Re: [Architecture] [Iam-dev] [Dev] [VOTE] Release WSO2 Identity Server 5.10.0 RC2

Hi All, Tested the following flows and no blocking issues found. - Account Locking - Self user registration. - Password Policy [+] Stable - go ahead and release. Cheers, Isura. On Wed, Mar 11, 2020 at 12:07 PM Maduranga Siriwardena wrote: > Hi All, > > Tested following

Re: [Architecture] IAM Controller(IAM-CTL)- Command Line Extension for WSO2 Identity Server

Hi Godwin, On Tue, Jan 21, 2020 at 5:14 PM Godwin Shrimal wrote: > Hi Piyumi, > > Interesting to see this and please share the low level design details when > those are ready. I hope we can(will) implement other areas such as user > store, identity provider etc with this CLI and please keep the

Re: [Architecture] [IAM] Supporting email verification when user’s email address is updated

Hi Dewni, On Tue, Dec 10, 2019 at 5:50 PM Dewni Weeraman wrote: > Hi all, > > Currently, WSO2 Identity Server only supports email account verification > during the self-registration and user onboarding process. There is no > feature to trigger the email verification via email notification in a

Re: [Architecture] WSO2 Identity Server REST API Error Response Standardization

Hi Sominda, I think it is better to start all the client errors with 400 (Ex USR-400xx) and server errors with 500 (Ex USR-500xx). In this way, we can get some understanding of the error by looking at the error code. Cheers, Isura. On Thu, Aug 29, 2019 at 2:44 PM Sominda Gamage wrote: > Hi

Re: [Architecture] [IAM][IS 5.10.0] REST APIs For Federated Associations Of The User

Hi Tharindu, On Tue, Oct 29, 2019 at 2:43 PM Tharindu Bandara wrote: > Hi, Darshana/All, > > If we are doing any backend changes for this API, I suggest to do those in >> identity-user-account-association[1], not in UserProfileAdmin. > > > +1. I have initially planned to re-use UserProfileAdmin

Re: [Architecture] [IAM] Discussion point on Federated Account Linking

Hi Johann, On Mon, Jun 10, 2019 at 12:08 PM Johann Nallathamby wrote: > *Meeting Notes - 30/5/2019* > > During the meeting for [1], we also identified some federated account > linking improvements that are currently not supported in WSO2 IS. > > A single physical user may have a set of linked

Re: [Architecture] [Dev][IAM] Moving File Based Artifacts to Artifact Store

>> stored in the file system (not in the database). So when using a clustered >>> setup those artifacts should be shared among all the nodes by using one of >>> the following file sharing mechanisms. >>> >>>- Dep Sync >>>- rSync >>>- S

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.8.0 RC3

Hi all, Tested following features and no issues found. - Self User Registration - Password Policy - Password History - Password Recovery - Account Locking [+] Stable - go ahead and release. Cheers, Isura. On Wed, May 22, 2019 at 8:07 PM Farasath Ahamed wrote: > Hi All, > >

Re: [Architecture] Cloud Tenant deletion caching issue

Hi Pushpalanka, We fixed this by using caches for tenantIdDomainMap and tenantDomainIdMap. Once an item is removed from a node, other nodes' same cache will be invalidated using local cache invalidations cluster messages. Cheers, Isura. On Thu, Feb 21, 2019 at 7:41 PM Pushpalanka Jayawardhana

Re: [Architecture] [IS] JDBC based Configuration Store for WSO2 IS

Hi Chamila, On Tue, Dec 4, 2018 at 10:38 AM Chamila De Alwis wrote: > Hi Tharindu, IS team, > > A quick clarification. Is this related to storing product configuration in > a DBMS or are these only the configurations created at runtime? If it is > the former, is this going to (gradually?)

Re: [Architecture] [IAM][JDBC based Configuration Store] Database Schema

of having >> config resources without config attributes or config file. > > > +1. I will add this restriction in the API level. > > Thanks, > Tharindu. > > On Tue, Dec 4, 2018 at 9:24 AM Isura Karunaratne wrote: > >> Hi Tharindu, >> >> According to

Re: [Architecture] [IAM][JDBC based Configuration Store] Database Schema

Hi Tharindu, According to the database schema, we can add config resources without any config attribute or config file. We better to restrict this in API level since there is no need of having config resources without config attributes or config file. Cheers, Isura. On Mon, Dec 3, 2018 at 6:13

[Architecture] WSO2 Identity Server 5.8.0-M4 Released!

