On Wed, Mar 15, 2017 at 4:41 AM, Omindu Rathnaweera wrote:
>
> On Tue, Mar 14, 2017 at 8:25 PM, Sagara Gunathunga
> wrote:
>
>>
>> - Personally I don't like to duplicate self sign-up or any other feature
>> in two different places but I agree with the given justification about the
>> limitations
On Thu, Apr 20, 2017 at 3:27 PM, Asela Pathberiya wrote:
>
>
> On Tue, Apr 18, 2017 at 11:51 AM, Asela Pathberiya wrote:
>
>>
>>
>> On Mon, Apr 17, 2017 at 12:00 PM, Godwin Shrimal wrote:
>>
>>> +1 to have separate keystores for secure vault & token signing. Any
>>> reason/use case to have sepa
How about "/oauth2/introspect" endpoint?
On Wed, Apr 26, 2017 at 9:25 AM, Harsha Thirimanna wrote:
> On Wed, Apr 26, 2017 at 9:07 AM, Asela Pathberiya wrote:
>
>>
>>
>> On Tue, Apr 25, 2017 at 3:34 PM, Harsha Thirimanna
>> wrote:
>>
>>>
>>>
>>> On Tue, Apr 25, 2017 at 3:04 PM, Asela Pathberiya
On Thu, Jun 8, 2017 at 11:48 AM, Harsha Thirimanna wrote:
> Hi All,
>
> At the moment, we don't have some meta data for the user attributes. That
> may be important and very useful for some auditing.
>
> Example, if some one want to know when the user confirmed his email
> account, when it is loc
Hi All,
Currently the IdentityEventHandler architecture doesn't use any special
design technique to access/modify (identity and non-identity) claims. Also
each handler is self-contained and is expected to work independent from
other handlers. Both of these reasons are causing performance issues du
Hi Asela,
On Fri, Jul 14, 2017 at 9:34 AM, Asela Pathberiya wrote:
>
>
> On Fri, Jul 14, 2017 at 11:31 AM, Harsha Kumara wrote:
>
>> Hi All,
>>
>> This is regarding the behavior of Authentication flow between multiple
>> service providers.
>>
>> I have created two service providers with followi
gt; Hi Johan,
>
> On Fri, Jul 14, 2017 at 1:56 PM, Johann Nallathamby
> wrote:
>
>> Hi Asela,
>>
>> On Fri, Jul 14, 2017 at 9:34 AM, Asela Pathberiya wrote:
>>
>>>
>>>
>>> On Fri, Jul 14, 2017 at 11:31 AM, Harsha Kumara
>>> wrot
On Sat, Jul 15, 2017 at 5:55 AM Darshana Gunawardana
wrote:
> Hi Johann,
>
> On Fri, Jul 14, 2017 at 5:45 PM Johann Nallathamby
> wrote:
>
>> Can we change the implementation as follows:
>>
>> If user is going to login to application Y, which has steps 1 to *m
On Sat, Jul 15, 2017 at 5:55 AM Darshana Gunawardana
wrote:
> Hi Johann,
>
> On Fri, Jul 14, 2017 at 5:45 PM Johann Nallathamby
> wrote:
>
>> Can we change the implementation as follows:
>>
>> If user is going to login to application Y, which has steps 1 to *m
Hi All,
Usually we send long lived codes to email and short lived codes to SMS.
Because opening email client and checking the code may take time, depending
on whether user has to log in to his email account, use 2FA for his email,
etc. The TOTP code is short lived (90s). I think it's better to sen
On Thu, Aug 10, 2017 at 11:47 AM, Sugirjan Ragunaathan
wrote:
> Hi,
>
> Currently I’m working on a project 'Cross protocol single logout'. WSO2
> Identity Server provides Single LogOut over applications, participating on
> the same session over the same authentication protocol and Single SignOn
>
On Thu, Aug 10, 2017 at 2:52 PM, Malithi Edirisinghe
wrote:
>
>
> On Thu, Aug 10, 2017 at 12:28 PM, Johann Nallathamby
> wrote:
>
>>
>>
>> On Thu, Aug 10, 2017 at 11:47 AM, Sugirjan Ragunaathan > > wrote:
>>
>>> Hi,
>>>
>>>
On Mon, Aug 14, 2017 at 11:56 PM, Malithi Edirisinghe
wrote:
>
>
> On Mon, Aug 14, 2017 at 10:27 PM, Harsha Thirimanna
> wrote:
>
>>
>>
>> On Mon, Aug 14, 2017 at 6:37 PM, Piraveena Paralogarajah <
>> pirave...@wso2.com> wrote:
>>
>>> Hi Maninda,
>>>
>>> In OpenID Connect, there are three ways f
IAM Team,
Please note that the following JIRAs have not be fixed per se. According to
the comments they have been resolved as "cannot reproduce", "won't fix" or
"invalid". But the "Resolution" says "Fixed" which is incorrect. Can we
change this and make sure in future we strictly follow proper res
IAM Team,
Currently we don't have a exclusive permission to login to the user portal;
we use "/permission/admin/login". I think we need to have a dedicated
permission for that. Why?
1. No way to allow users to login to user portal but restrict users from
logging in to management console.
2. We c
ation for Identity Server 6
> with all the functional requirements.
>
> Project Repository [1]
> Documentation [2]
>
> I would like to thanks my mentors Johann Nallathamby, Malithi Edirisinghe,
> Kasun Gajasinghe who gave an immense support throughout the project by
> g
Hi Maheshika,
Can we have repo created for this project under wso2-incubator?
Name: "mss4j-ws-trust"
Regards,
Johann.
On Tue, Sep 5, 2017 at 11:59 AM, Johann Nallathamby wrote:
> Great job Isuranga over the past 3 months in completing this project!!
> Hope you had a great lea
Hi IAM Team,
The current keystore management functionalities of Carbon Server are
provided by the security-mgt bundle. The features include,
- Adding new key stores
- Adding/Removing certificates to key stores (including the carbon
server default key store)
For the admin user the UI dis
On Mon, Sep 11, 2017 at 11:28 AM, Dulanja Liyanage wrote:
>
>
> On Mon, Sep 11, 2017 at 11:20 AM, Ishara Karunarathna
> wrote:
>
>> HI,
>>
>> On Fri, Sep 1, 2017 at 12:55 AM, Johann Nallathamby
>> wrote:
>>
>>> IAM Team,
>>>
>
I think it should be the other way around. PII category is protocol
agnostic. So we shouldn't store scopes in this new schema Shan is
proposing. Instead PII category can be referenced along with the scopes, in
registry if that's where scopes are stored.
Regards,
Johann.
On Wed, Sep 20, 2017 at 9:
Hi IAM Team,
Currently we don't have $subject. What we have currently are two APIs.
1. RemoteAuthorizationManagerService.isUserAuthorized(user, resource,
action) - a SOAP API that evaluates the permission tree.
2. XACML3.0 Rest/JSON API - a Restful API which takes a JSON payload and
evaluates th
Hi Asela,
On Wed, Oct 4, 2017 at 7:38 PM, Asela Pathberiya wrote:
>
>
> On Sat, Sep 9, 2017 at 11:57 AM, Johann Nallathamby
> wrote:
>
>> Hi IAM Team,
>>
>> The current keystore management functionalities of Carbon Server are
>> provided by the se
On Thu, Oct 12, 2017 at 1:28 PM, Isuranga Perera
wrote:
> Hi IAM Team,
>
> Currently, there is no $subject. Therefore I'm looking at implementing a
> SCIM2 Outbound Connector. I'm looking at identity-outbound-provisioning-scim
> [1]
> and scim2-compliance-test-suite [2]. Appreciate further sugge
and
>>> subject-id as arguments and evaluates the permission tree.
>>>
>>> I will submit a PR as soon as possible.
>>>
>>> Best Regards
>>> Isuranga Perera
>>>
>>> On Wed, Oct 4, 2017 at 7:56 PM, Asela Pathberiya wrote:
>
e
> [2] https://github.com/HansageeSJ/scim-client
> [3] https://wso2.org/jira/browse/IDENTITY-5695
>
> Appreciate any suggestions.
>
>
> Best Regards
> Isuranga Perera
>
> On Fri, Oct 13, 2017 at 9:42 AM, Gayan Gunawardana wrote:
>
>>
>>
>> On Thu,
Hi APIM Team,
The API Security Handler is one of the key extension points and widely
implemented extension points of the API Gateway architecture. I want to
clarify if there are any limitations when implementing this extension point.
Expectation is if the API Security Handler has been extended t
gt;> ning-scim/blob/master/components/org.wso2.carbon.identity.sc
>>> im.common/src/main/java/org/wso2/carbon/identity/scim/common
>>> /impl/ProvisioningClient.java
>>>
>>> On Sun, Oct 15, 2017 at 11:16 PM, Gayan Gunawardana
>>> wrote:
>>>
>>
2017 at 9:35 PM, Johann Nallathamby
> wrote:
>
>> Hi APIM Team,
>>
>> The API Security Handler is one of the key extension points and widely
>> implemented extension points of the API Gateway architecture. I want to
>> clarify if there are any limit
Hi Sanjeewa,
On Mon, Oct 30, 2017 at 1:51 PM, Sanjeewa Malalgoda
wrote:
>
>
> On Sat, Oct 28, 2017 at 11:38 PM, Johann Nallathamby
> wrote:
>
>> Hi Sanjeewa,
>>
>> Thanks for the answers.
>>
>> So based on your answers seems like points 3 and 5
well,
but have failed to do so.
Regards,
Johann.
On Mon, Oct 16, 2017 at 2:21 PM, Johann Nallathamby wrote:
> Yes, I also think we need to take the approach of using the Swagger files
> and generate SDK because that is what standard Rest API world will be
> doing. We can find any iss
Hi Godwin,
On Tue, Nov 7, 2017 at 6:02 PM, Godwin Shrimal wrote:
> Hi Johan,
>
>
> On Tue, Nov 7, 2017 at 11:23 AM, Johann Nallathamby
> wrote:
>
>> Hi Maheshika,
>>
>> Can we have following 3 repos for this project under wso2-extensions
>>
Hi Godwin,
On Tue, Nov 7, 2017 at 7:51 PM, Godwin Shrimal wrote:
> Hi Johan,
>
>
> On Tue, Nov 7, 2017 at 7:33 PM, Johann Nallathamby
> wrote:
>
>> Hi Godwin,
>>
>> On Tue, Nov 7, 2017 at 7:11 PM, Godwin Shrimal wrote:
>>
>>> Hi Johann,
>
Godwin
>
>
> On Tue, Nov 7, 2017 at 6:40 PM, Johann Nallathamby
> wrote:
>
>> Hi Godwin,
>>
>> On Tue, Nov 7, 2017 at 6:02 PM, Godwin Shrimal wrote:
>>
>>> Hi Johan,
>>>
>>>
>>> On Tue, Nov 7, 2017 at 11:23 AM, Johann
The Public JIRA version still says Alpha-8 "unreleased". Can we fix this?
And if we are planning for Alpha-9 can we add that as new version?
Regards,
Johann.
On Fri, Nov 10, 2017 at 1:26 AM, Jayanga Kaushalya
wrote:
> The WSO2 Identity and Access Management team is pleased to announce the
> rel
Self contained JWT's may get quite large and if we set it as the default
size in the script, for users who are not using self contained JWT also it
is going to consume large space in the database.
Did we think about storing a hash of the access token?
On Fri, Nov 17, 2017 at 3:06 PM, Isura Karuna
Hi Farasath,
On Fri, Nov 17, 2017 at 5:35 PM, Farasath Ahamed wrote:
>
> On Fri, Nov 17, 2017 at 3:23 PM, Johann Nallathamby
> wrote:
>
>> Self contained JWT's may get quite large and if we set it as the default
>> size in the script, for users who are not usi
On Fri, Nov 17, 2017 at 6:39 PM, Malithi Edirisinghe
wrote:
>
>
> On Fri, Nov 17, 2017 at 6:12 PM, Johann Nallathamby
> wrote:
>
>> Hi Farasath,
>>
>> On Fri, Nov 17, 2017 at 5:35 PM, Farasath Ahamed
>> wrote:
>>
>>>
>>>
t;
>
>
>
> On Fri, Nov 17, 2017 at 6:48 PM, Johann Nallathamby
> wrote:
>
>>
>>
>> On Fri, Nov 17, 2017 at 6:39 PM, Malithi Edirisinghe
>> wrote:
>>
>>>
>>>
>>> On Fri, Nov 17, 2017 at 6:12 PM, Johann Nalla
hesh...@wso2.com> wrote:
>>
>>> Hi Azeez
>>>
>>> Please confirm.
>>>
>>> On Tue, Nov 7, 2017 at 11:23 AM, Johann Nallathamby
>>> wrote:
>>>
>>>> Hi Maheshika,
>>>>
>>>> Can we have following
;t we use Charon for that?
>>
>> Thanks
>> Isura.
>>
>> On Mon, Nov 20, 2017 at 3:04 PM, Afkham Azeez wrote:
>>
>>> What is the repo name?
>>>
>>> On Tue, Nov 7, 2017 at 1:06 PM, Maheshika Goonetilleke <
>>> mahesh...@wso2.c
Thanks a lot Maheshika.
Regards,
Johann.
On Thu, Nov 23, 2017 at 8:56 AM, Maheshika Goonetilleke
wrote:
> Hi Johann
>
> Created the two repos.
>
> On Tue, Nov 21, 2017 at 10:03 PM, Johann Nallathamby
> wrote:
>
>> We discussed and decided no need of the s
Hi Sugirjan,
First of all have you confirmed that without having this new mapping we
can't do forced single logout?
If so then what you are suggesting is fine as the first phase.
However as the next phase I would like to see that the session participants
are centralized in the authentication fra
Hi Indunil/Isura,
I have a general comment on this. Are we not planning to support this in
the UI at least in the public release? Because planning for backend only
IMO is not a good idea from previous experience because it will remain at
the same state for years. Don't want to go back there. And f
ITY-7062
>
> Thanks and Regards
>
> On Tue, Dec 5, 2017 at 10:56 AM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi,
>>
>> On Tue, Dec 5, 2017 at 9:03 AM, Johann Nallathamby
>> wrote:
>>
>>> Hi Indunil/Isura,
>&
Hi Indunil,
On Fri, Dec 15, 2017 at 9:02 AM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:
> Hi,
>
> At the time, a certificate is issued by a Certificate Authority (CA), it
> is expected to be in use for its entire validity period. However, various
> circumstances may cause a certificate
Hi Indunil,
On Fri, Dec 15, 2017 at 7:32 AM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:
> Hi,
>
> At the time, a certificate is issued by a Certificate Authority (CA), it
> is expected to be in use for its entire validity period. However, various
> circumstances may cause a certificate
Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<http://www.linkedin.com/in/johann-nallathamby>*
Medium: *https://medium.com/@johann_nallathamby
<https://medium.com/@johann_nallathamby>*
Twitte
O2 Inc.*
>> *Mobile : +94 (0) 77 18 77 466*
>> <http://wso2.com/signature>
>>
>
>
>
> --
>
> *Senthalan Kanagalingam*
> *Software Engineer - WSO2 Inc.*
> *Mobile : +94 (0) 77 18 77 466*
> <http://wso2.com/signature>
*[-IAM, RRT]*
On Mon, Jan 15, 2018 at 8:13 PM, Johann Nallathamby wrote:
> Hi Senthalan,
>
> Did you check [1]? In this feature *@Isuranga* implement XACML policy to
> evaluate the permission tree. For this he had to come up with a policy,
> that defined a custom function.
&
licy you are talking and
the role based scope validation we implemented in IS 5.4.0?
Time based policies can be one of the additional policy templates we ship.
Regards,
Johann.
>
> [1] - https://github.com/wso2-extensions/identity-application-authz-xacml
>
> Regards,
> Senthalan
>
>
story+Validation
>>>>>>>>
>>>>>>>> Thank you!
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> NadunD
>>>>>>>>
>>>>>>>> --
>>>>>
Silva*
>>>> Software Engineer | WSO2
>>>>
>>>> Email: nad...@wso2.com
>>>> Mobile: +94778222607 <077%20822%202607>
>>>> Web: http://wso2.com
>>>>
>>>> <http://wso2.com/signature>
>>>>
>>>
On Wed, Jan 17, 2018 at 12:43 PM, Nadun De Silva wrote:
> Hi Johann,
>
> On Tue, Jan 16, 2018 at 9:30 PM, Johann Nallathamby
> wrote:
>
>> Hi Nadun,
>>
>> On Tue, Jan 16, 2018 at 11:16 AM, Nadun De Silva wrote:
>>
>>> Hi,
>>>
&g
s(AbstractProtocol.java:637)
>>>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>>>>> (NioEndpoint.java:1775)
>>>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N
>>>
at the
> OP. The reference which is pointed from the url will consist the relevant
> jwt. The rationale behind returning claims will be same as the above in the
> request parameter.
>
> As we are planning to provide the implementation as a 5.3.0 WUM update the
> 'ac
WTRequests
>
>
> --
>
> Hasanthi Dissanayake
>
> Senior Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com <http://wso2.com/>
>
> ___
> Architecture mailing list
> Architecture
>"redirect_uri": "https://client.example.org/cb";,
>"scope": "openid",
>"state": "af0ifjsldkj",
>"nonce": "n-0S6_WzA2Mj",
>"max_age": 86400,
>"claims":
>
nfiguration*. I.e. requested claims in service provider configuration
must have at least 1 claim. Otherwise what will happen is for every service
provider we need to add all the OIDC claims if they are going to request
claims dynamically, using scopes or requested claims in the request. Do I
make sens
gt;
>> *@Johann* Thank you for the information. I was able to extend the
>> handler and listen to password change events.
>>
>> Now I am working on publishing data to IS Analytics using the
>> EventStreamService.
>>
>> I will keep the thread updated.
>>
Hi Farasath,
On Tue, Jan 23, 2018 at 12:13 PM, Farasath Ahamed
wrote:
>
>
> On Tuesday, January 23, 2018, Johann Nallathamby wrote:
>
>> Hi Hasanthi,
>>
>> On Tue, Jan 23, 2018 at 9:31 AM, Hasanthi Purnima Dissanayake <
>> hasan...@wso2.com> wro
>
> But there are problems in our WUM model when we do feature installation.
> We need to work on this too.
>
> Cheers,
> Ruwan
>
> On Tue, Jan 23, 2018 at 11:21 AM, Johann Nallathamby
> wrote:
>
>>
>>
>> On Tue, Jan 23, 2018 at 11:06 AM, Nadun De
> validated using JDBCScopeValidator and XACMLScopeValidator.
>> The JDBCScopeValidator was already implemented. The XACMLScopeValidator
>> will create an XACML request from access token and validate using
>> EntitlementService.
>>
>>
>> Thanks and Regards,
>&
Hi Hasanthi,
On Tue, Jan 23, 2018 at 10:59 AM, Johann Nallathamby
wrote:
> Hi Hasanthi,
>
> On Tue, Jan 23, 2018 at 9:31 AM, Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi Johann,
>>
>> Is there any instance in which IS will throw err
On Wed, Jan 24, 2018 at 2:12 PM, Farasath Ahamed wrote:
>
>
> On Tuesday, January 23, 2018, Johann Nallathamby wrote:
>
>> Hi Farasath,
>>
>> On Tue, Jan 23, 2018 at 12:13 PM, Farasath Ahamed
>> wrote:
>>
>>>
>>>
>>> On
ng scope values. "
>>
>> As I understand if the specific requested OIDC claim, is defined in the
>> OIDC dialect, the user has a value for that claim and s/he has approved
>> that claim for the RP, then we can send them to the RP, regardless of
>> whether it is defi
Hi Hasanthi,
On Thu, Jan 25, 2018 at 11:30 AM, Johann Nallathamby
wrote:
> Hi Hasanthi,
>
> On Wed, Jan 24, 2018 at 11:14 PM, Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi Johann,
>>
>> First of all apologies for the late reply :).
&g
t; Thanks,
>> Kanapriya
>>
>> Kanapriya Kuleswararajan
>> Software Engineer
>> Mobile : - 0774894438 <077%20489%204438>
>> Mail : - kanapr...@wso2.com
>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/
>> WSO2, Inc.
>> lean . en
On Wed, Feb 7, 2018 at 2:33 PM, Malithi Edirisinghe
wrote:
>
>
> On Wed, Feb 7, 2018 at 2:32 AM, Johann Nallathamby
> wrote:
>
>> It is in fact an inbound connector. So +1 to use the inbound framework
>> and write a InboundProcessor to process this request. This way
.org/html/draft-ietf-oauth-mtls-07#section-2.1
> [3] https://tools.ietf.org/html/rfc6749#section-2.2
>
> Thanks,
> Sathya
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
>
--
*Jo
dating
> certificate since it happens in the container level AFAIK. But we may need
> to call to CRL and OCSP endpoints and validate the certificate. Again this
> is an improvement and should be optional.
>
> On Wed, Feb 21, 2018 at 11:25 AM, Johann Nallathamby
> wrote:
>
>&
c.europa.eu/cefdigital/wiki/display/CEFDIGITAL/How+
> does+it+work+-+eIDAS+solution
> [2] https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/
> 2016/12/16/eIDAS+Technical+Specifications+v.+1.1
> [3] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
>
> T
nja Liyanage
>> wrote:
>>
>>> If extensions are coming in the SAML AuthnRequest from the SP, then,
>>> IIRC, that *same extension* will be copied to the AuthnRequest going to
>>> the Federated IdP. Is that behaviour acceptable for this scenario? Please
>
hank you!
>>>> --
>>>> *Pubudu Gunatilaka*
>>>> Committer and PMC Member - Apache Stratos
>>>> Senior Software Engineer
>>>> WSO2, Inc.: http://wso2.com
>>>> mobile : +94774078049 <%2B94772207163>
>>>>
>>>>
c.
>>
>> Phone: +94 71 350 5470
>> LinkedIn : https://lk.linkedin.com/in/menakajayawardena
>> Blog : https://menakamadushanka.wordpress.com/
>>
>>
>
>
> --
> Nuwan Dias
>
> Software Architect - WSO2, Inc. http://wso2.com
> ema
quirements in the horizon.
Others: Thoughts? What are your opinions on the two options?
Thanks & Regards,
Johann.
--
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallath
allathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<http://www.linkedin.com/in/johann-nallathamby>*
Medium: *https://medium.com/@johann_nallathamby
<https://medium.com/@jo
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<http://www.linkedin.com/in/johann-nallathamby>*
Medium: *https://medium.com/@johann_nallathamby
<https://me
Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
> Mobile: +94770198933
>
>
>
>
> <https://lk.linkedin.com/in/dinalidabarera>
>
>
>
>
>
>
>
>
>
>
&
On Wed, Jul 18, 2018 at 12:07 PM Farasath Ahamed wrote:
>
>
> On Wed, Jul 18, 2018 at 7:27 AM, Johann Nallathamby
> wrote:
>
>> Hi Dinali,
>>
>> *"IdP initiated SSO"* is something we already support between WSO2 IS
>> and service providers reg
t;>> [4] -
>>> https://github.com/dilee/carbon-identity-framework/tree/feature-oauth-public-client
>>>
>>> Regards.
>>> --
>>> *Dileesha Rajapakse*
>>> Software Engineer | WSO2 Inc.
>>> Mobile: +94 72555933
>>
nagalingam*
>> *Software Engineer - WSO2 Inc.*
>> *Mobile : +94 (0) 77 18 77 466*
>> <http://wso2.com/signature>
>>
>
>
> --
> Maduranga Siriwardena
> Senior Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
>
On Mon, Apr 25, 2016 at 11:23 PM, Geesara Prathap wrote:
> Hi All,
>
> *Use Case:*
>
> User login to IoTS and try to view one of his device types analytics. Then
> the user is redirected to device type analytics page which is in dashboard
> server(DS). Afterwards to retrieve data, gadget needs t
On Fri, May 6, 2016 at 12:09 AM, Prabath Siriwardana
wrote:
> Currently, we have a policy to lock the user account after n number of
> failed login attempts...
>
> Can we expand this to support following scenarios...
>
> 1. Lock the account - and unlock it after n number of munites
>
This is alr
Notes from a previous meeting on permission model.
*Current Permission Model*
1. Permissions in C4 are stored as hierarchical strings. E.g.
"/permission/admin/configure/users"
2. The permissions required for admin services are specified in
services.xml, at service level or operation level
3. Perm
ing like below.
>>
>> Permission name = topic name
>> Operations = publish, subscribe, browse, purge, delete .etc
>>
>> So we would like to create two permissions named 'sports' and
>> 'sports/cricket' and authorize using those. So we would no
On Mon, May 16, 2016 at 10:25 AM, Isura Karunaratne wrote:
> Hi,
>
> We are planning to expose recovery APIS in IS 5.3.0 as rest APIS. And
> also, we are trying to reduce the complexity and improve the performance in
> existing recovery java APIs as well.
>
> Currently, we have two ways of passwo
Hi Shariq,
Do we have any changes to the framework component? I don't think right? Its
just the custom grant extension and the JWT authenticator extension you
have written. In that case these can go to separate repo and be released as
extensions to IS. If so we can even get this working with IS 5.
Aren't we discussing about two requirements.
1. Allow to register applications with user given client id/secret
2. Allow the client id/secret to be changed.
While changing client id has complications highlighted above, (1) also has
some challenges. Currently we assume the client id is unique acros
On Thu, Jun 16, 2016 at 10:18 PM, Farasath Ahamed
wrote:
> Hi Harsha,
>
> When implementing User Managed Access 1.0 for WSO2 Identity Server, we
> implemented a valve similar to what you have proposed here. You can find
> the implemented tomcat valve here[1]. Since the endpoints implemented for
>
@Isura,
Can we use SCIM to implement self sign-up instead of introducing a new
self-sign up REST API? Can we extend the SCIM API to support the options we
need for the two self sign-up scenarios Malithi has mentioned in her
initial mail?
I think if it's possible we should go for it. If the restri
trol problem and can be fixed by
changing the way the SCIM handlers for authentication and authorization are
implemented.
Thanks,
Johann.
>
>-
>
>
> Thanks
> Isura
>
> On Sat, Jun 25, 2016 at 1:53 AM, Johann Nallathamby
> wrote:
>
>> @Isura,
>>
>> Can w
ly relate to the claim profile concept we
>> discussed before.
>>
>> 15. When we support for multiple attribute providers (or stores) - a
>> given user's attributes can come from different attribute stores. At the
>> moment we assume user attributes are coming o
Why are we not giving a UI based configuration? This should be a
multi-tenanted configuration right?
On Thu, Jul 14, 2016 at 3:17 PM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi Isura,
>
> Yes when we mark 'all' in the xml for scope 'openid' it behaves as the
> previous way. We
Hi Suho,
On Mon, Jul 18, 2016 at 11:44 PM, Sriskandarajah Suhothayan
wrote:
> Hi
>
> Based on the request of IS team we have recently added support for loading
> template files from the registry.
> I think with this feature we can do the mapping at Event Publisher side,
> then IS can send only t
On Fri, Jul 22, 2016 at 7:58 AM, Sriskandarajah Suhothayan
wrote:
>
>
> On Fri, Jul 22, 2016 at 12:00 PM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi,
>>
>> Please find the meeting notes in [1]. I have following considerations
>> regarding the improvements we have discussed.
On Fri, Jul 22, 2016 at 8:33 AM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:
> Hi,
>
> On Fri, Jul 22, 2016 at 12:28 PM, Sriskandarajah Suhothayan > wrote:
>
>>
>>
>> On Fri, Jul 22, 2016 at 12:00 PM, Indunil Upeksha Rathnayake <
>> indu...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> Please fin
Any reasons for not giving this in the UI? Since we are doing this for IS
5.3.0 we can do API additions; so it shouldn't be a problem to add new APIs
to support this in Resident IDP UI AFAIU.
On Mon, Jul 18, 2016 at 7:15 AM, Johann Nallathamby wrote:
> Why are we not giving a
;.
I think the difference is in your point no. 2; you are ignoring scopes that
are sent in the request and adding only the requested claims. Have you
designed it this way as a way to control the claims that are requested by
the service provider? If so I can see a valid reason there.
I am trying to avoid new
OSGI service
>>>>>> which is exposed by relevant OSGI module.. If you want to use above
>>>>>> approach (Axis2RequiredServices), we cannot have 1..1 mapping for
>>>>>> ConfigurationContextService since it causes cyclic dep
Hi Lakshani,
IIRC this feature was developed long time back. It would have been ideal if
the PR was sent at that time itself for 5.2.0 branch and merged. Now 5.2.0
is in beta stage and not ideal to merge this improvement. However since
this is critical for AppManger and we are not quite certain on
1 - 100 of 289 matches
Mail list logo