Re: [Dev] [EI] JSON null value taking as "null" String

[Godwin Shrimal]

Hi Madhawa,

Thanks for the response. Yes, we can pass a null value as you suggested,
But think of a scenario, there are a lot of elements in the payload which
can be null. Then its hard to handle like this.  +1 to fix this.


Thanks
Godwin

On Thu, Mar 8, 2018 at 1:15 PM, Madhawa Gunasekara 
wrote:

> Hi Godwin,
>
> You can try below-mentioned way to pass the null value correctly to the
> data service. IMO, We need to fix this issue. It's not correct to evaluate
> JSON null value as String "null"
>
> 
> 
>  
>  
>http://www.test.com.;>
>   $1
>   $2
>   $3
>
> 
> 
>
>
>
> 
>  
>  
>  
> 
>  
>http://www.test.com.;>
>   * xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> " xsi:nil="true"/>*
>   $1
>   $2
>
> 
> 
>
>
> 
>  
>  
>  
>
> Thanks,
> Madhawa
>
> On Wed, Mar 7, 2018 at 7:08 PM, Senduran  wrote:
>
>> Hi Godwin,
>>
>> As a workaround you can try the following.
>>
>> This happens because of the following property contains null as string
>> value
>> > type="STRING"/>
>>
>> So instead of reading the property in the argument, evaluating the JSON
>> path will solve I think
>> i.e
>> 
>>
>> Regards
>> Senduran
>>
>> On Wed, Mar 7, 2018 at 5:13 PM, Godwin Shrimal  wrote:
>>
>>> Hi All,
>>>
>>> If we pass a JSON Payload with a null value, it is considering that null
>>> value as "null" string. Please see a sample API and payload
>>>
>>> API
>>> 
>>>
>>> 
>>>
>>>   
>>>
>>>  >> scope="default" type="STRING"/>
>>>
>>>  >> scope="default" type="STRING"/>
>>>
>>>  >> scope="default" type="STRING"/>
>>>
>>>  
>>>
>>> 
>>>
>>>http://www.test.com.;>
>>>
>>>   $1
>>>
>>>   $2
>>>
>>>   $3
>>>
>>>
>>>
>>> 
>>>
>>> 
>>>
>>> *   *
>>>
>>>
>>>
>>>
>>>
>>> 
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>> 
>>>
>>>  
>>>
>>>  
>>>
>>>   
>>>
>>>   
>>>
>>>  
>>>
>>>   
>>>
>>>
>>>
>>> Payload
>>> ==
>>>
>>> {
>>>
>>>"id":null,
>>>
>>>"contractid":"test",
>>>
>>>"dealid":"test1"
>>>
>>> }
>>>
>>> According to above sample highlight argument passing to dss service as
>>> "null" string. It looks this is a bug.
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>> *
>>> twitter: https://twitter.com/godwinamila
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Madhawa Gunasekara*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94 719411002 <+94+719411002>
> blog: *http://madhawa-gunasekara.blogspot.com
> *
> linkedin: *http://lk.linkedin.com/in/mgunasekara
> *
>



-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI] JSON null value taking as "null" String

[Madhawa Gunasekara]

Hi Godwin,

You can try below-mentioned way to pass the null value correctly to the
data service. IMO, We need to fix this issue. It's not correct to evaluate
JSON null value as String "null"



 
 
   http://www.test.com.;>
  $1
  $2
  $3
   


   
   
   

 
 
 

 
   http://www.test.com.;>
  *http://www.w3.org/2001/XMLSchema-instance
" xsi:nil="true"/>*
  $1
  $2
   


   
   

 
 
 

Thanks,
Madhawa

On Wed, Mar 7, 2018 at 7:08 PM, Senduran  wrote:

> Hi Godwin,
>
> As a workaround you can try the following.
>
> This happens because of the following property contains null as string
> value
>  type="STRING"/>
>
> So instead of reading the property in the argument, evaluating the JSON
> path will solve I think
> i.e
> 
>
> Regards
> Senduran
>
> On Wed, Mar 7, 2018 at 5:13 PM, Godwin Shrimal  wrote:
>
>> Hi All,
>>
>> If we pass a JSON Payload with a null value, it is considering that null
>> value as "null" string. Please see a sample API and payload
>>
>> API
>> 
>>
>> 
>>
>>   
>>
>>  > type="STRING"/>
>>
>>  > scope="default" type="STRING"/>
>>
>>  > scope="default" type="STRING"/>
>>
>>  
>>
>> 
>>
>>http://www.test.com.;>
>>
>>   $1
>>
>>   $2
>>
>>   $3
>>
>>
>>
>> 
>>
>> 
>>
>> *   *
>>
>>
>>
>>
>>
>> 
>>
>>  
>>
>>  
>>
>>  
>>
>> 
>>
>>  
>>
>>  
>>
>>   
>>
>>   
>>
>>  
>>
>>   
>>
>>
>>
>> Payload
>> ==
>>
>> {
>>
>>"id":null,
>>
>>"contractid":"test",
>>
>>"dealid":"test1"
>>
>> }
>>
>> According to above sample highlight argument passing to dss service as
>> "null" string. It looks this is a bug.
>>
>>
>> Thanks
>> Godwin
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Madhawa Gunasekara*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94 719411002 <+94+719411002>
blog: *http://madhawa-gunasekara.blogspot.com
*
linkedin: *http://lk.linkedin.com/in/mgunasekara
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Problems with aggregate: empty enclosingElementProperty

[Bernard Paris]

Hi,

could someone tell me why my "all_programs" property remains empty after 
aggregation ?
In my logs I can see the aggregation seems to work correctly but all_programs  
property is empty.