WSO2 Identity and Access Management team is pleased to announce the release of Identity Server 5.8.0 M4! Download You can download WSO2 Identity Server 5.8.0 M4 from here . You can download WSO2 Identity Server

Re: [Architecture] [IS] JDBC based Configuration Store for WSO2 IS

Hi Tharindu, On Wed, Oct 17, 2018 at 10:36 AM Tharindu Bandara wrote: > Hi all, > > I have been working on the $subject as WSO2 IS need a common place to > store configurations. > > > Above diagramme is a high-level, modularized view of $subject approach. > > I am working on the Configuration

Re: [Architecture] Implementing SAML ECP profile for WSO2 IS

On Fri, Sep 28, 2018 at 11:32 AM Winma Heenatigala wrote: > Hi all, > > As I mentioned in my previous email, I completed my research on the ECP > profile and started to implement it for WSO2 identity server. > For testing purposes I needed an ECP enabled Service Provider and a > client. For

Re: [Architecture] [APIM][300][Store] Feature to change password of an user

On Thu, Sep 6, 2018 at 5:31 PM Vithursa Mahendrarajah wrote: > Hi Dulanja, > > Please find my answers in-line: > > On Thu, Sep 6, 2018 at 10:45 AM Dulanja Liyanage wrote: > >> Hi Vithursa, >> >> Few questions: >> >> 1. What happens when the user enters a wrong username? As a security best >>

Re: [Architecture] Defining self-signup required/mandatory attributes using consent purposes PIIs.

On Fri, Jul 20, 2018 at 9:08 AM Hasintha Indrajee wrote: Hi Hasintha, > > On Thu, Jul 19, 2018 at 5:45 PM Hasintha Indrajee > wrote: > >> Current behavior of our self sign up page is getting user attributes >> based on "required" and "mandatory" attributes which are defined against >> claims.

Re: [Architecture] [IAM] Introducing New Claim Properties to Control Claims Shown in Different Views

Hi Johann, On Wed, Jun 27, 2018 at 8:52 AM Johann Nallathamby wrote: > Hi IAM Team, > > I think the following limitation in the WSO2 IS is causing some major > usability issues. > > We have following views mainly where we display claims for a user: > 1. Admin user profile view in management

Re: [Architecture] [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3

Hi, Tested followed scenarios in super tenant, primary user store. - Account Locking - Self Registration with email confirmation. - Self-care portal operations. - Password reset through a notification. - Password reset through challenge questions. - Account Recovery. -

Re: [Architecture] [IAM] Consent Management with Requested Claims in Authentication Request

Hi Indunil, On Sun, Mar 25, 2018 at 9:50 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote: > Hi, > > Please find the following information on current implementation of consent > management in IS 5.5.0. > >- Claims to populate in the consent page, will be retrieved from the >claim

Re: [Architecture] [C4] Single location to configure Privacy and Security Policy URL

Hi Ruwan, On Wed, Feb 21, 2018 at 3:28 PM, Ruwan Abeykoon wrote: > Hi All, > > In order to comply with GDPR regulations, we are planning to incorporate > privacy and cookie policy URL configuration into carbon 4 "carbon.xml" . > The following element will be added to

Re: [Architecture] Using REST APIs with Carbon console.

On Mon, Feb 19, 2018 at 7:46 AM, Harsha Thirimanna wrote: > > > On 13 Feb 2018 2:49 pm, "Menaka Jayawardena" wrote: > > Hi all, > > I'm working on implementing the Retryable Outbound Provisioning for > Identity Server. I have completed the backend

Re: [Architecture] [IS] REST endpoint for Claim Management in IS

Hi Chiran, Please find the inline comments. 1) POST/dialects/{id} Add New Claim Dialect. The context for the posting a dialect should be like bellow. POST/dialects

Re: [Architecture] Generalizing Post Authentictaion Handling in Authentictaion Framework.

On Fri, Feb 2, 2018 at 10:07 AM, Hasintha Indrajee <hasin...@wso2.com> wrote: > > On Fri, Feb 2, 2018 at 8:00 AM, Isura Karunaratne <is...@wso2.com> wrote: > >> >> >> On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee <hasin...@wso2.com> >> wrote

Re: [Architecture] Generalizing Post Authentictaion Handling in Authentictaion Framework.

