Re: [Dev] Correct way to Add users and Roles via an API

2017-11-03 Thread Shavindri Dissanayake 
Hi Ushani,

Need your help to clarify the following:
Do you feel there is a doc gap with regard to managing users/roles using
REST APIs?  If so we will move to update docs to avoid this. Looking
forward to your reply.

[1] https://docs.wso2.com/display/IS540/SCIM+APIs

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Wed, Nov 1, 2017 at 8:26 PM, Ushani Balasooriya  wrote:

> Thanks Farsath and Isura for the clarification.
>
> On 1 Nov 2017 8:24 pm, "Isura Karunaratne"  wrote:
>
>>
>> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed 
>> wrote:
>>
>>> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya 
>>> wrote:
>>>
 Hi IAM team,

 I am trying to implement a thirdparty web app to manage users and roles
 functionalities as explained in this blog post [1] Solution 26.

 According to the solution, it says,

 *"The WSO2 Identity Server exposes a set of REST endpoints as well as
 SOAP-based services for user management, the web app just need to talk to
 these endpoints, without having to deal directly with underlying user
 stores (LDAP, AD, JDBC)."*

 This [2] is the only document I can find as the available API for user
 role management.

 Please verify whether my below understandings are correct to proceed
 with this solution.

 1. Since WSO2IS does not provide any REST API for user/role management,
 there will not be a particular API where I can use as endpoint in my third
 party application.
 Therefore my web app should use a class as explained in this [2]
 document.

 2. We should not consider SCIM as REST endpoint to manage users since
 it is used to provision users to external system. Therefore I cannot treat
 SCIM as a REST endpoint which can use to add users and roles.

>>>
>> No. As Farasath explains, we do support both inbound and outbound SCIM
>> provisioning.
>>
>> You can treat SCIM endpoint as a well defined standard way to manage
>> users from a third party application.
>>
>> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as a
>> connector)
>>
>> Thanks
>> Isura.
>>
>>
>>
>>> IMO this is not entirely correct.
>>> SCIM inbound connector is used to provision users *in to* Identity
>>> Server and the SCIM outbound connector can be used provision user to
>>> external systems as you explained.
>>>
>>> SCIM inbound connector exposes a REST endpoint through which you can do
>>> CRUD operation on users/groups. This can be considered as a REST endpoint
>>> to manage users. Both SCIM and our SOAP APIs talk to the same underlying
>>> user-core impelementation to achieve CRUD on users (user stores).
>>>
>>> Moreover SCIM simply provides a RESTful layer over our usercore
>>> funcionality. So I don't see why we should not consider SCIM as a REST API
>>> to manage users.
>>> Infact we have customers using SCIM to achieve user registration, user
>>> profile update etc.
>>>


 [1] https://medium.facilelogin.com/thirty-solution-patterns-
 with-the-wso2-identity-server-16f9fd0c0389

 [2] https://docs.wso2.com/display/IS530/Managing+Users+and+
 Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()

 Thanks,
 --
 *Ushani Balasooriya*
 Associate Technical Lead - EE;
 WSO2 Inc; http://www.wso2.com/.


 --
>>
>> *Isura Dilhara Karunaratne*
>> Associate Technical Lead | WSO2
>> Email: is...@wso2.com
>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>> Blog : http://isurad.blogspot.com/
>>
>>
>>
>>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Correct way to Add users and Roles via an API

2017-11-02 Thread Ushani Balasooriya 
Hi Shavindri,

Thanks for bringing this up. I was going to reply by reporting a doc jira
asking to explain about SCIM APIs in terms of its use case since I couldn't
find much information in docs.
Better if we can explain SCIM inbound connector and SCIM outbound
connector's use case as Farsath has explained in the mail thread. His
explanation is clear enough to go in to docs.

I have reported a jira [1] for your reference.

[1] https://wso2.org/jira/browse/DOCUMENTATION-6342

Thanks,
Ushani


On Thu, Nov 2, 2017 at 5:49 PM, Shavindri Dissanayake 
wrote:

> Hi Ushani,
>
> Need your help to clarify the following:
> Do you feel there is a doc gap with regard to managing users/roles using
> REST APIs?  If so we will move to update docs to avoid this. Looking
> forward to your reply.
>
> [1] https://docs.wso2.com/display/IS540/SCIM+APIs
>
> Thanks & Regards
> Shavindri Dissanayake
> Senior Technical Writer
>
> WSO2 Inc.
> lean.enterprise.middleware
>
> On Wed, Nov 1, 2017 at 8:26 PM, Ushani Balasooriya 
> wrote:
>
>> Thanks Farsath and Isura for the clarification.
>>
>> On 1 Nov 2017 8:24 pm, "Isura Karunaratne"  wrote:
>>
>>>
>>> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed 
>>> wrote:
>>>
 On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya 
 wrote:

> Hi IAM team,
>
> I am trying to implement a thirdparty web app to manage users and
> roles functionalities as explained in this blog post [1] Solution 26.
>
> According to the solution, it says,
>
> *"The WSO2 Identity Server exposes a set of REST endpoints as well as
> SOAP-based services for user management, the web app just need to talk to
> these endpoints, without having to deal directly with underlying user
> stores (LDAP, AD, JDBC)."*
>
> This [2] is the only document I can find as the available API for user
> role management.
>
> Please verify whether my below understandings are correct to proceed
> with this solution.
>
> 1. Since WSO2IS does not provide any REST API for user/role
> management, there will not be a particular API where I can use as endpoint
> in my third party application.
> Therefore my web app should use a class as explained in this [2]
> document.
>
> 2. We should not consider SCIM as REST endpoint to manage users since
> it is used to provision users to external system. Therefore I cannot treat
> SCIM as a REST endpoint which can use to add users and roles.
>

>>> No. As Farasath explains, we do support both inbound and outbound SCIM
>>> provisioning.
>>>
>>> You can treat SCIM endpoint as a well defined standard way to manage
>>> users from a third party application.
>>>
>>> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as
>>> a connector)
>>>
>>> Thanks
>>> Isura.
>>>
>>>
>>>
 IMO this is not entirely correct.
 SCIM inbound connector is used to provision users *in to* Identity
 Server and the SCIM outbound connector can be used provision user to
 external systems as you explained.

 SCIM inbound connector exposes a REST endpoint through which you can do
 CRUD operation on users/groups. This can be considered as a REST endpoint
 to manage users. Both SCIM and our SOAP APIs talk to the same underlying
 user-core impelementation to achieve CRUD on users (user stores).

 Moreover SCIM simply provides a RESTful layer over our usercore
 funcionality. So I don't see why we should not consider SCIM as a REST API
 to manage users.
 Infact we have customers using SCIM to achieve user registration, user
 profile update etc.

>
>
> [1] https://medium.facilelogin.com/thirty-solution-patterns-
> with-the-wso2-identity-server-16f9fd0c0389
>
> [2] https://docs.wso2.com/display/IS530/Managing+Users+and+R
> oles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()
>
> Thanks,
> --
> *Ushani Balasooriya*
> Associate Technical Lead - EE;
> WSO2 Inc; http://www.wso2.com/.
>
>
> --
>>>
>>> *Isura Dilhara Karunaratne*
>>> Associate Technical Lead | WSO2
>>> Email: is...@wso2.com
>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>> Blog : http://isurad.blogspot.com/
>>>
>>>
>>>
>>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>


-- 
*Ushani Balasooriya*
Associate Technical Lead - EE;
WSO2 Inc; http://www.wso2.com/.
Mobile; +94772636796
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Correct way to Add users and Roles via an API

2017-11-01 Thread Ushani Balasooriya 
Hi IAM team,

I am trying to implement a thirdparty web app to manage users and roles
functionalities as explained in this blog post [1] Solution 26.

According to the solution, it says,

*"The WSO2 Identity Server exposes a set of REST endpoints as well as
SOAP-based services for user management, the web app just need to talk to
these endpoints, without having to deal directly with underlying user
stores (LDAP, AD, JDBC)."*

This [2] is the only document I can find as the available API for user role
management.

