subject:"\[Dev\] Enterprise Subscription \+ Default JWT implementation"

Re: [Dev] Enterprise Subscription + Default JWT implementation

2016-06-30 Thread Rushmin Fernando

Thanks Dinusha !

You are correct. In a typical enterprise subscription scenario we can
set 
to true and move forward without zero changes.


On Thu, Jun 30, 2016 at 5:03 PM, Dinusha Senanayaka 
wrote:

> Hi Rushmin,
>
> If I remember correctly, we have two options in JWT generation.
> If  option is set to true then the claims are taken
> from SAML Response and populate the JWT. If that property is set to false,
> then we take the all claims from user store where it can cause the issue
> that you have pointed.
>
> +1 for checking user existence before retrieving claims from user store.
>
> On a side note, applications that having multiple authenticators have to
> provision the user if application is depend on some claims from our user
> store.
>
> Regards,
> Dinusha.
>
> On Thu, Jun 30, 2016 at 4:43 PM, Rushmin Fernando 
> wrote:
>
>> [+ dev@]
>>
>> On Thu, Jun 30, 2016 at 4:41 PM, Rushmin Fernando 
>> wrote:
>>
>>> One thing we can do is, check whether the user is available using
>>> userStoreManager.isExistingUser() method call before the line [1]
>>>
>>>
>>> [1]
>>> https://github.com/wso2/carbon-appmgt/blob/master/components/org.wso2.carbon.appmgt.impl/src/main/java/org/wso2/carbon/appmgt/impl/token/DefaultClaimsRetriever.java#L91
>>>
>>> On Thu, Jun 30, 2016 at 4:31 PM, Rushmin Fernando 
>>> wrote:
>>>

 Sajith / Dinusha,

 In our default JWT implementation it tries to get the claims of the
 user from the  gateway node's user store.

 But when it comes to the enterprise subscription scenario, the
 authenticated user doesn't exist in the node's user store ( because the
 user is authenticated by a third party IDP like google )

 The impact is, we can't enable enterprise subscription since it gives
 an error while generating the JWT

 Is this something we have discussed before ?


>>>
>
>>


 --
 *Best Regards*

 *Rushmin Fernando*
 *Technical Lead*

 WSO2 Inc.  - Lean . Enterprise . Middleware

 mobile : +94772891266



>>>
>>>
>>> --
>>> *Best Regards*
>>>
>>> *Rushmin Fernando*
>>> *Technical Lead*
>>>
>>> WSO2 Inc.  - Lean . Enterprise . Middleware
>>>
>>> mobile : +94772891266
>>>
>>>
>>>
>>
>>
>> --
>> *Best Regards*
>>
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc.  - Lean . Enterprise . Middleware
>>
>> mobile : +94772891266
>>
>>
>>
>
>
> --
> Dinusha Dilrukshi
> Associate Technical Lead
> WSO2 Inc.: http://wso2.com/
> Mobile: +94725255071
> Blog: http://dinushasblog.blogspot.com/
>



-- 
*Best Regards*

*Rushmin Fernando*
*Technical Lead*

WSO2 Inc.  - Lean . Enterprise . Middleware

mobile : +94772891266
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enterprise Subscription + Default JWT implementation

2016-06-30 Thread Dinusha Senanayaka

Hi Rushmin,

If I remember correctly, we have two options in JWT generation.
If  option is set to true then the claims are taken
from SAML Response and populate the JWT. If that property is set to false,
then we take the all claims from user store where it can cause the issue
that you have pointed.

+1 for checking user existence before retrieving claims from user store.

On a side note, applications that having multiple authenticators have to
provision the user if application is depend on some claims from our user
store.

Regards,
Dinusha.

On Thu, Jun 30, 2016 at 4:43 PM, Rushmin Fernando  wrote:

> [+ dev@]
>
> On Thu, Jun 30, 2016 at 4:41 PM, Rushmin Fernando 
> wrote:
>
>> One thing we can do is, check whether the user is available using
>> userStoreManager.isExistingUser() method call before the line [1]
>>
>>
>> [1]
>> https://github.com/wso2/carbon-appmgt/blob/master/components/org.wso2.carbon.appmgt.impl/src/main/java/org/wso2/carbon/appmgt/impl/token/DefaultClaimsRetriever.java#L91
>>
>> On Thu, Jun 30, 2016 at 4:31 PM, Rushmin Fernando 
>> wrote:
>>
>>>
>>> Sajith / Dinusha,
>>>
>>> In our default JWT implementation it tries to get the claims of the user
>>> from the  gateway node's user store.
>>>
>>> But when it comes to the enterprise subscription scenario, the
>>> authenticated user doesn't exist in the node's user store ( because the
>>> user is authenticated by a third party IDP like google )
>>>
>>> The impact is, we can't enable enterprise subscription since it gives an
>>> error while generating the JWT
>>>
>>> Is this something we have discussed before ?
>>>
>>>
>>

>
>>>
>>>
>>> --
>>> *Best Regards*
>>>
>>> *Rushmin Fernando*
>>> *Technical Lead*
>>>
>>> WSO2 Inc.  - Lean . Enterprise . Middleware
>>>
>>> mobile : +94772891266
>>>
>>>
>>>
>>
>>
>> --
>> *Best Regards*
>>
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc.  - Lean . Enterprise . Middleware
>>
>> mobile : +94772891266
>>
>>
>>
>
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc.  - Lean . Enterprise . Middleware
>
> mobile : +94772891266
>
>
>


-- 
Dinusha Dilrukshi
Associate Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enterprise Subscription + Default JWT implementation

2016-06-30 Thread Rushmin Fernando

[+ dev@]

On Thu, Jun 30, 2016 at 4:41 PM, Rushmin Fernando  wrote:

> One thing we can do is, check whether the user is available using
> userStoreManager.isExistingUser() method call before the line [1]
>
>
> [1]
> https://github.com/wso2/carbon-appmgt/blob/master/components/org.wso2.carbon.appmgt.impl/src/main/java/org/wso2/carbon/appmgt/impl/token/DefaultClaimsRetriever.java#L91
>
> On Thu, Jun 30, 2016 at 4:31 PM, Rushmin Fernando 
> wrote:
>
>>
>> Sajith / Dinusha,
>>
>> In our default JWT implementation it tries to get the claims of the user
>> from the  gateway node's user store.
>>
>> But when it comes to the enterprise subscription scenario, the
>> authenticated user doesn't exist in the node's user store ( because the
>> user is authenticated by a third party IDP like google )
>>
>> The impact is, we can't enable enterprise subscription since it gives an
>> error while generating the JWT
>>
>> Is this something we have discussed before ?
>>
>>
>>
>>
>>
>> --
>> *Best Regards*
>>
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc.  - Lean . Enterprise . Middleware
>>
>> mobile : +94772891266
>>
>>
>>
>
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc.  - Lean . Enterprise . Middleware
>
> mobile : +94772891266
>
>
>


-- 
*Best Regards*

*Rushmin Fernando*
*Technical Lead*

WSO2 Inc.  - Lean . Enterprise . Middleware

mobile : +94772891266
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enterprise Subscription + Default JWT implementation

Re: [Dev] Enterprise Subscription + Default JWT implementation

Re: [Dev] Enterprise Subscription + Default JWT implementation

3 matches

Site Navigation

Mail list logo

Footer information