On Thu, Feb 1, 2018 at 1:41 PM, Hasintha Indrajee wrote: > Eventing is more asynchronous. We may need synchronous processing for > this. Also we need to control the flow of these handlers depending on the > state of the handler. ex - we may need to do few redirections within a

Re: [Architecture] [Dev] Consent Management APIs for IS 5.5.0

ories* in different API responses. Is it the intended naming? > Since it is a list, it should be reffered as piiCategeries, but we used *piiCategory in consent receipt *to comply with the spec. Thanks Isura. > > Thanks! > -Ayesha > > > On Thu, Feb 1, 2018 at 6:27 PM, Darshana G

Re: [Architecture] [RRT] [IAM] Hash code, access token, refresh token and client secret values before store them in the database

On Mon, Jan 29, 2018 at 1:10 PM, Dimuthu Leelarathne wrote: > Hi Nuwan, > > On Mon, Jan 29, 2018 at 1:08 PM, Nuwan Dias wrote: > >> Hi Dimuthu, >> >> I don't think we can regenerate since the client-secret will be hashed >> too. So I think we have to

Re: [Architecture] Personal information export API

On Mon, Jan 22, 2018 at 5:25 PM, Omindu Rathnaweera wrote: > Hi Maduranga, > > In the consent API we do not have the option to get multiple receipts, the > API only returns a list of receipt IDs for a given search criteria. If you > need to include receipt data of all the

Re: [Architecture] Decoupling Client Authentication from OAuth2 Flow

On Mon, Jan 8, 2018 at 4:49 PM, Hasintha Indrajee wrote: > The idea behind this is to decouple the authentication mechanism used by > OAuth2 clients from the rest of the OAuth2 logic, so that different types > of client authenticators can be plugged. For an example according

Re: [Architecture] [IAM] JWT client authentication for OAuth 2.0 for IS 5.5.0

Hi Hasanthi, On Thu, Jan 4, 2018 at 4:32 PM, Hasanthi Purnima Dissanayake < hasan...@wso2.com> wrote: > Hi All, > > Following tasks are identified for the implementation for the $subject. > > 1. Move the logic of validating the token API invocation request to > validate required parameters for

Re: [Architecture] [IAM] SCIM 2.0 Outbound Connector

Repo name for outbound connector - * identity-outbound-provisioning-scim2* Repo name for the scim2 client. - * identity-client-scim2 * @isuraranga, Why do we need the scim2-commons repo? Can't we use Charon for that? Thanks Isura. On Mon, Nov 20, 2017 at 3:04 PM, Afkham Azeez

Re: [Architecture] Self Contained Access Tokens in IS 5.4.0

On Fri, Nov 17, 2017 at 1:35 PM, Isura Karunaratne <is...@wso2.com> wrote: > Hi all, > > Currently, ACCESS_TOKEN column length is defined as 512 [1] which is not > enough to store self-contained access token [2]. > > Shall we increase the column size by default? >

[Architecture] Self Contained Access Tokens in IS 5.4.0

Hi all, Currently, ACCESS_TOKEN column length is defined as 512 [1] which is not enough to store self-contained access token [2]. Shall we increase the column size by default? Thanks Isura. [1] CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN ( TOKEN_ID VARCHAR (255),

Re: [Architecture] [IS] SCIM Support for Admin Users

Hi Sathya, On Thu, Jul 20, 2017 at 2:34 PM, Sathya Bandara wrote: > Hi all, > > With the current user core implementation we do not include a SCIM user_id > for admin users (Since SCIM is not used in all products) which prevents > SCIM based CRUD operations on admin users. In

Re: [Architecture] [Dev] [IS] Features to be included in IS 5.4.0 which required for APIM 3.0

On Wed, Jun 14, 2017 at 11:06 PM, Bhathiya Jayasekara wrote: > Hi Indunil, > > A few more details. > > On Wed, Jun 14, 2017 at 10:52 PM, Bhathiya Jayasekara > wrote: > >> Hi Indunil, >> >> Please see my comments inline. >> >> On Wed, Jun 14, 2017 at 7:28

Re: [Architecture] [Dev][IS][APIM] Providing a SCIM Id for admin user in SCIM

Hi Tharika, On Mon, Jun 12, 2017 at 2:25 PM, Tharika Madurapperuma wrote: > Hi All, > >In APIM 3.0, we plan to have a feature for enabling Read, Update, > Delete permissions for an API based on roles in API Publisher. For user > validation purposes, we need to retrieve the

Re: [Architecture] Why we use timestampSkew default value as 300 seconds in identity.xml, why not 0 seconds.