Here is my code :












http://etnic.be/services/hops/habilitation/messages/v1; >








Property stays empty even with expression="$body" !

[2018-03-08 08:27:44,463] [EI-Core] DEBUG - AggregateMediator Generating 
Aggregated message from : http://schemas.xmlsoap.org/soap/envelope/;>http://etnic.be/services/hops/habilitation/messages/v1;>
 http://enseignement.cfwb.be/types/habilitation/v1;>soca1ba
 http://enseignement.cfwb.be/types/habilitation/v1;>34
 http://enseignement.cfwb.be/types/habilitation/v1;>Bachelier en 
sociologie et anthropologie - 
 http://enseignement.cfwb.be/types/habilitation/v1;>https://uclouvain.be/prog-soca1ba
  http://enseignement.cfwb.be/types/habilitation/v1;>
  LCOPS1113I
  5.0
  Q2
  Histoire moderne et contemporaine - 
J.Campion
   http://enseignement.cfwb.be/types/habilitation/v1;>
  LCOPS1124C
  5.0
….. ….. ….. ….. etc. …..

   
[2018-03-08 08:27:44,465] [EI-Core] DEBUG - AggregateMediator Enclosing the 
aggregated message with enclosing element: all_programs
[2018-03-08 08:27:44,465] [EI-Core] DEBUG - SequenceMediator Start : Sequence 

[2018-03-08 08:27:44,465] [EI-Core] DEBUG - SequenceMediator Sequence 
 :: mediate()
[2018-03-08 08:27:44,465] [EI-Core] DEBUG - SequenceMediator Mediation started 
from mediator position : 0
[2018-03-08 08:27:44,465] [EI-Core] DEBUG - LogMediator Start : Log mediator
[2018-03-08 08:27:44,465] [EI-Core] DEBUG - LogMediator __ all_programs 
__ = 
[2018-03-08 08:27:44,465] [EI-Core] DEBUG - LogMediator End : Log mediator

Thanks,
Bernard

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [Announce] [Architecture] WSO2 IoT Server 3.2.0 Released !

[Rasika Perera]

*We are pleased to announce the general availability of WSO2 IoT Server
3.2.0Download WSO2 IoT Server (IoTS) 3.2.0 from the WSO2 IoT Page
.WSO2 IoT Server is one of the most adaptive,
Apache-licensed, open source IoT platforms available today. It provides the
best technologies for device manufacturers to develop connected products as
well as rich integration and smart analytics capabilities for system
integrators to adopt devices into systems they build.These capabilities
involve device management, smart analytics, API, app management, transport
extensions for MQTT, XMPP and many more.What's new in WSO2 IoTS 3.2.0 -
Remote Control and screen mirroring feature for Android.- Ability to
enforce Geolocation bound policies.- Ability to enforce operations/policies
on devices based on input from Analytics/CEP engine.- Ability to introduce
separate agents (iOS/Android) for each tenant.- Process notification
responses from the device with IoT Analytics.- Siddhi extensions for the
Device Management.- Ability to configure IoTS with a federated IDP (OpenID
Connect).- Improvements to Notification Management (Manage/Clear
notifications).- Scripts to Change Admin Credentials and Change IPs.-
Improvements to Android/iOS agents.- Data Archival Task Implementation to
prune CDM transactional tables- Overall improvements to UI, functionality,
performance, stability and bug fixes.New Features & Bug Fixes: A list of
new features and bug fixes shipped with this release can be found as below.
- 3.1.0-Update1-fixes here
-
3.1.0-Update2-fixes here
-
3.1.0-Update3-fixes here
-
3.1.0-Update4-fixes here
-
3.1.0-Update5-fixes here
-
3.1.0-Update6-fixes here
-
3.1.0-Update7-fixes here
-
3.1.0-Update8-fixes here
-
3.1.0-Update9-fixes here
-
3.1.0-Update10-fixes here
-
3.1.0-Update11-fixes here
-
3.2.0-RC1-fixes here
-
3.2.0-RC2-fixes here
-
3.2.0-RC3-fixes here
-
3.2.0-RC4-fixes here
DocumentationDocumentations:
WSO2 IoT Server Documentation
Known
IssuesThe known set of issues in this version can be found here
Engaging with CommunityMailing
ListsJoin our mailing list and correspondence with the developers
directly.Developer list: dev@wso2.org  | Subscribe
 | Mail Archive
Reporting IssuesWe encourage you to
report issues, documentation faults and feature requests regarding WSO2 IoT
Server through WSO2 IoT GIT Issues
.Discussion ForumsWe encourage
you to use stackoverflow

to engage with developers as well as other users.For more information about
WSO2 IoT Server, please see http://wso2.com/products/iot-server
 or visit the WSO2 Oxygen Tank
 developer portal for additional resources.Thank
you for your interest in WSO2 IoT Server.The WSO2 IoT Server Team*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How do we use properties file(to store connection details) in wso2?

[Madhawa Gunasekara]

Hi Aditya,

We don't recommend to use properties files to maintain endpoints. :) We use
registry projects to maintain those. BTW You can achieve your requirement
in several ways,

1) You can create separate registry projects per environment and separate
car files which has the registry resources per environments. Then you can
refer the message stores / data sources from the registry in the ESB Config
car file. This is the most common way to achieve your requirement.
[1]
https://docs.wso2.com/display/Governance540/Governing+External+References+Across+Environments

2) You can use maven profiles to build your car files. therefore you can
use maven replacer-plugin to replace your endpoints in the build time.
Please find the blog[2] which describe changing endpoints in the build
time.
[2]
http://susinda.blogspot.com/2017/01/wso2-esb-how-to-assign-endpoints-at.html


Thanks,
Madhawa

On Thu, Mar 8, 2018 at 10:14 AM, aditya shivankar <
shivankar.adit...@gmail.com> wrote:

> Respected Sir,
> Where do we to store connection details with third party systems or db in
> wso2.
>
> Suppose we have developed a service in wso2 which inserts some record in
> db.
>
> For that we need to define the connection details of db in some properties
> file or something similar, how do we  do this? so that while migrating from
> one environment(development) to another(Pre-prod) , the third connection
> details will be fetched from the respective properties file. And we do not
> have to change it in datasource manually for each environment.
> or we should not be required to change IP and port details of the
> endpoints to be called in each environment manually.
>
> Please guide how do we use properties file in wso2 esb.
> Is there any documentation regarding this?
>
>
> Thanks and Regards,
> Aditya
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Madhawa Gunasekara*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94 719411002 <+94+719411002>
blog: *http://madhawa-gunasekara.blogspot.com
*
linkedin: *http://lk.linkedin.com/in/mgunasekara
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IoT-Core] ERROR - Unable to destroy process - WSO2 IOT Server 3.2.0

[PASAN MANULA]

More Details,

status: broker.sh

[2018-03-08 00:09:28,945] [IoT-Core] ERROR -
{org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver} Error
occurred during error handling, give up!
org.apache.cxf.interceptor.Fault: Unable to destroy the process .
at
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at
org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.processRequest(WebappAuthenticationValve.java:151)
at
org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.invoke(WebappAuthenticationValve.java:69)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1770)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1729)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by:
org.wso2.carbon.analytics.api.exception.AnalyticsServiceException: Unable
to destroy the process .
at
org.wso2.carbon.analytics.api.internal.client.AnalyticsAPIHttpClient.getRecordGroup(AnalyticsAPIHttpClient.java:1062)
at
org.wso2.carbon.analytics.api.CarbonAnalyticsAPI.get(CarbonAnalyticsAPI.java:342)
at

[Dev] [IoT-Core] ERROR - Unable to destroy process - WSO2 IOT Server 3.2.0

[PASAN MANULA]

Hi all,

When I'm running the virtual firealram with the iot-server it suddenly
gives an error and stop displaying temperature reading on the dashboard.
Any idea how to solve this issue? Please note that I haven't changed any
defaults settings.

Running on Ubuntu 16.04 LTS - localhost

[2018-03-07 22:35:07,412] [IoT-Core] ERROR -
{org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver} Error
occurred during error handling, give up!
org.apache.cxf.interceptor.Fault: Unable to destroy the process .
at
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at
org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.processRequest(WebappAuthenticationValve.java:151)
at
org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.invoke(WebappAuthenticationValve.java:69)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1770)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1729)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by:
org.wso2.carbon.analytics.api.exception.AnalyticsServiceException: Unable
to destroy the process .
at

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Vihanga Liyanage]

Yeah, that is correct. Apart from explaining what is what in the doc, even
I couldn't think of a more descriptive name. Please do share your thoughts
if anything came to your mind.

On Thu, Mar 8, 2018 at 10:16 AM, Godwin Shrimal  wrote:

> Thanks for the response Vihanga, So according to your response.
>
> Encryption Algorithm = Asymmetric Key Encryption Algorithm
> Encryption Method = Symmetric Key Encryption Algorithm
>
> Yeah, I think its bit confusing. we may use better names than lib. nothing
> comes to my mind now :)
>
> Thanks
> Godwin
>
> On Thu, Mar 8, 2018 at 10:00 AM, Vihanga Liyanage 
> wrote:
>
>> The encryption algorithm is the asymmetric key encryption algorithm that
>> is used to encrypt the CEK with the recipient's public key. I've updated
>> these in the public docs [1], [2]. I know these two names are confusing a
>> bit. I just followed the lib for the time being.
>>
>> I'd be happy to talk about a suitable name pair. :)
>>
>> [1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+Connec
>> t+Encrypted+ID+Tokens
>> [2] - https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+I
>> D+Token+with+IS+5.5.0
>>
>> On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal  wrote:
>>
>>> Well, if Encryption Method mentioned is referring to "symmetric key
>>> encryption algorithm", What is "Encryption Algorithm" on the screen?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal  wrote:
>>>
 Can you send me the list of values in that dropdown? Cipher Block
 Chaining is how we are chaining encrypted values since encryption happens
 as blocks (8 bit, 6 bit etc.) You can read about it here [1].

