On Fri, May 10, 2013 at 12:29 PM, Pradeep Fernando prad...@wso2.com wrote:
Hi,
After the first start up, UI will be the only way to edit the
configuration (Except for go and change the storage). That limitation have
negative points
But the use of UI is to allow user to add a new
On Mon, May 27, 2013 at 5:13 PM, Amila Suriarachchi am...@wso2.com wrote:
On Mon, May 27, 2013 at 5:01 PM, Prabath Siriwardena prab...@wso2.comwrote:
On Mon, May 27, 2013 at 4:04 PM, Amila Suriarachchi am...@wso2.comwrote:
On Mon, May 27, 2013 at 3:06 PM, Prabath Siriwardena
prab
the nodes.
4. The deployer we write, needs to update the corresponding configuration
in the RealmService.
5. Users already logged in should be forced to logout.
Thanks regards,
-Prabath
On Thu, May 30, 2013 at 10:25 AM, Prabath Siriwardena prab...@wso2.comwrote:
Nice slides.. :-)
Please
Hi Sanjeewa,
In API Manager - can we get stats without BAM integration ?
Thanks regards,
-Prabath
On Mon, Jun 3, 2013 at 7:49 PM, Darshana Gunawardana darsh...@wso2.comwrote:
Hi all,
I have started on working $subject(as in our internal roadmap #602). Final
outcome of this should be,
+1
Also we need to avoid keystores been configured in different places. Like
datasources - we need to have key stores configured in a single place and
reference those from other places..
Thanks regards,
-Prabath
On Sat, Jun 22, 2013 at 3:05 PM, Amila Suriarachchi am...@wso2.com wrote:
hi,
(pvt) Ltd
Mobile: +94779716248
On Fri, May 31, 2013 at 2:52 PM, Prabath Siriwardena prab...@wso2.com
wrote:
I guess dep sync based approach will solve these...
Thanks regards,
-Prabath
On Fri, May 31, 2013 at 2:41 PM, Srinath Perera srin...@wso2.com
wrote:
Hi All
On Mon, Jun 24, 2013 at 1:31 PM, Prabath Siriwardena prab...@wso2.comwrote:
+1
Also we need to avoid keystores been configured in different places. Like
datasources - we need to have key stores configured in a single place and
reference those from other places..
Thanks regards,
-Prabath
It has to maintain a order - you will authenticate a users in a chain - if
the first fails it will go to the other.
Thanks regards,
-Prabath
On Mon, Jul 1, 2013 at 3:01 PM, Amila Suriarachchi am...@wso2.com wrote:
On Mon, Jul 1, 2013 at 2:38 PM, Prabath Siriwardena prab...@wso2.comwrote
stores.
Azeez
On Mon, Jul 1, 2013 at 2:38 PM, Prabath Siriwardena prab...@wso2.comwrote:
Not quite right..
A given user sore cannot just exist on its own.. it has to maintain the
order with others.. That needs to be maintain at the user-mgt.xml..
By breaking this in to separate user-store
Adding a user store is not as dynamic as adding a proxy or sequence..
thinking both in the same way is not quite right..
Thanks regards,
-Prabath
On Mon, Jul 1, 2013 at 2:54 PM, Amila Suriarachchi am...@wso2.com wrote:
On Mon, Jul 1, 2013 at 2:38 PM, Prabath Siriwardena prab...@wso2
On Mon, Jul 1, 2013 at 3:22 PM, Amila Suriarachchi am...@wso2.com wrote:
On Mon, Jul 1, 2013 at 3:08 PM, Prabath Siriwardena prab...@wso2.comwrote:
Adding a user store is not as dynamic as adding a proxy or sequence..
thinking both in the same way is not quite right..
There are two
On Fri, Jul 5, 2013 at 4:30 PM, Vijayaratha Vijayasingam rat...@wso2.comwrote:
Hi all;
Currently in the APIManager we provide an option in the identity.xml to
configure the token validity period. But it is global level one time
setting.
*Scenario*
If there is any theft in the tokens or
Currently when configure WSO2 IS to provision users to connected systems -
it will provision all the users in it - whenever a user being added or
updated.
Its better to give the option to do this selectively..
This is the use case I am thinking of..
You can have a security gateway in DMZ which
Had a brief chat with Dimuthu and I guess it's much cleaner to get rid of
the magic user - with the introduction of organization concept in AF.
The admin user account of the tenant it self can perform these operations...
If we think about a multi-VPC deployment (a VPC per tenant) - we do not
Please note that this solution only addresses 1 and 2. Not 3. I don't see
addressing 3 is quite needed in our case.
Thanks regards,
-Prabath
On Fri, Jul 26, 2013 at 3:35 PM, Prabath Siriwardena prab...@wso2.comwrote:
On Fri, Jul 26, 2013 at 3:24 PM, Prabath Siriwardena prab...@wso2.comwrote
Can we please arrange a design review for this. We discussed an Application
concept in IS and we need to see how all these integrate together..
Thanks regards,
-Prabath
On Fri, Jul 26, 2013 at 3:34 PM, Vijayaratha Vijayasingam
rat...@wso2.comwrote:
Hi all;
*Our requirement*
Currently we
Will be back on 2nd.. better after that...
Thanks regards,
-Prabath
On Fri, Jul 26, 2013 at 3:43 PM, Sumedha Rubasinghe sume...@wso2.comwrote:
+1. will schedule next week?
On Fri, Jul 26, 2013 at 3:39 PM, Prabath Siriwardena prab...@wso2.comwrote:
Can we please arrange a design review
On Sat, Aug 3, 2013 at 9:04 PM, Sanjiva Weerawarana sanj...@wso2.comwrote:
Dilshan Prabath, should the SCEP server code ship with IS by default?
Prabath I remember a long discussion about certificate issuing and
distribution 3-4 years ago but don't think we ended up implementing yet ..
is
/iPhoneOTAConfiguration/iPhoneOTAConfiguration.pdf
On Sun, Aug 4, 2013 at 6:36 AM, Prabath Siriwardena prab...@wso2.comwrote:
On Sat, Aug 3, 2013 at 9:04 PM, Sanjiva Weerawarana sanj...@wso2.comwrote:
Dilshan Prabath, should the SCEP server code ship with IS by default?
Prabath I remember a long
any time it can be replaced
with anything. Ideally which I believe this part needs to be handle by IS
and MDM only communicate with it through the information provided at the
deployment time.
Regards,
Dilshan
On Sun, Aug 4, 2013 at 7:09 AM, Prabath Siriwardena prab...@wso2.comwrote:
Just
will be done based on the user challenge before it gets passed to it. The
validation part is not done.
Also there is a performance issue in the time taken enroll a device ,
Mayuran is working on that along with the validation.
Thanks,
-Shan
On Sun, Aug 4, 2013 at 1:38 PM, Prabath Siriwardena prab
is the best method to overcome the SCEP vulnerability.
On Mon, Aug 5, 2013 at 10:39 AM, Prabath Siriwardena prab...@wso2.comwrote:
I guess user challenge it self is not enough.. We also need to validate
the SCEP request..
Thanks regards,
-Prabath
On Mon, Aug 5, 2013 at 10:32 AM, Shanmugarajah
Hi Sumedha,
This needs to be better modeled after A Method of Bearer Token
Redelegation and Chaining for OAuth 2
http://tools.ietf.org/id/draft-richer-oauth-chain-00.txt
The grant type needs to be urn:ietf:params:oauth:grant_type:redelegate
And also - we should not provide a refresh token in
+1 for that.. Only downside - tenant is loaded not on demand..
Another approach is..
Currently the tenant is loaded by looking at the URL.. say for example - if
the url says - /t/wso2.com - this will make wso2.com to be loaded if it is
not loaded already.
The issue with authentication is - we
Won't it be late to load the tenant at this moment? As the changes needs
to be checked out from the repo , for authentication to be successful, are
we to hold the decision using some mechanism till the check out completes?
This is the same behavior you see when you login to management
The requirement is to process the token issue request at the Key Manager
before actually processing the request.
Following two methods will be introduced to the
org.wso2.carbon.identity.oauth2.OAuth2ServiceListener interface - and these
will be invoked from the
+1
Currently IS and API-M use two different services for token validation. So
- lets get rid-of this code duplication first and then work on the
improvements...
Thanks regards,
-Prabath
On Wed, Oct 2, 2013 at 11:05 AM, Johann Nallathamby joh...@wso2.com wrote:
Currently the OAuth2 scopes
.
On Fri, Oct 4, 2013 at 7:25 AM, Prabath Siriwardena prab...@wso2.comwrote:
This is done by the handler
t/org.wso2.carbon.apimgt.keymgt/src/main/java/org/wso2/carbon/apimgt/keymgt/util/APIManagerOAuthCallbackHandler.java
Scope is case sensitive - and when we issue a token against a provided
Thanks,
-Suresh
On Wed, Oct 2, 2013 at 2:47 AM, Prabath Siriwardena prab...@wso2.comwrote:
+1
Currently IS and API-M use two different services for token validation.
So - lets get rid-of this code duplication first and then work on the
improvements...
Thanks regards,
-Prabath
On Wed
How do we do this inAPI - Store / Publisher ? Can we host the API Store /
Publisher in a different Application Server and still points to the same
user base behind the API Manager..?
Thanks regards,
-Prabath
On Wed, Oct 9, 2013 at 7:32 PM, Venura Kahawala ven...@wso2.com wrote:
Hi,
I'm now
How do we handle SAML2 sessions now..?
I believe we keep it in-memory..
Keep this in-memory won't scale - as these sessions suppose to live long..
and also won't be accessed frequently..
Can we use an LRU cache - and persist the SAML2 sessions..?
Thoughts please..
Thanks Regards,
Prabath
There are three use cases..
1. SCIM consumer sends a provisioning request to IS - which is the SCIM CSP.
2. [1] Identity Server provisions the user to other CSPs
3. Adding user from the IS management console and provision the user to
other connected CSP.
How do we handle id/externalid/userName
, scimId etc).
IMO externalId is not an useful attribute in the spec. [1] here there are
some arguments on this.
[1] http://www.infoq.com/articles/scim-data-model-limitations
Please add something mission or wrong.
Thanks,
On Mon, Oct 21, 2013 at 10:45 PM, Prabath Siriwardena prab...@wso2
at 4:53 AM, Prabath Siriwardena prab...@wso2.comwrote:
When IS provisions users to other connected systems - are we maintaining
the list of id's returned by each CSP...?
IMO externaid is also useful. A given externalid could map to multiple
id's returned by CSPs.
Thanks regards,
-Prabath
providers handle the request by taking the user name and identifying
to which resource the operation should be applied.
Regards,
Venura
On Tue, Oct 22, 2013 at 9:15 AM, Prabath Siriwardena
prab...@wso2.comwrote:
On Tue, Oct 22, 2013 at 3:09 PM, Ishara Karunarathna
isha...@wso2.comwrote
,
-Prabath
On Tue, Oct 22, 2013 at 5:55 PM, Venura Kahawala ven...@wso2.com wrote:
Hi,
On Tue, Oct 22, 2013 at 10:17 AM, Prabath Siriwardena prab...@wso2.comwrote:
On Tue, Oct 22, 2013 at 5:41 PM, Venura Kahawala ven...@wso2.com wrote:
Hi,
Also - how spec compliant - is it to do
-Type:application/json *
https://localhost:9443/wso2/scim/Users/48f7cfe5-f0e3-4a67-af7e-d762aa9ab215
*
Regards,
Venura
On Tue, Oct 22, 2013 at 10:37 AM, Prabath Siriwardena prab...@wso2.comwrote:
In that case its with an id - not a direct PUT to /Users. Its like
/Users/id
To sort out any confusion
.. We do two calls when we do outbound
provisioning..? One to get the id and then the PUT
Thanks regards,
-Prabath
Regards,
Venura
On Tue, Oct 22, 2013 at 11:05 AM, Prabath Siriwardena prab...@wso2.comwrote:
But for outbound provisioning from IS we cannot do the same now - as we
do
for the scenario where IS is
behaving as a consumer.
Regards,
Venura
On Tue, Oct 22, 2013 at 11:15 AM, Prabath Siriwardena prab...@wso2.comwrote:
Why not we maintain all the ids from external CSP - against the
externalid ? Then we do not need to worry about doing two calls..
Thanks regards
for the scenario where IS is
behaving as a consumer.
Regards,
Venura
On Tue, Oct 22, 2013 at 11:15 AM, Prabath Siriwardena prab...@wso2.comwrote:
Why not we maintain all the ids from external CSP - against the
externalid ? Then we do not need to worry about doing two calls..
Thanks regards
Yes.. We cannot give the same access token for different scopes.
+1 for fixing this.
Thanks...
Sent from my mobile device
On Oct 25, 2013, at 5:29 PM, Asela Pathberiya as...@wso2.com wrote:
Hi All,
AFAIK, currently OAuth2 token endpoint returns the same access token for
different
Hi Johann,
Please find comment inline...
On Mon, Nov 11, 2013 at 9:35 AM, Johann Nallathamby joh...@wso2.com wrote:
Hi Prabath,
+1 for the concept. Some concerns and thoughts inline.. bear with me for
my lengthy verbose arguments.. [?]
On Mon, Nov 11, 2013 at 3:12 AM, Prabath Siriwardena
at 3:12 AM, Prabath Siriwardena
prab...@wso2.comwrote:
1. What is an Application under the context of Identity Server ?
Its a consumer of identity attributes, roles (and groups),
authentication methods/ policies and authorization policies. In practice,
this could be a web application,mobile
On Mon, Nov 11, 2013 at 10:41 AM, Ishara Karunarathna isha...@wso2.comwrote:
Hi,
On Mon, Nov 11, 2013 at 9:58 AM, Prabath Siriwardena prab...@wso2.comwrote:
Hi Johann,
Please find comment inline...
On Mon, Nov 11, 2013 at 9:35 AM, Johann Nallathamby joh...@wso2.comwrote:
Hi Prabath
On Mon, Nov 11, 2013 at 11:26 AM, Ishara Karunarathna isha...@wso2.comwrote:
On Mon, Nov 11, 2013 at 11:07 AM, Prabath Siriwardena prab...@wso2.comwrote:
On Mon, Nov 11, 2013 at 10:41 AM, Ishara Karunarathna
isha...@wso2.comwrote:
Hi,
On Mon, Nov 11, 2013 at 9:58 AM, Prabath
joh...@wso2.com wrote:
On Mon, Nov 11, 2013 at 1:01 PM, Prabath Siriwardena prab...@wso2.com
wrote:
On Mon, Nov 11, 2013 at 11:47 AM, Johann Nallathamby joh...@wso2.com
wrote:
Yes, we don't have to encrypt the consumer key, but still I feel we can use
a different
IdP always issues claims from its own dialect. If we want application
specific claims - that is a functionality of the resource STS.
Thanks regards,
-Prabath
On Mon, Nov 11, 2013 at 3:59 AM, Asela Pathberiya as...@wso2.com wrote:
On Mon, Nov 11, 2013 at 4:18 PM, Prabath Siriwardena prab
IdP always issues claims from its own dialect. If we want application
specific claims - that is a functionality of the resource STS.
Thanks regards,
-Prabath
On Mon, Nov 11, 2013 at 5:29 PM, Asela Pathberiya as...@wso2.com wrote:
On Mon, Nov 11, 2013 at 4:18 PM, Prabath Siriwardena prab
Ideally it should be a handler - not a mediator... This should get executed
before the message comes to the inSequence.
Thanks regards,
-Prabath
On Wed, Nov 13, 2013 at 10:24 PM, Miyuru Wanninayaka miy...@wso2.comwrote:
Hi all,
Currently most security stuff handled at rampart level (except
within ESB language itself, it will be an added
plus. (This is like we have to go to Axis2 level to configure transports
now).
--Srinath
On Thu, Nov 14, 2013 at 1:23 AM, Prabath Siriwardena prab...@wso2.comwrote:
Ideally it should be a handler - not a mediator... This should get
executed
A design review scheduled on 10th Dec - Tuesday..
Thanks regards,
-Prabath
On Sat, Dec 7, 2013 at 1:01 PM, Prabath Siriwardena prab...@wso2.comwrote:
Identity team was working on designing the user core API during last week.
Please find the high-level design attached.
Each Tenant
Should we use api in the API package name ?
I think we should not..
Currently we have org.wso2.carbon.user.api, org.wso2.carbon.regostry.api
and possibly many more..
I think should avoid putting API in the package name - and it should be
quite obvious..
For example, in Java - in JDBC API [1] -
, 2013 at 6:00 PM, Prabath Siriwardena
prab...@wso2.comwrote:
Should we use api in the API package name ?
I think we should not..
Currently we have org.wso2.carbon.user.api,
org.wso2.carbon.regostry.api and possibly many more..
I think should avoid putting API in the package name
joh...@wso2.com wrote:
Hi Prabath,
One more suggestion I wanted to tell and missed is, what if we have the
Identifier classes of each entity as a static nested class of the
corresponding entity? This way it will make the packaging more neat.
On Thu, Dec 19, 2013 at 1:26 PM, Prabath
, Prabath Siriwardena prab...@wso2.comwrote:
A nested class should exist only to serve its enclosing class... if the
purpose of it goes beyond that - then it should be a top level one. For
that reason, I did't want to have Identifier classes as nested classes...
I was only thinking about
I think the right approach is to use [1]. UserSelfRegistrationService will
add users to the Identity role by default. But, if you want to add the user
to the subscriber role, you can make it configurable.
Also - with UserSelfRegistrationService - you can specify to which user
stores you need to
On Tue, Jan 21, 2014 at 5:23 PM, Lalaji Sureshika lal...@wso2.com wrote:
Hi,
Addition to Tanya's notes,following features/improvements noted as we
expect to complete from ES side [sorry,if I repeat few..],while Sameera is
working on adding APIM related custom pages and functionalties
in the identity.xml.
I o not think we can configure multiple roles (multiple SignUpRole
elements) , If not, we can fix it as well
Thanks.
Asela.
Thanks;
On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika lal...@wso2.comwrote:
Hi,
On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena
+1
Thanks regards,
-Prabath
On Wed, Jan 22, 2014 at 7:29 PM, Lalaji Sureshika lal...@wso2.com wrote:
Hi,
On Wed, Jan 22, 2014 at 5:36 PM, Prabath Siriwardena prab...@wso2.comwrote:
If this is per tenant - you cannot do it via a configuration in the
identity.xml...
Ideally the tenant
, Prabath Siriwardena prab...@wso2.comwrote:
If this is per tenant - you cannot do it via a configuration in the
identity.xml...
Ideally the tenant admin should have an option in the UI to
enable/disable SelfSignUp and if it is enabled he should be able to specify
the default role or the role list
Great..!!! Can we also start with iOS app...?
Also - can you please test this with IS 4.1.0..?
Thanks regards,
-Prabath
On Thu, Mar 27, 2014 at 4:31 PM, Gayan Gunawardana ga...@wso2.com wrote:
Hi All,
Still code with on going development, but any body who interesting can try
it
Android
+1
For JWS and JWE you can directly use Nimbus[1] java library which is
released under Apache 2.0 license..
[1]: http://connect2id.com/products/nimbus-jose-jwt/download
Thanks regards,
-Prabath
On Sat, Sep 6, 2014 at 11:22 PM, Gayan Gunawardana ga...@wso2.com wrote:
Hi,
Currently WSO2
I think its true to some extent that some OAuth authorization servers (AS)
use their own configuration parameters and also some what deviate from the
OAuth specification.
What you can do is - keep a basic OAuth 1.0 and 2.0 modules and if you see
a given AS has changed the behavior - extend from
deviates from the OAuth 2.0 Bearer Token Profile.
Following is a request to the LinkedIn UserInfo endpoint...
curl
https://api.linkedin.com/v1/people/~?oauth2_access_token=AQVKwPCyJoTDl9CZl5ID9S9hig9qd0P
Thanks regards,
-Prabath
On Thu, Sep 25, 2014 at 11:02 AM, Prabath Siriwardena prab...@wso2
, Ravindra Ranwala ravin...@wso2.com
wrote:
Hi All,
Thanks a lot for the valuable feedback given. We'll consider all these
things when we implement this solution in our iPAAS.
Regards,
On Thu, Sep 25, 2014 at 11:08 AM, Prabath Siriwardena prab...@wso2.com
wrote:
According to the OAuth 2.0
Quick feedback - please do not use DTO in the name: ExtKeyMgtAppInfoDTO
Thanks regards,
-Prabath
On Wed, Oct 15, 2014 at 6:27 PM, Sanjeewa Malalgoda sanje...@wso2.com
wrote:
Hi All,
Here is a brief update on status of External Key Management server -APIM
integration implementation.
We will
If you say Basic Auth is easy - then there is no difference in using OAuth
too:-)
Basically the resource owner credentials grant type was introduced in OAuth
to migrate clients from Basic/Digest authentication into OAuth...
By looking at the use case - its clearly something to do with the
+1 for using OAuth..
Please also think of the cost of maintaining and provisioning keys between
servers in a clustered setup and the requirement of have an OAuth
authorization server.
Please see the approach suggested here [1] self-issued self-contained
access tokens. This approach reduces all
Please find the details at
http://blog.facilelogin.com/2014/10/poodle-attack-and-disabling-ssl-v3-in_69.html
Thanks regards,
-Prabath
On Thu, Oct 30, 2014 at 9:26 PM, Niranda Perera nira...@wso2.com wrote:
Hi all,
This follows Prabath's bolgpost on POODLE Attack and Disabling SSL V3 in
[resending with less number of recipients - since this was bounced back
previously due to that]
On Sat, May 9, 2015 at 5:32 PM, Prabath Siriwardena prab...@wso2.com
wrote:
Please find the details at
http://blog.facilelogin.com/2015/05/identity-mediation-language-iml.html
Appreciate your
Admin service WSDL fix the contract between the actual service
implementation and the client.
If you take ServiceProviderRegistration service in IS - then the
Service Provider Registration UI is one client - and also App Manager
is another client. There can be many clients as well.
Right now we
AFAIK the $subject is not working today.
Can we please get that fixed...? This would lead us to many more
useful integration patterns...
--
Thanks Regards,
Prabath
Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
Mobile : +1 650 625 7950
On Sat, May 9, 2015 at 9:17 PM, Prabath Siriwardena prab...@wso2.com
wrote:
[resending with less number of recipients - since this was bounced back
previously due to that]
On Sat, May 9, 2015 at 5:32 PM, Prabath Siriwardena prab...@wso2.com
wrote:
Please find the details at
http
Please have a look at [1] - if we have not already...
Pavithra, let's have test cases based on the doc...
[1]:
https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-implementation-considerations-ps-20141009.pdf
--
Thanks Regards,
Prabath
Twitter : @prabath
LinkedIn :
Hi Azeez,
Yes - we discussed to implement this for Carbon 5 with the new UM API
design. We would need someone to get started on this...
Thanks regards,
-Prabath
On Tue, Jul 14, 2015 at 3:08 AM, Afkham Azeez az...@wso2.com wrote:
Hi Prabath,
What do you think about $subject? Can we ditch the
It looks like still there are some confusions regarding IS workflow
implementation. So, thought of sharing my thoughts on the design - and
hopefully this be helpful to clear out the doubts.
AFAIK - the framework for the following is already implemented.
Basic design principals.
1. Simplicity.
BTW yes - lets have a discussion on this again - because this is not just
IS thing - and can be used by any other product which needs to have
workflow support..
Thanks regards,
-Prabath
On Tue, Jul 14, 2015 at 1:07 PM, Prabath Siriwardena prab...@wso2.com
wrote:
Hi Suemdha,
We discussed
.
-
*Isabelle Mauny*
VP, Product Management - WSO2, Inc. - http://wso2.com/
On Tue, Jul 14, 2015 at 6:22 PM, Prabath Siriwardena prab...@wso2.com
wrote:
It looks like still there are some confusions regarding
PM, Sumedha Rubasinghe sume...@wso2.com
wrote:
Prabath,
I think this has some overlaps and improvements compared to what we have
done for API Manager about 2 years ago.
Let's have a discussion on how to bring best of both worlds.
On Wed, Jul 15, 2015 at 12:49 AM, Prabath Siriwardena prab
to be compatible with
the corresponding workflow template...
Thanks regards,
-Prabath
Regards,
Chathura
On Wed, Jul 15, 2015 at 1:42 AM, Prabath Siriwardena prab...@wso2.com
wrote:
BTW yes - lets have a discussion on this again - because this is not just
IS thing - and can be used by any other
I think one common problem we need to address is to deploy service
providers/ identity providers across tenants...
If we use a file based approach - we should only use that. Do we have the
registry-based dep-sync working now..?
Also -1 to do any of the changes to 5.1.0 - its already months
Hi Chathura,
I guess both your use cases fall into them same.
Both of the scenarios need authentication.
The first scenario differs from the second based on the person who
generates the token.
In the first scenario - the one who logs into the App Manager - pushes the
download link to a set of
, either we have to design
workflows without having any dependencies among tasks or we should support
restrictions on workflow templates (e.g. if task B is included then task A
has to be included).
Regards,
Chathura
On Wed, Jul 15, 2015 at 1:42 AM, Prabath Siriwardena prab...@wso2.com
wrote
Hi Nuwan,
Yes.. I was referring to the inbound traffic...
BTW do you see a real use for this outbound with Digest Auth..? I have not
seen many systems using this..
Thanks & regards,
-Prabath
On Thu, Sep 3, 2015 at 4:58 AM, Nuwan Dias wrote:
> Hi Prabath,
>
> You're referring
I guess the question here is related to deleting a workflow request itself
- and as if I understood correctly from your description at the moment its
user based. Only the user who initiate the workflow request can delete it ?
This looks like a limitation.. Nandika/Chathura, WDYT..?
Thanks &
How about a scenario where BPS running with worker/manager separation..? In
that case we deploy it to the management node and in runtime requests go
through the worker nodes...
Thanks & regards,
-Prabath
On Tue, Sep 22, 2015 at 11:13 PM, Harsha Thirimanna
wrote:
> Hi All,
>
On Mon, Sep 21, 2015 at 8:44 PM, Rajith Vitharana <raji...@wso2.com> wrote:
> Hi Prabath,
>
> Sorry I missed the mail, yes it would be great if we can talk about this
> further.
>
>
>
> On Tue, Sep 22, 2015 at 1:54 AM, Prabath Siriwardena <prab...@wso2.c
+1
Thanks & regards,
-Prabath
On Mon, Sep 21, 2015 at 8:46 PM, Ishara Karunarathna <isha...@wso2.com>
wrote:
> Hi Prabath,
>
> On Mon, Sep 21, 2015 at 8:25 PM, Prabath Siriwardena <prab...@wso2.com>
> wrote:
>
>>
>>
>> On Mon, Sep 21, 2015 a
On Mon, Sep 21, 2015 at 12:49 AM, Ishara Karunarathna <isha...@wso2.com>
wrote:
> Hi Prabath,
>
> On Mon, Sep 21, 2015 at 12:09 PM, Prabath Siriwardena <prab...@wso2.com>
> wrote:
>
>> It looks like from the architecture, whether its a dumb or smart is a
&
At the moment you can write custom authenticators and plug that into the
system - and it would be specific endpoint to the service provider.
But, the challenge adding SP specific configurations - at the moment the IS
Service Provider does not pick custom inbound authenticator configurations.
I
If I understand your requirement correctly, this is about a federation
scenario, where users are not under the domain of DSS.
I guess we need to fix couple of things here..
When I last looked into DSS - the way the DSS picks the username is from
the UT header - and the DS must be secured with UT
This seems to be a common requirement and its better to provide an
optimized operation for this.. even at the REST API level ? Do we have one
in SCIM?
During the user sign up process - people need to see whether the username
is picked by the user is available before asking for the details..
But.. this is returning back the whole user object...?
Thanks & regards,
-Prabath
On Wed, Feb 1, 2017 at 2:41 AM, Gayan Gunawardana <ga...@wso2.com> wrote:
> Hi Prabath,
>
> On Wed, Feb 1, 2017 at 1:47 AM, Prabath Siriwardena <prab...@wso2.com>
> wrote:
&g
Hi Isura,
Please find my comment inline...
On Fri, Jan 20, 2017 at 2:02 AM, Isura Karunaratne wrote:
> Hi all,
>
>
> We are working on implementing account lock/disable features for IS 6.0.0.
>
> *Account Lock: *
>
>- User *must not *be able to login to the system.
>-
Yes.. +1 for keeping this feature...
Thanks & regards,
-Prabath
On Wed, Jan 18, 2017 at 10:05 PM, Johann Nallathamby
wrote:
>
>
> On Thu, Jan 19, 2017 at 10:42 AM, Isura Karunaratne
> wrote:
>
>> Hi,
>>
>> In my opinion, admin defined security questions are
Thanks for sharing! Will go through this...
Thanks & regards,
-Prabath
On Wed, Mar 8, 2017 at 9:28 PM, Srinath Perera wrote:
> Found from https://www.oreilly.com/ideas/building-machine-
> learning-solutions-that-can-withstand-adversarial-attacks
>
> Look very interesting
>
>
+1 for issuer - but please plan this post IS 6.0.0
Thanks & regards,
-Prabath
On Tue, Mar 7, 2017 at 11:16 AM, Johann Nallathamby wrote:
>
>
> On Tue, Mar 7, 2017 at 2:12 PM, Ishara Karunarathna
> wrote:
>
>> Hi Johan,
>>
>>
>>
>> On Mon, Feb 27, 2017 at
At the moment we can't delete an identity provider, if its associated with
one or more service providers.
Also - for the user there is no way to find out the associated service
providers for a given identity provider - without going through each and
every service provider config.
This is fine
ussion[1] related this for SAML bearer grant earlier as
> well. I think we could consider that improvement along with this fix.
>
> WDYT?
>
>
> [1] [Dev] Validate user against given user store and save correct user
> domain in saml2-bearer grant type
>
> On Wednesday, May 17,
On Thu, May 18, 2017 at 12:09 AM, Ishara Karunarathna <isha...@wso2.com>
wrote:
> Hi,
>
> On Wed, May 17, 2017 at 10:14 PM, Prabath Siriwardena <prab...@wso2.com>
> wrote:
>
>> At the moment we can't delete an identity provider, if its associated
>> with on
1 - 100 of 118 matches
Mail list logo