Please verify whether my below understandings are correct to proceed with
this solution.

1. Since WSO2IS does not provide any REST API for user/role management,
there will not be a particular API where I can use as endpoint in my third
party application.
Therefore my web app should use a class as explained in this [2] document.

2. We should not consider SCIM as REST endpoint to manage users since it is
used to provision users to external system. Therefore I cannot treat SCIM
as a REST endpoint which can use to add users and roles.


[1]
https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389

[2]
https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()

Thanks,
-- 
*Ushani Balasooriya*
Associate Technical Lead - EE;
WSO2 Inc; http://www.wso2.com/.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Correct way to Add users and Roles via an API

2017-11-01 Thread Isura Karunaratne 
On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed  wrote:

> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya 
> wrote:
>
>> Hi IAM team,
>>
>> I am trying to implement a thirdparty web app to manage users and roles
>> functionalities as explained in this blog post [1] Solution 26.
>>
>> According to the solution, it says,
>>
>> *"The WSO2 Identity Server exposes a set of REST endpoints as well as
>> SOAP-based services for user management, the web app just need to talk to
>> these endpoints, without having to deal directly with underlying user
>> stores (LDAP, AD, JDBC)."*
>>
>> This [2] is the only document I can find as the available API for user
>> role management.
>>
>> Please verify whether my below understandings are correct to proceed with
>> this solution.
>>
>> 1. Since WSO2IS does not provide any REST API for user/role management,
>> there will not be a particular API where I can use as endpoint in my third
>> party application.
>> Therefore my web app should use a class as explained in this [2]
>> document.
>>
>> 2. We should not consider SCIM as REST endpoint to manage users since it
>> is used to provision users to external system. Therefore I cannot treat
>> SCIM as a REST endpoint which can use to add users and roles.
>>
>
No. As Farasath explains, we do support both inbound and outbound SCIM
provisioning.

You can treat SCIM endpoint as a well defined standard way to manage users
from a third party application.

IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as a
connector)

Thanks
Isura.



> IMO this is not entirely correct.
> SCIM inbound connector is used to provision users *in to* Identity Server
> and the SCIM outbound connector can be used provision user to external
> systems as you explained.
>
> SCIM inbound connector exposes a REST endpoint through which you can do
> CRUD operation on users/groups. This can be considered as a REST endpoint
> to manage users. Both SCIM and our SOAP APIs talk to the same underlying
> user-core impelementation to achieve CRUD on users (user stores).
>
> Moreover SCIM simply provides a RESTful layer over our usercore
> funcionality. So I don't see why we should not consider SCIM as a REST API
> to manage users.
> Infact we have customers using SCIM to achieve user registration, user
> profile update etc.
>
>>
>>
>> [1]
>> https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389
>>
>> [2]
>> https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()
>>
>> Thanks,
>> --
>> *Ushani Balasooriya*
>> Associate Technical Lead - EE;
>> WSO2 Inc; http://www.wso2.com/.
>>
>>
>> --

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Correct way to Add users and Roles via an API

2017-11-01 Thread Farasath Ahamed 
On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya  wrote:

> Hi IAM team,
>
> I am trying to implement a thirdparty web app to manage users and roles
> functionalities as explained in this blog post [1] Solution 26.
>
> According to the solution, it says,
>
> *"The WSO2 Identity Server exposes a set of REST endpoints as well as
> SOAP-based services for user management, the web app just need to talk to
> these endpoints, without having to deal directly with underlying user
> stores (LDAP, AD, JDBC)."*
>
> This [2] is the only document I can find as the available API for user
> role management.
>
> Please verify whether my below understandings are correct to proceed with
> this solution.
>
> 1. Since WSO2IS does not provide any REST API for user/role management,
> there will not be a particular API where I can use as endpoint in my third
> party application.
> Therefore my web app should use a class as explained in this [2] document.
>
> 2. We should not consider SCIM as REST endpoint to manage users since it
> is used to provision users to external system. Therefore I cannot treat
> SCIM as a REST endpoint which can use to add users and roles.
>

IMO this is not entirely correct.
SCIM inbound connector is used to provision users *in to* Identity Server
and the SCIM outbound connector can be used provision user to external
systems as you explained.

