subject:"Re\: \[Dev\] UserAccountAssociationService having “\/permission\/admin\/login” permissions in some operations"

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

2017-10-30 Thread Farasath Ahamed

Hi Rumy,

If we can identify the users we want to restrict access by a particular
role, Let's say 'X'. We can achieve your requirement as follows,

1. Add management console as a service provider in IS ( Ref:
https://medium.com/@PrakhashS/enabling-multi-factor-authentication-for-wso2-identity-server-management-console-c4e247cd553f
)

2. Engage Authorization for the service provider representing the
management console. (Ref:
https://medium.com/@pulasthi7/application-authorization-using-wso2-identity-server-1-introduction-3f2e0898b43e
)

3. We can engage an XACML policy which restricts login to users with role
'X'

Thanks,
Farasath

Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

On Sun, Oct 29, 2017 at 10:53 PM, Mushthaq Rumy  wrote:

> @Farasath - These users will have roles assigned to them.
>
> Thanks & Regards,
> Mushthaq
>
> On Sun, Oct 29, 2017 at 1:01 AM, Farasath Ahamed 
> wrote:
>
>>
>>
>> On Friday, October 27, 2017, Mushthaq Rumy  wrote:
>>
>>> Hi Thanuja,
>>>
>>> Thanks for the clarification. One more thing. Is there a way that we can
>>> avoid specific users to login to the Management Console who has "
>>> permission/admin/login" permission?
>>>
>>
>> Can we identify these users based on their role or some other attribute?
>>
>>
>>
>>> Thanks & Regards,
>>> Mushthaq
>>>
>>> On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe 
>>> wrote:
>>>
 Hi Mushthaq,

 UserAccountAssociationService.switchLoggedInUser() service method is
 only useful for users who has logged in session. Because this feature
 provides support for switch between associated user accounts in that logged
 in session. In order to create a session we need to call A
 uthenticationAdmin.login() and in this service method, we do check
 whether the user has permission/admin/login permission[1]. So it is a
 must to have permission/admin/login permission for any user who is
 using switchLoggedInUser method.

 I think this gives the rationality for other methods which have the
 same permission level.

 [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
 o2.carbon.core.services/src/main/java/org/wso2/carbon/core/s
 ervices/authentication/AuthenticationAdmin.java#L110

 Thanks,
 Thanuja

 On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy 
 wrote:

> Hi All,
>
> Is there a specific reason to have "/permission/admin/login" in some
> of the operations in UserAccountAssociationService?
>
> This permission will allow the users to login to the Management
> Console and In case, if someone wants to use these operations of
> UserAccountAssociationService in a separate client application and he/she
> does not want to the users of this application to login to the Management
> Console, what would be the work around and how can we solve this?
>
> Your thoughts on this is highly appreciated.
>
> Thanks & Regards,
> Mushthaq
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> 
>

 --
 *Thanuja Lakmal*
 Associate Technical Lead
 WSO2 Inc. http://wso2.com/
 *lean.enterprise.middleware*
 Mobile: +94715979891

>>>
>>>
>>>
>>> --
>>> Mushthaq Rumy
>>> *Software Engineer*
>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>>> Email : musht...@wso2.com
>>> WSO2, Inc.; http://wso2.com/
>>> lean . enterprise . middleware.
>>>
>>> 
>>>
>>
>>
>> --
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>>
>
>
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

2017-10-30 Thread Mushthaq Rumy

Thanks Farasath. I'll check on this.

