Re: [Architecture] [IS] User Challenge question Internationalization

is to abstract the retrieval of resources logic to support retrieval of resources from a DB, API etc. [1] http://mail.wso2.org/mailarchive/architecture/2015-May/020188.html Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com lean.enterprise.middleware

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

2.com>* cell: +94 71 5186770 * > *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* > *harshathirimannlinked-in: **http: > <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 > <http://www.linkedin.com/pub/harsha-thiriman

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

both client_id and client_secret you simply delete the app and create a new one. Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com lean.enterprise.middleware Email: farasa...@wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.

Re: [Architecture] [IS] User Challenge question Internationalization

Hi Kasun, "isPromoteQuestion" property is no longer used in our current implementation. Therefore, we can get rid of the property and straight away persist the challenge question as a registry resource. Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http:

Re: [Architecture] [IS] User Challenge question Internationalization

nd encripted answer is stored as claim. >> Since user may change his locale runtime, I think in new implementation we >> have to store some question id rather than questoin text in claim. >> Otherwise security question will display in previous locale. >> >> Othe

Re: [Architecture] [IS] DCR implementation

/OAuthAccessTokenValidatorValve.java Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com lean.enterprise.middleware Email: farasa...@wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> On Fri, Jun 17, 2016 at 1:12 AM,

Re: [Architecture] Implementing proper security model for dashboard server

Hi Suho, Just to be clear, Are we going to use the Password Grant Type in the case where SSO is disabled or is it the Client Credentials grant type using the client_id and client_secret of the app created? Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com

Re: [Architecture] [IS] Block brute force attacks on password recovery flows

Hi Thanuja, On Mon, Jun 20, 2016 at 1:35 PM, Thanuja Jayasinghe wrote: > Hi All, > > I'm working on $subject. > > We are planning to prevent this flow from brute force attacks by enabling > followings, > >1. Enable captcha/reCaptcha after n failed attempts >2. Lock

Re: [Architecture] [IS 6.0.0] Email Management Component Implementation

On Sun, Jan 22, 2017 at 3:10 AM, Lahiru Manohara wrote: > Hi, > > We are implementing email management component for IS 6.0.0. The following > properties will be included in the email template. > > configuration: > - > subject: > body: > footer: > type: > display: >

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

On Feb 15, 2017 9:50 PM, "Harsha Thirimanna" <hars...@wso2.com> wrote: On Wed, Feb 15, 2017 at 10:54 PM, Ishara Karunarathna <isha...@wso2.com> wrote: > > > On Thu, Feb 9, 2017 at 1:22 PM, Harsha Thirimanna <hars...@wso2.com> > wrote: > >> >&

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

nfigurations related to an Inbound Protocol like SAML or OAuth2? Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Wed, Feb 8, 2017 a

Re: [Architecture] [IS] Authorization for Service Providers

on the combining algorithm (like Deny overrides, First applicable) defined globally. Shouldn't we also allow this algorithm to be decided at SP level? Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <ht

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

e - go ahead and release Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana <pulas

Re: [Architecture] [APIM] [C5] Single sign on support in API Manager 3.0

; Sajith Kariyawasam > *Associate Tech Lead* > *WSO2 Inc.; http://wso2.com <http://wso2.com/>* > *Committer and PMC member, Apache Stratos * > *AMIE (SL)* > *Mobile: 0772269575* > -- Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog:

Re: [Architecture] [C5][IS 6.0.0]Admin Forced Password Reset Via Offline for Existing Users

On Wednesday, March 15, 2017, Dilan Udara Ariyaratne wrote: > > On Tue, Mar 14, 2017 at 11:08 AM, Gayan Gunawardana > wrote: > >> >> >> On Tue, Mar 14, 2017 at 10:58 AM, Hasanthi Purnima Dissanayake < >>

Re: [Architecture] [APIM] [C5] Single sign on support in API Manager 3.0

On Sat, Apr 1, 2017 at 11:27 AM, Bhathiya Jayasekara <bhath...@wso2.com> wrote: > > > On Sat, Apr 1, 2017 at 1:39 AM, Farasath Ahamed <farasa...@wso2.com> > wrote: > >> >> >> On Thursday, March 30, 2017, Sajith Kariyawasam <saj...@wso2.com> wr

Re: [Architecture] IS Authentication Flow Behavior Between Multiple Service Providers

Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Sat, Jul 15, 2017 at 11:35 AM, Johann Nallathamby <joh...@wso2.com> wrote: &g

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Tue, May 2, 2017 at 1:48 AM, Manoj Gunawardena wrote: > +1 for handle authorization in consistent way for all end points. > Such as > "/oauth2/introspect" > "oauth2/userinfo" > > According to IS 5.3 Authentication and Authorization of REST APIS > mechanism [1], what are the

