On Mon, Jan 8, 2018 at 4:49 PM, Hasintha Indrajee wrote:
> The idea behind this is to decouple the authentication mechanism used by
> OAuth2 clients from the rest of the OAuth2 logic, so that different types
> of client authenticators can be plugged. For an example according
Hi Hasintha,
On Tue, Jan 9, 2018 at 5:53 PM, Hasintha Indrajee wrote:
> We have had several discussions with the objective of making these logics
> more reusable. One of the ideas was to use our carbon-auth-rest valve to
> authenticate client. Since it has below concerns and
On Tuesday, January 23, 2018, Johann Nallathamby wrote:
> Hi Hasanthi,
>
> On Tue, Jan 23, 2018 at 9:31 AM, Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi Johann,
>>
>> Is there any instance in which IS will throw error to client because it
>>> cannot send
Hi All,
I agree with Johann,
i.e.
a) to publish as connector for current version of the product.
b) to include this in next viable release in product itself.
On a different but related note,
IMO connectors are really features, technically. Hence we need to look a
way to be publish htme as
On Tue, Jan 23, 2018 at 11:06 AM, Nadun De Silva wrote:
> Hi,
>
> I have been working on *publishing events to IS Analytics* for the
> notification system for the expired passwords.
>
> In the existing implementation to publish events to IS Analytics, a stream
> and a publisher
Hi,
I have been working on *publishing events to IS Analytics* for the
notification system for the expired passwords.
In the existing implementation to publish events to IS Analytics, a stream
and a publisher for each event type had been bundled together with IS. (The
artifacts are installed by
Hi Hasanthi,
On Tue, Jan 23, 2018 at 9:31 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi Johann,
>
> Is there any instance in which IS will throw error to client because it
>> cannot send the claim?
>>
>> Because in the spec it says the following.
>>
>> Note that even if the
Hi Hasanthi,
On Tue, Jan 23, 2018 at 9:53 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi Johann,
>>
>> Hi All,
>>>
>>>
>>> In this effort we are storing the processed claims from the request
>>> object [1] against the code or the access token. The persistence of JWT
>>> will
>
> Sorry, I have a typo. What I meant to tell is "last execution duration"
> (how long it took to run a spark script last time). Averages are important
> to observe any latency introduced, with time.
+1. Sometimes script take longer time to execute the script due to hardware
limitation. So it is
On Tue, Jan 23, 2018 at 10:35 AM, Omindu Rathnaweera
wrote:
>
> Hi Maduranga,
>
> On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena <
> madura...@wso2.com> wrote:
>
>> Hi all,
>>
>> Web app name we have come up for this endpoint is api#identity#user#v1.0
>> and the path
On Tue, Jan 23, 2018 at 9:49 AM, Senthalan Kanagalingam
wrote:
> Hi all,
>
> I have completed the scope validation implementation. But in this
> implementation, the entitlement engine has to run for every token
> validation request even there is no policy defined by the user
Hi Maduranga,
On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena
wrote:
> Hi all,
>
> Web app name we have come up for this endpoint is api#identity#user#v1.0
> and the path for the endpoint is /pi/users/{userId}. So the whole endpoint
> would be
>
>- for super
Hi all,
Web app name we have come up for this endpoint is api#identity#user#v1.0
and the path for the endpoint is /pi/users/{userId}. So the whole endpoint
would be
- for super tenant,
/api/identity/user/v1.0/pi/users/{userId}
- for tenant,
Hi Johann,
>
> Hi All,
>>
>>
>> In this effort we are storing the processed claims from the request
>> object [1] against the code or the access token. The persistence of JWT
>> will happen when the response comes to the authorization endpoint.
>>
>>1.
>>
>>Authorization request is sent to
Hi all,
I have completed the scope validation implementation. But in this
implementation, the entitlement engine has to run for every token
validation request even there is no policy defined by the user for a
particular service provider. PDP have to go through all existing policies
to select the
Hi Johann,
Is there any instance in which IS will throw error to client because it
> cannot send the claim?
>
> Because in the spec it says the following.
>
> Note that even if the Claims are not available because the End-User did
> not authorize their release or they are not present, the
Hi Hasanthi,
On Fri, Jan 12, 2018 at 2:48 PM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi All,
>
>
> In this effort we are storing the processed claims from the request object
> [1] against the code or the access token. The persistence of JWT will
> happen when the response
Hi Hasanthi,
On Wed, Oct 11, 2017 at 4:35 PM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi All,
>
> In order to support 'Request Object' we need to support two parameters.
> 1. request parameter
> 2. request_uri parameter
>
>
>
> *1. request_parameter*
> The purpose of this
Hi All,
The flow is implemented as follows.