Thanks & Regards,
Mushthaq

On Mon, Oct 30, 2017 at 1:23 PM, Farasath Ahamed  wrote:

> Hi Rumy,
>
> If we can identify the users we want to restrict access by a particular
> role, Let's say 'X'. We can achieve your requirement as follows,
>
> 1. Add management console as a service provider in IS ( Ref:
> https://medium.com/@PrakhashS/enabling-multi-factor-
> authentication-for-wso2-identity-server-management-console-c4e247cd553f)
>
> 2. Engage Authorization for the service provider representing the
> management console. (Ref: https://medium.com/@pulasthi7/
> application-authorization-using-wso2-identity-server-1-
> introduction-3f2e0898b43e)
>
> 3. We can engage an XACML policy which restricts login to users with role
> 'X'
>
>
> Thanks,
> Farasath
>
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
> On Sun, Oct 29, 2017 at 10:53 PM, Mushthaq Rumy  wrote:
>
>> @Farasath - These users will have roles assigned to them.
>>
>> Thanks & Regards,
>> Mushthaq
>>
>> On Sun, Oct 29, 2017 at 1:01 AM, Farasath Ahamed 
>> wrote:
>>
>>>
>>>
>>> On Friday, October 27, 2017, Mushthaq Rumy  wrote:
>>>
 Hi Thanuja,

 Thanks for the clarification. One more thing. Is there a way that we
 can avoid specific users to login to the Management Console who has "
 permission/admin/login" permission?

>>>
>>> Can we identify these users based on their role or some other attribute?
>>>
>>>
>>>
 Thanks & Regards,
 Mushthaq

 On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe 
 wrote:

> Hi Mushthaq,
>
> UserAccountAssociationService.switchLoggedInUser() service method is
> only useful for users who has logged in session. Because this feature
> provides support for switch between associated user accounts in that 
> logged
> in session. In order to create a session we need to call A
> uthenticationAdmin.login() and in this service method, we do check
> whether the user has permission/admin/login permission[1]. So it is a
> must to have permission/admin/login permission for any user who is
> using switchLoggedInUser method.
>
> I think this gives the rationality for other methods which have the
> same permission level.
>
> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
> o2.carbon.core.services/src/main/java/org/wso2/carbon/core/s
> ervices/authentication/AuthenticationAdmin.java#L110
>
> Thanks,
> Thanuja
>
> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy 
> wrote:
>
>> Hi All,
>>
>> Is there a specific reason to have "/permission/admin/login" in some
>> of the operations in UserAccountAssociationService?
>>
>> This permission will allow the users to login to the Management
>> Console and In case, if someone wants to use these operations of
>> UserAccountAssociationService in a separate client application and he/she
>> does not want to the users of this application to login to the Management
>> Console, what would be the work around and how can we solve this?
>>
>> Your thoughts on this is highly appreciated.
>>
>> Thanks & Regards,
>> Mushthaq
>> --
>> Mushthaq Rumy
>> *Software Engineer*
>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>> Email : musht...@wso2.com
>> WSO2, Inc.; http://wso2.com/
>> lean . enterprise . middleware.
>>
>> 
>>
>
>
>
> --
> *Thanuja Lakmal*
> Associate Technical Lead
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891
>



 --
 Mushthaq Rumy
 *Software Engineer*
 Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
 Email : musht...@wso2.com
 WSO2, Inc.; http://wso2.com/
 lean . enterprise . middleware.

 

>>>
>>>
>>> --
>>> Farasath Ahamed
>>> Software Engineer, WSO2 Inc.; http://wso2.com
>>> Mobile: +94777603866
>>> Blog: blog.farazath.com
>>> Twitter: @farazath619 
>>> 
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Mushthaq Rumy
>> *Software Engineer*
>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>> Email : musht...@wso2.com
>> WSO2, Inc.; http://wso2.com/
>> lean . enterprise . middleware.
>>
>> 
>>
>
>


-- 
Mushthaq Rumy
*Software Engineer*
Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
Email : musht...@wso2.com
WSO2, Inc.; http://wso2.com/
lean . enterprise . middleware.

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

2017-10-29 Thread Mushthaq Rumy

@Farasath - These users will have roles assigned to them.

Thanks & Regards,
Mushthaq

On Sun, Oct 29, 2017 at 1:01 AM, Farasath Ahamed  wrote:

>
>
> On Friday, October 27, 2017, Mushthaq Rumy  wrote:
>
>> Hi Thanuja,
>>
>> Thanks for the clarification. One more thing. Is there a way that we can
>> avoid specific users to login to the Management Console who has "
>> permission/admin/login" permission?
>>
>
> Can we identify these users based on their role or some other attribute?
>
>
>
>> Thanks & Regards,
>> Mushthaq
>>
>> On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe 
>> wrote:
>>
>>> Hi Mushthaq,
>>>
>>> UserAccountAssociationService.switchLoggedInUser() service method is
>>> only useful for users who has logged in session. Because this feature
>>> provides support for switch between associated user accounts in that logged
>>> in session. In order to create a session we need to call A
>>> uthenticationAdmin.login() and in this service method, we do check
>>> whether the user has permission/admin/login permission[1]. So it is a
>>> must to have permission/admin/login permission for any user who is
>>> using switchLoggedInUser method.
>>>
>>> I think this gives the rationality for other methods which have the same
>>> permission level.
>>>
>>> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.ws
>>> o2.carbon.core.services/src/main/java/org/wso2/carbon/core/
>>> services/authentication/AuthenticationAdmin.java#L110
>>>
>>> Thanks,
>>> Thanuja
>>>
>>> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy 
>>> wrote:
>>>
 Hi All,

 Is there a specific reason to have "/permission/admin/login" in some of
 the operations in UserAccountAssociationService?

 This permission will allow the users to login to the Management Console
 and In case, if someone wants to use these operations of
 UserAccountAssociationService in a separate client application and he/she
 does not want to the users of this application to login to the Management
 Console, what would be the work around and how can we solve this?

 Your thoughts on this is highly appreciated.

 Thanks & Regards,
 Mushthaq
 --
 Mushthaq Rumy
 *Software Engineer*
 Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
 Email : musht...@wso2.com
 WSO2, Inc.; http://wso2.com/
 lean . enterprise . middleware.

 

>>>
>>>
>>>
>>> --
>>> *Thanuja Lakmal*
>>> Associate Technical Lead
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891
>>>
>>
>>
>>
>> --
>> Mushthaq Rumy
>> *Software Engineer*
>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>> Email : musht...@wso2.com
>> WSO2, Inc.; http://wso2.com/
>> lean . enterprise . middleware.
>>
>> 
>>
>
>
> --
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
>


-- 
Mushthaq Rumy
*Software Engineer*
Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
Email : musht...@wso2.com
WSO2, Inc.; http://wso2.com/
lean . enterprise . middleware.


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

2017-10-28 Thread Farasath Ahamed

On Friday, October 27, 2017, Mushthaq Rumy  wrote:

> Hi Thanuja,
>
> Thanks for the clarification. One more thing. Is there a way that we can
> avoid specific users to login to the Management Console who has "
> permission/admin/login" permission?
>

Can we identify these users based on their role or some other attribute?



> Thanks & Regards,
> Mushthaq
>
> On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe  > wrote:
>
>> Hi Mushthaq,
>>
>> UserAccountAssociationService.switchLoggedInUser() service method is
>> only useful for users who has logged in session. Because this feature
>> provides support for switch between associated user accounts in that logged
>> in session. In order to create a session we need to call A
>> uthenticationAdmin.login() and in this service method, we do check
>> whether the user has permission/admin/login permission[1]. So it is a
>> must to have permission/admin/login permission for any user who is using
>> switchLoggedInUser method.
>>
>> I think this gives the rationality for other methods which have the same
>> permission level.
>>
>> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.
>> wso2.carbon.core.services/src/main/java/org/wso2/carbon/core
>> /services/authentication/AuthenticationAdmin.java#L110
>>
>> Thanks,
>> Thanuja
>>
>> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy > > wrote:
>>
>>> Hi All,
>>>
>>> Is there a specific reason to have "/permission/admin/login" in some of
>>> the operations in UserAccountAssociationService?
>>>
>>> This permission will allow the users to login to the Management Console
>>> and In case, if someone wants to use these operations of
>>> UserAccountAssociationService in a separate client application and he/she
>>> does not want to the users of this application to login to the Management
>>> Console, what would be the work around and how can we solve this?
>>>
>>> Your thoughts on this is highly appreciated.
>>>
>>> Thanks & Regards,
>>> Mushthaq
>>> --
>>> Mushthaq Rumy
>>> *Software Engineer*
>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>>> Email : musht...@wso2.com
>>> 
>>> WSO2, Inc.; http://wso2.com/
>>> lean . enterprise . middleware.
>>>
>>> 
>>>
>>
>>
>>
>> --
>> *Thanuja Lakmal*
>> Associate Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>
>
>
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> 
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> 
>