[Architecture] Distinguish between local and federated users in oauth tables

approach, please raise. We are >>>>>>>>> proceeding with implementation as above. >>>>>>>>> >>>>>>>>> [1] - https://wso2.org/jira/browse/IDENTITY-5939 >>>>>>>>> [2] - https://wso2.org/jira/brow

Re: [Architecture] Force Delete Identity Providers

be better to have a discussion on this to identify all the cases that will be affected by IDP deletion and decide on the best approach to handle them. [1] https://docs.wso2.com/display/IS530/Associating+User+Accounts Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866

Re: [Architecture] Why we use timestampSkew default value as 300 seconds in identity.xml, why not 0 seconds.

On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe wrote: > Hi Dinali, > > Consider the following calculation. > > expiry time = issuedTimeInMillis + validityPeriodMillis - > (System.currentTimeMillis() - timestampSkew) > > So actually token is valid for (validityPeriodMillis

Re: [Architecture] Validate Authorization headers for Oauth endpoints

, client_secret. As for the userinfo endpoint it's open AFAIK. > > > On Tue, May 2, 2017 at 3:02 AM, Farasath Ahamed <farasa...@wso2.com> > wrote: > >> >> >> >> On Tue, May 2, 2017 at 1:48 AM, Manoj Gunawardena <man...@wso2.com> >> wrote:

Re: [Architecture] [IAM] Adding/Reloading X509 Certificates at Runtime without Restart

t;> >> [1] https://wso2.org/jira/browse/IDENTITY-1131 >> [2] https://github.com/wso2/carbon-identity/pull/1511 >> >> Thanks & Regards, >> Johann. >> >> -- >> >> *Johann Dilantha Nallathamby* >> Senior Lead Solutions Engineer >

Re: [Architecture] WSO2 Identity Server 5.4.0 Alpha 9 Released !!!

, arch: "amd64", family: "unix" Could this be due to maven/java version difference? Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature

Re: [Architecture] WSO2 IS : what are the differences between OpenID Connect & OAuth 2.0 federated authenticators

: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2- > Architecture-f62919.html > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603

Re: [Architecture] Self Contained Access Tokens in IS 5.4.0

On Fri, Nov 17, 2017 at 3:23 PM, Johann Nallathamby wrote: > Self contained JWT's may get quite large and if we set it as the default > size in the script, for users who are not using self contained JWT also it > is going to consume large space in the database. > > Did we think

[Architecture] WSO2 Identity Server 5.4.0 Alpha 9 Released !!!

o raise them as well. - Developer List: d...@wso2.org - Architecture List: architecture@wso2.org - User Forum: StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues We encourage you to report issues, improvements, and feature requests regarding WSO2 Iden

Re: [Architecture] Self Contained Access Tokens in IS 5.4.0

Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Fri, Nov 17, 2017 at 6:48 PM, Johann Nallathamby <joh...@wso2.com> wrote: > >

Re: [Architecture] IS550: Oauth Role or XACML scope validation

with "Try" -- works >4. Published to PDP >5. tried curl to issue new token -- token issued as before. No >restriction for the user > > May be I am using it in a wrong way? > > Thanks in advance, > > Vadim >

Re: [Architecture] Conditional authentication - functions

be appreciated. > > Thanks, > Nila. > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 > Web : http://wso2.com/ > > > <http://wso2.com/signature> > > __

Re: [Architecture] [RRT] Forcing the challenge question for Identity Server

u explain how we plan to retrieve the available challenge questions of the tenant in this approach? > > Your input is appreciated. > > Thanks and regards, > -- > > *Rosen Silva* > Software Engineer - WSO2 > > Email: ros...@wso2.com > Mobile: +94770677418 > Web: htt

Re: [Architecture] Handling custom claims when generating JWT token using JWT grant type

name, but this cannot be done in our case, as we only >>>>> pass the predefined set of oidc claims to service provider. >>>>> >>>>> >>>>>> And in the subject you meant generating access token (but not JWT >>>>>> token) righ

Re: [Architecture] Handling custom claims when generating JWT token using JWT grant type

On Wed, May 30, 2018 at 4:17 PM, Megala Uthayakumar wrote: > Yes. I tried to explain the same thing, seems it is confusing. I will > simplify it. > Thanks for the clarification. > > Thanks. > > Regards, > Megala > > On Wed, May 30, 2018 at 4:12 PM, Farasath Aham

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

ees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf=D=hangouts=1529490475881000=AFQjCNG3_d5jo1kSGGuO9_TMVz2oNTswag> >>>> -- >>>> >>>> Vihanga Liyanage >>>> >>>> Software Engineer | WS*O₂* Inc. >>>> >>>

[Architecture] WSO2 Identity Server 5.4.0 Alpha6 Released!