Hi, On Wed, May 31, 2017 at 1:23 PM, Asela Pathberiya wrote: > > > On Wed, May 31, 2017 at 1:08 PM, Farasath Ahamed > wrote: > >> >> On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe >> wrote: >> >>> Hi Dinali, >>> >>> Consider the

Re: [Architecture] Force Delete Identity Providers

On Thu, May 25, 2017 at 1:02 PM, Thanuja Jayasinghe wrote: > > > On Fri, May 19, 2017 at 10:05 AM, Malithi Edirisinghe > wrote: > >> >> >> On Fri, May 19, 2017 at 9:19 AM, Ishara Karunarathna >> wrote: >> >>> >>> >>> On Fri, May 19, 2017

Re: [Architecture] [C5] Self signup feature in APIM store

s. Thanks Isura. > Thanks, > Bhathiya > > Thanks, >> >> On Tue, Apr 18, 2017 at 6:37 PM, Bhathiya Jayasekara <bhath...@wso2.com> >> wrote: >> >>> Thanks for the information, Isura. I'll use that. >>> >>> Thanks, >>>

Re: [Architecture] [C5] Self signup feature in APIM store

Hi Bhathiya, You better to go with new REST API service [1], because it supports two-step verification. That means when user self-registered, an email will be sent to users email address, then user cannot login to the system until confirming the email. Also, we can resend the confirmation code

Re: [Architecture] [C5][IS 6.0.0] Password Policy Validation

Hi Gayan, On Thu, Mar 23, 2017 at 11:56 PM, Gayan Gunawardana wrote: > Hi All, > > We are in the process of Implementing password policy validation feature > for IS 6.0.0. > Up to IS 5.3.0 there are set of default password policies. > > >- Password Length Policy (check max

Re: [Architecture] [C5][IS 6.0.0][admin-portal] User Onboarding - Ask Password with email verification

Hi, On Tue, Mar 21, 2017 at 3:55 PM, Denuwanthi De Silva wrote: > Hi, > > Just to clarify, > > Let's say admin types an email address. > For some reason he misses a character or two. And still let's say that > email is a valid email of some one. > Then when we add the

Re: [Architecture] [C5][IS 6.0.0] Email Verification for Existing User

Hi Ayesha, On Tue, Mar 21, 2017 at 11:31 AM, Ayesha Dissanayaka <aye...@wso2.com> wrote: > > On Tue, Mar 21, 2017 at 11:15 AM, Isura Karunaratne <is...@wso2.com> > wrote: > >> There is a claim which stored whether the user email verified or not ( >> http://

Re: [Architecture] [C5][IS 6.0.0] Email Verification for Existing User

Hi, On Tue, Mar 21, 2017 at 10:51 AM, Godwin Shrimal wrote: > What happen when user modify email or telephone number ? user have to > verify it back ? > There is a claim which stored whether the user email verified or not ( http://wso2.org/claims/emailVerified). Once the user

Re: [Architecture] [C5][IS 6.0.0][admin-portal] User Onboarding - Ask Password with email verification

Hi Dinali, On Mon, Mar 20, 2017 at 10:05 PM Sagara Gunathunga wrote: > > > On Mon, Mar 20, 2017 at 7:22 PM, Hasanthi Purnima Dissanayake < > hasan...@wso2.com> wrote: > > Hi Dinali, > > *There are two main concerns that am bothering about,* > >1. *When the user clicks the

Re: [Architecture] [C5][IS 6.0.0] Password History Validation

On Mon, Mar 20, 2017 at 11:51 AM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Omindu, > > > > On Mon, Mar 13, 2017 at 5:00 PM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> Hi, >> >> On Sun, Mar 12, 2017 at 7:59 AM, Ruwan Abeykoon <r

Re: [Architecture] [C5][IS 6.0.0] Password History Validation

Hi Omindu, On Mon, Mar 13, 2017 at 5:00 PM, Omindu Rathnaweera wrote: > Hi, > > On Sun, Mar 12, 2017 at 7:59 AM, Ruwan Abeykoon wrote: > >> Hi All, >> Can the hash algorithm change over the time? >> If so we need to record the hash algorithm used to do

Re: [Architecture] [C5][IS 6.0.0] Password History Validation

Hi Joahnn, On Mon, Mar 13, 2017 at 9:14 AM, Johann Nallathamby <joh...@wso2.com> wrote: > > > On Mon, Mar 13, 2017 at 9:03 AM, Isura Karunaratne <is...@wso2.com> wrote: > >> Hi Gayan, >> >> >> On Sun, Mar 12, 2017 at 7:44 AM, Gayan Guna

Re: [Architecture] [C5][IS 6.0.0] Password History Validation

Hi Gayan, On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana wrote: > Hi All, > > We are in the process of implementing password history validation feature > for IS 6.0.0. Architecture of this feature was previously discussed in [1] > by Isura for IS 5.3.0. We plan to follow

Re: [Architecture] [C5][IS] Authentication Failures handle in two different way in User Core API

Hi, On Sun, Mar 12, 2017 at 8:11 PM, Harsha Thirimanna wrote: > Hi, > > There is an implementation for authentication failure in two different way > by authenticate API in IdentityStore. > If the username is invalid or empty, then API throws an > *AuthenticationFailure*

Re: [Architecture] How to identifying a self sign-up request

Hi Maduranga, On Fri, Mar 3, 2017 at 8:11 AM Maduranga Siriwardena wrote: > Hi Omindu, > > So the implementation of POST in /me endpoint will call addUser with > special role and /User will call addUser without special role, right? So > this address my concern. > Yes, but

Re: [Architecture] How to identifying a self sign-up request

In IS 5.3.0, we used a self-signup role to distinguish self-signup requests from other provisioning requests, It is not possible to add users with roles/groups in new Identity store architecture. So, I am +1 to user a special claim. Thanks Isura. *Isura Dilhara Karunaratne* Senior Software

[Architecture] [IAM] Implement new addLifecycle method with life-cycle Id as an input parameter

Hi, In the current implementation of Lifecycle management module [1], it will be generated a unique UUID as the lifecycle id. Shall we implement another addLifecycle method which we can pass lifecycle Id as an input parameter? In this way we can use, unique userId as the user lifecycle Id. WDYT ?

Re: [Architecture] Extend SCIM 2.0 Metadata to include User Lifecycle State

t; > On Mon, Feb 13, 2017 at 1:03 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> >> >> On Mon, Feb 13, 2017 at 11:22 AM, Thanuja Jayasinghe <than...@wso2.com> >> wrote: >> >>> Hi Johann / Isura, >>> >>> On Tue, Feb 7, 20

Re: [Architecture] C5 User Core Delete User Operation

Hi Gayan, On Wed, Feb 8, 2017 at 11:13 PM, Gayan Gunawardana wrote: > Hi All, > > How are we going to support user delete operation in user core ? > Currently IdentityStore --> deleteUser operation delete user from user > store. Is there any future plan to set delete flag

[Architecture] [IAM] [IS6.0.0] How to handle Special claims ?

Hi all, What is the best way to handle special claims such as last login time and last password update time? These claims should only be modified by the system. Ideally, we should not be able to update these claims using an APIs such as SCIM. Thanks *Isura Dilhara Karunaratne* Senior Software

[Architecture] [IAM] [IS6.0.0] How to handle post Authentication in IS 6.0.0

Hi all, According to the C5 Identity Mangement implementation [1], it throws AuthenticationFailure exception for invalid credentials and due to that, POST_AUTHENTICATION event will *not* be triggered. It is required to trigger POST_AUTHENTICATION event for authentication failure scenarios as

Re: [Architecture] Extend SCIM 2.0 Metadata to include User Lifecycle State

Hi Johann, On Wed, Feb 8, 2017 at 9:19 AM, Johann Nallathamby wrote: > For IS 6.0.0 M3 we decided to implement and manage user lifecycle states. > For IS 6.0.0 M2 we are implementing SCIM 2.0. I propose that we extend SCIM > 2.0 metadata and include the user lifecycle state as

Re: [Architecture] [Dev] Username Recovery Feature in IS 6.0.0

l address or > to the mobile number which is already given? > > +1, we could also consider using the security questions/ or verifying the > mobile number registered with the account, if the above is not available > like google does. > > > Thank you! > > On Sat, Jan 21, 20

Re: [Architecture] C5 - Groups vs Roles

Hi Manu, On Fri, Jan 27, 2017 at 3:45 PM, Manuranga Perera wrote: > 4. Role to User and Role to Group mappings will be will be stored in a DB >>> schema maintained by carbon >>> >> Yes. >> > So it's not in LDAP? > Yes. The mapping is stored in a local DB, Not in LDAP Thanks

Re: [Architecture] [IS] [C5] Check Whether User Exist in User Stores

Hi Johann, Thanuja, If we have multiple user stores in C4, it will be looped UserOperationEventListeners in each user store until authentication success public boolean doPreAuthenticate(String userName, Object credential, UserStoreManager userStoreManager) throws

[Architecture] [IAM] [IS6.0.0] Lifecycle support for Identity management scenarios.

Hi all, We are working on implementing life cycle support for Identity Managment scenarios in IS 6.0.0. [1] [2]. Following are the identified state charts for different Identity management scenarios which we are going to support in IS 6.0.0 OOTB. Abbreviations LS Lock State RPC Require

Re: [Architecture] [IS 6.0.0] Email Management Component Implementation

Hi Danushka/Kasun, On Mon, Jan 23, 2017 at 7:00 AM, Kasun Bandara wrote: > Hi Lahiru, > > Is there any specific reason to populate the email configurations under > 'config' directory ? . IMO these email template configurations must reside > under 'Identity' directory

Re: [Architecture] [IS 6.0.0] Email Management Component Implementation

Hi Lahiru, On Sun, Jan 22, 2017 at 4:40 PM Lahiru Manohara wrote: > Hi, > > We are implementing email management component for IS 6.0.0. The following > properties will be included in the email template. > > configuration: > - > subject: > body: > footer: > type: >

Re: [Architecture] Account Lock/Disable Feature in IS 6.0.0

Hi Prabath, On Fri, Jan 20, 2017 at 4:43 PM, Prabath Siriwardena <prab...@wso2.com> wrote: > Hi Isura, > > Please find my comment inline... > > On Fri, Jan 20, 2017 at 2:02 AM, Isura Karunaratne <is...@wso2.com> wrote: > >> Hi all, >> >> >&g

Re: [Architecture] [Dev] Username Recovery Feature in IS 6.0.0

Hi Dinali, On Sat, Jan 21, 2017 at 12:33 PM, Dinali Dabarera wrote: > Hi all, > > We are working on implementing username recovery feature for IS 6.0.0 > > *The admin has to enable the Username Recovery* > > > *When Username Recovery enabled:* > >- User portal user can

[Architecture] Account Lock/Disable Feature in IS 6.0.0

Hi all, We are working on implementing account lock/disable features for IS 6.0.0. *Account Lock: * - User *must not *be able to login to the system. - Admin user *can* update the user attributes and assign roles (account is active) - User cannot start a password recovery flow.

Re: [Architecture] [Dev] [IS 6.0.0] [User Portal] Challenge Questions in Self sign-up page of user portal

Hi Nuwan, On Fri, Jan 20, 2017 at 11:48 AM, Nuwan Dias <nuw...@wso2.com> wrote: > > > On Thu, Jan 19, 2017 at 10:42 AM, Isura Karunaratne <is...@wso2.com> > wrote: > >> Hi, >> >> In my opinion, admin defined security questions are more secure than

Re: [Architecture] [Dev] [IS 6.0.0] [User Portal] Challenge Questions in Self sign-up page of user portal

Hi, In my opinion, admin defined security questions are more secure than user-defined security questions in general. Because some users may define simple questions and answers which attackers can guess easily. Still, most of the users who use Identity Server, use this feature. So, I am -1 to

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

Hi, Tested following features - Account Recovery- Notification - Account Recovery - Security Question one by one - Account Recovery - Security Question at once - Recaptcha - Password History - Self Signup - Ask Password - User Email Verified - Password Pattern -

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Hi, On Thu, Oct 20, 2016 at 1:19 AM, Harsha Thirimanna wrote: > If there any REST API that already secured within itself the feature, then > we have to remove it and use this. As ex : DCR. in DCR we expect user in > request payload for now and that APIs are not secured. After

Re: [Architecture] [architecture ] [IS-5.3.0] Admin forces password reset for user

Hi Ayesha, We can extend Ask Password feature we developed in IS 5.3.0 to support this feature. So, we can send a confirmation email rather than an OTP. Thanks Isura *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog :

Re: [Architecture] Identity Recovery Rest APIs

cipants. We could identify some of the resource paths improvements and error code improvements during the session. You can find the attached updated swagger file for more details. Participants : Prabath, Sanjeewa, Darshana, Harsha, Isura Thanks Isura > > Thanks > Jo > > On Mon, Jul 11, 2

Re: [Architecture] Identity Recovery Rest APIs

Hi Sanjeewa, On Mon, Jul 11, 2016 at 10:24 AM, Sanjeewa Malalgoda <sanje...@wso2.com> wrote: > @Isura, > Can you arrange a review session for this? > Sure. I will arrage. Thanks Isura > > Thanks, > sanjeewa. > > On Thu, Jul 7, 2016 at 5:34 PM, Isura Karu

[Architecture] Identity Recovery Rest APIs

Hi all, Following are the new rest API implementation [1] that we have developed for IS 5.3.0 m2 . We are in the process of refactoring and model the APIs using swagger. You can find the attached swagger definition that we have developed. Your comments and suggestions are highly

Re: [Architecture] [IS] Supporting user information recovery scenarios in IS user portal

t;> Hi Omindu, >>>> >>>> Yes. We can't use reCaptcha without internet. But the chance of having >>>> Bots attack from a internal network is very less. So we can either disable >>>> reCaptcha when server is not connect to the internet or have the old &

Re: [Architecture] [IS] Block brute force attacks on password recovery flows

Hi Thanuja, On Mon, Jun 20, 2016 at 1:35 PM, Thanuja Jayasinghe wrote: > Hi All, > > I'm working on $subject. > > We are planning to prevent this flow from brute force attacks by enabling > followings, > >1. Enable captcha/reCaptcha after n failed attempts >2. Lock the

Re: [Architecture] [Dev]Force Password Reset and Password History validation

Hi Dulanja, On Mon, Jun 20, 2016 at 12:14 PM, Dulanja Liyanage <dula...@wso2.com> wrote: > > > On Mon, Jun 20, 2016 at 12:11 PM, Dulanja Liyanage <dula...@wso2.com> > wrote: > >> >> >> On Mon, Jun 20, 2016 at 10:52 AM, Isura Karunaratne <is...

[Architecture] [Dev]Force Password Reset and Password History validation

HI all, I am working on $subject for WSO2 Identity Sever 5.3.0 release. Following are the currently identified improvements, - Password History - Last 'n' number of passwords need to be maintained in user's history. When user updates his password we don't allow him to choose one of these

Re: [Architecture] Identity Management Recovery API improvements.

. > Notificaton sending has the extentison points to support SMS based recovery. Thanks Isura > > Thanks, > Gayan > > > On Thu, Jun 9, 2016 at 11:06 AM, Isura Karunaratne <is...@wso2.com> wrote: > >> Hi, >> >> On Thu, Jun 9, 2016 at 10:53 AM, Harsh

Re: [Architecture] Identity Management Recovery API improvements.

erscore signs included in processiong-functions like >> "reset_password" and resource-paths like "security_questions_response" >> could be replaced with a dash (-). >> > Thanks for the infomation. I will modify the apis based on your suggetions. Thanks I

Re: [Architecture] [IS] Supporting user information recovery scenarios in IS user portal

keep the existing captcha implementation. But we have to modify >> login, self-registration and recovery flows to add captcha/reCaptcha in a >> pluggable manner. >> >> Thanks, >> Thanuja. >> >> On Tue, Jun 7, 2016 at 11:14 AM, Isura Karunaratne <is...@wso2.com> >&g

[Architecture] Identity Management Recovery API improvements.

Identity Management Recovery API improvements. In Identity Server 5.3.0, we are going to implement Identity Management recovery APIs as rest resources. In current implementations of IS5.0.0, IS5.1.0 we have soap APIs for recovery scenarios. [1]. Captcha validation is coupled with recovery flows

Re: [Architecture] Decouple capcha validation from Recovery flows

On Mon, May 16, 2016 at 10:34 AM, Johann Nallathamby <joh...@wso2.com> wrote: > > > On Mon, May 16, 2016 at 10:25 AM, Isura Karunaratne <is...@wso2.com> > wrote: > >> Hi, >> >> We are planning to expose recovery APIS in IS 5.3.0 as rest APIS. And &g

[Architecture] Decouple capcha validation from Recovery flows

Hi, We are planning to expose recovery APIS in IS 5.3.0 as rest APIS. And also, we are trying to reduce the complexity and improve the performance in existing recovery java APIs as well. Currently, we have two ways of password recovery methods, - Recover with a notification - Recover