-- 
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

2017-10-27 Thread Mushthaq Rumy

Hi Thanuja,

Thanks for the clarification. One more thing. Is there a way that we can
avoid specific users to login to the Management Console who has "
permission/admin/login" permission?

Thanks & Regards,
Mushthaq

On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe 
wrote:

> Hi Mushthaq,
>
> UserAccountAssociationService.switchLoggedInUser() service method is only
> useful for users who has logged in session. Because this feature provides
> support for switch between associated user accounts in that logged in
> session. In order to create a session we need to call A
> uthenticationAdmin.login() and in this service method, we do check
> whether the user has permission/admin/login permission[1]. So it is a
> must to have permission/admin/login permission for any user who is using
> switchLoggedInUser method.
>
> I think this gives the rationality for other methods which have the same
> permission level.
>
> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/
> org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/
> core/services/authentication/AuthenticationAdmin.java#L110
>
> Thanks,
> Thanuja
>
> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy  wrote:
>
>> Hi All,
>>
>> Is there a specific reason to have "/permission/admin/login" in some of
>> the operations in UserAccountAssociationService?
>>
>> This permission will allow the users to login to the Management Console
>> and In case, if someone wants to use these operations of
>> UserAccountAssociationService in a separate client application and he/she
>> does not want to the users of this application to login to the Management
>> Console, what would be the work around and how can we solve this?
>>
>> Your thoughts on this is highly appreciated.
>>
>> Thanks & Regards,
>> Mushthaq
>> --
>> Mushthaq Rumy
>> *Software Engineer*
>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>> Email : musht...@wso2.com
>> WSO2, Inc.; http://wso2.com/
>> lean . enterprise . middleware.
>>
>> 
>>
>
>
>
> --
> *Thanuja Lakmal*
> Associate Technical Lead
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891
>



-- 
Mushthaq Rumy
*Software Engineer*
Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
Email : musht...@wso2.com
WSO2, Inc.; http://wso2.com/
lean . enterprise . middleware.


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

2017-10-26 Thread Thanuja Jayasinghe

Hi Mushthaq,

UserAccountAssociationService.switchLoggedInUser() service method is only
useful for users who has logged in session. Because this feature provides
support for switch between associated user accounts in that logged in
session. In order to create a session we need to call A
uthenticationAdmin.login() and in this service method, we do check whether
the user has permission/admin/login permission[1]. So it is a must to have
permission/admin/login permission for any user who is using
switchLoggedInUser method.

I think this gives the rationality for other methods which have the same
permission level.

[1] -
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java#L110

Thanks,
Thanuja

On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy  wrote:

> Hi All,
>
> Is there a specific reason to have "/permission/admin/login" in some of
> the operations in UserAccountAssociationService?
>
> This permission will allow the users to login to the Management Console
> and In case, if someone wants to use these operations of
> UserAccountAssociationService in a separate client application and he/she
> does not want to the users of this application to login to the Management
> Console, what would be the work around and how can we solve this?
>
> Your thoughts on this is highly appreciated.
>
> Thanks & Regards,
> Mushthaq
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> 
>

-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

Re: [Dev] UserAccountAssociationService having “/permission/admin/login” permissions in some operations

6 matches

Site Navigation

Mail list logo

Footer information