If you have any questions regarding the product you can use our StackOverflow forum to raise them as well. - Developer List: d...@wso2.org - Architecture List: architecture@wso2.org - User Forum: StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues W

Re: [Architecture] [IAM] JWT client authentication for OAuth 2.0 for IS 5.5.0

>>> >>> Hasanthi Dissanayake >>> >>> Senior Software Engineer | WSO2 >>> >>> E: hasan...@wso2.com >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> >> >> >

Re: [Architecture] Decoupling Client Authentication from OAuth2 Flow

On Mon, Jan 8, 2018 at 4:49 PM, Hasintha Indrajee wrote: > The idea behind this is to decouple the authentication mechanism used by > OAuth2 clients from the rest of the OAuth2 logic, so that different types > of client authenticators can be plugged. For an example according

Re: [Architecture] OIDC request object support

ot; it will act as a default claim and will >>>> control by both requested scopes and the requested claims. >>>> >>> >>> What do you mean by controlling using requested scope? Do you mean if >>> the client doesn't request at least one scope that includes

Re: [Architecture] Support for encrypted ID tokens in OIDC

gt;> <https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail_term=link> >>>> <#m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_682166417964237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>> >>>>

Re: [Architecture] [New Feature]: Cross Protocol IDP initiated SSO flow

* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera&

Re: [Architecture] OIDC request object support

On Tuesday, January 23, 2018, Johann Nallathamby <joh...@wso2.com> wrote: > Hi Farasath, > > On Tue, Jan 23, 2018 at 12:13 PM, Farasath Ahamed <farasa...@wso2.com> > wrote: > >> >> >> On Tuesday, January 23, 2018, Johann Nallathamby <joh...@wso2.com

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.5.0 RC2

o not release (explain why) >>>>>> >>>>>> >>>>>> Thanks, >>>>>> - WSO2 Identity and Access Management Team - >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>&

Re: [Architecture] [Dev] Missing JSESSION cookie

__ > Dev mailing list > d...@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso

Re: [Architecture] [IS] JDBC based Configuration Store for WSO2 IS

g in the API is not finalized yet. > > Your valuable comments and suggestions are highly appreciated. > > > [1] > https://app.swaggerhub.com/apis-docs/WSO8/wso-2_identity_server_configuration_management_rest_api/1.0.0 > <https://app.swaggerhub.com/apis-docs/WSO8/wso-2_ide

Re: [Architecture] Auth0 OpenID Connector for IS

> >> WSO2 IS requests to get user info, And Auth0 can retrieve user >> information from the ID token or Access token. >> >> Thanks. >> -- >> R.Nirubikaa >> Intern | WSO2 >> M: O779108852 >> >> >> > > > -- > R.Nirubikaa &

Re: [Architecture] [IAM] Supporting Description and Internationalization for OAuth2 Scopes

ps://github.com/wso2/product-is/issues/5354 >> >> Thanks & Regards, >> Johann. >> >> -- >> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | >> WSO2 Inc. >> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com >>

Re: [Architecture] [Dev][VOTE] Release WSO2 Identity Server 5.8.0 RC3

leases/tag/v5.8.0-rc3 >>>>> <https://github.com/wso2/analytics-is/releases/download/v5.8.0-rc3/wso2is-analytics-5.8.0-rc3.zip> >>>>> >>>>> >>>>> Please download, test the product and vote. >&g

Re: [Architecture] [Dev] [VOTE] Release WSO2 Identity Server 5.9.0 RC2

or adaptive authentication >>>>>>>>>- >>>>>>>>> >>>>>>>>>Cross-protocol single logout capability >>>>>>>>>- >>>>>>>>> >>>>>>>>>Inbui

Re: [Architecture] [Iam-dev] [VOTE] Release WSO2 Identity Server 5.10.0 RC2

the following > convention. > [+] Stable - go ahead and release > [-] Broken - do not release (explain why) > > > Thank you, > WSO2 Identity and Access Management Team > > -- > *Janak Amarasena* | Senior Software Engineer | WSO2 Inc. > (m) +9464144 | (w) +941

Re: [Architecture] [APIM] Multiple Key Manager support

auth mechanisms. How do we plan to handle this? > > > Thanks > > *Tharindu Dharmarathna*Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > mobile: *+94779109091* > ___ > Architecture mailing list >