Request Object persistance/ clean up task:
1. Request Object comes with the OIDC authorization request asa query param.
2. Store the processes Request Object along with the session data key in a
table.
3. When issuing a code or an access token some
Hi Maduranga,
Idea of this user id is to decouple the username from where it is used
inside the system. So in an event of user removal, user id will not give an
actual meaning. So this user id is internal to the system and we are not
going to use it out side the system.
Thanks!
*Jayanga
In a federated user scenario, we neither have user information nor email
address of the user in a case if the user is not JIT. Hence we won't be
able to share consents with user in an offline method. But still for
federated users we need to maintain consents which we give out to SPs. We
can
Hi Hasintha,
We do not need to export anything we do not keep in our databases.
Could you please explain further if we need to do anything extra for
Federated case.
Cheers,
Ruwan
On Mon, Jan 22, 2018 at 5:33 PM, Hasintha Indrajee
wrote:
> Just a quick question. How are we
Hi Jayanga,
Now as we are maintaining a userId in our system, shall we use the same as
the id in the SCIM requests/responses also, rather than maintaining a
separate identifier for SCIM?
Thanks,
Maduranga.
On Thu, Jan 18, 2018 at 7:59 PM, Jayanga Kaushalya
wrote:
> On Tue,
Just a quick question. How are we going to cater consents for federated
user ? Having consent from 3rd party IDP to IS will not be enough AFAIU. If
we are sharing those information through an SP we need to maintain those
consents as well. WDYT ?
In that case how can federated users download their
On Mon, Jan 22, 2018 at 5:25 PM, Omindu Rathnaweera wrote:
> Hi Maduranga,
>
> In the consent API we do not have the option to get multiple receipts, the
> API only returns a list of receipt IDs for a given search criteria. If you
> need to include receipt data of all the
On Mon, Jan 22, 2018 at 2:46 PM, Pubudu Gunatilaka wrote:
> Hi Imesh,
>
> It is very convenient if we can reuse the docker image. AFAIU if we follow
> the above approach we can use a single docker image in all the container
> platforms.
>
> One of the drawbacks I see with this
Hi Maduranga,
In the consent API we do not have the option to get multiple receipts, the
API only returns a list of receipt IDs for a given search criteria. If you
need to include receipt data of all the consent entries, you will have to
iterate through all the consent IDs and fetch the
Hi all,
We are creating a REST API to export user information for IS 5.5.0.
Swagger at [1] is the initial design of the API.
In the initial phase we are allowing the data to be exported only by the
owner of the profile.
At the moment we are planing to export basic user profile information and
Hi All,
We had the discussion regarding the POC for this feature among the team
(Thanuja, Malithi) and please find the call details :
1. Checked the session id (commonAuth id ) is stored against the SAML
session index in the map.
2. Checked the SSO tracer whether it has the session id
Sorry, I have a typo. What I meant to tell is "last execution duration"
(how long it took to run a spark script last time). Averages are important
to observe any latency introduced, with time.
On Mon, Jan 22, 2018 at 3:37 PM, Damith Wickramasinghe
wrote:
> Hi Nirmal,
>
> +1
Hi All,
Currently, there's no way to see the last execution time against scheduled
spark scripts of DAS. I think it'll be a useful feature for DAS
administrators. Wdyt?
Further, if we can calculate the average execution times of a spark script
during last hour, past day that'll be useful as
In API Manager K8s artifacts, what we have followed is not having an
image-per-profile method. With the introduction of Config Maps, it has
become only two base images - for APIM and Analytics. Its extremely helpful
from the maintenance PoV that we have a single set of Dockerfiles, but has
a
Hi Imesh,
It is very convenient if we can reuse the docker image. AFAIU if we follow
the above approach we can use a single docker image in all the container
platforms.
One of the drawbacks I see with this approach is that the user has to
update the volume mounts with the necessary jar files,
Hi Sathya,
We can use the following way when we address cookies. [1]
instead of (which is cumbersome in developer PoV)
context.response.headers["Set-Cookie"] = "testcookie=1FD36B269C61; Path=/;
Secure; HttpOnly; Expires=Wed, 21 Jan 2018 07:28:00 GMT"
e.g.
cookies
// set a regular cookie
Hi All,
Currently, we build Docker images for each platform (Docker, Kubernetes,
DC/OS, etc) for each WSO2 product profile (EI: Integrator, MB, BPS; API-M:
Gateway, Key Manager, Pub/Store, etc). AFAIU, the main reason to do this
was bundling platform specific JAR files (membership scheme JAR file
35 matches
Mail list logo