Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error
On Friday, April 5, 2019, Sathya Bandara wrote:
> Hi Farasath,
>
> For federated users, we are setting the SP's tenant domain as user tenant
> domain. However userstore domain will be null. Therefore we can pass only
> the tenant domain in the realm. WDYT?
>
Ok that seems fine.
How are we planning to handle the case where the id_token builder has been
customized?
One possible way is to keep the old logic for customized id_token builders
and id_tokens without "realm" claim.
>
> On Fri, Apr 5, 2019 at 9:36 AM Farasath Ahamed wrote:
>
>> Hi Devs,
>>
>> Also what about the value of " *realm*" claim when the user is a
>> federated one?
>>
>> Regards,
>> Farasath
>>
>> On Fri, Apr 5, 2019 at 9:32 AM Hasini Witharana wrote:
>>
>>> Hi Ruwan/Sathya,
>>>
>>> There are some standard claims defined in the OIDC specification[1],
>>> none of them can be used instead of "realm", "tenant_domain".
>>> However, the spec also says that it is okay to add any other claims to
>>> id_token[2].
>>>
>>> [1] - https://openid.net/specs/openid-connect-core-1_0.html#
>>> StandardClaims
>>> [2] - https://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>>
>>> Thank You.
>>> Hasini
>>>
>>> On Fri, Apr 5, 2019 at 6:30 AM Ruwan Abeykoon wrote:
>>>
Hi Sathya,
I do not see any issue adding the info-set to the id-token, as
conceptually it carries more information about the users identity.
Did we checked if there an standard claims in id token we could use,
instead of "realm", "tenant_domain", etc.
Cheers,
Ruwan A
On Thu, Apr 4, 2019 at 11:43 PM Sathya Bandara wrote:
> Hi all,
>
> In OIDC logout flow, we send the ID token as a user identification
> method similar to following request.
>
> https://localhost:9443/oidc/logout?id_token_hint= token>_logout_redirect_uri=http://localhost:8080/
> playground2/oauth2client=1
>
> when validating the ID token, we are trying to get tenant domain from
> subject claim of the id token hint [1] in the default flow. This will only
> work if '*append tenant domain to subject identifier'* is selected in
> the SP configuration. In other scenarios it fails with the error
> "access_denied ID token signature validation failed." This is because if
> subject does not contain the tenant domain, we try to validate the id
> token
> with super tenant's keystore. Further this fails when subject identifier
> is
> set as email claim, and email contains a different domain such as
> sat...@wso2.com
>
> We have a config to enable/disable signing ID token with SP's keystore
> identity.xml ('SignJWTWithSPKey'). As this configuration is disabled by
> default, ID token will be signed and validated using user's tenant domain
> leading to above issue.
>
> As a possible solution, we have decided to include user tenant domain
> and userstore domain as claims in the id token generated by IS. This can
> be
> disabled by a config however in the default pack it will be enabled by
> default. Sample id token will be as follows.
>
> {
> "at_hash": "Bi9jGB-EIZ94gVzHZv5trQ",
> "aud": "b3F9IGMtm0aKGlHfG4BnI2Ypi7Qa",
> "sub": "sathya",
>
>
>
> * "realm": {"tenant_domain: "wso2.com ",
> "userstore_domain: "PRIMARY" }*,
> "iss": "https://localhost:9443/oauth2/token;,
> "exp": 1554367465,
> "iat": 1554363865,
> }
>
> Also 'SignJWTWithSPKey' property will be enabled by default in the
> product, honoring service provider's tenant domain when obtaining keys for
> signing and validating id tokens.
>
> Highly appreciate your suggestions and concerns on this.
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oidc.session/src/main/java/org/wso2/carbon/
> identity/oidc/session/servlet/OIDCLogoutServlet.java#L331
> Thanks,
> Sathya
> --
> Sathya Bandara
> Senior Software Engineer
> Blog: https://medium.com/@technospace
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
--
*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com *
*lean.enterprise.middleware.*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>> --
>>> *Hasini Witharana | **Software Engineer | **WSO2 Inc
>>>
Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error
On Friday, April 5, 2019, Sathya Bandara wrote:
> Hi Farasath,
>
> For federated users, we are setting the SP's tenant domain as user tenant
> domain. However userstore domain will be null. Therefore we can pass only
> the tenant domain in the realm. WDYT?
>
Ok that seems fine.
How are we planning to handle the case where the id_token builder has been
customized?
One possible way is to keep the old logic for customized id_token builders
and id_tokens without "realm" claim.
>
> On Fri, Apr 5, 2019 at 9:36 AM Farasath Ahamed wrote:
>
>> Hi Devs,
>>
>> Also what about the value of " *realm*" claim when the user is a
>> federated one?
>>
>> Regards,
>> Farasath
>>
>> On Fri, Apr 5, 2019 at 9:32 AM Hasini Witharana wrote:
>>
>>> Hi Ruwan/Sathya,
>>>
>>> There are some standard claims defined in the OIDC specification[1],
>>> none of them can be used instead of "realm", "tenant_domain".
>>> However, the spec also says that it is okay to add any other claims to
>>> id_token[2].
>>>
>>> [1] - https://openid.net/specs/openid-connect-core-1_0.html#
>>> StandardClaims
>>> [2] - https://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>>
>>> Thank You.
>>> Hasini
>>>
>>> On Fri, Apr 5, 2019 at 6:30 AM Ruwan Abeykoon wrote:
>>>
Hi Sathya,
I do not see any issue adding the info-set to the id-token, as
conceptually it carries more information about the users identity.
Did we checked if there an standard claims in id token we could use,
instead of "realm", "tenant_domain", etc.
Cheers,
Ruwan A
On Thu, Apr 4, 2019 at 11:43 PM Sathya Bandara wrote:
> Hi all,
>
> In OIDC logout flow, we send the ID token as a user identification
> method similar to following request.
>
> https://localhost:9443/oidc/logout?id_token_hint= token>_logout_redirect_uri=http://localhost:8080/
> playground2/oauth2client=1
>
> when validating the ID token, we are trying to get tenant domain from
> subject claim of the id token hint [1] in the default flow. This will only
> work if '*append tenant domain to subject identifier'* is selected in
> the SP configuration. In other scenarios it fails with the error
> "access_denied ID token signature validation failed." This is because if
> subject does not contain the tenant domain, we try to validate the id
> token
> with super tenant's keystore. Further this fails when subject identifier
> is
> set as email claim, and email contains a different domain such as
> sat...@wso2.com
>
> We have a config to enable/disable signing ID token with SP's keystore
> identity.xml ('SignJWTWithSPKey'). As this configuration is disabled by
> default, ID token will be signed and validated using user's tenant domain
> leading to above issue.
>
> As a possible solution, we have decided to include user tenant domain
> and userstore domain as claims in the id token generated by IS. This can
> be
> disabled by a config however in the default pack it will be enabled by
> default. Sample id token will be as follows.
>
> {
> "at_hash": "Bi9jGB-EIZ94gVzHZv5trQ",
> "aud": "b3F9IGMtm0aKGlHfG4BnI2Ypi7Qa",
> "sub": "sathya",
>
>
>
> * "realm": {"tenant_domain: "wso2.com ",
> "userstore_domain: "PRIMARY" }*,
> "iss": "https://localhost:9443/oauth2/token;,
> "exp": 1554367465,
> "iat": 1554363865,
> }
>
> Also 'SignJWTWithSPKey' property will be enabled by default in the
> product, honoring service provider's tenant domain when obtaining keys for
> signing and validating id tokens.
>
> Highly appreciate your suggestions and concerns on this.
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oidc.session/src/main/java/org/wso2/carbon/
> identity/oidc/session/servlet/OIDCLogoutServlet.java#L331
> Thanks,
> Sathya
> --
> Sathya Bandara
> Senior Software Engineer
> Blog: https://medium.com/@technospace
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
--
*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com *
*lean.enterprise.middleware.*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>> --
>>> *Hasini Witharana | **Software Engineer | **WSO2 Inc
>>>
Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error
Hi Farasath,
For federated users, we are setting the SP's tenant domain as user tenant
domain. However userstore domain will be null. Therefore we can pass only
the tenant domain in the realm. WDYT?
On Fri, Apr 5, 2019 at 9:36 AM Farasath Ahamed wrote:
> Hi Devs,
>
> Also what about the value of " *realm*" claim when the user is a
> federated one?
>
> Regards,
> Farasath
>
> On Fri, Apr 5, 2019 at 9:32 AM Hasini Witharana wrote:
>
>> Hi Ruwan/Sathya,
>>
>> There are some standard claims defined in the OIDC specification[1], none
>> of them can be used instead of "realm", "tenant_domain".
>> However, the spec also says that it is okay to add any other claims to
>> id_token[2].
>>
>> [1] -
>> https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
>> [2] - https://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>
>> Thank You.
>> Hasini
>>
>> On Fri, Apr 5, 2019 at 6:30 AM Ruwan Abeykoon wrote:
>>
>>> Hi Sathya,
>>> I do not see any issue adding the info-set to the id-token, as
>>> conceptually it carries more information about the users identity.
>>> Did we checked if there an standard claims in id token we could use,
>>> instead of "realm", "tenant_domain", etc.
>>>
>>> Cheers,
>>> Ruwan A
>>>
>>> On Thu, Apr 4, 2019 at 11:43 PM Sathya Bandara wrote:
>>>
Hi all,
In OIDC logout flow, we send the ID token as a user identification
method similar to following request.
https://localhost:9443/oidc/logout?id_token_hint=
_logout_redirect_uri=
http://localhost:8080/playground2/oauth2client=1
when validating the ID token, we are trying to get tenant domain from
subject claim of the id token hint [1] in the default flow. This will only
work if '*append tenant domain to subject identifier'* is selected in
the SP configuration. In other scenarios it fails with the error
"access_denied ID token signature validation failed." This is because if
subject does not contain the tenant domain, we try to validate the id token
with super tenant's keystore. Further this fails when subject identifier is
set as email claim, and email contains a different domain such as
sat...@wso2.com
We have a config to enable/disable signing ID token with SP's keystore
identity.xml ('SignJWTWithSPKey'). As this configuration is disabled by
default, ID token will be signed and validated using user's tenant domain
leading to above issue.
As a possible solution, we have decided to include user tenant domain
and userstore domain as claims in the id token generated by IS. This can be
disabled by a config however in the default pack it will be enabled by
default. Sample id token will be as follows.
{
"at_hash": "Bi9jGB-EIZ94gVzHZv5trQ",
"aud": "b3F9IGMtm0aKGlHfG4BnI2Ypi7Qa",
"sub": "sathya",
* "realm": {"tenant_domain: "wso2.com ",
"userstore_domain: "PRIMARY" }*,
"iss": "https://localhost:9443/oauth2/token;,
"exp": 1554367465,
"iat": 1554363865,
}
Also 'SignJWTWithSPKey' property will be enabled by default in the
product, honoring service provider's tenant domain when obtaining keys for
signing and validating id tokens.
Highly appreciate your suggestions and concerns on this.
[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oidc.session/src/main/java/org/wso2/carbon/identity/oidc/session/servlet/OIDCLogoutServlet.java#L331
Thanks,
Sathya
--
Sathya Bandara
Senior Software Engineer
Blog: https://medium.com/@technospace
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
<+94%2071%20411%205032>
>>>
>>>
>>> --
>>>
>>> *Ruwan Abeykoon*
>>> *Associate Director/Architect**,*
>>> *WSO2, Inc. http://wso2.com *
>>> *lean.enterprise.middleware.*
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>> --
>> *Hasini Witharana | **Software Engineer | **WSO2 Inc
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
Sathya Bandara
Senior Software Engineer
Blog: https://medium.com/@technospace
WSO2 Inc. http://wso2.com
Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error
Hi Devs,
Also what about the value of " *realm*" claim when the user is a federated
one?
Regards,
Farasath
On Fri, Apr 5, 2019 at 9:32 AM Hasini Witharana wrote:
> Hi Ruwan/Sathya,
>
> There are some standard claims defined in the OIDC specification[1], none
> of them can be used instead of "realm", "tenant_domain".
> However, the spec also says that it is okay to add any other claims to
> id_token[2].
>
> [1] - https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
> [2] - https://openid.net/specs/openid-connect-core-1_0.html#IDToken
>
> Thank You.
> Hasini
>
> On Fri, Apr 5, 2019 at 6:30 AM Ruwan Abeykoon wrote:
>
>> Hi Sathya,
>> I do not see any issue adding the info-set to the id-token, as
>> conceptually it carries more information about the users identity.
>> Did we checked if there an standard claims in id token we could use,
>> instead of "realm", "tenant_domain", etc.
>>
>> Cheers,
>> Ruwan A
>>
>> On Thu, Apr 4, 2019 at 11:43 PM Sathya Bandara wrote:
>>
>>> Hi all,
>>>
>>> In OIDC logout flow, we send the ID token as a user identification
>>> method similar to following request.
>>>
>>> https://localhost:9443/oidc/logout?id_token_hint=
>>> _logout_redirect_uri=
>>> http://localhost:8080/playground2/oauth2client=1
>>>
>>> when validating the ID token, we are trying to get tenant domain from
>>> subject claim of the id token hint [1] in the default flow. This will only
>>> work if '*append tenant domain to subject identifier'* is selected in
>>> the SP configuration. In other scenarios it fails with the error
>>> "access_denied ID token signature validation failed." This is because if
>>> subject does not contain the tenant domain, we try to validate the id token
>>> with super tenant's keystore. Further this fails when subject identifier is
>>> set as email claim, and email contains a different domain such as
>>> sat...@wso2.com
>>>
>>> We have a config to enable/disable signing ID token with SP's keystore
>>> identity.xml ('SignJWTWithSPKey'). As this configuration is disabled by
>>> default, ID token will be signed and validated using user's tenant domain
>>> leading to above issue.
>>>
>>> As a possible solution, we have decided to include user tenant domain
>>> and userstore domain as claims in the id token generated by IS. This can be
>>> disabled by a config however in the default pack it will be enabled by
>>> default. Sample id token will be as follows.
>>>
>>> {
>>> "at_hash": "Bi9jGB-EIZ94gVzHZv5trQ",
>>> "aud": "b3F9IGMtm0aKGlHfG4BnI2Ypi7Qa",
>>> "sub": "sathya",
>>>
>>>
>>>
>>> * "realm": {"tenant_domain: "wso2.com ",
>>> "userstore_domain: "PRIMARY" }*,
>>> "iss": "https://localhost:9443/oauth2/token;,
>>> "exp": 1554367465,
>>> "iat": 1554363865,
>>> }
>>>
>>> Also 'SignJWTWithSPKey' property will be enabled by default in the
>>> product, honoring service provider's tenant domain when obtaining keys for
>>> signing and validating id tokens.
>>>
>>> Highly appreciate your suggestions and concerns on this.
>>>
>>> [1]
>>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oidc.session/src/main/java/org/wso2/carbon/identity/oidc/session/servlet/OIDCLogoutServlet.java#L331
>>> Thanks,
>>> Sathya
>>> --
>>> Sathya Bandara
>>> Senior Software Engineer
>>> Blog: https://medium.com/@technospace
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>
>>
>> --
>>
>> *Ruwan Abeykoon*
>> *Associate Director/Architect**,*
>> *WSO2, Inc. http://wso2.com *
>> *lean.enterprise.middleware.*
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> *Hasini Witharana | **Software Engineer | **WSO2 Inc
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error
Hi Ruwan/Sathya,
There are some standard claims defined in the OIDC specification[1], none
of them can be used instead of "realm", "tenant_domain".
However, the spec also says that it is okay to add any other claims to
id_token[2].
[1] - https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
[2] - https://openid.net/specs/openid-connect-core-1_0.html#IDToken
Thank You.
Hasini
On Fri, Apr 5, 2019 at 6:30 AM Ruwan Abeykoon wrote:
> Hi Sathya,
> I do not see any issue adding the info-set to the id-token, as
> conceptually it carries more information about the users identity.
> Did we checked if there an standard claims in id token we could use,
> instead of "realm", "tenant_domain", etc.
>
> Cheers,
> Ruwan A
>
> On Thu, Apr 4, 2019 at 11:43 PM Sathya Bandara wrote:
>
>> Hi all,
>>
>> In OIDC logout flow, we send the ID token as a user identification method
>> similar to following request.
>>
>> https://localhost:9443/oidc/logout?id_token_hint=
>> _logout_redirect_uri=
>> http://localhost:8080/playground2/oauth2client=1
>>
>> when validating the ID token, we are trying to get tenant domain from
>> subject claim of the id token hint [1] in the default flow. This will only
>> work if '*append tenant domain to subject identifier'* is selected in
>> the SP configuration. In other scenarios it fails with the error
>> "access_denied ID token signature validation failed." This is because if
>> subject does not contain the tenant domain, we try to validate the id token
>> with super tenant's keystore. Further this fails when subject identifier is
>> set as email claim, and email contains a different domain such as
>> sat...@wso2.com
>>
>> We have a config to enable/disable signing ID token with SP's keystore
>> identity.xml ('SignJWTWithSPKey'). As this configuration is disabled by
>> default, ID token will be signed and validated using user's tenant domain
>> leading to above issue.
>>
>> As a possible solution, we have decided to include user tenant domain and
>> userstore domain as claims in the id token generated by IS. This can be
>> disabled by a config however in the default pack it will be enabled by
>> default. Sample id token will be as follows.
>>
>> {
>> "at_hash": "Bi9jGB-EIZ94gVzHZv5trQ",
>> "aud": "b3F9IGMtm0aKGlHfG4BnI2Ypi7Qa",
>> "sub": "sathya",
>>
>>
>>
>> * "realm": {"tenant_domain: "wso2.com ",
>> "userstore_domain: "PRIMARY" }*,
>> "iss": "https://localhost:9443/oauth2/token;,
>> "exp": 1554367465,
>> "iat": 1554363865,
>> }
>>
>> Also 'SignJWTWithSPKey' property will be enabled by default in the
>> product, honoring service provider's tenant domain when obtaining keys for
>> signing and validating id tokens.
>>
>> Highly appreciate your suggestions and concerns on this.
>>
>> [1]
>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oidc.session/src/main/java/org/wso2/carbon/identity/oidc/session/servlet/OIDCLogoutServlet.java#L331
>> Thanks,
>> Sathya
>> --
>> Sathya Bandara
>> Senior Software Engineer
>> Blog: https://medium.com/@technospace
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com *
> *lean.enterprise.middleware.*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
*Hasini Witharana | **Software Engineer | **WSO2 Inc
Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error
Hi Sathya,
I do not see any issue adding the info-set to the id-token, as conceptually
it carries more information about the users identity.
Did we checked if there an standard claims in id token we could use,
instead of "realm", "tenant_domain", etc.
Cheers,
Ruwan A
On Thu, Apr 4, 2019 at 11:43 PM Sathya Bandara wrote:
> Hi all,
>
> In OIDC logout flow, we send the ID token as a user identification method
> similar to following request.
>
> https://localhost:9443/oidc/logout?id_token_hint=
> _logout_redirect_uri=
> http://localhost:8080/playground2/oauth2client=1
>
> when validating the ID token, we are trying to get tenant domain from
> subject claim of the id token hint [1] in the default flow. This will only
> work if '*append tenant domain to subject identifier'* is selected in the
> SP configuration. In other scenarios it fails with the error "access_denied
> ID token signature validation failed." This is because if subject does not
> contain the tenant domain, we try to validate the id token with super
> tenant's keystore. Further this fails when subject identifier is set as
> email claim, and email contains a different domain such as sat...@wso2.com
>
>
> We have a config to enable/disable signing ID token with SP's keystore
> identity.xml ('SignJWTWithSPKey'). As this configuration is disabled by
> default, ID token will be signed and validated using user's tenant domain
> leading to above issue.
>
> As a possible solution, we have decided to include user tenant domain and
> userstore domain as claims in the id token generated by IS. This can be
> disabled by a config however in the default pack it will be enabled by
> default. Sample id token will be as follows.
>
> {
> "at_hash": "Bi9jGB-EIZ94gVzHZv5trQ",
> "aud": "b3F9IGMtm0aKGlHfG4BnI2Ypi7Qa",
> "sub": "sathya",
>
>
>
> * "realm": {"tenant_domain: "wso2.com ",
> "userstore_domain: "PRIMARY" }*,
> "iss": "https://localhost:9443/oauth2/token;,
> "exp": 1554367465,
> "iat": 1554363865,
> }
>
> Also 'SignJWTWithSPKey' property will be enabled by default in the
> product, honoring service provider's tenant domain when obtaining keys for
> signing and validating id tokens.
>
> Highly appreciate your suggestions and concerns on this.
>
> [1]
> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oidc.session/src/main/java/org/wso2/carbon/identity/oidc/session/servlet/OIDCLogoutServlet.java#L331
> Thanks,
> Sathya
> --
> Sathya Bandara
> Senior Software Engineer
> Blog: https://medium.com/@technospace
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
--
*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com *
*lean.enterprise.middleware.*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