SCIM inbound connector exposes a REST endpoint through which you can do
CRUD operation on users/groups. This can be considered as a REST endpoint
to manage users. Both SCIM and our SOAP APIs talk to the same underlying
user-core impelementation to achieve CRUD on users (user stores).

Moreover SCIM simply provides a RESTful layer over our usercore
funcionality. So I don't see why we should not consider SCIM as a REST API
to manage users.
Infact we have customers using SCIM to achieve user registration, user
profile update etc.

>
>
> [1] https://medium.facilelogin.com/thirty-solution-patterns-
> with-the-wso2-identity-server-16f9fd0c0389
>
> [2] https://docs.wso2.com/display/IS530/Managing+Users+and+
> Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()
>
> Thanks,
> --
> *Ushani Balasooriya*
> Associate Technical Lead - EE;
> WSO2 Inc; http://www.wso2.com/.
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Correct way to Add users and Roles via an API

2017-11-01 Thread Ushani Balasooriya 
Thanks Farsath and Isura for the clarification.

On 1 Nov 2017 8:24 pm, "Isura Karunaratne"  wrote:

>
> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed  wrote:
>
>> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya 
>> wrote:
>>
>>> Hi IAM team,
>>>
>>> I am trying to implement a thirdparty web app to manage users and roles
>>> functionalities as explained in this blog post [1] Solution 26.
>>>
>>> According to the solution, it says,
>>>
>>> *"The WSO2 Identity Server exposes a set of REST endpoints as well as
>>> SOAP-based services for user management, the web app just need to talk to
>>> these endpoints, without having to deal directly with underlying user
>>> stores (LDAP, AD, JDBC)."*
>>>
>>> This [2] is the only document I can find as the available API for user
>>> role management.
>>>
>>> Please verify whether my below understandings are correct to proceed
>>> with this solution.
>>>
>>> 1. Since WSO2IS does not provide any REST API for user/role management,
>>> there will not be a particular API where I can use as endpoint in my third
>>> party application.
>>> Therefore my web app should use a class as explained in this [2]
>>> document.
>>>
>>> 2. We should not consider SCIM as REST endpoint to manage users since it
>>> is used to provision users to external system. Therefore I cannot treat
>>> SCIM as a REST endpoint which can use to add users and roles.
>>>
>>
> No. As Farasath explains, we do support both inbound and outbound SCIM
> provisioning.
>
> You can treat SCIM endpoint as a well defined standard way to manage users
> from a third party application.
>
> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as a
> connector)
>
> Thanks
> Isura.
>
>
>
>> IMO this is not entirely correct.
>> SCIM inbound connector is used to provision users *in to* Identity
>> Server and the SCIM outbound connector can be used provision user to
>> external systems as you explained.
>>
>> SCIM inbound connector exposes a REST endpoint through which you can do
>> CRUD operation on users/groups. This can be considered as a REST endpoint
>> to manage users. Both SCIM and our SOAP APIs talk to the same underlying
>> user-core impelementation to achieve CRUD on users (user stores).
>>
>> Moreover SCIM simply provides a RESTful layer over our usercore
>> funcionality. So I don't see why we should not consider SCIM as a REST API
>> to manage users.
>> Infact we have customers using SCIM to achieve user registration, user
>> profile update etc.
>>
>>>
>>>
>>> [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the-
>>> wso2-identity-server-16f9fd0c0389
>>>
>>> [2] https://docs.wso2.com/display/IS530/Managing+Users+
>>> and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole()
>>>
>>> Thanks,
>>> --
>>> *Ushani Balasooriya*
>>> Associate Technical Lead - EE;
>>> WSO2 Inc; http://www.wso2.com/.
>>>
>>>
>>> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev