as 0.

Thanks,
Thanuja


On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera  wrote:

> Hi All,
>
> In our identity.xml the default timeStampScrew value is used as 300
> seconds. Shouldn't this be 0 seconds?
>
> Because when we are getting a token from password grant type again and
> again *without a time delay*, the expiry time of the token increases than
> its accepted value because of this equation we are using.
>
> expiry time = issuedTimeInMillis + validityPeriodMillis - (System.
> currentTimeMillis() - timestampSkew);
>
> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds,
> therefore, expiry time = 3644 seconds which can not be happened.
>
> Therefore, it is better to have the default timeStampScrew value as 0
> seconds in order to get correct results.
>
>
> Thanks!
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please review and merge the pull request

[Thanuja Jayasinghe]

Thanks.

On Wed, May 31, 2017 at 11:58 AM, Jayanga Dissanayake <jaya...@wso2.com>
wrote:

> Hi Tahnuja,
>
> Merged the PR.
>
> Thanks,
> Jayanga.
>
> *Jayanga Dissanayake*
> Associate Technical Lead
> WSO2 Inc. - http://wso2.com/
> lean . enterprise . middleware
> email: jaya...@wso2.com
> mobile: +94772207259 <+94%2077%20220%207259>
> <http://wso2.com/signature>
>
> On Tue, May 30, 2017 at 12:28 PM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi Jayanga,
>>
>> Please merge the pull request [1] which contains the fix for [2].
>>
>> [1] - https://github.com/wso2/carbon-kernel/pull/1388
>> [2] - https://github.com/wso2/carbon-kernel/issues/1387
>>
>> Thanks,
>> Thanuja
>>
>> --
>> *Thanuja Lakmal*
>> Senior Software Engineer
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891 +94758009992
>>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Please review and merge the pull request

[Thanuja Jayasinghe]

Hi Jayanga,

Please merge the pull request [1] which contains the fix for [2].

[1] - https://github.com/wso2/carbon-kernel/pull/1388
[2] - https://github.com/wso2/carbon-kernel/issues/1387

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IDENTITY-5131] A solution for the possible deadlock due to session cleanup task

[Thanuja Jayasinghe]

Hi Ruwan,

On Mon, Apr 24, 2017 at 2:32 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote:

> Hi Dinali,
> Do we know any figures for
>  >> time taken by "deleteSTOREOperationsTask" operation
>
> We need to measure how long it takes to complete the data deletion per X
> number of records. Only then we could arrive at a correct strategy.
>
+1

> Having stored-procedure or handling it on queries does not make much
> difference.
> I would vote for changing the cleanup task schedule and making the delete
> query optimizations.
>

When we handle it this way we have to figure out following things,

- Only one server in the cluster should run this operation. If two nodes
run this operation at the same time there is a possibility for deadlock.
- Then if that node is down for some reason, one of the other nodes must
run this as this tables get huge number of entries each day
- Need to provide a way to configure the time which this operation need to
run. Do we need to configure this in every node? (Only one node will run
this operation)

Having stored procedures to handle this, does not have above complexities.


> Cheers,
> Ruwan
>
> On Mon, Apr 24, 2017 at 2:17 PM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi Dinali,
>>
>> +1 for the 2nd solution.
>>
>> Since this operation takes a considerable amount of time, it's better to
>> handle this from the DB side during the off-peak hours.
>>
>> Thanks,
>> Thanuja
>>
>> On Fri, Apr 21, 2017 at 11:12 AM, Dinali Dabarera <din...@wso2.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> There is a public issue reported in [3],  due to a deadlock happened in
>>> the long-running scenario.
>>>
>>> This deadlock occurs due the time taken by "deleteSTOREOperationsTask"
>>> operation which is responsible for cleaning session data which is scheduled
>>> daily.
>>>
>>> We have currently come up with two solutions for this deadlock problem,
>>>
>>>1. *We can add a property like " start-time" in the identity.xml
>>>file, In code level we can start the cleanup task during an off-peak 
>>> time.*
>>>2. *We can create two stored procedures to handle session data
>>>cleanup tasks and run them as scheduled jobs during the off-peak hours.*
>>>
>>> Here both 1 and 2 have advantages and disadvantages.
>>>
>>> In a cluster scenario, if we implement *1 *one server
>>> should only run this task.. if all of them run at the same time, there is a
>>> chance for deadlock.
>>>  If we implement *2, *the clean-up is handled by the data
>>> source itself, without interrupting any IS operations.
>>>
>>> What will be the best solution, out of 1 and 2 for this deadlock
>>> scenario? Please leave your ideas on this.
>>>
>>> [3] https://wso2.org/jira/browse/IDENTITY-5131
>>>
>>> Thank you.!
>>>
>>> Regards.
>>>
>>> --
>>> *Dinali Rosemin Dabarera*
>>> Software Engineer
>>> WSO2 Lanka (pvt) Ltd.
>>> Web: http://wso2.com/
>>> Email : gdrdabar...@gmail.com
>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
>>> Mobile: +94770198933 <+94%2077%20019%208933>
>>>
>>>
>>>
>>>
>>> <https://lk.linkedin.com/in/dinalidabarera>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> *Thanuja Lakmal*
>> Senior Software Engineer
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891 +94758009992
>>
>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
>

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IDENTITY-5131] A solution for the possible deadlock due to session cleanup task

[Thanuja Jayasinghe]

Hi Dinali,

+1 for the 2nd solution.

Since this operation takes a considerable amount of time, it's better to
handle this from the DB side during the off-peak hours.

Thanks,
Thanuja

On Fri, Apr 21, 2017 at 11:12 AM, Dinali Dabarera  wrote:

> Hi All,
>
> There is a public issue reported in [3],  due to a deadlock happened in
> the long-running scenario.
>
> This deadlock occurs due the time taken by "deleteSTOREOperationsTask"
> operation which is responsible for cleaning session data which is scheduled
> daily.
>
> We have currently come up with two solutions for this deadlock problem,
>
>1. *We can add a property like " start-time" in the identity.xml
>file, In code level we can start the cleanup task during an off-peak time.*
>2. *We can create two stored procedures to handle session data cleanup
>tasks and run them as scheduled jobs during the off-peak hours.*
>
> Here both 1 and 2 have advantages and disadvantages.
>
> In a cluster scenario, if we implement *1 *one server should
> only run this task.. if all of them run at the same time, there is a chance
> for deadlock.
>  If we implement *2, *the clean-up is handled by the data
> source itself, without interrupting any IS operations.
>
> What will be the best solution, out of 1 and 2 for this deadlock scenario?
> Please leave your ideas on this.
>
> [3] https://wso2.org/jira/browse/IDENTITY-5131
>
> Thank you.!
>
> Regards.
>
> --
> *Dinali Rosemin Dabarera*
> Software Engineer
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn 
> Mobile: +94770198933 <+94%2077%20019%208933>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Starting over authentication flow as a different user

[Thanuja Jayasinghe]

Hi Pulasthi,

The best approach is to ask Alice to log-out when she leaves the browser.

Or from the application side, we can give an option like "fresh-login"
which sends a "forceAuth=true" request to the IS. So he will go through the
authentication process again.

Thanks,
Thanuja


On Thu, Mar 2, 2017 at 3:14 AM, Pulasthi Mahawithana 
wrote:

> In IS 5.3.0, I have configured the authentication flow for an application
> to have 3 steps. During the authentication flow, the users may remember the
> result of the first two steps (using cookies) in their initial login. So,
> in subsequent logins they'll see the third step straight away in which they
> always need to get authenticated.
>
> Let's say 'Alice' logs in and remember the result for the first two steps
> and finish her work. After some time 'Bob' also use the same browser and
> try to login. He won't see the first two steps because there is an already
> remembered result from Alice's login. But in the third step he can't
> authenticate because he doesn't know Alice's credentials (and he intend to
> login as 'Bob'). So he needs to start over the flow as 'Bob'. When he does
> so, at IS, we should clear the remembered results for 'Alice' and allow the
> the user to try with a different username (This time he should get
> authenticated from all 3 steps). How can we achieve this requirement? Is
> there a known approach?
>
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: https://medium.com/@pulasthi7/
>
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Thanuja Jayasinghe]

On Tue, Feb 28, 2017 at 2:57 PM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

>
>
> On Tue, Feb 28, 2017 at 2:52 PM, Dulanja Liyanage <dula...@wso2.com>
> wrote:
>
>> Originally we identified the tenant domain only after user
>> authentication. Then only tenant specific SP configs could be retrieved.
>> That's why validation was done only after authentication.
>>
>
> Aren't we getting SP tenant domain with the issuer (appended after an "@"
> sign)? or at least as a query parameter ?. Do we do any request validation
> based on authenticated user's tenant domain ?.
>
Yes, we get the tenant domain of SP in the request. Therefore we can
validate authentication request before the authetication. But considering
the performance we have implemented it this way.


>
>> On Tue, Feb 28, 2017 at 2:49 PM, Thanuja Jayasinghe <than...@wso2.com>
>> wrote:
>>
>>> Hi Farasath,
>>>
>>> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed <farasa...@wso2.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Noticed $subject happening when we configure SAML SSO with SAML Request
>>>> Validation enabled.
>>>>
>>>> This means that even for an invalid SAML Request (with an invalid
>>>> signature) the user will go through the authentication steps configured for
>>>> that Service Provider(identified by the issuer value in the request) and
>>>> the SAML Request validation only happens after we get the response from the
>>>> authentication framework.
>>>>
>>>> Is this the expected behaviour?
>>>>
>>>> Yes.
>>>
>>> We only validate issuer name of the SAML service priovider in the
>>> authentication request before the authentication.
>>>
>>> Since we store SAML related configurations in the registry, we have
>>> implemented it in this way to improve performance for the valid
>>> authentication requests.
>>>
>>> But ideally, we should validate authentication request before moving to
>>> authentication.
>>>
>>>
>>>>
>>>> Thanks,
>>>> Farasath Ahamed
>>>> Software Engineer, WSO2 Inc.; http://wso2.com
>>>> Mobile: +94777603866
>>>> Blog: blog.farazath.com
>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>> <http://wso2.com/signature>
>>>>
>>>>
>>> Thanks,
>>> Thanuja
>>> --
>>> *Thanuja Lakmal*
>>> Senior Software Engineer
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891 +94758009992
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Thanuja Jayasinghe]

Hi Farasath,

On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed  wrote:

> Hi,
>
> Noticed $subject happening when we configure SAML SSO with SAML Request
> Validation enabled.
>
> This means that even for an invalid SAML Request (with an invalid
> signature) the user will go through the authentication steps configured for
> that Service Provider(identified by the issuer value in the request) and
> the SAML Request validation only happens after we get the response from the
> authentication framework.
>
> Is this the expected behaviour?
>
> Yes.

We only validate issuer name of the SAML service priovider in the
authentication request before the authentication.

Since we store SAML related configurations in the registry, we have
implemented it in this way to improve performance for the valid
authentication requests.

But ideally, we should validate authentication request before moving to
authentication.


>
> Thanks,
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS-6] Need clarifications on Unique claim(s) as user identifier in Identity Server

[Thanuja Jayasinghe]

Hi Johann,

On Tue, Feb 21, 2017 at 12:58 AM, Johann Nallathamby 
wrote:

> Hi Isura,
>
> On Mon, Feb 20, 2017 at 5:23 PM, Isura Karunaratne  wrote:
>
>> Hi,
>>
>>
>>
>> On Mon, Feb 20, 2017 at 2:20 PM, Johann Nallathamby 
>> wrote:
>>
>>> Hi Ayesha,
>>>
>>> On Mon, Feb 20, 2017 at 11:49 AM, Ayesha Dissanayaka 
>>> wrote:
>>>
 Hi,

 In Identity Management we have the concept of unique claims which can
 only have a unique value within a domain.
 With the value of a unique claim we can identify a unique user within a
 domain. While implementing identity management capabilities in IS-6.0 User
 portal we came across below concerns.

- System can have one or more unique claims.

 Can't it be zero? W have a globally unique UUID. Must we always have a
>>> unique claim also within a domain? Can't we say a combination of claims
>>> make the user unique? If there isn't anything like that in the system then
>>> the user can't perform recovery. Is that a acceptable? I don't think in amy
>>> practical system we can't find a combination of claims that identify the
>>> user uniquely in the domain.
>>>
>>
>> If it is zero, we have to use unique UUID as the unique idefier for all
>> the opeartions such as authentication, recovery. It is not practical to
>> remember unique UUID, so an external applicatoin should have the mapping
>> between unique UUID and username. Do we support zero unique claim scenario?
>>
>
> What I meant by zero unique claims is, there is not one single unique
> claim in the system. But there is a set of claims whose combination of
> values will uniquely identify the user. This needs to be defined using
> attribute profile.
>

Yes. For recovery scenarios, we can identify a user using a combination of
non-unique claims. So having at least one unique claim is not a requirement
for identity management features.

Having at least one unique claim comes with authentication feature.
Otherwise, there may be cases which we have to depend on the password to
differentiate users. So we have atleast one unique claim by defult?


>
>
>>
>> If we don't define a unique claim, how to identify the correct DomainUser
>> object for authentication. Fllowing is the existing API for authentication
>> and if there is no unique claim, we need to create a new API with unique
>> userid.
>>
>>
>>
>>   AuthenticationContext authenticate(Claim claim, Callback[]
>> credentials, String domainName)
>>
>> throws AuthenticationFailure, IdentityStoreException;
>>
>>
>>
>>
>>
- All the unique claims doesn't have to be required claims.

 Yes.
>>>

-
- At least one unique claim has to be required claim.

 If we go with my previous explanation, if one claim isn't enough to
>>> identify the user uniquely then there can be more claims that are required.
>>>

-

 For authentication and recovery scenarios we need to have a unique
 identifier for users. Currently we use "username" claim. I assume we need
 to provide the flexibility to change this identifier claim.

1. Do we allow client applications to choose this identifier claim
from unique claims?
   - Then the IS will have to accept any of the unique claims as
   the user identifier in authentication and validate against it.

 No need to let client applications choose this. We are talking about
>>> account recovery of an account centrally and solely managed by IS, and it
>>> is the sole responsibility of IS to allow its to recover their accounts
>>> securely and efficiently. Applications don't need to specify criteria for
>>> this process and change security requirements for the process.
>>>
>> +1
>>
>>
>>>
-
1. Otherwise should we keep it as a system wide configuration?

 Yes, it's a system (tenant) configuration.
>>>

1. For the User Portal, we use 'username' claim as the user
identifier. I have noticed we have hard-coded this claim 
 '*http://wso2.org/claims/username
*'.
1. I think we need to get this value from a configuration.
   2. Is it OK to keep this as a configuration within the User
   Portal.
   3. Otherwise where should we keep this?
   4. Will this identifier be username, for User portal always?
   Otherwise we need to have the flexibility of changing UI labels 
 according
   to the identifier without much effort.

 Can't this be handled by attribute profile feature? Again the answer
>>> depends on the answer for my previous question, about having a set of
>>> claims that uniquely identify a user in a domain.
>>>

1. Should we support authentication and recovery by multiple
identifiers ( ex: username or email or NIC, each representing an 
 individual
unique 

[Dev] Please review and merge

[Thanuja Jayasinghe]

Hi All,

Please review and merge [1]. This is the fix for [2].

[1] - https://github.com/wso2/carbon-kernel/pull/1277
[2] - https://github.com/wso2/carbon-kernel/issues/1276

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please review and commit

[Thanuja Jayasinghe]

Thanks.

On Thu, Jan 19, 2017 at 12:22 PM, Chamila De Alwis <chami...@wso2.com>
wrote:

> Hi Thanuja,
>
> The above are now committed.
>
>
> Regards,
> Chamila de Alwis
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer | WSO2
> Blog: https://medium.com/@chamilad
>
>
>
> On Wed, Jan 18, 2017 at 10:34 PM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi Chamila,
>>
>> Please use following diffs for the 4.2.0 branch.
>>
>> Thanks,
>>
>> On Wed, Jan 18, 2017 at 12:52 PM, Chamila De Alwis <chami...@wso2.com>
>> wrote:
>>
>>> Will do.
>>>
>>>
>>> Regards,
>>> Chamila de Alwis
>>> Committer and PMC Member - Apache Stratos
>>> Senior Software Engineer | WSO2
>>> Blog: https://medium.com/@chamilad
>>>
>>>
>>>
>>> On Wed, Jan 18, 2017 at 12:45 PM, Niranjan Karunanandham <
>>> niran...@wso2.com> wrote:
>>>
>>>> Hi ChamilaD,
>>>>
>>>> Can you look into this?
>>>>
>>>> Regards,
>>>> Nira
>>>>
>>>> On Wed, Jan 18, 2017 at 11:47 AM, Thanuja Jayasinghe <than...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Team,
>>>>>
>>>>> The same fix [1] added for carbon-kernel 4.4.x branch and created the
>>>>> issue [2] also.
>>>>>
>>>>> [1] - https://github.com/wso2/carbon-kernel/pull/1273
>>>>> [2] - https://github.com/wso2/carbon-kernel/issues/1272
>>>>>
>>>>> Thanks,
>>>>> Thanuja
>>>>>
>>>>> On Wed, Jan 18, 2017 at 9:54 AM, Thanuja Jayasinghe <than...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Team,
>>>>>>
>>>>>> Please find the attached svn diffs created to resolve issue [1] and
>>>>>> [2]. Please review and commit them.
>>>>>>
>>>>>> [1] - https://wso2.org/jira/browse/IDENTITY-5551
>>>>>> [2] - https://wso2.org/jira/browse/IDENTITY-3457
>>>>>>
>>>>>> Thanks,
>>>>>> Thanuja
>>>>>>
>>>>>> --
>>>>>> *Thanuja Lakmal*
>>>>>> Senior Software Engineer
>>>>>> WSO2 Inc. http://wso2.com/
>>>>>> *lean.enterprise.middleware*
>>>>>> Mobile: +94715979891 +94758009992
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Thanuja Lakmal*
>>>>> Senior Software Engineer
>>>>> WSO2 Inc. http://wso2.com/
>>>>> *lean.enterprise.middleware*
>>>>> Mobile: +94715979891 +94758009992
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> *Niranjan Karunanandham*
>>>> Associate Technical Lead - WSO2 Inc.
>>>> WSO2 Inc.: http://www.wso2.com
>>>>
>>>>
>>>
>>
>>
>> --
>> *Thanuja Lakmal*
>> Senior Software Engineer
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891 +94758009992
>>
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please review and commit

[Thanuja Jayasinghe]

Hi Chamila,

Please use following diffs for the 4.2.0 branch.

Thanks,

On Wed, Jan 18, 2017 at 12:52 PM, Chamila De Alwis <chami...@wso2.com>
wrote:

> Will do.
>
>
> Regards,
> Chamila de Alwis
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer | WSO2
> Blog: https://medium.com/@chamilad
>
>
>
> On Wed, Jan 18, 2017 at 12:45 PM, Niranjan Karunanandham <
> niran...@wso2.com> wrote:
>
>> Hi ChamilaD,
>>
>> Can you look into this?
>>
>> Regards,
>> Nira
>>
>> On Wed, Jan 18, 2017 at 11:47 AM, Thanuja Jayasinghe <than...@wso2.com>
>> wrote:
>>
>>> Hi Team,
>>>
>>> The same fix [1] added for carbon-kernel 4.4.x branch and created the
>>> issue [2] also.
>>>
>>> [1] - https://github.com/wso2/carbon-kernel/pull/1273
>>> [2] - https://github.com/wso2/carbon-kernel/issues/1272
>>>
>>> Thanks,
>>> Thanuja
>>>
>>> On Wed, Jan 18, 2017 at 9:54 AM, Thanuja Jayasinghe <than...@wso2.com>
>>> wrote:
>>>
>>>> Hi Team,
>>>>
>>>> Please find the attached svn diffs created to resolve issue [1] and
>>>> [2]. Please review and commit them.
>>>>
>>>> [1] - https://wso2.org/jira/browse/IDENTITY-5551
>>>> [2] - https://wso2.org/jira/browse/IDENTITY-3457
>>>>
>>>> Thanks,
>>>> Thanuja
>>>>
>>>> --
>>>> *Thanuja Lakmal*
>>>> Senior Software Engineer
>>>> WSO2 Inc. http://wso2.com/
>>>> *lean.enterprise.middleware*
>>>> Mobile: +94715979891 +94758009992
>>>>
>>>
>>>
>>>
>>> --
>>> *Thanuja Lakmal*
>>> Senior Software Engineer
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891 +94758009992
>>>
>>
>>
>>
>> --
>>
>>
>> *Niranjan Karunanandham*
>> Associate Technical Lead - WSO2 Inc.
>> WSO2 Inc.: http://www.wso2.com
>>
>>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
Index: 
src/main/java/org/wso2/carbon/core/services/loggeduserinfo/LoggedUserInfoAdmin.java
===
--- 
src/main/java/org/wso2/carbon/core/services/loggeduserinfo/LoggedUserInfoAdmin.java
 (revision 219330)
+++ 
src/main/java/org/wso2/carbon/core/services/loggeduserinfo/LoggedUserInfoAdmin.java
 (working copy)
@@ -20,6 +20,7 @@
 import org.apache.axis2.context.MessageContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.AbstractAdmin;
 import org.wso2.carbon.core.common.LoggedUserInfo;
@@ -48,13 +49,13 @@
 String userName = (String) request.getSession().getAttribute(
 ServerConstants.USER_LOGGED_IN);
 
-int index = userName.indexOf("/");
+int index = userName.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
 if (index < 0) {
 String domainName = (String) request.getSession().getAttribute(
 CarbonAuthenticationUtil.LOGGED_IN_DOMAIN);
 
 if (domainName != null) {
-userName = domainName + "/" + userName;
+userName = domainName + CarbonConstants.DOMAIN_SEPARATOR + 
userName;
 }
 }
 LoggedUserInfo loggedUserInfo = new LoggedUserInfo();
Index: src/main/java/org/wso2/carbon/user/core/UserCoreConstants.java
===
--- src/main/java/org/wso2/carbon/user/core/UserCoreConstants.java  
(revision 219332)
+++ src/main/java/org/wso2/carbon/user/core/UserCoreConstants.java  
(working copy)
@@ -17,6 +17,9 @@
 */
 package org.wso2.carbon.user.core;
 
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.base.ServerConfiguration;
+
 public class UserCoreConstants {
 
 public static final String DATA_SOURCE = "um.datasource";
@@ -62,8 +65,17 @@
 
 public static final String IS_USER_IN_ROLE_CACHE_IDENTIFIER = 
"@__isUserHasTheRole__@";
 
-public static final String DOMAIN_SEPARATOR = "/";
+public static final String DOMAIN_SEPARATOR;
 
+static {
+String userDomainSeparator = 
ServerConfiguration.getInstance().getFirstProperty("UserDomainSeparator");
+if (userDomainSeparator != null && 
!userDomainSeparator.trim().is

Re: [Dev] Please review and commit

[Thanuja Jayasinghe]

Hi Team,

The same fix [1] added for carbon-kernel 4.4.x branch and created the issue
[2] also.

[1] - https://github.com/wso2/carbon-kernel/pull/1273
[2] - https://github.com/wso2/carbon-kernel/issues/1272

Thanks,
Thanuja

On Wed, Jan 18, 2017 at 9:54 AM, Thanuja Jayasinghe <than...@wso2.com>
wrote:

> Hi Team,
>
> Please find the attached svn diffs created to resolve issue [1] and [2].
> Please review and commit them.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-5551
> [2] - https://wso2.org/jira/browse/IDENTITY-3457
>
> Thanks,
> Thanuja
>
> --
> *Thanuja Lakmal*
> Senior Software Engineer
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891 +94758009992
>



-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Please review and commit

[Thanuja Jayasinghe]

Hi Team,

Please find the attached svn diffs created to resolve issue [1] and [2].
Please review and commit them.

[1] - https://wso2.org/jira/browse/IDENTITY-5551
[2] - https://wso2.org/jira/browse/IDENTITY-3457

Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
Index: 
src/main/java/org/wso2/carbon/core/services/loggeduserinfo/LoggedUserInfoAdmin.java
===
--- 
src/main/java/org/wso2/carbon/core/services/loggeduserinfo/LoggedUserInfoAdmin.java
 (revision 219330)
+++ 
src/main/java/org/wso2/carbon/core/services/loggeduserinfo/LoggedUserInfoAdmin.java
 (working copy)
@@ -20,6 +20,7 @@
 import org.apache.axis2.context.MessageContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.AbstractAdmin;
 import org.wso2.carbon.core.common.LoggedUserInfo;
@@ -48,13 +49,13 @@
 String userName = (String) request.getSession().getAttribute(
 ServerConstants.USER_LOGGED_IN);
 
-int index = userName.indexOf("/");
+int index = userName.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
 if (index < 0) {
 String domainName = (String) request.getSession().getAttribute(
 CarbonAuthenticationUtil.LOGGED_IN_DOMAIN);
 
 if (domainName != null) {
-userName = domainName + "/" + userName;
+userName = domainName + CarbonConstants.DOMAIN_SEPARATOR + 
userName;
 }
 }
 LoggedUserInfo loggedUserInfo = new LoggedUserInfo();
Index: src/main/java/org/wso2/carbon/user/core/UserCoreConstants.java
===
--- src/main/java/org/wso2/carbon/user/core/UserCoreConstants.java  
(revision 219323)
+++ src/main/java/org/wso2/carbon/user/core/UserCoreConstants.java  
(working copy)
@@ -17,6 +17,9 @@
 */
 package org.wso2.carbon.user.core;
 
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.base.ServerConfiguration;
+
 public class UserCoreConstants {
 
 public static final String DATA_SOURCE = "um.datasource";
@@ -62,8 +65,17 @@
 
 public static final String IS_USER_IN_ROLE_CACHE_IDENTIFIER = 
"@__isUserHasTheRole__@";
 
-public static final String DOMAIN_SEPARATOR = "/";
+public static final String DOMAIN_SEPARATOR;
 
+static {
+String userDomainSeparator = 
ServerConfiguration.getInstance().getFirstProperty("UserDomainSeparator");
+if (!StringUtils.isEmpty(userDomainSeparator)) {
+DOMAIN_SEPARATOR = userDomainSeparator.trim();
+} else {
+DOMAIN_SEPARATOR = "/";
+}
+}
+
 public static final String PRINCIPAL_USERNAME_SEPARATOR = "_";
 
 public static final String SHARED_ROLE_TENANT_SEPERATOR = 
"@SharedRoleSeperator@";
Index: 
src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java
===
--- 
src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java  
(revision 219323)
+++ 
src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java  
(working copy)
@@ -41,7 +41,9 @@
 import org.wso2.carbon.user.core.util.UserCoreUtil;
 
 import javax.naming.AuthenticationException;
+import javax.naming.CompositeName;
 import javax.naming.InvalidNameException;
+import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.PartialResultException;
@@ -1639,8 +1641,8 @@
 Attributes userAttributes;
 try {
 // '\' and '"' characters need another level of escaping 
before searching
-userAttributes = 
dirContext.getAttributes(user.replace("", "\\")
-.replace("\\\"", "\""), returnedAttributes);
+userAttributes = dirContext.getAttributes(new 
CompositeName().add(user.replace("", "\\")
+.replace("\\\"", "\"")), returnedAttributes);
 
 String displayName = null;
 String userName = null;
@@ -2787,7 +2789,8 @@
 if (debug) {
 log.debug("Using DN: " + group);
 }
-Attributes groupAttributes = dirContext.getAttributes(group, 
returnedAttributes);
+Attributes groupAttributes = dirContext.getAttributes(new 
CompositeName().add(group),
+returnedAttributes);
 if (groupAttributes != null) {
 Attribute groupAttribute = 

[Dev] Show images persisted in a database or in a non-public folder from a uuf app

[Thanuja Jayasinghe]

Hi Sajith,

For the user portal feature in IS 6.0.0, we have a requirement to show user
image in the app. These images are currently persisted inside a database.
So we need a way to provide image URL for those.

I have created the issue [1] to track this.

[1] - https://github.com/wso2/carbon-uuf/issues/138

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Thanuja Jayasinghe]

Hi,

Tested following,

   - Account recovery with notification
   - Account recovery with security questions
   - Recaptcha
   - Self signup

[+] Stable - go ahead and release

Thanks,
Thanuja

On Mon, Jan 9, 2017 at 11:05 AM, Rushmin Fernando  wrote:

> Tested following features with MSSQL
>
> 1) SAML flow
> 2) OAuth
> 3) OIDC
> 4) SAML metedata profile
>
>   [+] Stable - go ahead and release
>
> Best Regards
> Rushmin
>
> On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera  wrote:
>
>> Hi,
>> I tested the following on the Identity Server 5.3.0-RC3 pack,
>>
>>- Discovery
>>- DCR
>>- Form Post
>>- Introspection
>>- SCIM API
>>- User Management
>>
>> Worked fine without any issues.
>> [+] Stable - go ahead and release
>>
>> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana > > wrote:
>>
>>> Hi All,
>>>
>>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>>
>>> Please download, test the product and vote. Vote will be open for 72
>>> hours or as needed.
>>>
>>> This release fixes the following issues:
>>>
>>> Runtime : https://wso2.org/jira/issues/?filter=13612
>>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>>
>>> Source and distribution
>>>
>>> Run-time : https://github.com/wso2/prod
>>> uct-is/releases/tag/v5.3.0-rc3
>>> Analytics : https://github.com/wso2/anal
>>> ytics-is/releases/tag/v5.3.0-rc3
>>>
>>> Please vote as follows.
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>> Thanks,
>>> - WSO2 Identity Server Team -
>>>
>>> --
>>> *Pulasthi Mahawithana*
>>> Senior Software Engineer
>>> WSO2 Inc., http://wso2.com/
>>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>>> Blog: http://blog.pulasthi.org
>>>
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Dinali Rosemin Dabarera*
>> Software Engineer
>> WSO2 Lanka (pvt) Ltd.
>> Web: http://wso2.com/
>> Email : gdrdabar...@gmail.com
>> LinkedIn 
>> Mobile: +94770198933 <+94%2077%20019%208933>
>>
>>
>>
>>
>> 
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc.  - Lean . Enterprise . Middleware
>
> mobile : +94775615183
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Thanuja Jayasinghe]

Hi Vinod,

You have to use the JAAS authorization API, instead calling CarbonPrincipal.
isAuthorized. As an example, let say we have a CarbonPrincipal. So we can
use that principal to build a Subject.

Subject subject = new Subject();

subject.getPrincipals().add(carbonPrincipal);

Then we can use this Subject to call the authorization  API,

private boolean isAuthorized(Subject subject, final CarbonPermission
carbonPermission) {

final SecurityManager securityManager;

if (System.getSecurityManager() == null) {
securityManager = new SecurityManager();
} else {
securityManager = System.getSecurityManager();
}

try {
Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> {
securityManager.checkPermission(carbonPermission);
return null;
}, null);
return true;
} catch (AccessControlException | PrivilegedActionException e) {
if (log.isDebugEnabled()) {
log.debug("Authorization Failed", e);
}
return false;
}
}

Thanks,
Thanuja

On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera  wrote:

> HI Vinod, shouldn't this be asked in a new thread?
> Hi Rasika, Sajith, You did this recently, right, Can you please help?
>
> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda  wrote:
>
>> Hi Jayanga,
>> I'm trying to authorize the current user with a particular action. I have
>> used the following code snippet, Is this correct?
>>
>> public static boolean isUserAuthorized(String resource, String action) {
>> CarbonPermission carbonPermission = new CarbonPermission(resource,
>> action);
>> return ((CarbonPrincipal) PrivilegedCarbonContext.getCur
>> rentContext().getUserPrincipal())
>> .isAuthorized(carbonPermission);
>> }
>>
>> Further, how do we define a set of Resources and Actions for them? Any
>> documentation on this?
>>
>> Regards,
>> Vinod
>>
>> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya 
>> wrote:
>>
>>> Hi Prabushi,
>>>
>>> Actually there will be no permissions that directly assigned to the
>>> user. All permissions are assigned through roles. By calling the above
>>> method in user will indirectly get all permissions through roles which are
>>> assigned to that particular user. If you need to get permissions for
>>> specific role, then you can use the same method in role.
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Software Engineer
>>> Mobile: +94777860160
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon <
>>> prabus...@wso2.com> wrote:
>>>
 Hi,

 Thank you for the clarifications Darshana and Jayanga.

 On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya 
 wrote:

> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
> prabus...@wso2.com> wrote:
>
>>
>> Hi All,
>>
>> 1. Is there an  API method to get all the resources permitted to a
>> particular user or a role?
>>
>
> Yes. You can use the method getPermissions(Action action) [1] in User
> to retrieve all the permissions assigned to that particular user filtered
> by the action. Permission is a resource + action. So permissions filtered
> by the action is a list of permitted resources.
>

  Ah great, now I understood that part. Can we use the same way for a
 role also? But in that case we might get duplicates of the resources right?

>
>> 2. With this permission model, are we going to introduce the email
>> based authentication for the products, or remain with the username model?
>>
>> 3. In our current management console, we have one view to create the
>> user, and another view to create the user profile according to the given
>> http://wso2.org/claims. Is there a particular reason to have the
>> user profile in a separate view? Do we need to have two views for user
>> creation and profile in C5 model also?
>>
>> Any clarification on above matters is appreciated.
>>
>> Thanks and Regards,
>> Prabushi
>>
>> --
>> *Prabushi Samarakoon*
>> Software Engineer
>> Mobile: +94715434580
>> Email: prabus...@wso2.com
>>
>
> [1] https://github.com/wso2/carbon-security/blob/master/comp
> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
> carbon/security/caas/user/core/bean/User.java#L188
>
> Thanks!
>


 Thanks and Regards.
 --
 *Prabushi Samarakoon*
 Software Engineer
 Mobile: +94715434580
 Email: prabus...@wso2.com

>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Vinod Kavinda
>> Software Engineer
>> *WSO2 Inc. - lean . enterprise . middleware .*
>> Mobile : +94 

Re: [Dev] [C5] [CAAS] On Authentication: Invoking loginContext.login() returns LoginException of CNF for UsernamePasswordLoginModule

[Thanuja Jayasinghe]

Hi Rasika,

This issue happens when 'carbon-security-caas' module does not activate
properly. Can you debug the code [1], and check whether activate method is
getting called.

[1] -
https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/internal/CarbonSecurityComponent.java#L80

Thanks,

On Mon, Jul 25, 2016 at 7:09 PM, Rasika Perera  wrote:

> Hi All,
>
> I am trying to invoke basic authentication with CAAS. I have installed
> "org.wso2.carbon.security.caas.feature" and imported following packages;
>
> org.wso2.carbon.security.caas.api.*,
> org.wso2.carbon.kernel.context,
> org.wso2.carbon.messaging
>
> Further I have added config location into the startup script;
>
> -Djava.security.auth.login.config="$CARBON_HOME/conf/security/carbon-jaas.config"\
>
> My code snippet is as below (based on JAAS sample[1]);
>
> PrivilegedCarbonContext.destroyCurrentContext();
> CarbonMessage carbonMessage = new DefaultCarbonMessage();
> carbonMessage.setHeader("Authorization", "Basic " + Base64.getEncoder()
> .encodeToString("admin:admin".getBytes())
> );
>
> ProxyCallbackHandler callbackHandler = new 
> ProxyCallbackHandler(carbonMessage);
> LoginContext loginContext = new LoginContext("CarbonSecurityConfig", 
> callbackHandler);
> loginContext.login();
>
> ​I am getting following error at the line "loginContext.login()";
>
> Caused by: javax.security.auth.login.LoginException: unable to find
> LoginModule class:
> org.wso2.carbon.security.caas.api.module.UsernamePasswordLoginModule
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:794)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
> at
> org.wso2.carbon.uuf.sample.simpleauth.bundle.SimpleAuthHandler.authenticate(SimpleAuthHandler.java:45)
>
> Further I have found this occurs when LoginContext is trying load the
> class "UsernamePasswordLoginModule" using Bootstrap class loader.
>
> Any thoughts on how to fix this issue?
>
> [1]
> https://github.com/wso2/carbon-security/blob/master/tests/osgi-tests/src/test/java/org/wso2/carbon/security/caas/test/osgi/JAASTests.java
> --
> With Regards,
>
> *Rasika Perera*
> Software Engineer
> LinkedIn: http://lk.linkedin.com/in/rasika90
>
> [image: wso2-signature-general.png] 
>
> WSO2 Inc. www.wso2.com
> lean.enterprise.middleware
>



-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Controlling access to jaggery pages by permissions

[Thanuja Jayasinghe]

On Fri, Jul 15, 2016 at 3:56 PM, Rajkumar Rajaratnam 
wrote:

> Hi,
>
> I have a jaggery app with some pages and secured them via SAML SSO with
> WSO2 IS. So the authentication is implemented, now I have to implement the
> authorization. I need to control access to these jaggery pages by
> roles/permissions of the loggedin user. Here is the approach I have
> followed and I need to validate whether it is okay or there are better
> ways.
>
>1. Created custom permissions under my application service provider
>(one permission per one feature in my jaggery app)
>2. When a user access a feature in the jaggery app, I am calling "
>*isUserAuthorized*" method of "*RemoteAuthorizationManagerService*"
>admin service to check whether the logged in user is authorized to access
>the page. I think "isUserAuthorized" method checks whether the given user
>has any roles with the given permission. So, if it returns true, then I
>allow the user to access the page.
>3. I am calling the admin service with basic authentication. Is there
>any issues with this approach? Do I need to obtain a session cookie and
>call the admin service using session cookie instead of username/password?
>What is the recommended approach?
>
> Any issues with this approach?
>
Since "isUserAuthorized" method of "RemoteAuthorizationManagerService"
requires "/permission/admin/configure/security" permission, a user without
this permission will not able to access this service using his session
cookie. So your current approach is correct.

> Thanks,
> Raj.
>
> --
> Rajkumar Rajaratnam
> Committer & PMC Member, Apache Stratos
> Senior Software Engineer, WSO2
>
> Mobile : +94777568639
>

Thanks,

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [Architecture] WSO2 Identity Server 5.3.0 Milestone 3 Released..!!

[Thanuja Jayasinghe]

*WSO2 Identity Server 5.3.0 Milestone 3 Released..!!*


The WSO2 Identity Server team is pleased to announce the 3rd Milestone of
WSO2 Identity Server 5.3.0. You can download this distribution from
https://github.com/wso2/product-is/releases/tag/v5.3.0-m3

Following list contains all features, improvements and bug fixes available
with this milestone.
New Feature

   - [IDENTITY-2972 ] -
   Improvements to Identity Management Feature
   - [IDENTITY-3486 ] - New
   claim management feature
   - [IDENTITY-4686 ] - Consume
   the new Rest APIs in IS 5.3.0 for Identity Management scenarios in IS user
   portal
   - [IDENTITY-4756 ] -
   Implement User Self Registration Rest APIs
   - [IDENTITY-4795 ] -
   Improvements in handling incorrect login attempts

Task

   - [IDENTITY-4691 ] -
   Removing jars/wars from features in the pack
   - [IDENTITY-4692 ] - Reduce
   account-recovery webapp size

Sub-task

   - [IDENTITY-2087 ] -
   Password History
   - [IDENTITY-2979 ] - Provide
   a REST endpoint that for Identity Management operations
   - [IDENTITY-3111 ] - Resend
   email for Self Sign-Up - REST API
   - [IDENTITY-3591 ] - User
   challenge question internationalization
   - [IDENTITY-4755 ] - Block
   brute force attacks on password resets



*How To Contribute*
Your feedback are most welcome! Mailing ListsJoin our mailing list and
correspond with the developers directly.

   - Developer List : dev@wso2.org | Subscribe  | Mail
   Archive 
   - User forum : StackOverflow
   

Reporting Issues
We encourage you to report issues, improvements and feature requests
regarding WSO2 Identity Server through public WSO2 Identity Server JIRA
https://wso2.org/jira/browse/IDENTITY


~ The WSO2 Identity Server Team ~

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Force Password Reset and Password History validation

[Thanuja Jayasinghe]

Hi Pushpalanka/Isura,


On Mon, Jun 20, 2016 at 4:50 PM, Pushpalanka Jayawardhana 
wrote:

> Hi Isura,
>
> On Mon, Jun 20, 2016 at 10:52 AM, Isura Karunaratne 
> wrote:
>
>> HI all,
>>
>> I am working on $subject for WSO2 Identity Sever 5.3.0 release. Following
>> are the currently identified improvements,
>>
>>
>>- Password History -
>>
>> Last 'n' number of passwords need to be maintained in user's history.
>> When user updates his password we don't allow him to choose one of these
>> 'n' passwords again.
>>
>>
>>- Periodic Password Reset -
>>
>> Force the user to periodically (configurable period) reset his password.
>> When doing this we need to leverage the password history feature as well.
>>
>>
>> CREATE TABLE IF NOT EXISTS idn_password_history_data
>>  (
>>   user_name   *VARCHAR*(255) NOT NULL,
>>   user_domain *VARCHAR*(255) NOT NULL,
>>   tenant_id   *INTEGER* DEFAULT -1,
>>   hash*VARCHAR*(255) NOT NULL,
>>   time_created *TIMESTAMP* NOT NULL DEFAULT
>> CURRENT_TIMESTAMP,
>>   PRIMARY KEY (user_name,user_domain,tenant_id,
>> hash),
>>  )
>>
>>
>> All the passwords which are supposed to store in this table are old
>> passwords (expired).
>>
>> - I think we don't need to use the same  password hashing algorithm (with
>> or without salted value) which is defined user-mgt.xml for password history
>> validation.
>> - admin users can change other user's passwords without giving their old
>> passwords. In that case, how can we find the old password hash value to
>> store for password history validation?
>>
> In the given table schema we may need to pay special attention to handle
> user_domain, as secondary user store domain can be changed. Ideally we
> should incorporate a *unique user store domain id* than using user domain
> here.
>

We already have a listener to handle user store domains related operations
called 'AbstractUserStoreConfigListener'. This listener provides "
onUserStoreNamePreUpdate" and "onUserStorePreDelete" methods, which we can
use here to modify "idn_password_history_data" table accordingly.  Also
these methods work with user store domain name.
You can refer [1] for such implementation.


>
>>
>> Your comments and suggestions are highly appreciated.
>>
>> Thanks
>> Isura.
>>
>>
>> Isura Dilhara Karunaratne
>> Senior Software Engineer
>>
>> Mob +94 772 254 810
>>
>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
[1] -
https://github.com/wso2-extensions/identity-user-account-association/blob/master/components/org.wso2.carbon.identity.user.account.association/src/main/java/org/wso2/carbon/identity/user/account/association/internal/UserStoreConfigListenerImpl.java

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [Architecture] WSO2 Identity Server 5.3.0 Milestone 2 Released..!!

[Thanuja Jayasinghe]

*WSO2 Identity Server 5.3.0 Milestone 2 Released..!!*


The WSO2 Identity Server team is pleased to announce the 2nd Milestone of
WSO2 Identity Server 5.3.0. You can download this distribution from
https://github.com/wso2/product-is/releases/tag/v5.3.0-m2.

Following list contains all features, improvements and bug fixes available
with this milestone.
Improvement

   - [IDENTITY-4686 ] - Rest
   API for user information recovery scenarios in IS user portal

New Feature

   - [IDENTITY-1916 ] - Support
   for OpenID Connect Dynamic Client Registration 1.0
   - [IDENTITY-3504 ] - IWA
   authentication with WSO2 IS on Linux and external Kerberos/NTLM Server
   - [IDENTITY-4284 ] - RFC
   7662 – Token Introspection
   - [IDENTITY-4687 ] -
   Revocation/Regeneration client secret in OAuth 2.0
   - [IDENTITY-4688 ] - Email
   confirmation scenarios

Sub-task

   - [IDENTITY-2979 ] - Provide
   a REST endpoint that for Identity Management operations
   - [IDENTITY-3300 ] - WSO2
   dashboard support user information recovery
   - [IDENTITY-3606 ] -
   Integrate an enhanced captcha library




*How To Contribute*
Your feedback are most welcome! Mailing ListsJoin our mailing list and
correspond with the developers directly.

   - Developer List : dev@wso2.org | Subscribe  | Mail
   Archive 
   - User forum : StackOverflow
   

Reporting Issues
We encourage you to report issues, improvements and feature requests
regarding WSO2 Identity Server through public WSO2 Identity Server JIRA
https://wso2.org/jira/browse/IDENTITY


~ The WSO2 Identity Server Team ~


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Retrieving claim values with Claim Manager changes

[Thanuja Jayasinghe]

Hi Himasha,

This is a known issue and Jayanga will provide a fix soon.

Thanks,
Thanuja

On Thu, May 26, 2016 at 10:19 AM, Himasha Guruge  wrote:

> [1]
> https://github.com/wso2-extensions/carbon-security-user-store-jdbc/blob/75d466dd4110ab55fb5dcb728b33611ec116bf63/feature/resources/database/WSO2CARBON_DB.sql
>
> [2]
> https://github.com/wso2-extensions/carbon-security-user-store-jdbc/blob/master/tests/osgi-tests/src/test/resources/h2_test_data.sql
>
> On Thu, May 26, 2016 at 10:19 AM, Himasha Guruge 
> wrote:
>
>> Hi ,
>>
>> With the latest Claim Manager changes in carbon-security, following test
>> was done to retrieve user claim values for user admin. However, an empty
>> claim list is returned for the following line.
>>
>> user.getClaims(claims);
>>
>> While debugging, following stack trace was identified. I have used [1]
>> and [2] to create the database tables and test data values. Any idea on
>> what could be the issue? User object contains the claim mappings , however
>> the values are not retrieved.
>>
>> Given *Caused by: org.h2.jdbc.JdbcSQLException: Invalid value "3" for
>> parameter "parameterIndex" [90008-191]* could it be an issue with the
>> test data?
>>
>> org.wso2.carbon.bpmn[org.wso2.carbon.bpmn.core.integration.BPSUserIdentityManager]
>> : Error retrieving user info by id for: 41dadd2aea6e11e59ce95e5517507c66
>> org.wso2.carbon.security.caas.user.core.exception.IdentityStoreException:
>> Error occurred while retrieving user claims.
>> at
>> org.wso2.carbon.security.userstore.jdbc.connector.JDBCIdentityStoreConnector.getUserAttributeValues(JDBCIdentityStoreConnector.java:250)
>> at
>> org.wso2.carbon.security.caas.user.core.store.IdentityStore.getUserAttributeValues(IdentityStore.java:185)
>> at
>> org.wso2.carbon.security.caas.user.core.bean.User.getClaims(User.java:146)
>> at
>> org.wso2.carbon.bpmn.core.integration.BPSUserIdentityManager.findUserById(BPSUserIdentityManager.java:111)
>> at
>> org.wso2.carbon.bpmn.tests.osgi.BPMNClaimUserTaskTest.testInvokeClaimedUserTask(BPMNClaimUserTaskTest.java:144)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:483)
>> at
>> org.ops4j.pax.exam.raw.extender.intern.ProbeInvokerImpl.injectContextAndInvoke(ProbeInvokerImpl.java:125)
>> at
>> org.ops4j.pax.exam.raw.extender.intern.ProbeInvokerImpl.findAndInvoke(ProbeInvokerImpl.java:85)
>> at
>> org.ops4j.pax.exam.raw.extender.intern.ProbeInvokerImpl.call(ProbeInvokerImpl.java:73)
>> at
>> org.ops4j.pax.exam.nat.internal.NativeTestContainer.call(NativeTestContainer.java:112)
>> at
>> org.ops4j.pax.exam.spi.reactors.SingletonStagedReactor.invoke(SingletonStagedReactor.java:114)
>> at
>> org.ops4j.pax.exam.spi.reactors.PerSuiteStagedReactor.invoke(PerSuiteStagedReactor.java:47)
>> at
>> org.ops4j.pax.exam.testng.listener.PaxExam.runByDriver(PaxExam.java:458)
>> at org.ops4j.pax.exam.testng.listener.PaxExam.run(PaxExam.java:308)
>> at
>> org.testng.internal.MethodInvocationHelper.invokeHookable(MethodInvocationHelper.java:212)
>> at org.testng.internal.Invoker.invokeMethod(Invoker.java:652)
>> at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:845)
>> at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1153)
>> at
>> org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:125)
>> at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:108)
>> at org.testng.TestRunner.privateRun(TestRunner.java:771)
>> at org.testng.TestRunner.run(TestRunner.java:621)
>> at org.testng.SuiteRunner.runTest(SuiteRunner.java:357)
>> at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:352)
>> at org.testng.SuiteRunner.privateRun(SuiteRunner.java:310)
>> at org.testng.SuiteRunner.run(SuiteRunner.java:259)
>> at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
>> at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
>> at org.testng.TestNG.runSuitesSequentially(TestNG.java:1199)
>> at org.testng.TestNG.runSuitesLocally(TestNG.java:1124)
>> at org.testng.TestNG.run(TestNG.java:1032)
>> at
>> org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:281)
>> at
>> org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:75)
>> at
>> org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:121)
>> at
>> org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:290)
>> at
>> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:242)
>> at
>> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:121)
>> Caused by: org.h2.jdbc.JdbcSQLException: Invalid value "3" for parameter
>> "parameterIndex" [90008-191]
>> at 

Re: [Dev] Code Quality Improvements for carbon-identity

[Thanuja Jayasinghe]

Hi Ayman,

Thank you for your interest in carbon-identity repo. We are willing to get
help from the open-source community to improve the quality of our repos.

Please send pull request with the code improvements, we are willing to
review and merge them.

Thanks,
Thanuja

On Tue, Mar 22, 2016 at 10:37 AM, Thanuja Lakmal 
wrote:

> [Adding WSO2 - dev list]
>
> On Fri, Mar 18, 2016 at 6:42 PM,  wrote:
>
>> Hello,
>>
>> I'd like to send you some pull requests to improve the maintainability of
>> carbon-identity.
>>
>> My company - DevFactory - is sponsoring me to identify and fix code
>> quality issues and improve unit test coverage in open source projects.
>> DevFactory is obsessed with code quality and is providing its commercially
>> available code quality improvement service for free to qualified
>> open-source projects.
>>
>> If you are interested, please let me know and we will add it to our
>> pipeline. Our first step will be to utilize tools like PMD, FindBugs and
>> Sonar to identify the most important issues to fix. Once we fix them, we'll
>> follow up with some pull requests.
>>
>> Thanks,
>> Ayman Abdelghany
>>
>>
>
>
> --
> *Thanuja Lakmal*
> Senior Software Engineer
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891
>



-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Identity Server 5.1.0 RC2

[Thanuja Jayasinghe]

Hi All,

I have tested Associated Accounts feature for both local(with multiple
tenants and users stores) and federated users.

So here is my vote.
[x] -Stable - go ahead and release


Thanks,
Thanuja

On Wed, Dec 23, 2015 at 12:46 PM, Pandula Kariyawasam 
wrote:

> Hi All,
>
> I have tested following scenarios and didn't introduce any issues on them.
>
> - login to Office365 via SAML SSO using IS510 (with JDBC Userstore) as IDP.
> - Smoke test on Federation and integration scenarios
>
> [x] - Stable - Go ahead and release.
>
> Thanks,
> Pandula
>
>
> On Wed, Dec 23, 2015 at 12:12 PM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi All,
>>
>> I have tested following functionalities in both super tenant and tenant
>> mode with email user name enabled/disabled.
>>
>> 1. SCIM (GET/PUT/PATCH operations, SCIM  Extentions, with Basic and OAuth
>> authentication)
>> 2. Provisioning - SCIM
>> 3. Provisioning - Salesforce
>> 4. OAuth/OpenID Connect Federation
>> 5. IdP's default authenticator changes in SP, IDP multi-step
>> authentication
>>
>> No issues found.
>> [x] - Stable - Go ahead and release.
>>
>>
>> On Wed, Dec 23, 2015 at 12:09 PM, Pulasthi Mahawithana <
>> pulast...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> Found no issues with IWA Application and carbon authenticators.
>>>
>>> [x] - Stable - Go ahead and release.
>>>
>>>
>>> On Wed, Dec 23, 2015 at 12:04 PM, Kavitha Subramaniyam >> > wrote:
>>>
 Hi All,

 QA has done smoke test on RC pack and there were no blocking issues
 found. Founded minor severity issues has been reported in jira.


 Thanks,
 Kavitha.

 On Wed, Dec 23, 2015 at 11:46 AM, Gayan Gunawardana 
 wrote:

> Hi All,
>
> I have tested following functionalities.
>
> 1. Passive STS federation for tenant and super tenant
> 2. ID token for implicit grant type
> 3. SCIM patch operation for groups with all basic SCIM operations
>
> No issues found.
>
> [x] - Stable - Go ahead and release.
>
> Thanks,
> Gayan
>
> On Mon, Dec 21, 2015 at 6:29 PM, Hasintha Indrajee 
> wrote:
>
>> Hi Devs,
>>
>> This is the second release candidate of WSO2 Identity Server 5.1.0.
>>
>> This release fixes the following issues:
>> https://wso2.org/jira/issues/?filter=12586
>>
>> Please download, test and vote.
>>
>> Source & binary distribution files:
>> https://github.com/wso2/product-is/releases/tag/v5.1.0-rc2
>>
>> Maven staging repo:
>> http://maven.wso2.org/nexus/content/repositories/orgwso2is-218/
>>
>> The tag to be voted upon:
>> https://github.com/wso2/product-is/tree/v5.1.0-rc2
>>
>>
>> [ ]  Stable - go ahead and release
>> [ ]  Broken - do not release (explain why)
>>
>> Thanks and Regards,
>> WSO2 Identity Server Team.
>>
>> --
>> Hasintha Indrajee
>> Software Engineer
>> WSO2, Inc.
>> Mobile:+94 771892453
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Gayan Gunawardana
> Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Kavitha.S
 *Software Engineer -QA*
 Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
 kavi...@wso2.com 

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> *Pulasthi Mahawithana*
>>> Software Engineer
>>> WSO2 Inc., http://wso2.com/
>>> Mobile: +94-71-5179022
>>> Blog: http://blog.pulasthi.org
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Indunil Upeksha Rathnayake
>> Software Engineer | WSO2 Inc
>> Emailindu...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Pandula Kariyawasam K.B.*
> *Senior Software Engineer - QA*
> Mobile: +94772314510
>
>
>
> *WSO2 Inc.lean . enterprise . middlewear.http://www.wso2.com
> *
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992

Re: [Dev] [IS] createApplication does not add values in to the DB for non-mandatory fields

[Thanuja Jayasinghe]

Hi Shani,

Yes. First you need to call createApplication to register the service
provider with a unique name. After that, call updateApplication method with
required service provider configurations(like IS_SAAS_APP). We follow the
same way in the management console also.

Thanks,
Thanuja

On Sun, Dec 6, 2015 at 12:45 PM, Shani Ranasinghe  wrote:

>
> Hi IS Team,
>
> In the createApplication method in the
> org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl , does
> not seem to add values to the non-mandatory fields in the DB.for e.g. the
> IS_SAAS_APP field.
>
> Is this supposed to be this way? I noticed that we could call the
> updateApplication method which would update the rest of the fields. But did
> not see it being done at creation time.
>
> --
> Thanks and Regards
> *,Shani Ranasinghe*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94 77 2273555
> Blog: http://waysandmeans.blogspot.com/
> linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Nuwandi Wickramasinghe

[Thanuja Jayasinghe]

Congtrz Nuwandi.!!!

On Thu, Aug 27, 2015 at 8:32 PM, Johann Nallathamby joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Nuwandi Wickramasinghe as a WSO2 Committer.
 Nuwandi has been a valuable contributor for WSO2 Identity Server product,
 and in recognition of her contribution to WSO2, she has been voted as a
 WSO2 Committer.

 Nuwandi, congratulations and keep up the good work!

 Thanks  Regards.

 --

 *Johann Dilantha Nallathamby*
 Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Madusanka Premaratne

[Thanuja Jayasinghe]

Congratz.!!!

On Tue, Aug 18, 2015 at 11:33 AM, Harsha Kumara hars...@wso2.com wrote:

 Congratulations!

 On Tue, Aug 18, 2015 at 11:21 AM, Chamin Dias cham...@wso2.com wrote:

 Congratulations Madusanka..!!!

 On Tue, Aug 18, 2015 at 11:15 AM, Malintha Amarasinghe 
 malint...@wso2.com wrote:

 Congratzzz Madusanka :)

 On Tue, Aug 18, 2015 at 10:54 AM, Damith Wickramasinghe 
 dami...@wso2.com wrote:

 Congratulations Madusanka..!!!

 On Tue, Aug 18, 2015 at 10:06 AM, Chanuka Dissanayake chan...@wso2.com
  wrote:

 Congratulations Maduz..!

 On Tue, Aug 18, 2015 at 2:09 AM, Akalanka Pagoda Arachchi 
 darsha...@wso2.com wrote:

 Congratz Maduz...!!!

 On Mon, Aug 17, 2015 at 11:17 AM, Tharindu Dharmarathna 
 tharin...@wso2.com wrote:

 congrats maduz !.

 On Mon, Aug 17, 2015 at 12:00 PM, Roshan Wijesena ros...@wso2.com
 wrote:

 Congratulations!

 On Sat, Aug 15, 2015 at 10:15 AM, Nuwan Dias nuw...@wso2.com
 wrote:

 Hi,

 It is with great pleasure we welcome Madusanka Premaratne as a
 WSO2 Committer. @Madusanka, congratulations and keep up the good
 work!

 Thanks,
 NuwanD.

 --
 Nuwan Dias

 Technical Lead - WSO2, Inc. http://wso2.com
 email : nuw...@wso2.com
 Phone : +94 777 775 729

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Roshan Wijesena.
 Senior Software Engineer-WSO2 Inc.
 Mobile: *+94719154640 %2B94719154640*
 Email: ros...@wso2.com
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --

 *Tharindu Dharmarathna*Associate Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94779109091 %2B94779109091*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Darshana Akalanka Pagoda Arachchi,*
 *Software Engineer*
 *078-4721791*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Chanuka Dissanayake
 *Software Engineer | **WSO2 Inc.*; http://wso2.com

 Mobile: +94 71 33 63 596
 Email: chan...@wso2.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Software Engineer
 WSO2 Inc.; http://wso2.com
 http://www.google.com/url?q=http%3A%2F%2Fwso2.comsa=Dsntz=1usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg
 lean.enterprise.middleware

 mobile: *+94728671315 %2B94728671315*


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Malintha Amarasinghe
 Software Engineer
 *WSO2, Inc. - lean | enterprise | middleware*
 http://wso2.com/

 Mobile : +94 712383306

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Chamin Dias
 *Software Engineer*
 Mobile : +94 (0) 716 097455 %2B94%20%280%29%20773%20451194
 Email : cham...@wso2.com
 Blog : https://chamindias.wordpress.com/

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Harsha Kumara
 Software Engineer, WSO2 Inc.
 Mobile: +94775505618
 Blog:harshcreationz.blogspot.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] XACML Sample Policy : Invalid Entitlement Policy

[Thanuja Jayasinghe]

Hi Abimaran,

Please try following XACML policy,

Policy xmlns=urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
 PolicyId=XACMLSimplePolicy
RuleCombiningAlgId=urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides
Version=1.0
   Target/Target
   Rule Effect=Permit RuleId=permit_rule
  Condition
 Apply FunctionId=urn:oasis:names:tc:xacml:1.0:function:and
Apply
FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-is-in
   AttributeValue DataType=
http://www.w3.org/2001/XMLSchema#string;
http://localhost:8280/services/echo//AttributeValue
   AttributeDesignator
AttributeId=urn:oasis:names:tc:xacml:1.0:resource:resource-id
Category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
DataType=http://www.w3.org/2001/XMLSchema#string;
MustBePresent=true/AttributeDesignator
/Apply
Apply
FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of
   Apply
FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-bag
  AttributeValue DataType=
http://www.w3.org/2001/XMLSchema#string;read/AttributeValue
   /Apply
   AttributeDesignator
AttributeId=urn:oasis:names:tc:xacml:1.0:action:action-id
Category=urn:oasis:names:tc:xacml:3.0:attribute-category:action DataType=
http://www.w3.org/2001/XMLSchema#string;
MustBePresent=true/AttributeDesignator
/Apply
Apply
FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of
   Apply
FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-bag
  AttributeValue DataType=
http://www.w3.org/2001/XMLSchema#string;admin/AttributeValue
   /Apply
   AttributeDesignator AttributeId=http://wso2.org/claims/role;
Category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
DataType=http://www.w3.org/2001/XMLSchema#string;
MustBePresent=true/AttributeDesignator
/Apply
 /Apply
  /Condition
   /Rule
   Rule Effect=Deny RuleId=denyRule/Rule
/Policy

Note: you need to have Deny rule in your condition and try to use
urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of when
comparing roles. Then we can add additional roles later.

Thanks,
Thanuja

On Sat, Jun 20, 2015 at 11:07 AM, Abimaran Kugathasan abima...@wso2.com
wrote:

 I defined below policy,

 Policy xmlns=urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
 PolicyId=SimplePolicy
 RuleCombiningAlgId=urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides
 Version=1.0
Target/
Rule Effect=Permit RuleId=primary-group-customer-rule
   Condition
  Apply FunctionId=urn:oasis:names:tc:xacml:1.0:function:and
 Apply FunctionId=urn:oasis:names:tc:xacml:1.0:function:and
Apply
 FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-is-in
   AttributeValue DataType=
 http://www.w3.org/2001/XMLSchema#string;
 http://localhost:8280/services/echo//AttributeValue
   AttributeDesignator
 AttributeId=urn:oasis:names:tc:xacml:1.0:resource:resource-id
 Category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
 DataType=http://www.w3.org/2001/XMLSchema#string; MustBePresent=true/
/Apply
Apply
 FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-is-in
   AttributeValue DataType=
 http://www.w3.org/2001/XMLSchema#string;read/AttributeValue
   AttributeDesignator
 AttributeId=urn:oasis:names:tc:xacml:1.0:action:action-id
 Category=urn:oasis:names:tc:xacml:3.0:attribute-category:action DataType=
 http://www.w3.org/2001/XMLSchema#string; MustBePresent=true/
/Apply
 /Apply
 Apply
 FunctionId=urn:oasis:names:tc:xacml:1.0:function:string-is-in
AttributeValue DataType=
 http://www.w3.org/2001/XMLSchema#string;admin/AttributeValue
AttributeDesignator AttributeId=
 http://wso2.org/claims/role;
 Category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
 DataType=http://www.w3.org/2001/XMLSchema#string; MustBePresent=true/
 /Apply
  /Apply
   /Condition
/Rule
 /Policy



 And, through Entitelment Mediator with ESB, when I send the request from a
 client with resource http://localhost:8280/services/echo/. I saw
 following debug logs in the ESB.


 [2015-06-20 11:03:33,315] DEBUG - EntitlementMediator Mediation for
 Entitlement started
 [2015-06-20 11:03:33,315] DEBUG - EntitlementCallbackHandler Service name
 http://abimaran:8280/services/echo/
 [2015-06-20 11:03:33,315] DEBUG - EntitlementMediator Subject ID is :
 admin Resource ID is : http://abimaran:8280/services/echo//POST Action ID
 is : POST.
 [2015-06-20 11:03:33,358] DEBUG - EntitlementMediator Entitlement Decision
 is : NotApplicable
 [2015-06-20 11:03:33,358] DEBUG - EntitlementMediator User is not
 authorized to perform the action

 

Re: [Dev] [IS] [UserCore] When trying creating a role with existing name all the permissions get removed from existing user

[Thanuja Jayasinghe]

Hi Thusitha,

Able to reproduce and created a public jira [1] for this issue.

[1] -  https://wso2.org/jira/browse/IDENTITY-3359

Thanks,
Thanuja

On Fri, Jun 19, 2015 at 11:51 AM, Thusitha Thilina Dayaratne 
thusit...@wso2.com wrote:

 Hi Isura,

  I'm writing some tests for user core functionalities. In there when I'm
 trying to create a role which is already existing with some set of
 permission it shows the error as expected saying that role is already
 there. But it is removing all the permission from the existing role as well.

 what is the service you are testing?
 I checked with the UserAdmin service. I checked with the AS and try the
 same thing with UI as well. I get same issue there as well.

 Thanks

 On Fri, Jun 19, 2015 at 11:49 AM, Isura Karunaratne is...@wso2.com
 wrote:

 Hi Thusitha,

 On Jun 19, 2015 11:07 AM, Thusitha Thilina Dayaratne 
 thusit...@wso2.com wrote:
 
  Hi,
 
  I'm writing some tests for user core functionalities. In there when I'm
 trying to create a role which is already existing with some set of
 permission it shows the error as expected saying that role is already
 there. But it is removing all the permission from the existing role as well.

 what is the service you are testing?

 Thanks
 Isura
 
  e.g.
 
  I created a testrole with /permission/admin/login/ and then when I'm
 trying to create a role with same name with some set of permissions it show
 the error. But when I checked the permissions of the existing users all are
 deselected.
 
  I think that is not a applicable behavior.
  Did I missed anything? Please correct me if I'm wrong.
 
  Thanks
  --
  Thusitha Dayaratne
  Software Engineer
  WSO2 Inc. - lean . enterprise . middleware |  wso2.com
 
  Mobile  +94712756809
  Blog  alokayasoya.blogspot.com
  Abouthttp://about.me/thusithathilina
 
 
  ___
  Dev mailing list
  Dev@wso2.org
  http://wso2.org/cgi-bin/mailman/listinfo/dev
 




 --
 Thusitha Dayaratne
 Software Engineer
 WSO2 Inc. - lean . enterprise . middleware |  wso2.com

 Mobile  +94712756809
 Blog  alokayasoya.blogspot.com
 Abouthttp://about.me/thusithathilina


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Foreign key references from Identity tables to User Manager tables

[Thanuja Jayasinghe]

Hi Tanya,

We already have a public jira [1] for this.

[1] - https://wso2.org/jira/browse/IDENTITY-3335

Thanks,
Thanuja

On Tue, Jun 9, 2015 at 3:25 PM, Tanya Madurapperuma ta...@wso2.com wrote:

 Hi IS team,

 We have encountered the following issue when running the identity mysql
 script before the user manager tables.

 ERROR 1005 (HY000): Can't create table 'WSO2CARBON_DB.IDN_ASSOCIATED_ID'
 (errno: 150)
 ERROR 1005 (HY000): Can't create table 
 'WSO2CARBON_DB.UM_USER_ACCOUNT_ASSOCIATIONS'
 (errno: 150)

 This is because there is a foreign key dependency to UM_DOMAIN table in
 user manager tables from the above tables.
 Therefore both the identity tables and user manager tables should be in a
 single database.

 With that how can we setup a cluster with the database seperation?

 Appreciate your help.

 Thanks,
 Tanya

 --
 Tanya Madurapperuma

 Senior Software Engineer,
 WSO2 Inc. : wso2.com
 Mobile : +94718184439
 Blog : http://tanyamadurapperuma.blogspot.com




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] OAuth issues

[Thanuja Jayasinghe]

Hi Harshan,

Copy and replace following element in identity.xml.

OAuth
...
ClientAuthHandlers
ClientAuthHandler
Class=org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler
Property
Name=StrictClientCredentialValidationfalse/Property
/ClientAuthHandler
/ClientAuthHandlers
...
/OAuth

This will give you a access token response but scope will receive as
'default'. You may need to merge the fix done by APIM team as you are using
org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler in
your identity.xml


Thanks,
Thanuja

-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.1.0 release?

[Thanuja Jayasinghe]

Hi Shyamal,

You can download milestone 1 release from [1].

[1] - https://github.com/wso2/product-is/releases/tag/product-is-5.1.0-M1

Thanks,
Thanuja

On Mon, May 18, 2015 at 4:03 PM, Shyamal Pandya span...@isightpartners.com
wrote:

  Hello,



 I am hoping someone can help me out with this.  The JIRA pages for WSO2 IS
 indicated that version 5.1.0 was schedule for release on May 15.  However
 the downloads page still shows 5.0.0.  Is this version on schedule, could
 someone provide more info on this?



 Thanks,

 Shyamal

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.1.0 release?

[Thanuja Jayasinghe]

No. This is the M1 release.

Thanks,
Thanuja

On Mon, May 18, 2015 at 4:10 PM, Shyamal Pandya span...@isightpartners.com
wrote:

  Thanks, Thanuja!  Is this the official GA release?



 *From:* Thanuja Jayasinghe [mailto:than...@wso2.com]
 *Sent:* 18 May 2015 16:07
 *To:* Shyamal Pandya
 *Cc:* dev@wso2.org
 *Subject:* Re: [Dev] WSO2 Identity Server 5.1.0 release?



 Hi Shyamal,



 You can download milestone 1 release from [1].



 [1] - https://github.com/wso2/product-is/releases/tag/product-is-5.1.0-M1



 Thanks,

 Thanuja



 On Mon, May 18, 2015 at 4:03 PM, Shyamal Pandya 
 span...@isightpartners.com wrote:

 Hello,



 I am hoping someone can help me out with this.  The JIRA pages for WSO2 IS
 indicated that version 5.1.0 was schedule for release on May 15.  However
 the downloads page still shows 5.0.0.  Is this version on schedule, could
 someone provide more info on this?



 Thanks,

 Shyamal


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev





 --

 *Thanuja Lakmal*

 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*

 Mobile: +94715979891 +94758009992




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Amila Godwin Shrimal

[Thanuja Jayasinghe]

Congratz Godwin...

On Fri, Mar 20, 2015 at 3:04 PM, Johann Nallathamby joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Amila Godwin Shrimal as a WSO2 Committer.
 Godwin has been a valuable contributor for WSO2 Identity Server product,
 and in recognition of his contribution to WSO2, he has been voted as a
 WSO2 Committer.

 Godwin, congratulations and keep up the good work!

 Thanks  Regards.

 --

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Malithi Edirisinghe

[Thanuja Jayasinghe]

Congratz Malithi...

On Fri, Mar 20, 2015 at 3:04 PM, Johann Nallathamby joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Malithi Edirisinghe as a WSO2 Committer.
 Malithi has been a valuable contributor for WSO2 Identity Server product,
 and in recognition of her contribution to WSO2, she has been voted as a
 WSO2 Committer.

 Malithi, congratulations and keep up the good work!

 Thanks  Regards.

 --

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] IS sever start up issue in TAF 4.3.1

[Thanuja Jayasinghe]

Hi All,

Thanks for the replies.  Will try to find a workaround.

Thanks,
Thanuja.

On Tue, Mar 17, 2015 at 10:51 AM, Krishantha Samaraweera 
krishan...@wso2.com wrote:

 Hi Thanuja,

 The similar issue is fixed in 4.3.2 SNAPSHOT -
 https://wso2.org/jira/browse/TA-924

 We might need to figure out a workaround for this.

 Thanks,
 Krishantha.



 On Tue, Mar 17, 2015 at 9:18 AM, Saneth Dharmakeerthi sane...@wso2.com
 wrote:

 Hi Thanuja,

 As Akalanka mentioned, you get error for  *9765 *because you are using
  startupParameterMap.put(-DportOffset, 1), might be you have a
 another server started manually  or from a previous test case is using this
 port. Put a debug point  at  startupParameterMap.put(-DportOffset,
 1);(before start the second server) and try to find the consumer of port
 9765.

 Also note that it is not recommend to use SNAPSHOT test framework
 version.

 Thanks and Best Regards,

 Saneth Dharmakeerthi
 Senior Software Engineer
 WSO2, Inc.
 Mobile: +94772325511

 On Tue, Mar 17, 2015 at 8:45 AM, Akalanka Pagoda Arachchi 
 darsha...@wso2.com wrote:

 Hi Thanuja,

 While getting a new AutomationContext you are passing a parameter for
 portOffset of 1. I believe this is why it is looking for 9764 + 1.

 Thanks,
 Akalanka.

 On Mon, Mar 16, 2015 at 11:57 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi,

 We are in the process of moving existing test cases to TAF 4.3.1 and
 experienced following issue when we try to start another IS server.

 automation.xml configuration -

 instance name=identity002 type=standalone
 nonBlockingTransportEnabled=false
 hosts
 host type=defaultlocalhost/host
 /hosts
 ports
 port type=http*9764*/port
 port type=https9444/port
 /ports
 properties
 /properties
 /instance

 Code -

 MapString, String startupParameterMap = new HashMapString,
 String();
 startupParameterMap.put(-DportOffset, 1);
 CarbonTestServerManager server1 = new
 CarbonTestServerManager(new AutomationContext(IDENTITY,  identity002,
 TestUserMode.SUPER_TENANT_ADMIN), System.getProperty(carbon.zip),
 startupParameterMap);

 Error -

 testInit(org.wso2.identity.integration.test.provisioning.ProvisioningTestCase)
  Time elapsed: 330.967 sec   FAILURE!
 java.lang.RuntimeException: Port *9765* is not open
 at
 org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil.waitForPort(ClientConnectionUtil.java:151)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.CarbonServerManager.startServerUsingCarbonHome(CarbonServerManager.java:136)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.TestServerManager.startServer(TestServerManager.java:100)
 at
 org.wso2.identity.integration.common.utils.CarbonTestServerManager.startServer(CarbonTestServerManager.java:29)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.MultipleServersManager.startServers(MultipleServersManager.java:46)
 at
 org.wso2.identity.integration.test.provisioning.ProvisioningTestCase.startOtherCarbonServers(ProvisioningTestCase.java:438)
 at
 org.wso2.identity.integration.test.provisioning.ProvisioningTestCase.testInit(ProvisioningTestCase.java:91)


 Issue is it refers to port 9765 even it should be referring to port
 9764.

 So I changed TAF version to 4.3.2-SNAPSHOT and this issue get resolved.
 But I can see following error log with TAF 4.3.2-SNAPSHOT. This happens
 because we are trying to access the server before it get started properly.

 INFO
  [org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil]
 - Waiting for user login...
 INFO
  [org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil]
 - https://localhost:9444/services
 INFO  [org.apache.axis2.transport.http.HTTPSender] - Unable to
 sendViaPost to url[https://localhost:9444/services/AuthenticationAdmin]
 org.apache.axis2.AxisFault: Transport error: 404 Error: Not Found
 at
 org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:330)
 at
 org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:196)
 at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
 

 ERROR
 [org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil]
 - Unable to login as user..


 Thanks,
 Thanuja.

 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Darshana Akalanka Pagoda Arachchi,*
 *Software Engineer*
 *078-4721791 078-4721791*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev





 --
 Krishantha Samaraweera
 Senior Technical Lead - Test

Re: [Dev] IS sever start up issue in TAF 4.3.1

[Thanuja Jayasinghe]

Hi Krishantha,

Please find the attached 'automation.xml'. I'm getting issue from the
second node.

Thanks,
Thanuja.

On Tue, Mar 17, 2015 at 1:14 PM, Krishantha Samaraweera krishan...@wso2.com
 wrote:

 Hi Thanuja,

 Do you have default instance listed in automation.xml ? Can you share
 automation.xml with all product configurations.

 Are you getting this error when start the first node or third node ?

 Thank,
 Krishantha.

 On Tue, Mar 17, 2015 at 1:03 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi All,

 Thanks for the replies.  Will try to find a workaround.

 Thanks,
 Thanuja.

 On Tue, Mar 17, 2015 at 10:51 AM, Krishantha Samaraweera 
 krishan...@wso2.com wrote:

 Hi Thanuja,

 The similar issue is fixed in 4.3.2 SNAPSHOT -
 https://wso2.org/jira/browse/TA-924

 We might need to figure out a workaround for this.

 Thanks,
 Krishantha.



 On Tue, Mar 17, 2015 at 9:18 AM, Saneth Dharmakeerthi sane...@wso2.com
 wrote:

 Hi Thanuja,

 As Akalanka mentioned, you get error for  *9765 *because you are using
  startupParameterMap.put(-DportOffset, 1), might be you have a
 another server started manually  or from a previous test case is using this
 port. Put a debug point  at  startupParameterMap.put(-DportOffset,
 1);(before start the second server) and try to find the consumer of port
 9765.

 Also note that it is not recommend to use SNAPSHOT test framework
 version.

 Thanks and Best Regards,

 Saneth Dharmakeerthi
 Senior Software Engineer
 WSO2, Inc.
 Mobile: +94772325511

 On Tue, Mar 17, 2015 at 8:45 AM, Akalanka Pagoda Arachchi 
 darsha...@wso2.com wrote:

 Hi Thanuja,

 While getting a new AutomationContext you are passing a parameter for
 portOffset of 1. I believe this is why it is looking for 9764 + 1.

 Thanks,
 Akalanka.

 On Mon, Mar 16, 2015 at 11:57 PM, Thanuja Jayasinghe than...@wso2.com
  wrote:

 Hi,

 We are in the process of moving existing test cases to TAF 4.3.1 and
 experienced following issue when we try to start another IS server.

 automation.xml configuration -

 instance name=identity002 type=standalone
 nonBlockingTransportEnabled=false
 hosts
 host type=defaultlocalhost/host
 /hosts
 ports
 port type=http*9764*/port
 port type=https9444/port
 /ports
 properties
 /properties
 /instance

 Code -

 MapString, String startupParameterMap = new HashMapString,
 String();
 startupParameterMap.put(-DportOffset, 1);
 CarbonTestServerManager server1 = new
 CarbonTestServerManager(new AutomationContext(IDENTITY,  identity002,
 TestUserMode.SUPER_TENANT_ADMIN), System.getProperty(carbon.zip),
 startupParameterMap);

 Error -

 testInit(org.wso2.identity.integration.test.provisioning.ProvisioningTestCase)
  Time elapsed: 330.967 sec   FAILURE!
 java.lang.RuntimeException: Port *9765* is not open
 at
 org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil.waitForPort(ClientConnectionUtil.java:151)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.CarbonServerManager.startServerUsingCarbonHome(CarbonServerManager.java:136)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.TestServerManager.startServer(TestServerManager.java:100)
 at
 org.wso2.identity.integration.common.utils.CarbonTestServerManager.startServer(CarbonTestServerManager.java:29)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.MultipleServersManager.startServers(MultipleServersManager.java:46)
 at
 org.wso2.identity.integration.test.provisioning.ProvisioningTestCase.startOtherCarbonServers(ProvisioningTestCase.java:438)
 at
 org.wso2.identity.integration.test.provisioning.ProvisioningTestCase.testInit(ProvisioningTestCase.java:91)


 Issue is it refers to port 9765 even it should be referring to port
 9764.

 So I changed TAF version to 4.3.2-SNAPSHOT and this issue get
 resolved. But I can see following error log with TAF 4.3.2-SNAPSHOT. This
 happens because we are trying to access the server before it get started
 properly.

 INFO
  
 [org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil]
 - Waiting for user login...
 INFO
  
 [org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil]
 - https://localhost:9444/services
 INFO  [org.apache.axis2.transport.http.HTTPSender] - Unable to
 sendViaPost to url[
 https://localhost:9444/services/AuthenticationAdmin]
 org.apache.axis2.AxisFault: Transport error: 404 Error: Not Found
 at
 org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:330)
 at
 org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:196)
 at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
 

 ERROR
 [org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil]
 - Unable to login as user..


 Thanks,
 Thanuja.

 --
 *Thanuja Lakmal

Re: [Dev] IS sever start up issue in TAF 4.3.1

[Thanuja Jayasinghe]

Hi Krishantha,

It should be 9444. I was trying a workaround, please ignore that.

Thanks,
Thanuja.

On Tue, Mar 17, 2015 at 2:12 PM, Krishantha Samaraweera krishan...@wso2.com
 wrote:

 Hi Thanuja,

 In your second instance https port is set to 9443 and http port 9764. Is
 this correct ?

 instance name=identity002 type=standalone
 nonBlockingTransportEnabled=false
 hosts
 host type=defaultlocalhost/host
 /hosts
 ports
 port type=http9764/port
 port type=https9443/port
 /ports
 properties
 /properties
  /instance

 Thanks,
 Krishantha.

 On Tue, Mar 17, 2015 at 2:05 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi Krishantha,

 Please find the attached 'automation.xml'. I'm getting issue from the
 second node.

 Thanks,
 Thanuja.

 On Tue, Mar 17, 2015 at 1:14 PM, Krishantha Samaraweera 
 krishan...@wso2.com wrote:

 Hi Thanuja,

 Do you have default instance listed in automation.xml ? Can you share
 automation.xml with all product configurations.

 Are you getting this error when start the first node or third node ?

 Thank,
 Krishantha.

 On Tue, Mar 17, 2015 at 1:03 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi All,

 Thanks for the replies.  Will try to find a workaround.

 Thanks,
 Thanuja.

 On Tue, Mar 17, 2015 at 10:51 AM, Krishantha Samaraweera 
 krishan...@wso2.com wrote:

 Hi Thanuja,

 The similar issue is fixed in 4.3.2 SNAPSHOT -
 https://wso2.org/jira/browse/TA-924

 We might need to figure out a workaround for this.

 Thanks,
 Krishantha.



 On Tue, Mar 17, 2015 at 9:18 AM, Saneth Dharmakeerthi 
 sane...@wso2.com wrote:

 Hi Thanuja,

 As Akalanka mentioned, you get error for  *9765 *because you are
 using  startupParameterMap.put(-DportOffset, 1), might be you
 have a another server started manually  or from a previous test case is
 using this port. Put a debug point  at  
 startupParameterMap.put(-DportOffset,
 1);(before start the second server) and try to find the consumer of 
 port
 9765.

 Also note that it is not recommend to use SNAPSHOT test framework
 version.

 Thanks and Best Regards,

 Saneth Dharmakeerthi
 Senior Software Engineer
 WSO2, Inc.
 Mobile: +94772325511

 On Tue, Mar 17, 2015 at 8:45 AM, Akalanka Pagoda Arachchi 
 darsha...@wso2.com wrote:

 Hi Thanuja,

 While getting a new AutomationContext you are passing a parameter
 for portOffset of 1. I believe this is why it is looking for 9764 + 1.

 Thanks,
 Akalanka.

 On Mon, Mar 16, 2015 at 11:57 PM, Thanuja Jayasinghe 
 than...@wso2.com wrote:

 Hi,

 We are in the process of moving existing test cases to TAF 4.3.1
 and experienced following issue when we try to start another IS server.

 automation.xml configuration -

 instance name=identity002 type=standalone
 nonBlockingTransportEnabled=false
 hosts
 host type=defaultlocalhost/host
 /hosts
 ports
 port type=http*9764*/port
 port type=https9444/port
 /ports
 properties
 /properties
 /instance

 Code -

 MapString, String startupParameterMap = new
 HashMapString, String();
 startupParameterMap.put(-DportOffset, 1);
 CarbonTestServerManager server1 = new
 CarbonTestServerManager(new AutomationContext(IDENTITY,  
 identity002,
 TestUserMode.SUPER_TENANT_ADMIN), System.getProperty(carbon.zip),
 startupParameterMap);

 Error -

 testInit(org.wso2.identity.integration.test.provisioning.ProvisioningTestCase)
  Time elapsed: 330.967 sec   FAILURE!
 java.lang.RuntimeException: Port *9765* is not open
 at
 org.wso2.carbon.automation.extensions.servers.utils.ClientConnectionUtil.waitForPort(ClientConnectionUtil.java:151)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.CarbonServerManager.startServerUsingCarbonHome(CarbonServerManager.java:136)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.TestServerManager.startServer(TestServerManager.java:100)
 at
 org.wso2.identity.integration.common.utils.CarbonTestServerManager.startServer(CarbonTestServerManager.java:29)
 at
 org.wso2.carbon.automation.extensions.servers.carbonserver.MultipleServersManager.startServers(MultipleServersManager.java:46)
 at
 org.wso2.identity.integration.test.provisioning.ProvisioningTestCase.startOtherCarbonServers(ProvisioningTestCase.java:438)
 at
 org.wso2.identity.integration.test.provisioning.ProvisioningTestCase.testInit(ProvisioningTestCase.java:91)


 Issue is it refers to port 9765 even it should be referring to port
 9764.

 So I changed TAF version to 4.3.2-SNAPSHOT and this issue get
 resolved. But I can see following error log with TAF 4.3.2-SNAPSHOT. 
 This
 happens because we are trying to access the server before it get 
 started
 properly.

 INFO
  
 [org.wso2

Re: [Dev] Deploy Web App to Tomcat issue

[Thanuja Jayasinghe]

Hi All,

I'm also getting the same exception[1] when I try to deploy the
travelocity.war to the embedded tomcat with automation framework 4.3.x. But
same war works fine without any issues for automation framework 4.2.6 and
4.2.8. How can I resolve this?


[1] - java.lang.ClassNotFoundException: org.apache.jasper.servlet.JspServlet
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
at
org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:532)
at
org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:514)
at
org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:133)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1137)

Thanks,
Thanuja.

On Fri, Dec 12, 2014 at 10:57 AM, Krishantha Samaraweera 
krishan...@wso2.com wrote:

 Hi,

 On Fri, Dec 12, 2014 at 9:50 AM, Vijitha Ekanayake vijit...@wso2.com
 wrote:

 Hi,

 Is there a way to set a connector to a TomcatServerManager instance which
 is provided by automation? since i need to enable ssl.


 I'm afraid there is no way to set connector to TomcatServerManager.  Since
 the test framework is released already we can't do any modification. Please
 create a TA JIRA or RM to track this improvement.

 Thanks,
 Krishantha.





 On Thu, Dec 11, 2014 at 6:24 PM, Vijitha Ekanayake vijit...@wso2.com
 wrote:

 Hi,

 Thanks, I'll try this and get back to you.

 On Thu, Dec 11, 2014 at 6:17 PM, Nuwan Wimalasekara nuw...@wso2.com
 wrote:

 Hi
 Please refer the documentation[1] for how to deploy a web application
 on the tomcat server which can be started with test framework. You can
 follow sample test case from[2]

 [1]
 https://docs.wso2.com/display/TA430/Using+Embedded+Tomcat+Server+as+a+JAX-RS+Backend+for+REST+Testing

 [2]
 https://github.com/wso2-dev/product-esb/blob/master/modules/integration/tests-integration/tests-service/src/test/java/org/wso2/carbon/esb/jaxrs/rest/test/SoapToRestPeopleSampleTestCase.java

 Thanks,
 Nuwanw

 On Thu, Dec 11, 2014 at 6:05 PM, Irham Iqbal iq...@wso2.com wrote:

 Yes we have,

 This[1] test case is for deploy a web application in AS.

 Using this code[2] you can see how we start,stop and restart carbon
 servers.

 [1]
 https://github.com/wso2-dev/product-as/blob/master/modules/integration/tests-integration/src/test/java/org/wso2/appserver/integration/tests/webapp/mgt/WebApplicationDeploymentTestCase.java

 [2]
 https://github.com/wso2-dev/carbon-platform-integration/blob/master/test-automation-framework/org.wso2.carbon.automation.extensions/src/main/java/org/wso2/carbon/automation/extensions/servers/carbonserver/CarbonServerManager.java

 Thanks,


 On Thu, Dec 11, 2014 at 5:29 PM, Kasun Indrasiri ka...@wso2.com
 wrote:

 Do we have any test cases that we deploy web apps during integration
 test. Can you shed some light please.

 On Thu, Dec 11, 2014 at 1:20 PM, Irham Iqbal iq...@wso2.com wrote:

 Hi Vijitha,

 Did you try this manually ?

 I mean deploy your web application to a tomcat manually.

 Thanks,
 Iqbal

 On Thu, Dec 11, 2014 at 1:13 PM, Vijitha Ekanayake 
 vijit...@wso2.com wrote:

 Hi Malithi,

 Thanks for the response.
 the servlet-api jar is already inside WEB-INF/lib. as you said i
 was packaging the war adding dependency in provided scope. i tried
 packaging the war removing dependency provided scope. but still having 
 the
 same issue.

 On Thu, Dec 11, 2014 at 10:37 AM, Malithi Edirisinghe 
 malit...@wso2.com wrote:

 Hi Vijitha,

 Can you make sure whether you have the servlet-api jar inside
 WEB-INF/lib or may be you are packaging the war adding this 
 dependency in
 provided scope.

 Thanks,
 Malithi.

 On Thu, Dec 11, 2014 at 10:23 AM, Vijitha Ekanayake 
 vijit...@wso2.com wrote:

 Hi,

 I am working on writing integration testing for ESB. Here I need to 
 start a tomcat instance and deploy web app to tomcat 
 dynamically.When I start and deploy the web app it gives following 
 warning and application failed to deploy. Same war file getting 
 deployed successfully in external tomcat Web Server.

 codes which have used to create tomcat instance and deploy webapp

 private final Tomcat tomcat = new Tomcat();

 // Configure the standard host
  StandardHost stdHost = (StandardHost) tomcat.getHost();
  stdHost.setAutoDeploy(true);
  stdHost.setDeployOnStartup(true);
  stdHost.setUnpackWARs(true);
  tomcat.setHost(stdHost);

  //deploy Service
  tomcat.addWebapp(tomcat.getHost(), *webAppUrl, 
 webAppPath*);

*tomcat.start();*


 INFO: No global web.xml found
 Dec 11, 2014 10:08:50 AM
 org.apache.catalina.core.ApplicationContext log
 INFO: Marking servlet jsp as unavailable
 Dec 11, 2014 10:08:50 AM 

Re: [Dev] Test failure in org.wso2.carbon.registry.social.impl module due to a commit to user.core 4.4.0-SNAPSHOT

[Thanuja Jayasinghe]

Hi Sameera,

This test case need to be fixed. will do the needful.

Thanks,
Thanuja.

On Thu, Feb 26, 2015 at 11:32 AM, Sameera Jayasoma same...@wso2.com wrote:

 I am building carbon-registry by changing the kernel version to Carbon
 4.4.0-SNAPSHOT. I am getting the following build failure. This failure
 occurs due to the following PR.

 https://github.com/wso2/carbon4-kernel/pull/111

 Thanuja, can you have a look at this please? We need this to be fixed for
 the Carbon 4.4.0-release.


 Running
 org.wso2.carbon.registry.social.impl.test.people.userprofile.PersonManagerImplTest

 log4j:WARN No appenders could be found for logger
 (org.wso2.carbon.context.internal.CarbonContextDataHolder).

 log4j:WARN Please initialize the log4j system properly.

 Warning: Could not get charToByteConverterClass!

 Feb 26, 2015 11:13:23 AM org.apache.tomcat.jdbc.pool.ConnectionPool init

 WARNING: maxIdle is larger than maxActive, setting maxIdle to: 50

 Listening for transport dt_socket at address: 11000

 Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 129.964
 sec  FAILURE! - in
 org.wso2.carbon.registry.social.impl.test.people.userprofile.PersonManagerImplTest

 testGetPerson1(org.wso2.carbon.registry.social.impl.test.people.userprofile.PersonManagerImplTest)
 Time elapsed: 129.956 sec   ERROR!

 org.wso2.carbon.registry.social.api.SocialDataException: Error while
 saving person with id admin

 at
 org.wso2.carbon.registry.social.impl.people.userprofile.PersonManagerImpl.savePerson(PersonManagerImpl.java:103)

 at
 org.wso2.carbon.registry.social.impl.test.people.userprofile.PersonManagerImplTest.testGetPerson1(PersonManagerImplTest.java:142)

 Caused by: org.wso2.carbon.user.core.UserStoreException:
 org.wso2.carbon.user.core.UserStoreException: Invalid claim URI value

 at
 org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.doSetUserClaimValues(JDBCUserStoreManager.java:1872)

 at
 org.wso2.carbon.user.core.common.AbstractUserStoreManager.setUserClaimValues(AbstractUserStoreManager.java:978)

 at
 org.wso2.carbon.registry.social.impl.people.userprofile.PersonManagerImpl.savePerson(PersonManagerImpl.java:100)

 ... 23 more

 Caused by: org.wso2.carbon.user.core.UserStoreException: Invalid claim URI
 value

 at
 org.wso2.carbon.user.core.common.AbstractUserStoreManager.getClaimAtrribute(AbstractUserStoreManager.java:814)

 at
 org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.doSetUserClaimValues(JDBCUserStoreManager.java:1857)

 ... 25 more



 Results :


 Tests in error:


 org.wso2.carbon.registry.social.impl.test.people.userprofile.PersonManagerImplTest#testGetPerson1
 SocialDataException


 Tests run: 1, Failures: 0, Errors: 1, Skipped: 0


 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://blog.sameera.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Senduran Balasubramaniyam

[Thanuja Jayasinghe]

Congratz Senduran..

On Thu, Feb 19, 2015 at 10:11 AM, Dilan Udara Ariyaratne dil...@wso2.com
wrote:

 Congratulations, Senduran!!!


 *Dilan U. Ariyaratne*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 Mobile: +94775149066
 lean . enterprise . middleware

 On Thu, Feb 19, 2015 at 12:05 AM, Roshan Deniyage rosh...@wso2.com
 wrote:

 congrats !!!

 Roshan Deniyage
 Associate Technical Lead
 WSO2, Inc: http://wso2.com

 Mobile:  +94 777636406
 Twitter:  *https://twitter.com/roshku https://twitter.com/roshku*
 LinkedIn :  https://www.linkedin.com/in/roshandeniyage


 On Wed, Feb 18, 2015 at 11:57 PM, Chanuka Dissanayake chan...@wso2.com
 wrote:

 Congratulations Senduran..!

 On Wed, Feb 18, 2015 at 11:36 PM, Samith Dassanayake sam...@wso2.com
 wrote:

 Congratz Senduran!

 On Wed, Feb 18, 2015 at 10:25 PM, Srisunmugaraja Paraparan 
 parapa...@wso2.com wrote:

 Congratulations Senduran .

 On Wed, Feb 18, 2015 at 10:12 PM, Ravi Undupitiya r...@wso2.com
 wrote:

 Congratulations Senduran!

 On Wed, Feb 18, 2015 at 3:36 AM, Kasun Indrasiri ka...@wso2.com
 wrote:

 Hi devs,

 Its my pleasure to welcome Senduran Balasubramaniyam as a WSO2
 Committer.

 Senduran, welcome aboard and keep up the good work!

 Thanks.

 --
 Kasun Indrasiri
 Software Architect
 WSO2, Inc.; http://wso2.com
 lean.enterprise.middleware

 cell: +94 77 556 5206
 Blog : http://kasunpanorama.blogspot.com/




 --
 *Ravi Undupitiya*
 Senior Software Engineer; WSO2 http://wso2.com


 *E-mail: r...@wso2.com http://wso2.com**M: **+94 772 930 712
 %2B94%C2%A0772%20930%20712*

 Lean . Enterprise . Middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Thanks  Regards
 --
 Srisunmugaraja Paraparan
 Software Engineer,
 WSO2 Inc. - lean . enterprise . middleware |  wso2.com

 email : parapa...@wso2.com, mobile : +94 77 0362151

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Best Regards

 Samith Dassanayake
 Software Engineer | Cloud TG
 WSO2, Inc. | http://wso2.com
 lean. enterprise. middleware

 Mobile : +947 76207351

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Chanuka Dissanayake
 *Software Engineer | **WSO2 Inc.*; http://wso2.com

 Mobile: +94 71 33 63 596
 Email: chan...@wso2.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Pulasthi Mahawithana

[Thanuja Jayasinghe]

Congratz pulasthi

On Fri, Feb 13, 2015 at 3:13 PM, Dakshika Jayathilaka daksh...@wso2.com
wrote:

 Congratulations Pulasthi!

 *Dakshika Jayathilaka*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware
 0771100911

 On Fri, Feb 13, 2015 at 3:03 PM, Prasanna Dangalla prasa...@wso2.com
 wrote:

 Congratulations Pulasthi!


 On Fri, Feb 13, 2015 at 2:03 PM, Kasun De Silva kas...@wso2.com wrote:

 Congratz Pulasthi!!!

 *Kasun de Silva*
 Software Engineer | *WSO2 Inc.*; http://wso2.com
 lean.enterprise.middleware

 email   : kas...@wso2.com
 mobile : +94 77 794 4260


 On Fri, Feb 13, 2015 at 1:54 PM, Supun Sethunga sup...@wso2.com wrote:

 Congratz Pulasthi !

 On Fri, Feb 13, 2015 at 1:09 PM, Darshana Gunawardana 
 darsh...@wso2.com wrote:

 Congratulations Pulasthi..!!

 On Fri, Feb 13, 2015 at 12:37 PM, Buddhima Wijeweera 
 buddh...@wso2.com wrote:

 Congratulations Pulasthi !!!

 On Fri, Feb 13, 2015 at 12:30 PM, Kalpa Welivitigoda kal...@wso2.com
  wrote:

 Congratulations Pulasthi !

 On Fri, Feb 13, 2015 at 12:29 PM, Milinda Perera milin...@wso2.com
 wrote:

 Congratulations Pulasthi ... :)

 On Fri, Feb 13, 2015 at 12:27 PM, Firzhan Naqash firz...@wso2.com
 wrote:

 Congratulations Pulasthi

 Regards,
 Firzhan

 On Fri, Feb 13, 2015 at 12:23 PM, Jerad Rutnam je...@wso2.com
 wrote:

 Congratulations Pulasthi! :)

 On Fri, Feb 13, 2015 at 12:19 PM, Johann Nallathamby 
 joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Pulasthi Mahawithana as a WSO2
 Committer. Pulasthi has been a valuable contributor for WSO2
 Identity Server product, and in recognition of his contribution to 
 WSO2,
 he has been voted as a WSO2 Committer.

 Pulasthi, congratulations and keep up the good work!

 Thanks  Regards.

 --
 Thanks  Regards,

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com
 http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Jerad Rutnam*
 *Software Engineer*

 WSO2 Inc.
 lean | enterprise | middleware
 M : +94 77 959 1609 | E : je...@wso2.com | W : www.wso2.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Milinda Perera
 Software Engineer;
 WSO2 Inc. http://wso2.com ,
 Mobile: (+94) 714 115 032


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Best Regards,

 Kalpa Welivitigoda
 Software Engineer, WSO2 Inc. http://wso2.com
 Email: kal...@wso2.com
 Mobile: +94776509215

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Buddhima Wijeweera
 Software Engineer; WSO2 Inc.; http://wso2.com ,

 Mobile: +94 71 427 9966
 Email: buddh...@wso2.com
 Blog:   https://buddhimawijeweera.wordpress.com
 GitHub Profile: https://github.com/Buddhima

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Regards,


 *Darshana Gunawardana*Software Engineer
 WSO2 Inc.; http://wso2.com

 *E-mail: darsh...@wso2.com darsh...@wso2.com*
 *Mobile: +94718566859 %2B94718566859*Lean . Enterprise . Middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Supun Sethunga*
 Software Engineer
 WSO2, Inc.
 lean | enterprise | middleware
 Mobile : +94 716546324

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Prasanna Dangalla
 Software Engineer, WSO2, Inc.; http://wso2.com/
 lean.enterprise.middleware

 cell: +94 777 55 80 30 | +94 718 11 27 51
 twitter: @prasa77

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Gayan Gunawardana

[Thanuja Jayasinghe]

Congratz Gayan...

On Thu, Feb 5, 2015 at 8:53 AM, Jerad Rutnam je...@wso2.com wrote:

 Congratulations Gayan! :)

 On Tue, Feb 3, 2015 at 8:32 AM, Jayanga Dissanayake jaya...@wso2.com
 wrote:

 Congratulations Gayan!

 *Jayanga Dissanayake*
 Senior Software Engineer
 WSO2 Inc. - http://wso2.com/
 lean . enterprise . middleware
 email: jaya...@wso2.com
 mobile: +94772207259

 On Mon, Feb 2, 2015 at 9:21 PM, Harshan Liyanage hars...@wso2.com
 wrote:

 Congratulations Gayan !!!

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 On Mon, Feb 2, 2015 at 5:20 AM, Milinda Perera milin...@wso2.com
 wrote:

 Congratulations Gayan ...

 On Sun, Feb 1, 2015 at 5:17 PM, Srisunmugaraja Paraparan 
 parapa...@wso2.com wrote:

 Congratulations Gayan ..

 On Sun, Feb 1, 2015 at 10:37 PM, Pumudu Ruhunage pum...@wso2.com
 wrote:

 Congratulations..!!! :)

 On Sun, Feb 1, 2015 at 3:24 PM, Inosh Perera ino...@wso2.com wrote:

 Congrats Gayan !! :)

 On Sun, Feb 1, 2015 at 10:39 AM, Waruna Jayaweera waru...@wso2.com
 wrote:

 Congratzz Gayan...!

 On Sat, Jan 31, 2015 at 9:05 PM, Hasintha Indrajee 
 hasin...@wso2.com wrote:

 Congratulations Gayan!!

 On Sat, Jan 31, 2015 at 6:55 PM, Buddhima Wijeweera 
 buddh...@wso2.com wrote:

 Congratulations Gayan!!!

 On Sat, Jan 31, 2015 at 6:53 PM, Tharindu Edirisinghe 
 tharin...@wso2.com wrote:

 Congratulations Gayan !!!

 On Sat, Jan 31, 2015 at 4:43 PM, Chamin Nalinda cha...@wso2.com
  wrote:

 Congratulations !!!

 On Sat, Jan 31, 2015 at 4:32 PM, Prasanna Dangalla 
 prasa...@wso2.com wrote:

 Congratulations Gayan

 On Sat, Jan 31, 2015 at 1:54 PM, Harsha Kumara 
 hars...@wso2.com wrote:

 Congratulations Gayan!

 On Sat, Jan 31, 2015 at 1:52 PM, Johann Nallathamby 
 joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Gayan Gunawardana as a WSO2
 Committer. Gayan has been a valuable contributor for WSO2
 Identity Server product, and in recognition of his contribution 
 to WSO2, he
 has been voted as a WSO2 Committer.

 Gayan, congratulations and keep up the good work!

 Thanks  Regards.

 --
 Thanks  Regards,

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity
 Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com
 http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Harsha Kumara
 Software Engineer, WSO2 Inc.
 Mobile: +94775505618
 Blog:harshcreationz.blogspot.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Prasanna Dangalla
 Software Engineer, WSO2, Inc.; http://wso2.com/
 lean.enterprise.middleware

 cell: +94 777 55 80 30 | +94 718 11 27 51
 twitter: @prasa77

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Chamin Nalinda*

 Intern - Engineering
 WSO2 Inc. http://www.wso2.com
 lean.enterprise.middleware

 Mobile: (+94) 77 241 66 04
 Linkedin: https://www.linkedin.com/in/chaminnalinda
 Web: http://www.ckreativity.com
 Blog: http://techspiro.blogspot.com/


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --

 Tharindu Edirisinghe
 Software Engineer | WSO2 Inc
 Identity Server Team
 mobile : +94 775 181586

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Buddhima Wijeweera
 Software Engineer; WSO2 Inc.; http://wso2.com ,

 Mobile: +94 71 427 9966
 Email: buddh...@wso2.com
 Blog:   https://buddhimawijeweera.wordpress.com
 GitHub Profile: https://github.com/Buddhima

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Regards,

 Waruna Lakshitha Jayaweera
 Software Engineer
 WSO2 Inc; http://wso2.com
 phone: +94713255198

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Inosh Perera
 Software Engineer, WSO2 Inc.
 Tel: 0785293686

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Pumudu Ruhunage
 Associate Software Engineer | WSO2 Inc
 M: +94 779 664493  | http://wso2.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Thanks  Regards
 --
 Srisunmugaraja 

Re: [Dev] WSO2 Committers += Tharindu Edirisinghe

[Thanuja Jayasinghe]

Congratz Tharindu... :)

On Mon, Feb 2, 2015 at 9:53 AM, Chanuka Dissanayake chan...@wso2.com
wrote:

 Congratulations Tharindu.. :)

 On Mon, Feb 2, 2015 at 9:30 AM, Aiyadurai Rajeevan rajeev...@wso2.com
 wrote:

 Congrats Tharindu :)

 Thanks  Regards,
 S.A.Rajeevan
 Software Engineer WSO2 Inc
 E-Mail: rajeev...@wso2.com | Mobile : +94776411636

 On Mon, Feb 2, 2015 at 9:28 AM, Kasun De Silva kas...@wso2.com wrote:

 Congratz Tharindu !!!

 *Kasun de Silva*
 Software Engineer | *WSO2 Inc.*; http://wso2.com
 lean.enterprise.middleware

 email   : kas...@wso2.com
 mobile : +94 77 794 4260


 On Mon, Feb 2, 2015 at 9:21 AM, Kalpa Welivitigoda kal...@wso2.com
 wrote:

 Congratulations Tharindu !

 On Mon, Feb 2, 2015 at 9:19 AM, Sam Sivayogam s...@wso2.com wrote:

 Congrats Thariya !!!

 On Mon, Feb 2, 2015 at 9:08 AM, Anuruddha Liyanarachchi 
 anurudd...@wso2.com wrote:

 Congratulations Tharindu !

 On Mon, Feb 2, 2015 at 8:51 AM, Ravindra Ranwala ravin...@wso2.com
 wrote:

 Congratulations Tharindu !

 On Mon, Feb 2, 2015 at 7:06 AM, Gayan Gunawardana ga...@wso2.com
 wrote:

 Congratz Tharindu...

 On Mon, Feb 2, 2015 at 5:20 AM, Milinda Perera milin...@wso2.com
 wrote:

 Congratulations Tharindu ..

 On Sun, Feb 1, 2015 at 6:39 PM, Sithumini Senevirathne 
 sithumi...@wso2.com wrote:

 Congratulations Tharindu!!!

 On Sun, Feb 1, 2015 at 10:48 PM, Srisunmugaraja Paraparan 
 parapa...@wso2.com wrote:

 Congratulations Tharindu ..

 On Sun, Feb 1, 2015 at 10:41 PM, Pumudu Ruhunage 
 pum...@wso2.com wrote:

 Congratulations Tharindu..!!! :)

 On Sun, Feb 1, 2015 at 10:29 PM, Tharindu Dharmarathna 
 tharin...@wso2.com wrote:

 Congrats tharindu
 On Feb 1, 2015 10:21 PM, Chamin Nalinda cha...@wso2.com
 wrote:

 Congratulations bro :)

 On Sun, Feb 1, 2015 at 10:19 PM, Vijitha Ekanayake 
 vijit...@wso2.com wrote:

 Congratulations Tharindu !!!

 On Sun, Feb 1, 2015 at 10:11 PM, Buddhima Wijeweera 
 buddh...@wso2.com wrote:

 Congratulations Tharindu !!!

 On Sun, Feb 1, 2015 at 10:10 PM, Firzhan Naqash 
 firz...@wso2.com wrote:

 Congratz Tharindhu ...

 Regards,
 Firzhan

 On Sun, Feb 1, 2015 at 10:09 PM, Hasintha Indrajee 
 hasin...@wso2.com wrote:

 Congratulations Tharindu ...!!

 On Sun, Feb 1, 2015 at 9:58 PM, Johann Nallathamby 
 joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Tharindu Edirisinghe as a
 WSO2 Committer. Tharindu has been a valuable
 contributor for WSO2 Identity Server product, and in 
 recognition of his
 contribution to WSO2, he has been voted as a
 WSO2 Committer.

 Tharindu, congratulations and keep up the good work!

 Thanks  Regards.

 --

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity
 Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com
 http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Buddhima Wijeweera
 Software Engineer; WSO2 Inc.; http://wso2.com ,

 Mobile: +94 71 427 9966
 Email: buddh...@wso2.com
 Blog:   https://buddhimawijeweera.wordpress.com
 GitHub Profile: https://github.com/Buddhima

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Vijitha Ekanayake
 Software Engineer*, *WSO2, Inc.; http://wso2.com/
 Mobile : +94 777 24 73 39 | +94 718 74 44 08
 lean.enterprise.middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Chamin Nalinda*

 Intern - Engineering
 WSO2 Inc. http://www.wso2.com
 lean.enterprise.middleware

 Mobile: (+94) 77 241 66 04
 Linkedin: https://www.linkedin.com/in/chaminnalinda
 Web: http://www.ckreativity.com
 Blog: http://techspiro.blogspot.com/


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Pumudu Ruhunage
 Associate Software Engineer | WSO2 Inc
 M: +94 779 664493  | http://wso2.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Thanks  Regards
 --
 Srisunmugaraja Paraparan
 Software Engineer,
 WSO2 Inc. - lean . enterprise . middleware |  wso2.com

 email : parapa...@wso2.com, mobile : +94 77 0362151

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 --
 Sithumini 

Re: [Dev] WSO2 Committers += Hasintha Indrajee

[Thanuja Jayasinghe]

Congratz Hasintha.!!!

On Mon, Dec 29, 2014 at 10:29 AM, Tharindu Edirisinghe tharin...@wso2.com
wrote:

 Congratulations Hasintha !!!

 On Mon, Dec 29, 2014 at 8:51 PM, Milinda Perera milin...@wso2.com wrote:

 Congratulations Hasintha ... :)

 On Mon, Dec 29, 2014 at 8:27 PM, Chamin Nalinda cha...@wso2.com wrote:

 Congratulations Hasintha :)

 On Mon, Dec 29, 2014 at 7:47 PM, Abimaran Kugathasan abima...@wso2.com
 wrote:

 Congrats!

 On Mon, Dec 29, 2014 at 4:44 PM, Vijitha Ekanayake vijit...@wso2.com
 wrote:

 Congratulations Hasintha !!!

 On Mon, Dec 29, 2014 at 4:39 PM, Harsha Kumara hars...@wso2.com
 wrote:

 Congratulations Hasintha!

 On Mon, Dec 29, 2014 at 3:43 PM, Kalpa Welivitigoda kal...@wso2.com
 wrote:

 Congratulations Hasintha !

 On Mon, Dec 29, 2014 at 2:38 PM, Kasun De Silva kas...@wso2.com
 wrote:

 Congratz Hasintha...!!!

 *Kasun de Silva*
 Software Engineer | *WSO2 Inc.*; http://wso2.com
 lean.enterprise.middleware

 email   : kas...@wso2.com
 mobile : +94 77 794 4260


 On Mon, Dec 29, 2014 at 1:53 PM, Darshana Gunawardana 
 darsh...@wso2.com wrote:

 Congratulations Hasintha..!!!

 On Mon, Dec 29, 2014 at 1:42 PM, Johann Nallathamby 
 joh...@wso2.com wrote:

 Hi All,

 It's my pleasure to announce Hasintha Indrajee as a WSO2
 Committer. Hasintha has been a valuable contributor for WSO2
 Identity Server product, and in recognition of his contribution to 
 WSO2, he
 has been voted as a WSO2 Committer.

 Hasintha, congratulations and keep up the good work!

 Thanks  Regards.

 --

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com
 http://nallaa.wordpress.com*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Regards,


 *Darshana Gunawardana*Software Engineer
 WSO2 Inc.; http://wso2.com

 *E-mail: darsh...@wso2.com darsh...@wso2.com*
 *Mobile: +94718566859 %2B94718566859*Lean . Enterprise .
 Middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Best Regards,

 Kalpa Welivitigoda
 Software Engineer, WSO2 Inc. http://wso2.com
 Email: kal...@wso2.com
 Mobile: +94776509215

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Harsha Kumara
 Software Engineer, WSO2 Inc.
 Mobile: +94775505618
 Blog:harshcreationz.blogspot.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Vijitha Ekanayake
 Software Engineer*, *WSO2, Inc.; http://wso2.com/
 Mobile : +94 777 24 73 39 | +94 718 74 44 08
 lean.enterprise.middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Thanks
 Abimaran Kugathasan

 Software Engineer | WSO2 Inc
 Data  APIs Technologies Team
 Mobile : +94 773922820

 http://stackoverflow.com/users/515034
 http://lk.linkedin.com/in/abimaran
 http://www.lkabimaran.blogspot.com/  https://github.com/abimaran
 https://twitter.com/abimaran


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 *Chamin Nalinda*

 Intern - Engineering
 WSO2 Inc. http://www.wso2.com
 lean.enterprise.middleware

 Mobile: (+94) 77 241 66 04
 Linkedin: https://www.linkedin.com/in/chaminnalinda
 Web: http://www.ckreativity.com
 Blog: http://techspiro.blogspot.com/


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Milinda Perera
 Software Engineer;
 WSO2 Inc. http://wso2.com ,
 Mobile: (+94) 714 115 032


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --

 Tharindu Edirisinghe
 Software Engineer | WSO2 Inc
 Identity Server Team
 mobile : +94 775 181586

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Firzhan Naqash

[Thanuja Jayasinghe]

Congratz Firzhan.

On Tue, Dec 23, 2014 at 5:42 AM, Dakshika Jayathilaka daksh...@wso2.com
wrote:

 Congratulations !!

 *Dakshika Jayathilaka*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware
 0771100911

 On Tue, Dec 23, 2014 at 2:27 PM, Manoj Kumara ma...@wso2.com wrote:

 Congratulations !!


 *Manoj Kumara*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94713448188

 On Tue, Dec 23, 2014 at 2:26 PM, Sajini De Silva saj...@wso2.com wrote:

 Congratulations Firzhan!!!

 On Tue, Dec 23, 2014 at 2:25 PM, Lasitha Wattaladeniya 
 lasit...@wso2.com wrote:

 Congratulations !

 On Tue, Dec 23, 2014 at 11:48 AM, Kasun De Silva kas...@wso2.com
 wrote:

 Congratz Firzan !!!

 *Kasun de Silva*
 Software Engineer | *WSO2 Inc.*; http://wso2.com
 lean.enterprise.middleware

 email   : kas...@wso2.com
 mobile : +94 77 794 4260


 On Tue, Dec 23, 2014 at 11:46 AM, Nandika Jayawardana 
 nand...@wso2.com wrote:

 Hi All,

 It is my pleasure to welcome Firzhan as a WSO2 committer. Firzhan is
 a key member of Business Process Server Team and has contributed to Both
 BPS and IS.
 Welcome aboard and week up the good work !

 Regards
 Nandika

 --
 Nandika Jayawardana
 Senior Technical Lead
 WSO2 Inc ; http://wso2.com
 lean.enterprise.middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Lasitha Wattaladeniya
 Software Engineer
 WSO2, Inc. | http://wso2.com
 lean. enterprise. middleware

 Mobile : +94719397528
 Blog : techreadme.blogspot.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Sajini De SIlva
 Software Engineer; WSO2 Inc.; http://wso2.com ,
 Email: saj...@wso2.com
 Blog: http://sajinid.blogspot.com/
 Git hub profile: https://github.com/sajinidesilva

 Phone: +94 712797729


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Roshan Deniyage

[Thanuja Jayasinghe]

Congratz Roshan!!!

On Thu, Dec 18, 2014 at 12:59 PM, Prabath Ariyarathna prabat...@wso2.com
wrote:

 Congratulations Roshan

 On Thu, Dec 18, 2014 at 11:23 PM, Harsha Kumara hars...@wso2.com wrote:

 Congratulations Roshan!

 On Thu, Dec 18, 2014 at 10:24 PM, Vijitha Ekanayake vijit...@wso2.com
 wrote:

 Congratulations Roshan 

 On Thu, Dec 18, 2014 at 10:10 PM, Dimuthu Leelarathne dimut...@wso2.com
  wrote:

 Hi all,

 WSO2 welcomes Roshan Deniyage as WSO2 committer!

 Congratulations!

 thanks,
 dimuthu

 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 --
 Vijitha Ekanayake
 Software Engineer*, *WSO2, Inc.; http://wso2.com/
 Mobile : +94 777 24 73 39 | +94 718 74 44 08
 lean.enterprise.middleware

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 --
 Harsha Kumara
 Software Engineer, WSO2 Inc.
 Mobile: +94775505618
 Blog:harshcreationz.blogspot.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



 --

 *Prabath Ariyarathna*

 *Associate Technical Lead*

 *WSO2, Inc. *

 *lean . enterprise . middleware *


 *Email: prabat...@wso2.com prabat...@wso2.com*

 *Blog: http://prabu-lk.blogspot.com http://prabu-lk.blogspot.com*

 *Flicker : https://www.flickr.com/photos/47759189@N08
 https://www.flickr.com/photos/47759189@N08*

 *Mobile: +94 77 699 4730 *






 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev



-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Change the username for user

[Thanuja Jayasinghe]

Hi Dulitha,

Yes, it is for get the auto increment id of the UM_USER table. Also link
[1] shows how to change the user name value in AD.

[1] -
http://tanyamadurapperuma.blogspot.com/2013/10/tricky-way-to-modify-username-scim.html

Thanks,
Thanuja.

On Mon, Dec 8, 2014 at 4:16 PM, Dulitha Wijewantha duli...@wso2.com wrote:

 Hi Johann,
 We do keep a user id don't we? There is a method called getUserId
 in RemoteUserStoreManagerService. Is this an auto increment number for the
 user table?

 Cheers~

 On Mon, Dec 8, 2014 at 12:20 PM, Johann Nallathamby joh...@wso2.com
 wrote:

 You can't do it in JDBC user stores. But in LDAP user stores you can.
 However, we don't support every aspect of such change. E.g. there are
 several places where we have the fully qualified username as the reference
 to a user, because we don't have a immutable opaque identifier for a user
 in our system. We don't update such references if the username is updated.

 On Tue, Dec 9, 2014 at 12:30 AM, Dulitha Wijewantha duli...@wso2.com
 wrote:

 Hi guys,
 Is it possible to change the username for user using the user manager
 API?

 Cheers~

 --
 Dulitha Wijewantha (Chan)
 Software Engineer - Mobile Development
 WSO2 Inc
 Lean.Enterprise.Mobileware
  * ~Email   duli...@wso2.com duli...@wso2mobile.com*
 *  ~Mobile +94712112165 %2B94712112165*
 *  ~Website   dulitha.me http://dulitha.me*
 *  ~Twitter @dulitharw https://twitter.com/dulitharw*
   *~Github @dulichan https://github.com/dulichan*
   *~SO @chan http://stackoverflow.com/users/813471/chan*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




 --
 Thanks  Regards,

 *Johann Dilantha Nallathamby*
 Associate Technical Lead  Product Lead of WSO2 Identity Server
 Integration Technologies Team
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com*




 --
 Dulitha Wijewantha (Chan)
 Software Engineer - Mobile Development
 WSO2 Inc
 Lean.Enterprise.Mobileware
  * ~Email   duli...@wso2.com duli...@wso2mobile.com*
 *  ~Mobile +94712112165 %2B94712112165*
 *  ~Website   dulitha.me http://dulitha.me*
 *  ~Twitter @dulitharw https://twitter.com/dulitharw*
   *~Github @dulichan https://github.com/dulichan*
   *~SO @chan http://stackoverflow.com/users/813471/chan*

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev




-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Request to commit the patch IDENTITY-2888

[Thanuja Jayasinghe]

Hi Manoj,

Modified diff is attached to [1].

[1] - https://wso2.org/jira/browse/IDENTITY-2888

Thanks,
Thanuja.

On Thu, Nov 27, 2014 at 5:12 PM, Sameera Jayasoma same...@wso2.com wrote:

 Change...

 } catch (SQLException e) {
String msg = Database error occurred while adding shared role;
log.error(msg, e);
throw new UserStoreException(msg, e);
 }


 On Thu, Nov 27, 2014 at 2:17 PM, Sameera Jayasoma same...@wso2.com
 wrote:

 } catch (SQLException e) {
String msg = Database error occurred while adding shared role.
 Reason:  + e.getMessage();
log.error(msg, e);
throw new UserStoreException(msg, e);
 }

 As per our chat, this error is not logged anywhere else. Therefore we
 need to log it here.

 Thanks,
 Sameera.

 On Thu, Nov 27, 2014 at 1:01 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi Sameera,

 The original issue is [1] which we trying to resolve here. Can you
 please suggest a popper way to handle this?

 [1] - https://wso2.org/jira/browse/IDENTITY-2869

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 12:31 PM, Sameera Jayasoma same...@wso2.com
 wrote:

 Hi Thanuja,

 Its okay. Btw, I am seeing small issues in the way we have are
 logging..

} catch (SQLException e) {
 +  log.error(Database error occurred while adding shared 
 role, e);
throw new UserStoreException(e.getMessage(), e);
} catch (Exception e) {
 +  log.error(Error occurred while adding shared role, e);
throw new UserStoreException(e.getMessage(), e);
} finally {
DatabaseUtil.closeAllConnections(dbConnection);


 1) Do we really need to log here? Since we are throwing the error to the 
 calling method, that method can log too. This will cause multiple levels 
 of logging in the backend.

 2) In the log statement, we haven't logged the original error message.

 3) In the throw statement, you are not putting the message that your have 
 in your log statement.

 Generally we shouldn't log in every method. Only at the API level or at 
 the client level.


 Thanks,

 Sameera.


 On Thu, Nov 27, 2014 at 12:14 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi Sameera,

 I checked the formatting using Idea before taking the patch for the
 first time. But it looks like there is a bit difference how Idea treat 
 tabs
 and spaces. Sorry about the inconvenience.

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 12:05 PM, Thanuja Jayasinghe than...@wso2.com
  wrote:

 Hi Manoj,

 Formatting issues are fixed and diff is attached to [1].

 [1]  - https://wso2.org/jira/browse/IDENTITY-2888

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 11:15 AM, Sameera Jayasoma same...@wso2.com
 wrote:

 Manoj can you please revert this patch. There are some formatting
 issues it seems.

 Thanks,
 Sameera.

 On Thu, Nov 27, 2014 at 11:04 AM, Manoj Kumara ma...@wso2.com
 wrote:

 Hi Thanuja,

 Committed to patch0009 with r209939. Please send the pull request
 to Git repo.

 Thanks,
 Manoj


 *Manoj Kumara*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94713448188

 On Thu, Nov 27, 2014 at 12:09 AM, Thanuja Jayasinghe 
 than...@wso2.com wrote:

 Hi Carbon Team,

 Please commit the diff attached with [1].

 [1] - https://wso2.org/jira/browse/IDENTITY-2888

 Thanks,
 Thanuja.

 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992





 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware




 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992




 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992




 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware




 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992




 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware




 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com

Re: [Dev] Request to commit the patch IDENTITY-2888

[Thanuja Jayasinghe]

Thanks Manoj.

On Thu, Nov 27, 2014 at 10:02 PM, Manoj Kumara ma...@wso2.com wrote:

 Hi Thanuja,

 Applied the updated patch with r209981.


 *Manoj Kumara*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94713448188

 On Thu, Nov 27, 2014 at 6:52 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi Manoj,

 Modified diff is attached to [1].

 [1] - https://wso2.org/jira/browse/IDENTITY-2888

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 5:12 PM, Sameera Jayasoma same...@wso2.com
 wrote:

 Change...

 } catch (SQLException e) {
String msg = Database error occurred while adding shared role;
log.error(msg, e);
throw new UserStoreException(msg, e);
 }


 On Thu, Nov 27, 2014 at 2:17 PM, Sameera Jayasoma same...@wso2.com
 wrote:

 } catch (SQLException e) {
String msg = Database error occurred while adding shared role.
 Reason:  + e.getMessage();
log.error(msg, e);
throw new UserStoreException(msg, e);
 }

 As per our chat, this error is not logged anywhere else. Therefore we
 need to log it here.

 Thanks,
 Sameera.

 On Thu, Nov 27, 2014 at 1:01 PM, Thanuja Jayasinghe than...@wso2.com
 wrote:

 Hi Sameera,

 The original issue is [1] which we trying to resolve here. Can you
 please suggest a popper way to handle this?

 [1] - https://wso2.org/jira/browse/IDENTITY-2869

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 12:31 PM, Sameera Jayasoma same...@wso2.com
 wrote:

 Hi Thanuja,

 Its okay. Btw, I am seeing small issues in the way we have are
 logging..

  } catch (SQLException e) {
 +log.error(Database error occurred while adding 
 shared role, e);
  throw new UserStoreException(e.getMessage(), e);
  } catch (Exception e) {
 +log.error(Error occurred while adding shared 
 role, e);
  throw new UserStoreException(e.getMessage(), e);
  } finally {
  DatabaseUtil.closeAllConnections(dbConnection);


 1) Do we really need to log here? Since we are throwing the error to the 
 calling method, that method can log too. This will cause multiple levels 
 of logging in the backend.

 2) In the log statement, we haven't logged the original error message.

 3) In the throw statement, you are not putting the message that your 
 have in your log statement.

 Generally we shouldn't log in every method. Only at the API level or at 
 the client level.


 Thanks,

 Sameera.


 On Thu, Nov 27, 2014 at 12:14 PM, Thanuja Jayasinghe 
 than...@wso2.com wrote:

 Hi Sameera,

 I checked the formatting using Idea before taking the patch for the
 first time. But it looks like there is a bit difference how Idea treat 
 tabs
 and spaces. Sorry about the inconvenience.

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 12:05 PM, Thanuja Jayasinghe 
 than...@wso2.com wrote:

 Hi Manoj,

 Formatting issues are fixed and diff is attached to [1].

 [1]  - https://wso2.org/jira/browse/IDENTITY-2888

 Thanks,
 Thanuja.

 On Thu, Nov 27, 2014 at 11:15 AM, Sameera Jayasoma 
 same...@wso2.com wrote:

 Manoj can you please revert this patch. There are some formatting
 issues it seems.

 Thanks,
 Sameera.

 On Thu, Nov 27, 2014 at 11:04 AM, Manoj Kumara ma...@wso2.com
 wrote:

 Hi Thanuja,

 Committed to patch0009 with r209939. Please send the pull request
 to Git repo.

 Thanks,
 Manoj


 *Manoj Kumara*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94713448188

 On Thu, Nov 27, 2014 at 12:09 AM, Thanuja Jayasinghe 
 than...@wso2.com wrote:

 Hi Carbon Team,

 Please commit the diff attached with [1].

 [1] - https://wso2.org/jira/browse/IDENTITY-2888

 Thanks,
 Thanuja.

 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992





 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware




 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992




 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992




 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware




 --
 *Thanuja Lakmal*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891 +94758009992




 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com

[Dev] Request to commit the patch IDENTITY-2888

[Thanuja Jayasinghe]

Hi Carbon Team,

Please commit the diff attached with [1].

[1] - https://wso2.org/jira/browse/IDENTITY-2888

Thanks,
Thanuja.

-- 
*Thanuja Lakmal*
Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev