[Architecture] [C5][IS] Artifact (SP/IDP) Development UX and Deployment in IS 6.0.0

ch DB vendors. What would be the best approach for this ? thanks *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/h

Re: [Architecture] [C5][IS] Artifact (SP/IDP) Development UX and Deployment in IS 6.0.0

On Thu, Mar 30, 2017 at 12:56 PM, Harsha Thirimanna wrote: > Hi All, > > Since we have almost finished a few milestones in IS 6.0.0, we thought of > discussing some points regarding the deployment of different portal and the > development experience around this. > > We ha

Re: [Architecture] [APIM] [C5] Single sign on support in API Manager 3.0

On Apr 1, 2017 10:37 PM, "Farasath Ahamed" wrote: On Sat, Apr 1, 2017 at 11:27 AM, Bhathiya Jayasekara wrote: > > > On Sat, Apr 1, 2017 at 1:39 AM, Farasath Ahamed > wrote: > >> >> >> On Thursday, March 30, 2017, Sajith Kariyawasam wrote: >> >>> >>> When discussing about possible ways of

Re: [Architecture] Having separate keystore (private key) for each token signing in WSO2IS

On Thu, Apr 20, 2017 at 7:02 PM, Asela Pathberiya wrote: > > > On Thu, Apr 20, 2017 at 6:46 PM, Johann Nallathamby > wrote: > >> >> >> On Thu, Apr 20, 2017 at 3:27 PM, Asela Pathberiya wrote: >> >>> >>> >>> On Tue, Apr 18, 2017 at 11:51 AM, Asela Pathberiya >>> wrote: >>> On Mon

Re: [Architecture] Configure token expiry time based on the Service provider (APIM application)

On 21 Apr 2017 3:35 p.m., "Asela Pathberiya" wrote: Hi IS/APIM team, Is $subject in our roadmap ? We will add this to the roadmap. This seems to be a required features. Different applications may need the different user token expiry time based on their security level. Yes, it seems the ap

Re: [Architecture] [C5] [APIM] Frnot End scope validation

On 21 Apr 2017 5:27 p.m., "Asela Pathberiya" wrote: On Fri, Apr 21, 2017 at 4:46 PM, Ishara Cooray wrote: > Hi Asela, > > What is reason for using scopes for authorization.. ? Can't we use policy > based approach such as XACML ? > > Default authentication and authorization protocol we use is

Re: [Architecture] [C5] [APIM] Frnot End scope validation

as well.​ Now we have JSON based RestAPI for XACML within IS as well. Yes I agree that OAuth 2 story is bit simple rather than using XACML. But anyway, you guys have to maintain the mapping somehow and as you said, it is also not such complicated to that. > Thanks, > NuwanD. > > On

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Tue, Apr 25, 2017 at 12:38 PM, Nuwan Dias wrote: > Hi Gayan, > > What are you trying to achieve by moving the client-secret validation > logic to the interceptor from the jax-rs layer? > ​Actually, we have separate layer to pass the secured API in IS and it is common service that can be used

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Tue, Apr 25, 2017 at 2:00 PM, Asela Pathberiya wrote: > > > On Tue, Apr 25, 2017 at 12:44 PM, Harsha Thirimanna > wrote: > >> >> On Tue, Apr 25, 2017 at 12:38 PM, Nuwan Dias wrote: >> >>> Hi Gayan, >>> >>> What are you trying to

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Tue, Apr 25, 2017 at 3:04 PM, Asela Pathberiya wrote: > > > On Tue, Apr 25, 2017 at 2:52 PM, Harsha Thirimanna > wrote: > >> >> On Tue, Apr 25, 2017 at 2:00 PM, Asela Pathberiya wrote: >> >>> >>> >>> On Tue, Apr 25, 2017 at 12:44

Re: [Architecture] Validate Authorization headers for Oauth endpoints

On Wed, Apr 26, 2017 at 9:07 AM, Asela Pathberiya wrote: > > > On Tue, Apr 25, 2017 at 3:34 PM, Harsha Thirimanna > wrote: > >> >> >> On Tue, Apr 25, 2017 at 3:04 PM, Asela Pathberiya wrote: >> >>> >>> >>> On Tue, Apr 25, 2017 a

Re: [Architecture] Force Delete Identity Providers

On Wed, May 17, 2017 at 9:44 AM, Prabath Siriwardena wrote: > At the moment we can't delete an identity provider, if its associated with > one or more service providers. > > Also - for the user there is no way to find out the associated service > providers for a given identity provider - without

[Architecture] Some meta data for user attributes

this information based on the feature. But as a generally, each attribute value can have some meta data like created time, last update time. So we can identify the important meta data and add those as columns to the user attribute table. Or any other approach to do this ? WDYT ? thanks *Harsha Thiri

Re: [Architecture] How valid is sending TOTP code to email? How about sending it over SMS?

On 18 Jul 2017 10:14 am, "Johann Nallathamby" wrote: Hi All, Usually we send long lived codes to email and short lived codes to SMS. Because opening email client and checking the code may take time, depending on whether user has to log in to his email account, use 2FA for his email, etc. The TOT

Re: [Architecture] Cross Protocol Single Logout

On Mon, Aug 14, 2017 at 6:37 PM, Piraveena Paralogarajah wrote: > Hi Maninda, > > In OpenID Connect, there are three ways for SLO. > >1. OIDC Session management (see spec >) >2. OIDC Front-channel logout (see spec >

Re: [Architecture] Securing Product Apis and Product artifacts

We had same kind of implementation in C4 by using tomcat valve instead of filters. May not be same pattern what we expect here.[1] [1] http://harshathirimanna.blogspot.com/2016/11/ authentication-authorization-common.html And as I remember we did that to C5 as well by Ruwan using C4 implementatio

Re: [Architecture] Cross Protocol Single Logout

On Tue, Aug 15, 2017 at 1:22 PM, Johann Nallathamby wrote: > > > On Mon, Aug 14, 2017 at 11:56 PM, Malithi Edirisinghe > wrote: > >> >> >> On Mon, Aug 14, 2017 at 10:27 PM, Harsha Thirimanna >> wrote: >> >>> >>> >>> On Mo

Re: [Architecture] UMA 2.0 support for WSO2 Identity server

On Thu, Aug 31, 2017 at 8:08 PM, Isuri Anuradha wrote: > Hi all, > > UMA 2.0 is a new federated authorization standard protocol approved by the > Kantara Initiative[1]. It is built on top of OAuth 2.0. UMA 2.0 enables > clients to access protected resources which are owned by a resource owner > w

Re: [Architecture] [IAM] Can we have exclusive permission to login to user portal?

On Fri, Sep 1, 2017 at 12:55 AM, Johann Nallathamby wrote: > IAM Team, > > Currently we don't have a exclusive permission to login to the user > portal; we use "/permission/admin/login". I think we need to have a > dedicated permission for that. Why? > > 1. No way to allow users to login to user

Re: [Architecture] Moving the system properties from wso2server.sh to the carbon.properties

Are we talking about C5 based products ? Because I feel like we are already in last few releases in C4 based products, right ? If it is true, then why we need such a imporovement ? I am just asking to get to know the context . Sorry for the interruption to the thread,☺️ On 16 Feb 2018 5:35 pm, "

Re: [Architecture] Embedding Identity Anonymization Tool with Identity Server

Hi Jayanga, Could you pleaae provide bit more information about the architecture around this with how it use ? On 15 Feb 2018 9:44 pm, "Jayanga Kaushalya" wrote: Hi all, We have embedded the identity-anonymization-tool[1] with product-is[2] which will be available with IS 5.5.0-alpha release. B

Re: [Architecture] Using REST APIs with Carbon console.

On 13 Feb 2018 2:49 pm, "Menaka Jayawardena" wrote: Hi all, I'm working on implementing the Retryable Outbound Provisioning for Identity Server. I have completed the backend implementation and now working on developing the UI. As per our initial discussion, the new UI was planned to be added to

Re: [Architecture] Using REST APIs with Carbon console.

a Karunaratne wrote: > >> >> >> On Mon, Feb 19, 2018 at 7:46 AM, Harsha Thirimanna >> wrote: >> >>> >>> >>> On 13 Feb 2018 2:49 pm, "Menaka Jayawardena" wrote: >>> >>> Hi all, >>> >>>

Re: [Architecture] Configure token expiry time based on the Service provider (APIM application)

in the product. User Access Token Application Access Token Refresh Token https://docs.wso2.com/display/IS540/Configuring+Inbound+Authentication+for+a+Service+Provider ​ > > Thanks. > > On Tue, Apr 25, 2017 at 12:48 AM, Sanjeewa Malalgoda > wrote: > >> >> >>

Re: [Architecture] [IAM] eIDAS profile support for SAML

On Mon, 12 Mar 2018, 13:48 Johann Nallathamby, wrote: > > > On Mon, Mar 12, 2018 at 10:58 AM, Indunil Upeksha Rathnayake < > indu...@wso2.com> wrote: > >> Hi, >> >> In order to support eIDAS profile in IS, as per the 4 eIDAS >> specifications in [1], there are a set of requirements to be consider

[Architecture] [IS] Consistent behavior for the unique identifier of the SP in different protocols

by the client Don't we make this consistent in protocol independently ? If we can allow to auto generate the SAML issuer if the client doesn't provide it and make that issuer unique across the tenant, then the behavior is consistent. WDYT ? *Harsha Thirimanna* *Associate Tech Lead | WS

Re: [Architecture] [IS] User Challenge question Internationalization

forward to architecture...​ *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannlinked-in: *

Re: [Architecture] [IS] User Challenge question Internationalization

we have multi-languages, right ? So finally, it is like very generic requirement that can be used across the platform as well. *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter:

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

eployments of a particular native or web application. *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirim

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

On Fri, Jun 3, 2016 at 11:51 AM, Farasath Ahamed wrote: > compromised ​Yes, It is like when the user wants to change the user name also with or without changing the password.​ So in that case we have to create new account instead of letting to change user name. *Harsha Thirima

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

ration-1_0.html#RegistrationResponse *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannli

Re: [Architecture] [IS] Support for Google reCaptha

Any plan to support *CAPTCHA *in IS without having internet connection ? Because previous version of *CAPTCHA* is OOB service and now we are going to use google service. Do we have way to install google service plugin or something in offline within product ? *Harsha Thirimanna* Associate Tech

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

c - or in other words a given app should > be able to use the authentication option of its choice. We can still use > client id as the app identifier... > > Thanks! > > > On Sunday, June 5, 2016, Harsha Thirimanna wrote: > >> Hi Prabath/Johan, >> Do we allow to

Re: [Architecture] Identity Management Recovery API improvements.

Hi Isura, Any detail about the error response with relevant error codes ? *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afk

[Architecture] [Dev][IS] Improvements in handling incorrect login attempts

ability to resend the confirmation code to the registered email address. Your comments and suggestions are highly appreciated. thanks *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *t

[Architecture] [IS] DCR implementation

even though those are not belong to this context or not. If it is, then we can write it in generic way and front to the each rest api separately. In this case we have to think about the authorization model as well. ​[1] https://tools.ietf.org/html/rfc7591​ ​[2] https://tools.ietf.org/html/rfc7592​

Re: [Architecture] [Dev][IS] Improvements in handling incorrect login attempts

Hi Chamila, In current implementation of the locking account because of reaching max attempts, we are sending a mail, right ? What we expect from that mail ? Shall we add this unlock link within that mail too. thanks *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <h

Re: [Architecture] [IS] DCR implementation

t;> except Harsha didn't port the authentication piece yet, because we decided >>> it needs to be externalized from the DCR implementation. >>> >>> Check mail thread [2] also for related discussion. >>> [2] Decoupling client_id/client_secret based OAuth

Re: [Architecture] [IS] DCR implementation

on. >> [2] Decoupling client_id/client_secret based OAuth 2.0 client >> authentication from the token endpoint >> >> >>> >>> Thanks, >>> Farasath Ahamed >>> Software Engineer, >>> WSO2 Inc.; http://wso2.com >>> lean.enterpri

Re: [Architecture] [IS] DCR implementation

Hi Geesara, Yes, we already know these gaps, but actually we followed the specifications that was mentioned in the first comment of the mail [1][2]. Why you are not following these public specifications for DCR and DCR Management ? Are there any specific reason for that ? *Harsha Thirimanna

Re: [Architecture] [Dev] Force Password Reset and Password History validation

Hi Isura, I have one concern , please read the inline comments. On Mon, Jun 20, 2016 at 10:52 AM, Isura Karunaratne wrote: > HI all, > > I am working on $subject for WSO2 Identity Sever 5.3.0 release. Following > are the currently identified improvements, > > >- Password History - > > Last

Re: [Architecture] [Dev] Force Password Reset and Password History validation

Hi Kasun, User has a password recovery option to do that. No need to do that by admin. Please make me correct if I am wrong. On Jun 20, 2016 11:41 AM, "Kasun Bandara" wrote: > Hi Harsha, > > On Mon, Jun 20, 2016 at 11:27 AM, Harsha Thirimanna > wrote: > >> Hi

Re: [Architecture] [Dev][IS] Improvements in handling incorrect login attempts

Hi Prabath, For now these features are by Tenant. we will concern about these other aspect as well, discuss with the team and get back the details to this thread. thanks. *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@ws

Re: [Architecture] Identity Recovery Rest APIs

Hi Snajeewa, This was already reviewed by Joseph and but still we would like to do this with you as well, because we need solid one finally. *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5

[Architecture] [Dev] WSO2 Identity Server 5.3.0 Milestone 4 Released..!!

ve <http://wso2.org/mailarchive/dev/> - User forum : StackOverflow <http://stackoverflow.com/questions/tagged/wso2is> Reporting Issues We encourage you to report issues, improvements and feature requests regarding WSO2 Identity Server through public WSO2 Identity Server JIRA https://wso2.org/jir

[Architecture] [IS] Proposing New Design for Inbound, Local and Outbound authentication framework

this model. [2] https://wso2.org/jira/browse/IDENTITY-3391 We highly appreciate your thoughts to improve this model. *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Li

Re: [Architecture] Ldap Connector for Carbon 5 User Core

I think, it would be better to finalized which is the third party framework that we can use before to all. Because in C5 extended user core also want to implement one of connector using either current one or third-party library. *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2

Re: [Architecture] Common Extension Framework for IS Authenticators

This is kind of dynamic sequence bases on different factors like per user , per group , right ? Do you guys have concrete plan for this ? Then shall we discuss this design before jump to the code ? *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog

Re: [Architecture] [IS] Authorization for Service Providers

​Within the tenant story, when the SP is enable SAAS, is that possible to use logged in user's tenant specific XACML policy to use as authorization policy in above framework instead of using SP's tenant XACML policy ? ​ *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@ws

Re: [Architecture] [IS] Authorization for Service Providers

I think , it doesn't matter to hit the authorization handler each time, if we can keep the status as user 'authorized' as same as we keep user 'authenticated' in each steps. *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob

Re: [Architecture] [IS] Authorization for Service Providers

So, can't we keep the status 'authorized' with the SP name as well. *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.l

Re: [Architecture] [IS] Authorization for Service Providers

As in sequence diagram, we can't do that, and actually do we need that level ? *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in:

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

may have to check other REST APIs whether those are rely on any other secure mechanism. @Isura, Can you please confirm in identity management REST API like inforecovery ? @Ayesha, Ishara already test the DCR and you can fix that removing user in payload, apply this and test. *Harsha Thirimanna

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Moving to DEV... *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://wso2.

Re: [Architecture] Defining specific custom exceptions for API Manager C5

more generic way. WDYT ? *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/ harsha-thirimanna/10/ab8/122 <http://wso2.

Re: [Architecture] Defining specific custom exceptions for API Manager C5

component at least. Am I wrong here ? *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122

Re: [Architecture] Defining specific custom exceptions for API Manager C5

ly. This should be > defined by the individual component developers. > ​Agree.​ > > On 20 October 2016 at 15:34, Harsha Thirimanna wrote: > >> Yes, my concern was , even though we identified the exception clearly, >> that exception also can be thrown because of diff

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

Yes , we can secure whatever REST API that is exposed within IS. *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub

Re: [Architecture] [IS] What are the REST APIs in WSO2IS-5.3.0 that need to be secured?

​Here is the git repo for the authentication layer https://github.com/wso2-extensions/identity-carbon-auth-rest​ *Harsha Thirimanna* Associate Tech Lead | WSO2 Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann

Re: [Architecture] Grouping Identity server configurations.

On Oct 16, 2016 11:37 AM, "Ishara Karunarathna" wrote: > > Hi All, > > With the current IS implementation We have individual SP configurations and we associate authentication chains, claim, provisioning configurations etc.. to that service provider configuration. > As a improvement to this we can

Re: [Architecture] Identity Server 5.3.0 New Feature - Prompt for missing predefined user attributes in the authentication flow

After , the use get authenticated and try to login to same sp by using different tab also we may have to prompt the input screen because there may be additional claims will be added around this. So in that case even though the sequence config is completed, do we call the *handlePostAuthentication*

Re: [Architecture] Common Extension Framework for IS Authenticators

etting generic >>> methods (Utils) to a common module. Nothing more. >>> >>> Dynamic sequence is something that should be supported from IS product >>> framework in the future. >>> >>> On Fri, Oct 7, 2016 at 10:06 PM, Harsha Thirimanna >&g

[Architecture] XACML policy store based on file system.

Hi All, In C4, we have stored the XACML policies in registry as resources and maintained some meta data for each policy. But in C5 , we were thinking to keep these files in file system as it is as a deployment artifact for the user and load it in to the memory when the server get start or on deman

Re: [Architecture] [C5] Different user profiles for different domains

On Tuesday, November 22, 2016, Ishara Karunarathna wrote: > Hi All, > > On Tue, Nov 22, 2016 at 9:42 AM, Johann Nallathamby > wrote: > >> Guys, why is this not in architecture@? How is this discussion suitable >> for engineering-group@? >> >> On Tue, Nov

Re: [Architecture] Moving XACML to C5

On Dec 6, 2016 3:19 AM, "Prabath Siriwardana" wrote: On Thu, Dec 1, 2016 at 12:08 AM, Senthalan Kanagalingam wrote: > ​When moving XACML from C4 to C5, we have concerned following key aspect > to change and improve. > > 1. Remove multi tenancy from ​entitlement engine. > > In C4, we have tigh

Re: [Architecture] Shall we support SessionDataKey in a Cookie in addition to Query Parameter?

Yes, we can support both because it is pluggable to identify the state with the callback handlers in new framework model in C5. We will consider this as well. Are we going to do this for 5.3.0 as well ? *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770

Re: [Architecture] [APIM][C5] Workflow Implementation

to make it more nice to use to across the platform. And it is not coupled with identity repos and can be easily port to the C5 as well. Since it was ab initial version, there may be some limitation that we can improve with this. *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2

[Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

be the advantages of having multiple outbound authenticator for one IDP config ? WDYT ? *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770 <+94%2071%20518%206770> Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathi

Re: [Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

application which used Identity Server with SAML 2.0 > web sso (which requires inbound saml config) also need to get access tokens > (which requires inbound oauth config). > > > Thanks, > > On Tue, Feb 7, 2017 at 2:07 PM, Harsha Thirimanna > wrote: > >> Hi

Re: [Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

uth flow. Same SP application which used Identity Server with SAML 2.0 >>> web sso (which requires inbound saml config) also need to get access tokens >>> (which requires inbound oauth config). >>> >>> >> This seems to be valid as of the current architecture w

[Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

d the sample sp file, sample idp file and resident idp file with this, it would be great if i can get more feedbacks about this. thanks *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitte

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

On Thu, Feb 9, 2017 at 12:32 AM, Darshana Gunawardana wrote: > +1 for this approach in general... > > On Thu, Feb 9, 2017 at 12:04 AM, Harsha Thirimanna > wrote: > >> Hi All, >> >> Since we are moving to file base deployment for sp/idp, we have to create >&

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

; Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > On Wed, Feb 8, 2017 at 11:02 AM, Darshana Gunawardana > wrote: > >> +1 for this approach in general... >> >> On Thu, Feb 9, 2017

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

adding Hasintha... *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://wso2.

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

Hi Ishara, thanks for the feedback, On Wed, Feb 15, 2017 at 10:49 PM, Ishara Karunarathna wrote: > Hi Harsha, > > On Thu, Feb 9, 2017 at 12:32 AM, Darshana Gunawardana > wrote: > >> +1 for this approach in general... >> >> On Thu, Feb 9, 2017 at 12:04 AM, Harsh

Re: [Architecture] [C5][IS] IS 6.0 SP/IDP configuration file restructuring

On Wed, Feb 15, 2017 at 10:54 PM, Ishara Karunarathna wrote: > > > On Thu, Feb 9, 2017 at 1:22 PM, Harsha Thirimanna > wrote: > >> >> >> On Thu, Feb 9, 2017 at 12:52 PM, Farasath Ahamed >> wrote: >> >>> In the sample.yaml Service Provider

Re: [Architecture] [C5] Metadata for deployable artifacts.

On Thu, Mar 2, 2017 at 5:21 PM, Harsha Thirimanna wrote: > Hi Nuwan, > > We have several use cases for this as per artifacts, > > 1. XACML policy - Each XACML policy contain its own metadata like created > details, active states, policy order. > 2. Service Provider - We

Re: [Architecture] [C5] Metadata for deployable artifacts.

think of it in the context of the product and what is the best way to >> maintain that data. In general, storing such metadata in your own product >> specific DB works. >> >> On Thu, Mar 2, 2017 at 5:21 PM, Harsha Thirimanna >> wrote: >> >> Hi Nuwan, >>

Re: [Architecture] [C5] Metadata for deployable artifacts.

Hi Imesh, We store SP/IDP in file system only. For now we don't use metadata for gateway and when we add appmanager feature to IS, we have to have some way to keep that data. We still looking best option for that to do in next releases. As Nuwan said, they store that in DB. *Harsha Thiri

[Architecture] [C5][IS] Get claims from User object when it is get from cache.

serId; private String domainName; private String state; private transient IdentityStore identityStore; thanks *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathir

Re: [Architecture] [C5][IS] Get claims from User object when it is get from cache.

t the claims by using RealmService again. *Harsha Thirimanna* *Associate Tech Lead | WSO2* Email: hars...@wso2.com Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 &

Re: [Architecture] [C5][IS] Get claims from User object when it is get from cache.

) to restore the IdentityStore as Johan suggested. To that we can provide RealmService by using a ServiceHolder directly within our own component. ​ > >> Thanks! >> >> *Jayanga Kaushalya* >> Software Engineer >> Mobile: +94777860160 <+94%2077%20786%200160>

Re: [Architecture] [C5][IS] Get claims from User object when it is get from cache.

On Sun, Mar 12, 2017 at 8:42 AM, Harsha Thirimanna wrote: > > > On Sat, Mar 11, 2017 at 11:46 PM, Johann Nallathamby > wrote: > >> Why can't we simply re-initialize the User object with the correct >> identity store when it is deserialized, using the >> ​

Re: [Architecture] [C5][IS] Get claims from User object when it is get from cache.

On Sun, Mar 12, 2017 at 11:23 AM, Johann Nallathamby wrote: > > > On Sun, Mar 12, 2017 at 10:48 AM, Harsha Thirimanna > wrote: > >> On Sun, Mar 12, 2017 at 8:42 AM, Harsha Thirimanna >> wrote: >> >>> >>> >>> On Sat, Mar 11, 2017 at 11

Re: [Architecture] [C5][IS] Get claims from User object when it is get from cache.

Hi Thanuja/Ishara, We need to finalize this because of we are going to release a milestone this week. I have sent a PR [1]. Please confirm this fix or otherwise we have to go the one i suggested in first comment. [1] https://github.com/wso2/carbon-identity-mgt/pull/160 *Harsha Thirimanna

[Architecture] [C5][IS] Authentication Failures handle in two different way in User Core API

*. Don't we need to make consistent for both cases ? Any special reason to do this ? public AuthenticationContext authenticate(Claim claim, Callback[] credentials, String domainName) throws AuthenticationFailure, IdentityStoreException { *Harsha Thirimanna* *Associate

Re: [Architecture] [C5][IS] Authentication Failures handle in two different way in User Core API

ot; wrote: Hi, On Sun, Mar 12, 2017 at 8:11 PM, Harsha Thirimanna wrote: > Hi, > > There is an implementation for authentication failure in two different way > by authenticate API in IdentityStore. > If the username is invalid or empty, then API throws an > *AuthenticationF

Re: [Architecture] [IS] Improvements to Claim Management

Hi Chanuka, When we create new dialect , are they any possibility to select user store ? Because user store variable is available with the current API and with that we can have user store specific claims. *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <h

Re: [Architecture] [IS] Email Internationalization feature for IS User recovery email templates

Hi, Is it valid use case of having locale as per tenant wise ? On May 20, 2015 2:26 PM, "Kasun Bandara" wrote: > > Hi all, > > I'm in the middle of introducing "Email Internationalization feature" for > existing User information recovery email sending templates in IS. > > With this feature, users

Re: [Architecture] [IS] Improvements to Claim Management

Hi Chanuka, Can we add meta data to put default value for a claim when we create a new claim ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/

[Architecture] [IS] Service Provider/Identity Provider file base configuration in clustered environment

eting from locally. To do that we have to create a config to allow , one specific node to do the update and others are not. All the config can be seen from the UI and allow to edit. WDYT ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email

Re: [Architecture] [IS] Service Provider/Identity Provider file base configuration in clustered environment

d approach - we should only use that. Do we have the > registry-based dep-sync working now..? > > Also -1 to do any of the changes to 5.1.0 - its already months late.. > > Thanks & regards, > -Prabath > > > On Mon, Jul 20, 2015 at 2:12 AM, Harsha Thirimanna > wrot

Re: [Architecture] [IS] Service Provider/Identity Provider file base configuration in clustered environment

Hi Amila, Thanks for the feedback and will concern about these when we achieve this. thanks *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/

Re: [Architecture] [IS][Workflow] Handling Delete Request Operation Associated with Workflows

that. @Nandika, is this correct approach to do that ? [1] peopleAssignments -> businessAdministrators *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twit

Re: [Architecture] [IS][Workflow] Handling Delete Request Operation Associated with Workflows

adding Hasitha *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannlinked-in: **http: <http://

Re: [Architecture] [IS][Workflow] Handling Delete Request Operation Associated with Workflows

s and call *HumanTaskClientAPIAdmin* from the IS to skip the workflow request. Thanks. *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitt

Re: [Architecture] [IS][Workflow] Handling Delete Request Operation Associated with Workflows

Hi Vinod, Thanks for doing this again and When you do this, please add the role as we did now and add an user that is reading from the request. Then there will be a role to add any user to get this rights except the user who initiated the request. *Harsha Thirimanna* Senior Software Engineer

[Architecture] [IS][Workflow] Two separate URL to deploy artifact and send request to BPS

ncern about http or https here ? Please advice us. *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshat

Re: [Architecture] [CARBON] Creating an archetype for a simple carbon component

We can add a sample service holder class also as a template in archetype to hold OSGi services that is consumed by this component. We may need to give a commented out code to show that usage and then anyone can follow that pattern. WDYT ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc

Re: [Architecture] Move away from XML to YAML config files

well document about the config files and its values ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **hars...@wso2.com* * cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathi

  1   2   >