Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Vihanga Liyanage]

Even with signed id tokens, we didn't persist them in the database. Hense I
didn't either. Do you see any value in doing so?

On Wed, Mar 7, 2018 at 12:46 PM, Denuwanthi De Silva 
wrote:

>
>
> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I have completed the second phase of the project, providing service
>> provider level configurations in admin dashboard to configure encryption
>> algorithm and encryption method. With this update, once you enable
>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>> will appear with supported encryption algorithms and supported encryption
>> methods. These supported algorithms are pulled from the identity.xml file.
>>
>
> Do we persist the encrypted ID Token to database at any point? If so, is
> there any comparison of encrypted ID token with the value in the database?
> I'm asking this because you seem to be using encryption algorithm with
> dynamic padding.
>
>>
>>
>>
>> Respective git issue and pull requests are as follows.
>>
>>- https://github.com/wso2/product-is/issues/2387
>>- https://github.com/wso2/carbon-identity-framework/pull/1416
>>- https://github.com/wso2-extensions/identity-inbound-auth-
>>oauth/pull/832
>>
>> I have also updated the docs as well.
>>
>> Thanks,
>> Vihanga.
>>
>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I was able to complete the initial development of the proposed project,
>>> encrypted id token support in OIDC flow. Following are the links related to
>>> the development.
>>>
>>>- An issue was created in product-is repository to track the
>>>development.
>>>   - https://github.com/wso2/product-is/issues/2336
>>>- Pull request is made to identity-inbound-auth-oauth repository
>>>with required updates.
>>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>   th/pull/798
>>>- Pull request is made to product-is repository with updated
>>>playground application to test the feature
>>>- https://github.com/wso2/product-is/pull/2313
>>>- Code review was held to review the code written in both PRs.
>>>
>>> All PRs are merged by now.
>>> Currently, I'm working on integration test to test the newly added
>>> feature.
>>>
>>> Thanks,
>>> Vihanga
>>>
>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Yes, Farasath. As for the offline discussions with Drashana, I came to
 the same conclusion and exploring the SAML sample app right now.

 Although I'm not sure about signing JWE. I couldn't find anything
 specific about that in the RFC. Also, the API in Nimbus only expects the
 claims set and the public key of the client to create and encrypt a JWE.
 Please do let me know if you find something else.

 On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
 wrote:

>
>
> On Friday, February 9, 2018, Vihanga Liyanage 
> wrote:
>
>> [- Engineering, Strategy]
>> [+ Architecture, Dev]
>>
>> Thanks,
>> Vihanga
>>
>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi Farasath,
>>>
>>> For the above two points IMO it would be better to provide an option
 at Service Provider OAuth/OIDC configuration. This will be similar to 
 what
 we have done for SAML.

>>>
>>> That is the initial idea came to me as well. But shouldn't the
>>> clients have a choice of deciding that as well? May be through a request
>>> parameter. To use either JWS or JWE, the client have to support them 
>>> right?
>>>
>>
> By enabling the option to encrypt id_token in the service provider
> configs the client is acknowledging that it can support encrypted
> id_tokens.
>
> AFAIK even for JWE we need to first sign and then encrypt. Also I
> couldn't find any reference on a standard approach to allow clients to
> switch between JWS and JWE via a request parameter.
>
> If we take a look at how we handle this is SAML, we have an option in
> the SAML configs to say whether the assertion needs to be encrypted or 
> not.
> Once the option to encrypt assertion is enabled SAML assertions will 
> always
> be encrypted for the particular service provider (ie. There is no
> requirement to switch between signed or encrypted assertions)
>
> IMO we can follow the same approach. WDYT?
>
>
 On a separate note, any specific reason why we are discussing this
 in strategy and not in Dev and architecture mailing lists?

 I feel that we need to discuss this feature in architecture mailing
 list to get the input from community.

>>>
>>> No such specific reason 

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Denuwanthi De Silva]

On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage  wrote:

> Hi all,
>
> [Update]
> I have completed the second phase of the project, providing service
> provider level configurations in admin dashboard to configure encryption
> algorithm and encryption method. With this update, once you enable
> encrypting id tokens for an SP in the admin dashboard, two select boxes
> will appear with supported encryption algorithms and supported encryption
> methods. These supported algorithms are pulled from the identity.xml file.
>

Do we persist the encrypted ID Token to database at any point? If so, is
there any comparison of encrypted ID token with the value in the database?
I'm asking this because you seem to be using encryption algorithm with
dynamic padding.

>
>
>
> Respective git issue and pull requests are as follows.
>
>- https://github.com/wso2/product-is/issues/2387
>- https://github.com/wso2/carbon-identity-framework/pull/1416
>- https://github.com/wso2-extensions/identity-inbound-
>auth-oauth/pull/832
>
> I have also updated the docs as well.
>
> Thanks,
> Vihanga.
>
> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I was able to complete the initial development of the proposed project,
>> encrypted id token support in OIDC flow. Following are the links related to
>> the development.
>>
>>- An issue was created in product-is repository to track the
>>development.
>>   - https://github.com/wso2/product-is/issues/2336
>>- Pull request is made to identity-inbound-auth-oauth repository with
>>required updates.
>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>   th/pull/798
>>- Pull request is made to product-is repository with updated
>>playground application to test the feature
>>- https://github.com/wso2/product-is/pull/2313
>>- Code review was held to review the code written in both PRs.
>>
>> All PRs are merged by now.
>> Currently, I'm working on integration test to test the newly added
>> feature.
>>
>> Thanks,
>> Vihanga
>>
>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Yes, Farasath. As for the offline discussions with Drashana, I came to
>>> the same conclusion and exploring the SAML sample app right now.
>>>
>>> Although I'm not sure about signing JWE. I couldn't find anything
>>> specific about that in the RFC. Also, the API in Nimbus only expects the
>>> claims set and the public key of the client to create and encrypt a JWE.
>>> Please do let me know if you find something else.
>>>
>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
>>> wrote:
>>>


 On Friday, February 9, 2018, Vihanga Liyanage  wrote:

> [- Engineering, Strategy]
> [+ Architecture, Dev]
>
> Thanks,
> Vihanga
>
> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
> wrote:
>
>> Hi Farasath,
>>
>> For the above two points IMO it would be better to provide an option
>>> at Service Provider OAuth/OIDC configuration. This will be similar to 
>>> what
>>> we have done for SAML.
>>>
>>
>> That is the initial idea came to me as well. But shouldn't the
>> clients have a choice of deciding that as well? May be through a request
>> parameter. To use either JWS or JWE, the client have to support them 
>> right?
>>
>
 By enabling the option to encrypt id_token in the service provider
 configs the client is acknowledging that it can support encrypted
 id_tokens.

 AFAIK even for JWE we need to first sign and then encrypt. Also I
 couldn't find any reference on a standard approach to allow clients to
 switch between JWS and JWE via a request parameter.

 If we take a look at how we handle this is SAML, we have an option in
 the SAML configs to say whether the assertion needs to be encrypted or not.
 Once the option to encrypt assertion is enabled SAML assertions will always
 be encrypted for the particular service provider (ie. There is no
 requirement to switch between signed or encrypted assertions)

 IMO we can follow the same approach. WDYT?


>>> On a separate note, any specific reason why we are discussing this
>>> in strategy and not in Dev and architecture mailing lists?
>>>
>>> I feel that we need to discuss this feature in architecture mailing
>>> list to get the input from community.
>>>
>>
>> No such specific reason at all. On the previous project I did, the
>> mail was asked to sent to engineering and strategy. So I followed the 
>> same
>> protocol. I'll change that now.
>>
>>>
>>>

 Thanks,
 Vihanga.

 --

 Vihanga Liyanage

 Software Engineer | WS*O₂* Inc.

 M : 

[Dev] How to comment or remove an xml element during package preparing time

[Naduni Pamudika]

Hi All,

I have a requirement to comment out the below element in identity.xml when
building the micro-gateway distribution.

http://wso2.org/projects/carbon/carbon.xml;>









I tried using the maven replacer plugin by adding a configuration as below,
but it didn't work as it replaced the value of the class attribute with an
empty string.



${basedir}/../../p2-profile/micro-gateway/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/identity.xml


/Server/OAuth/ScopeValidators

(org.wso2.carbon.identity.oauth2.validators.XACMLScopeValidator)





Does anyone know how to get this done using the replacer plugin or any
other plugin?

Thanks,
Naduni

-- 
*Naduni Pamudika*
Software Engineer | WSO2
Mobile: +94 719 143658 <+94%2071%20914%203658>
[image: http://wso2.com/signature] 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.5.0-Beta Released!

[Sathya Bandara]

WSO2 Identity and Access Management team is pleased to announce the release
of Identity Server 5.5.0 Beta!
Download

You can download WSO2 Identity Server 5.5.0 Beta distributions from
following locations.

Identity Server:
https://github.com/wso2/product-is/releases/download/v5.5.0-beta/wso2is-5.5.0-beta


IS Analytics: https://github.com/wso2/analytics-is/release
s/download/v5.5.0-beta/wso2is-analytics-5.5.0-beta

How to run

1. Extract the downloaded zip file.

2. Go to the bin directory in the extracted folder.

3. Run the wso2server.sh file if you are on a Linux/Mac OS or run the
wso2server.bat file if you are on a Windows OS.



What's new in WSO2 Identity Server 5.5.0 Beta

   -

   Bug fixes


   



   -

   Improvements


   


A list of all the resolved issues shipped with this release can be found he
re

Online documentation is available at
https://docs.wso2.com/display/IS550/WSO2+Identity+Server+Documentation.

Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following location:

   -

   IS Runtime 
   -

   IS Analytics 



How You Can Contribute

Mailing Lists

Join our mailing list and correspond with the developers directly.

Developer list: dev@wso2.org | Subscribe | Mail Archive


User forum: StackOverflow


Reporting Issues

We encourage you to report issues, improvements, documentation faults, and
feature requests regarding WSO2 Identity Server through WSO2 Identity
Server GIT Issues .

For more information about WSO2 Identity Server, please see
https://wso2.com/identity-and-access-management or visit the WSO2 Oxygen
Tank  developer portal for additional resources.


~ The WSO2 Identity and Access Management Team ~
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Support for encrypted ID tokens in OIDC

[Vihanga Liyanage]

Hi all,

[Update]
I have completed the second phase of the project, providing service
provider level configurations in admin dashboard to configure encryption
algorithm and encryption method. With this update, once you enable
encrypting id tokens for an SP in the admin dashboard, two select boxes
will appear with supported encryption algorithms and supported encryption
methods. These supported algorithms are pulled from the identity.xml file.



Respective git issue and pull requests are as follows.

   - https://github.com/wso2/product-is/issues/2387
   - https://github.com/wso2/carbon-identity-framework/pull/1416
   - https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/832

I have also updated the docs as well.

Thanks,
Vihanga.

On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage  wrote:

> Hi all,
>
> [Update]
> I was able to complete the initial development of the proposed project,
> encrypted id token support in OIDC flow. Following are the links related to
> the development.
>
>- An issue was created in product-is repository to track the
>development.
>   - https://github.com/wso2/product-is/issues/2336
>- Pull request is made to identity-inbound-auth-oauth repository with
>required updates.
>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>   th/pull/798
>- Pull request is made to product-is repository with updated
>playground application to test the feature
>- https://github.com/wso2/product-is/pull/2313
>- Code review was held to review the code written in both PRs.
>
> All PRs are merged by now.
> Currently, I'm working on integration test to test the newly added feature.
>
> Thanks,
> Vihanga
>
> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage  wrote:
>
>> Yes, Farasath. As for the offline discussions with Drashana, I came to
>> the same conclusion and exploring the SAML sample app right now.
>>
>> Although I'm not sure about signing JWE. I couldn't find anything
>> specific about that in the RFC. Also, the API in Nimbus only expects the
>> claims set and the public key of the client to create and encrypt a JWE.
>> Please do let me know if you find something else.
>>
>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
>> wrote:
>>
>>>
>>>
>>> On Friday, February 9, 2018, Vihanga Liyanage  wrote:
>>>
 [- Engineering, Strategy]
 [+ Architecture, Dev]

 Thanks,
 Vihanga

 On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
 wrote:

> Hi Farasath,
>
> For the above two points IMO it would be better to provide an option
>> at Service Provider OAuth/OIDC configuration. This will be similar to 
>> what
>> we have done for SAML.
>>
>
> That is the initial idea came to me as well. But shouldn't the clients
> have a choice of deciding that as well? May be through a request 
> parameter.
> To use either JWS or JWE, the client have to support them right?
>

>>> By enabling the option to encrypt id_token in the service provider
>>> configs the client is acknowledging that it can support encrypted
>>> id_tokens.
>>>
>>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>>> couldn't find any reference on a standard approach to allow clients to
>>> switch between JWS and JWE via a request parameter.
>>>
>>> If we take a look at how we handle this is SAML, we have an option in
>>> the SAML configs to say whether the assertion needs to be encrypted or not.
>>> Once the option to encrypt assertion is enabled SAML assertions will always
>>> be encrypted for the particular service provider (ie. There is no
>>> requirement to switch between signed or encrypted assertions)
>>>
>>> IMO we can follow the same approach. WDYT?
>>>
>>>
>> On a separate note, any specific reason why we are discussing this in
>> strategy and not in Dev and architecture mailing lists?
>>
>> I feel that we need to discuss this feature in architecture mailing
>> list to get the input from community.
>>
>
> No such specific reason at all. On the previous project I did, the
> mail was asked to sent to engineering and strategy. So I followed the same
> protocol. I'll change that now.
>
>>
>>
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> --
>>>
>>> Vihanga Liyanage
>>>
>>> Software Engineer | WS*O₂* Inc.
>>>
>>> M : +*94710124103* | http://wso2.com
>>>
>>> [image: http://wso2.com/signature] 
>>>
>>>
>>> 
>>>  Virus-free.
>>> www.avast.com
>>> 
>>> 

[Dev] Identity server installation

[Asanka Anthony]

Where we can download the WSO2 Identity Server 5.0.0 SP1 pack?please advice

Thanks
Anthony
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] iot-server.sh issues

[PASAN MANULA]

Hi,

I'm getting this error continuously when I'm trying to run WSo2 Iot server
on my localhost. Please note that I haven't change any default user name or
password and the system is still running on default settings. Also note
that I'm getting this error when I'm trying to view analytics on the
dashboard.


./iot-server.sh terminal error list:
[2018-02-28 05:55:04,986] [IoT-Core] ERROR -
{org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver} Error
occurred during error handling, give up!
org.apache.cxf.interceptor.Fault: Unable to destroy the process .
at
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at
org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.processRequest(WebappAuthenticationValve.java:138)
at
org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.invoke(WebappAuthenticationValve.java:68)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1760)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1719)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by:
org.wso2.carbon.analytics.api.exception.AnalyticsServiceException: Unable
to destroy the 

Re: [Dev] WSO2 Broker Cluster jndi.properties

[Jason De Silva]

Hi,

Yes, you need to provide the list of MB nodes in the connection string in
jndi.properties. Please refer [1] for an example on how you can set it in a
round robin manner.

[1]
https://docs.wso2.com/display/MB310/Connection+URL+Format#ConnectionURLFormat-Example

Regards,
Jason

Jason De Silva
*Software Engineer - QA*
Mobile: +94 (0) 772 097 678
Email: jas...@wso2.com
WSO2 Inc. www.wso2.com


On Wed, Mar 7, 2018 at 12:47 AM, Júnior  wrote:

> Hi,
>
> When we have a cluster of WSO2 MB how is the correct way to configure the
> jndi.properties to connect to them?
>
> Should we have a list of the cluster members in the connection string?
>
> Does someone have an example of a similar scenario?
>
> Thanks,
> --
> Francisco Ribeiro
> *SCEA|SCJP|SCWCD|IBM Certified SOA Associate*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Broker Cluster jndi.properties

[Sachithra Dangalla]

Hi,

The steps to configure clustered Message Broker is in [1] and the steps to
configure the broker nodes are in [2].

[1] - https://docs.wso2.com/display/CLUSTER44x/Clustering+Message+Broker
[2] - https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Broker+Nodes

Thanks,
Regards,

On Wed, Mar 7, 2018 at 12:47 AM, Júnior  wrote:

> Hi,
>
> When we have a cluster of WSO2 MB how is the correct way to configure the
> jndi.properties to connect to them?
>
> Should we have a list of the cluster members in the connection string?
>
> Does someone have an example of a similar scenario?
>
> Thanks,
> --
> Francisco Ribeiro
> *SCEA|SCJP|SCWCD|IBM Certified SOA Associate*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

*Sachithra Dangalla*
Software Engineer | WSO2
Mobile : +94 71 3700 656 <%2B%2094%2071%203700656>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Broker Cluster jndi.properties

[Júnior]

Hi,

When we have a cluster of WSO2 MB how is the correct way to configure the
jndi.properties to connect to them?

Should we have a list of the cluster members in the connection string?

Does someone have an example of a similar scenario?

Thanks,
-- 
Francisco Ribeiro
*SCEA|SCJP|SCWCD|IBM Certified SOA Associate*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding Paas and WSO2 EI

[Dhanya Santhan]

Thank you for the clarification.

On 06-Mar-2018 9:41 PM, "Pubudu Gunatilaka"  wrote:

> Hi Dhanya,
>
> EI is not supported by default in PaaS and we have discontinued the PaaS.
>
> Thank you!
>
> On Tue, Mar 6, 2018 at 1:28 PM, dhanya  wrote:
>
>> Hi,
>>
>> I have a query regarding Paas and the use of wso2 EI as a cartridge.
>>
>> Is WSO2 Enterprise Integrator supported as a cartridge in Paas? As per the
>> https://docs.wso2.com/display/PP411/Architecture i couldn't find WSO2 EI
>> in
>> the list of supported cartridges.
>>
>> Can someone please clarify on this?
>>
>> Thanks and regards,
>> Dhanya
>>
>>
>>
>> --
>> Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Development
>> -f3.html
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding Paas and WSO2 EI

[Pubudu Gunatilaka]

Hi Dhanya,

EI is not supported by default in PaaS and we have discontinued the PaaS.

Thank you!

On Tue, Mar 6, 2018 at 1:28 PM, dhanya  wrote:

> Hi,
>
> I have a query regarding Paas and the use of wso2 EI as a cartridge.
>
> Is WSO2 Enterprise Integrator supported as a cartridge in Paas? As per the
> https://docs.wso2.com/display/PP411/Architecture i couldn't find WSO2 EI
> in
> the list of supported cartridges.
>
> Can someone please clarify on this?
>
> Thanks and regards,
> Dhanya
>
>
>
> --
> Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-
> Development-f3.html
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Senior Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on Private key JWT Client Authentication for OIDC

[Abimaran Kugathasan]

Hi Shanika,

11th, 12th, and 13th are subsets of 10th (Import the public key of the
private_key_jwt issuer). You have to rename because management console
takes the file name of the public key as the alias which is clientID.

The 14th step is an alternative way to install public key through keytool
and it requires a server restart.

On Tue, Mar 6, 2018 at 2:56 PM, Shanika Wickramasinghe 
wrote:

> Hi All,
>
> I tried the steps included under the section Deploying and configuring JWT
> client-handler artifacts in [1]. There in step 10 it says to Import the
> public key of the private_key_jwt issuer. Document does not have a detailed
> explanation on this or does not include any command to use. Is this
> referring to export the certificate from the key store and convert the
> binary encoded certificate into a PEM encoded certificate and import it
> under the Application certificate in the service provider as in [2].
>
> Under step 11 again it is asking to rename the public certificate with
> OAuth App client ID name
>
> Further step 14 specify as to import the above certificate to the default
> keystore [1]
>
> I am not clear with step 10, 11, 14 appreciate any guidance on how to
> proceed with these steps.
>
>
>
> [1]. https://docs.wso2.com/display/IS550/Private+Key+JWT+Cli
> ent+Authentication+for+OIDC
> [2]. https://docs.wso2.com/display/IS550/Adding+and+Configur
> ing+a+Service+Provider
>
> Thanks,
> Shanika.
>
>
> --
> *Shanika Wickramasinghe*
> Software Engineer - QA Team
>
> Email: shani...@wso2.com
> Mobile  : +94713503563 <+94%2071%20350%203563>
> Web : http://wso2.com
>
> 
>



-- 
Thanks
Abimaran Kugathasan
Senior Software Engineer - API Technologies

Email : abima...@wso2.com
Mobile : +94 773922820 <+94%2077%20392%202820>


  
  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Siddhi long value comparison

[Dinusha Dissanayake]

Hi all,

I came across with an issue regarding comparing a long value.
My intention was to check if the time difference is greater that 30 days,
and then insert the corresponding values to target stream.

I tested this behavior with APIM Analytics 2.0.0.

However I noticed an unusual behavior.

I have mentioned an example stream below.

*@Import('demoConditions:1.0.0')*
*define stream democondition (timediff long, status bool);*

*@Export('finalStream:1.0.0')*
*define stream finalStream (timediff long, status bool);*


*from democondition[timediff > 30*24*60*60*1000]*
*select timediff, status*
*insert into finalStream;*

Ideally, If I give a value greater than 30*24*60*60*1000 only, values
should be inserted into finalStream.
However I observed even if I give 1 as timeDiff, the values in timeDiff and
status get inserted into finalStream.

When I check the validity of the execution plan through the admin console,
it gets success.
However I replaced the value 30*24*60*60*1000 with 259200 and it
produces and error.



However when I append the "l" add the end (259200l), it got worked.
I tried to use the same with 30*24*60*60*1000 -> 30l*24l*60l*60l*1000l and
I couldn't get it worked since it produce an error while validating the
script.

The reason I am using 30*24*60*60*1000 is because I want the value "30" to
be configured. It should be changed using the template manager.

Please advice on how should I get it into working?

Thanks,
DinushaD.


-- 
Dinusha Dissanayake
Software Engineer
WSO2 Inc
Mobile: +94712939439 <+94%2071%20293%209439>

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev