Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

On Thu, Nov 10, 2016 at 9:22 AM, Johann Nallathamby wrote: > Hi Prabath, > > On Sat, Oct 22, 2016 at 2:33 AM, Prabath Siriwardana > wrote: > >> Thanks! >> >> Few questions related to the certificate-based handler... >> >> 1. Why do we expect username to be passed along with the request and it's

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Hi Prabath, On Sat, Oct 22, 2016 at 2:33 AM, Prabath Siriwardana wrote: > Thanks! > > Few questions related to the certificate-based handler... > > 1. Why do we expect username to be passed along with the request and it's > a must...? > Yes. Username is not a must. As I have explained in my oth

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Thanks! Few questions related to the certificate-based handler... 1. Why do we expect username to be passed along with the request and it's a must...? 2. Also, we are not checking whether we have the original certificate - we only rely on the TLS mutual auth validation at the container level - wh

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

​Here is the git repo for the authentication layer https://github.com/wso2-extensions/identity-carbon-auth-rest​ *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linke

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Can you please share the git repo where we have the code for the 'authentication layer'? Thanks & regards, -Prabath On Thu, Oct 20, 2016 at 12:19 AM, Harsha Thirimanna wrote: > If there any REST API that already secured within itself the feature, then > we have to remove it and use this. As

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Yes , we can secure whatever REST API that is exposed within IS. *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsh

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Can we secure SCIM endpoints with Generic Authentication Mechanism ? On Thu, Oct 20, 2016 at 9:38 PM, Isura Karunaratne wrote: > Hi, > > > On Thu, Oct 20, 2016 at 1:19 AM, Harsha Thirimanna > wrote: > >> If there any REST API that already secured within itself the feature, >> then we have to re

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Hi, On Thu, Oct 20, 2016 at 1:19 AM, Harsha Thirimanna wrote: > If there any REST API that already secured within itself the feature, then > we have to remove it and use this. As ex : DCR. in DCR we expect user in > request payload for now and that APIs are not secured. After apply this we > ca

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Moving to DEV... *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

If there any REST API that already secured within itself the feature, then we have to remove it and use this. As ex : DCR. in DCR we expect user in request payload for now and that APIs are not secured. After apply this we can remove the user from request payload and rely on this. And same as we ma

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Hi Ayesha, This feature provide a authentication layer in front of any unsecured REST APIs. So do we need to test this with all the REST APIs ? -Ishara On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka wrote: > Hi all, > > I have started testing the"Generic Authentication Mechanism to all

[Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Hi all, I have started testing the"Generic Authentication Mechanism to all the REST APIs" feature [1] in IS-5.3.0. Please mention details on REST APIs in IS services which needs to be secured, so that I can test those APIs with this feature. [1] https://wso2.org/jira/browse/IDENTITY-4742 Thanks!