 [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

 Thanks
 Godwin

 On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage 
 wrote:

> The Encryption Method mentioned here is the symmetric key encryption
> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
> [1]  library for the
> implementation and within that, they have used the name "Encryption 
> Method"
> to identify this algorithm. They have a class defined as
> com.nimbusds.jose.EncryptionMethod which wraps all supported
> symmetric key encryption algorithms.
> I took the name from there. I'm not sure what you mean by "cipher
> chaining mode". Is this mentioned in the JWE RFC?
>
> [1] - https://connect2id.com/products/nimbus-jose-jwt
>
> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal 
> wrote:
>
>> should be corrected as "Chaining Mode".
>>
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal 
>> wrote:
>>
>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>>> chaining mode. I know it's a technical word, but still, I feel like we 
>>> have
>>> to use correct naming. Something  like "Chaning Mode".
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi all,

 [Update]
 I have completed the second phase of the project, providing service
 provider level configurations in admin dashboard to configure 
 encryption
 algorithm and encryption method. With this update, once you enable
 encrypting id tokens for an SP in the admin dashboard, two select boxes
 will appear with supported encryption algorithms and supported 
 encryption
 methods. These supported algorithms are pulled from the identity.xml 
 file.



 Respective git issue and pull requests are as follows.

- https://github.com/wso2/product-is/issues/2387
- https://github.com/wso2/carbon-identity-framework/pull/1416
- https://github.com/wso2-extensions/identity-inbound-auth-oau
th/pull/832

 I have also updated the docs as well.

 Thanks,
 Vihanga.

 On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage  wrote:

> Hi all,
>
> [Update]
> I was able to complete the initial development of the proposed
> project, encrypted id token support in OIDC flow. Following are the 
> links
> related to the development.
>
>- An issue was created in product-is repository to track the
>development.
>   - https://github.com/wso2/product-is/issues/2336
>- Pull request is made to identity-inbound-auth-oauth
>repository with required updates.
>- 

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Godwin Shrimal]

Thanks for the response Vihanga, So according to your response.

Encryption Algorithm = Asymmetric Key Encryption Algorithm
Encryption Method = Symmetric Key Encryption Algorithm

Yeah, I think its bit confusing. we may use better names than lib. nothing
comes to my mind now :)

Thanks
Godwin

On Thu, Mar 8, 2018 at 10:00 AM, Vihanga Liyanage  wrote:

> The encryption algorithm is the asymmetric key encryption algorithm that
> is used to encrypt the CEK with the recipient's public key. I've updated
> these in the public docs [1], [2]. I know these two names are confusing a
> bit. I just followed the lib for the time being.
>
> I'd be happy to talk about a suitable name pair. :)
>
> [1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+Connec
> t+Encrypted+ID+Tokens
> [2] - https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+
> ID+Token+with+IS+5.5.0
>
> On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal  wrote:
>
>> Well, if Encryption Method mentioned is referring to "symmetric key
>> encryption algorithm", What is "Encryption Algorithm" on the screen?
>>
>>
>> Thanks
>> Godwin
>>
>> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal  wrote:
>>
>>> Can you send me the list of values in that dropdown? Cipher Block
>>> Chaining is how we are chaining encrypted values since encryption happens
>>> as blocks (8 bit, 6 bit etc.) You can read about it here [1].
>>>
>>> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage 
>>> wrote:
>>>
 The Encryption Method mentioned here is the symmetric key encryption
 algorithm that is used to encrypt the JWT claims set. We used the Nimbus
 [1]  library for the
 implementation and within that, they have used the name "Encryption Method"
 to identify this algorithm. They have a class defined as
 com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
 key encryption algorithms.
 I took the name from there. I'm not sure what you mean by "cipher
 chaining mode". Is this mentioned in the JWE RFC?

 [1] - https://connect2id.com/products/nimbus-jose-jwt

 On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal 
 wrote:

> should be corrected as "Chaining Mode".
>
>
> Thanks
> Godwin
>
> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal 
> wrote:
>
>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>> chaining mode. I know it's a technical word, but still, I feel like we 
>> have
>> to use correct naming. Something  like "Chaning Mode".
>>
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I have completed the second phase of the project, providing service
>>> provider level configurations in admin dashboard to configure encryption
>>> algorithm and encryption method. With this update, once you enable
>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>> will appear with supported encryption algorithms and supported 
>>> encryption
>>> methods. These supported algorithms are pulled from the identity.xml 
>>> file.
>>>
>>>
>>>
>>> Respective git issue and pull requests are as follows.
>>>
>>>- https://github.com/wso2/product-is/issues/2387
>>>- https://github.com/wso2/carbon-identity-framework/pull/1416
>>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>th/pull/832
>>>
>>> I have also updated the docs as well.
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi all,

 [Update]
 I was able to complete the initial development of the proposed
 project, encrypted id token support in OIDC flow. Following are the 
 links
 related to the development.

- An issue was created in product-is repository to track the
development.
   - https://github.com/wso2/product-is/issues/2336
- Pull request is made to identity-inbound-auth-oauth
repository with required updates.
- https://github.com/wso2-extensions/identity-inbound-auth-oau
   th/pull/798
- Pull request is made to product-is repository with updated
playground application to test the feature
- https://github.com/wso2/product-is/pull/2313
- Code review was held to review the code written in both PRs.

 All PRs are merged by now.
 Currently, I'm working on integration test to 

[Dev] How do we use properties file(to store connection details) in wso2?

[aditya shivankar]

Respected Sir,
Where do we to store connection details with third party systems or db in
wso2.

Suppose we have developed a service in wso2 which inserts some record in db.

For that we need to define the connection details of db in some properties
file or something similar, how do we  do this? so that while migrating from
one environment(development) to another(Pre-prod) , the third connection
details will be fetched from the respective properties file. And we do not
have to change it in datasource manually for each environment.
or we should not be required to change IP and port details of the endpoints
to be called in each environment manually.

Please guide how do we use properties file in wso2 esb.
Is there any documentation regarding this?


Thanks and Regards,
Aditya
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Vihanga Liyanage]

The encryption algorithm is the asymmetric key encryption algorithm that is
used to encrypt the CEK with the recipient's public key. I've updated these
in the public docs [1], [2]. I know these two names are confusing a bit. I
just followed the lib for the time being.

I'd be happy to talk about a suitable name pair. :)

[1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+
Connect+Encrypted+ID+Tokens
[2] -
https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+ID+Token+with+IS+5.5.0

On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal  wrote:

> Well, if Encryption Method mentioned is referring to "symmetric key
> encryption algorithm", What is "Encryption Algorithm" on the screen?
>
>
> Thanks
> Godwin
>
> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal  wrote:
>
>> Can you send me the list of values in that dropdown? Cipher Block
>> Chaining is how we are chaining encrypted values since encryption happens
>> as blocks (8 bit, 6 bit etc.) You can read about it here [1].
>>
>> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage 
>> wrote:
>>
>>> The Encryption Method mentioned here is the symmetric key encryption
>>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
>>> [1]  library for the
>>> implementation and within that, they have used the name "Encryption Method"
>>> to identify this algorithm. They have a class defined as
>>> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
>>> key encryption algorithms.
>>> I took the name from there. I'm not sure what you mean by "cipher
>>> chaining mode". Is this mentioned in the JWE RFC?
>>>
>>> [1] - https://connect2id.com/products/nimbus-jose-jwt
>>>
>>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal  wrote:
>>>
 should be corrected as "Chaining Mode".


 Thanks
 Godwin

 On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal  wrote:

> "Encryption Method" is the correct term/word here? AFAIK It's cipher
> chaining mode. I know it's a technical word, but still, I feel like we 
> have
> to use correct naming. Something  like "Chaning Mode".
>
>
> Thanks
> Godwin
>
> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I have completed the second phase of the project, providing service
>> provider level configurations in admin dashboard to configure encryption
>> algorithm and encryption method. With this update, once you enable
>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>> will appear with supported encryption algorithms and supported encryption
>> methods. These supported algorithms are pulled from the identity.xml 
>> file.
>>
>>
>>
>> Respective git issue and pull requests are as follows.
>>
>>- https://github.com/wso2/product-is/issues/2387
>>- https://github.com/wso2/carbon-identity-framework/pull/1416
>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>th/pull/832
>>
>> I have also updated the docs as well.
>>
>> Thanks,
>> Vihanga.
>>
>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I was able to complete the initial development of the proposed
>>> project, encrypted id token support in OIDC flow. Following are the 
>>> links
>>> related to the development.
>>>
>>>- An issue was created in product-is repository to track the
>>>development.
>>>   - https://github.com/wso2/product-is/issues/2336
>>>- Pull request is made to identity-inbound-auth-oauth repository
>>>with required updates.
>>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>   th/pull/798
>>>- Pull request is made to product-is repository with updated
>>>playground application to test the feature
>>>- https://github.com/wso2/product-is/pull/2313
>>>- Code review was held to review the code written in both PRs.
>>>
>>> All PRs are merged by now.
>>> Currently, I'm working on integration test to test the newly added
>>> feature.
>>>
>>> Thanks,
>>> Vihanga
>>>
>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Yes, Farasath. As for the offline discussions with Drashana, I came
 to the same conclusion and exploring the SAML sample app right now.

 Although I'm not sure about signing JWE. I couldn't find anything
 specific about that in the RFC. Also, the API in Nimbus only expects 
 the

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Godwin Shrimal]

Well, if Encryption Method mentioned is referring to "symmetric key
encryption algorithm", What is "Encryption Algorithm" on the screen?


Thanks
Godwin

On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal  wrote:

> Can you send me the list of values in that dropdown? Cipher Block Chaining
> is how we are chaining encrypted values since encryption happens as blocks
> (8 bit, 6 bit etc.) You can read about it here [1].
>
> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
>
> Thanks
> Godwin
>
> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage 
> wrote:
>
>> The Encryption Method mentioned here is the symmetric key encryption
>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
>> [1]  library for the
>> implementation and within that, they have used the name "Encryption Method"
>> to identify this algorithm. They have a class defined as
>> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
>> key encryption algorithms.
>> I took the name from there. I'm not sure what you mean by "cipher
>> chaining mode". Is this mentioned in the JWE RFC?
>>
>> [1] - https://connect2id.com/products/nimbus-jose-jwt
>>
>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal  wrote:
>>
>>> should be corrected as "Chaining Mode".
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal  wrote:
>>>
 "Encryption Method" is the correct term/word here? AFAIK It's cipher
 chaining mode. I know it's a technical word, but still, I feel like we have
 to use correct naming. Something  like "Chaning Mode".


 Thanks
 Godwin

 On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
 wrote:

> Hi all,
>
> [Update]
> I have completed the second phase of the project, providing service
> provider level configurations in admin dashboard to configure encryption
> algorithm and encryption method. With this update, once you enable
> encrypting id tokens for an SP in the admin dashboard, two select boxes
> will appear with supported encryption algorithms and supported encryption
> methods. These supported algorithms are pulled from the identity.xml file.
>
>
>
> Respective git issue and pull requests are as follows.
>
>- https://github.com/wso2/product-is/issues/2387
>- https://github.com/wso2/carbon-identity-framework/pull/1416
>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>th/pull/832
>
> I have also updated the docs as well.
>
> Thanks,
> Vihanga.
>
> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I was able to complete the initial development of the proposed
>> project, encrypted id token support in OIDC flow. Following are the links
>> related to the development.
>>
>>- An issue was created in product-is repository to track the
>>development.
>>   - https://github.com/wso2/product-is/issues/2336
>>- Pull request is made to identity-inbound-auth-oauth repository
>>with required updates.
>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>   th/pull/798
>>- Pull request is made to product-is repository with updated
>>playground application to test the feature
>>- https://github.com/wso2/product-is/pull/2313
>>- Code review was held to review the code written in both PRs.
>>
>> All PRs are merged by now.
>> Currently, I'm working on integration test to test the newly added
>> feature.
>>
>> Thanks,
>> Vihanga
>>
>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Yes, Farasath. As for the offline discussions with Drashana, I came
>>> to the same conclusion and exploring the SAML sample app right now.
>>>
>>> Although I'm not sure about signing JWE. I couldn't find anything
>>> specific about that in the RFC. Also, the API in Nimbus only expects the
>>> claims set and the public key of the client to create and encrypt a JWE.
>>> Please do let me know if you find something else.
>>>
>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
>>> wrote:
>>>


 On Friday, February 9, 2018, Vihanga Liyanage 
 wrote:

> [- Engineering, Strategy]
> [+ Architecture, Dev]
>
> Thanks,
> Vihanga
>
> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage  > wrote:
>
>> Hi Farasath,
>>
>> For the above two points IMO it would be better to provide an
>>> option at Service 

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Godwin Shrimal]

Can you send me the list of values in that dropdown? Cipher Block Chaining
is how we are chaining encrypted values since encryption happens as blocks
(8 bit, 6 bit etc.) You can read about it here [1].

[1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Thanks
Godwin

On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage  wrote:

> The Encryption Method mentioned here is the symmetric key encryption
> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
> [1]  library for the
> implementation and within that, they have used the name "Encryption Method"
> to identify this algorithm. They have a class defined as
> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
> key encryption algorithms.
> I took the name from there. I'm not sure what you mean by "cipher chaining
> mode". Is this mentioned in the JWE RFC?
>
> [1] - https://connect2id.com/products/nimbus-jose-jwt
>
> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal  wrote:
>
>> should be corrected as "Chaining Mode".
>>
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal  wrote:
>>
>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>>> chaining mode. I know it's a technical word, but still, I feel like we have
>>> to use correct naming. Something  like "Chaning Mode".
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi all,

 [Update]
 I have completed the second phase of the project, providing service
 provider level configurations in admin dashboard to configure encryption
 algorithm and encryption method. With this update, once you enable
 encrypting id tokens for an SP in the admin dashboard, two select boxes
 will appear with supported encryption algorithms and supported encryption
 methods. These supported algorithms are pulled from the identity.xml file.



 Respective git issue and pull requests are as follows.

- https://github.com/wso2/product-is/issues/2387
- https://github.com/wso2/carbon-identity-framework/pull/1416
- https://github.com/wso2-extensions/identity-inbound-auth-oau
th/pull/832

 I have also updated the docs as well.

 Thanks,
 Vihanga.

 On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
 wrote:

> Hi all,
>
> [Update]
> I was able to complete the initial development of the proposed
> project, encrypted id token support in OIDC flow. Following are the links
> related to the development.
>
>- An issue was created in product-is repository to track the
>development.
>   - https://github.com/wso2/product-is/issues/2336
>- Pull request is made to identity-inbound-auth-oauth repository
>with required updates.
>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>   th/pull/798
>- Pull request is made to product-is repository with updated
>playground application to test the feature
>- https://github.com/wso2/product-is/pull/2313
>- Code review was held to review the code written in both PRs.
>
> All PRs are merged by now.
> Currently, I'm working on integration test to test the newly added
> feature.
>
> Thanks,
> Vihanga
>
> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
> wrote:
>
>> Yes, Farasath. As for the offline discussions with Drashana, I came
>> to the same conclusion and exploring the SAML sample app right now.
>>
>> Although I'm not sure about signing JWE. I couldn't find anything
>> specific about that in the RFC. Also, the API in Nimbus only expects the
>> claims set and the public key of the client to create and encrypt a JWE.
>> Please do let me know if you find something else.
>>
>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
>> wrote:
>>
>>>
>>>
>>> On Friday, February 9, 2018, Vihanga Liyanage 
>>> wrote:
>>>
 [- Engineering, Strategy]
 [+ Architecture, Dev]

 Thanks,
 Vihanga

 On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
 wrote:

> Hi Farasath,
>
> For the above two points IMO it would be better to provide an
>> option at Service Provider OAuth/OIDC configuration. This will be 
>> similar
>> to what we have done for SAML.
>>
>
> That is the initial idea came to me as well. But shouldn't the
> clients have a choice of deciding that as well? May be through a 
> request
> parameter. To use either JWS or JWE, the client have to 

Re: [Dev] Query Regarding the wso2 identity server and API manager configuration

[Chanika Geeganage]

Hi Monika,

It looks like a configuration issue. Please follow [1] for the APIM 2.1.0
to configure IS as a key manager. You can check the API Manager management
console whether the SP is added correctly. For that go to Main -> Service
Providers. If it is there, the SP provider is not visible in the IS
management console can be due to a configuration issue (ie. not sharing
databases mentioned in the doc). If the SP is not in management console
that means the consumer key, secret pair is not generated for the
particular application

[1]
https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+a+Key+Manager

Thanks

On Thu, Mar 8, 2018 at 8:50 AM, Monika Sharma 
wrote:

> Hello sir,
>
>
>
> I have query regarding the wso2 identity server and API manager
> configuration. I have followed your article “[Article] How to Generate API
> Manager Access Tokens Using Multi-Factor Authentication” refer link as below
>
> https://wso2.com/library/articles/2015/09/article-how-
> to-generate-api-manager-access-tokens-using-multi-factor-authentication/
>  .
>
> My wso2 identity server version is 5.3.0 and API manager version is 2.1.0.
>
> According to this document application that is created by the API store of
> wso2 API manager should be displayed in the wso2 identity server in service
> provider section but this application is displayed in wso2 API manger
> service provider section it is not displayed in identity server service
> provider section .I have followed the below steps.
>
>
>
> 1.   Configured the wso2 identity server as key manager for wso2 API
> manager.
>
> 2.   Create and publish an API in the API manager in the publisher
> web app
>
> 3.   Open the API Store Web application in a browser and click the
> sign-up link that appears in the top, right-hand corner of the window, fill
> the sign-up form that appears and click the Submit button. Before this I
> have added this user in wso2 API manager and assign role as
> internal/publisher.
>
> 4.   Login to the store web application as the signed-up user. Create
> an application in the store application of the API manager and subscribe to
> the published API using the created application.
>
> 5.   Generate consumer key consumer secret pair for that application.
>
> 6.   I have login the identity serve and list down the service
> providers. Created application is not listed as a service provider.
>
> Please let me know which configuration is required for this.
>
>
>
> Thanks & Regards
>
> Monika Sharma
>
>
>



-- 
Best Regards..

Chanika Geeganage
+94773522586
WSO2, Inc.; http://wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on Private key JWT Client Authentication for OIDC

[Hasanthi Purnima Dissanayake]

Hi Shanika,

Thank you for the clarification. In the same doc [1] under step 15 it is
> asking to replace the   in the CURL command but no
> guidance for a user on how to get thisvalue.
> Appreciate any guidance on this.
>
> +Shiraz   as these details need to be added to the doc
>
>
We do have a doc jira for this and Shiraz is working on it.  We do have a
section to explain the jwt needed here in the document as below. Seems it
should be more descriptive.

"The JWT *must* contain some REQUIRED claim values and *may* contain some
OPTIONAL claim values. For more information on the required and optional
claim values needed for the JWT for private_key_jwt authentication, click
here

."

Here the privet_key_jwt should be a signed jwt with following format.
issREQUIRED. Issuer. This MUST contain the client_id of the OAuth
Client.subREQUIRED.
Subject. This MUST contain the client_id of the OAuth Client.audREQUIRED.
Audience. The aud (audience) Claim. Value that identifies the Authorization
Server as an intended audience. The Authorization Server MUST verify that
it is an intended audience for the token. The Audience SHOULD be the URL of
the Authorization Server's Token Endpoint.jtiREQUIRED. JWT ID. A unique
identifier for the token, which can be used to prevent reuse of the token.
These tokens MUST only be used once, unless conditions for reuse were
negotiated between the parties; any such negotiation is beyond the scope of
this specification.expREQUIRED. Expiration time on or after which the ID
Token MUST NOT be accepted for processing.iatOPTIONAL. Time at which the
JWT was issued.


A sample token is as follows before encoding.
{
  "alg": "RS256",
  "kid": ">",
  "typ": "JWT"
}

{
  "iss": "<>",
  "sub": "<>",
  "exp": >,
  "iat":  >,
  "jti": " an incremental unique value",
  "aud": 
}
<> with public and private key

Please refer the spec [1] for additional details.

[1] http://openid.net/specs/openid-connect-core-1_0.html#OAuth.Assertions

Thanks,



On Wed, Mar 7, 2018 at 6:56 PM, Shanika Wickramasinghe 
wrote:

> Hi All,
>
> Thank you for the clarification. In the same doc [1] under step 15 it is
> asking to replace the   in the CURL command but no
> guidance for a user on how to get thisvalue.
> Appreciate any guidance on this.
>
> +Shiraz   as these details need to be added to the doc
>
> [1]. https://docs.wso2.com/display/IS550/Private+Key+JWT+
> Client+Authentication+for+OIDC
>
> Thanks,
> Shanika.
>
> On Tue, Mar 6, 2018 at 4:26 PM, Abimaran Kugathasan 
> wrote:
>
>> Hi Shanika,
>>
>> 11th, 12th, and 13th are subsets of 10th (Import the public key of the
>> private_key_jwt issuer). You have to rename because management console
>> takes the file name of the public key as the alias which is clientID.
>>
>> The 14th step is an alternative way to install public key through keytool
>> and it requires a server restart.
>>
>> On Tue, Mar 6, 2018 at 2:56 PM, Shanika Wickramasinghe > > wrote:
>>
>>> Hi All,
>>>
>>> I tried the steps included under the section Deploying and configuring
>>> JWT client-handler artifacts in [1]. There in step 10 it says to Import the
>>> public key of the private_key_jwt issuer. Document does not have a detailed
>>> explanation on this or does not include any command to use. Is this
>>> referring to export the certificate from the key store and convert the
>>> binary encoded certificate into a PEM encoded certificate and import it
>>> under the Application certificate in the service provider as in [2].
>>>
>>> Under step 11 again it is asking to rename the public certificate with
>>> OAuth App client ID name
>>>
>>> Further step 14 specify as to import the above certificate to the
>>> default keystore [1]
>>>
>>> I am not clear with step 10, 11, 14 appreciate any guidance on how to
>>> proceed with these steps.
>>>
>>>
>>>
>>> [1]. https://docs.wso2.com/display/IS550/Private+Key+JWT+Cli
>>> ent+Authentication+for+OIDC
>>> [2]. https://docs.wso2.com/display/IS550/Adding+and+Configur
>>> ing+a+Service+Provider
>>>
>>> Thanks,
>>> Shanika.
>>>
>>>
>>> --
>>> *Shanika Wickramasinghe*
>>> Software Engineer - QA Team
>>>
>>> Email: shani...@wso2.com
>>> Mobile  : +94713503563 <+94%2071%20350%203563>
>>> Web : http://wso2.com
>>>
>>> 
>>>
>>
>>
>>
>> --
>> Thanks
>> Abimaran Kugathasan
>> Senior Software Engineer - API Technologies
>>
>> Email : abima...@wso2.com
>> Mobile : +94 773922820 <+94%2077%20392%202820>
>>
>> 
>> 
>>   
>> 
>>
>>
>
>
> --
> *Shanika Wickramasinghe*
> Software Engineer - QA Team
>
> Email: shani...@wso2.com
> Mobile  : +94713503563 

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Vihanga Liyanage]

The Encryption Method mentioned here is the symmetric key encryption
algorithm that is used to encrypt the JWT claims set. We used the Nimbus [1]
 library for the
implementation and within that, they have used the name "Encryption Method"
to identify this algorithm. They have a class defined as
com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric key
encryption algorithms.
I took the name from there. I'm not sure what you mean by "cipher chaining
mode". Is this mentioned in the JWE RFC?

[1] - https://connect2id.com/products/nimbus-jose-jwt

On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal  wrote:

> should be corrected as "Chaining Mode".
>
>
> Thanks
> Godwin
>
> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal  wrote:
>
>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>> chaining mode. I know it's a technical word, but still, I feel like we have
>> to use correct naming. Something  like "Chaning Mode".
>>
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I have completed the second phase of the project, providing service
>>> provider level configurations in admin dashboard to configure encryption
>>> algorithm and encryption method. With this update, once you enable
>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>> will appear with supported encryption algorithms and supported encryption
>>> methods. These supported algorithms are pulled from the identity.xml file.
>>>
>>>
>>>
>>> Respective git issue and pull requests are as follows.
>>>
>>>- https://github.com/wso2/product-is/issues/2387
>>>- https://github.com/wso2/carbon-identity-framework/pull/1416
>>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>th/pull/832
>>>
>>> I have also updated the docs as well.
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi all,

 [Update]
 I was able to complete the initial development of the proposed project,
 encrypted id token support in OIDC flow. Following are the links related to
 the development.

- An issue was created in product-is repository to track the
development.
   - https://github.com/wso2/product-is/issues/2336
- Pull request is made to identity-inbound-auth-oauth repository
with required updates.
- https://github.com/wso2-extensions/identity-inbound-auth-oau
   th/pull/798
- Pull request is made to product-is repository with updated
playground application to test the feature
- https://github.com/wso2/product-is/pull/2313
- Code review was held to review the code written in both PRs.

 All PRs are merged by now.
 Currently, I'm working on integration test to test the newly added
 feature.

 Thanks,
 Vihanga

 On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
 wrote:

> Yes, Farasath. As for the offline discussions with Drashana, I came to
> the same conclusion and exploring the SAML sample app right now.
>
> Although I'm not sure about signing JWE. I couldn't find anything
> specific about that in the RFC. Also, the API in Nimbus only expects the
> claims set and the public key of the client to create and encrypt a JWE.
> Please do let me know if you find something else.
>
> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
> wrote:
>
>>
>>
>> On Friday, February 9, 2018, Vihanga Liyanage 
>> wrote:
>>
>>> [- Engineering, Strategy]
>>> [+ Architecture, Dev]
>>>
>>> Thanks,
>>> Vihanga
>>>
>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi Farasath,

 For the above two points IMO it would be better to provide an
> option at Service Provider OAuth/OIDC configuration. This will be 
> similar
> to what we have done for SAML.
>

 That is the initial idea came to me as well. But shouldn't the
 clients have a choice of deciding that as well? May be through a 
 request
 parameter. To use either JWS or JWE, the client have to support them 
 right?

>>>
>> By enabling the option to encrypt id_token in the service provider
>> configs the client is acknowledging that it can support encrypted
>> id_tokens.
>>
>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>> couldn't find any reference on a standard approach to allow clients to
>> switch between JWS and JWE via a request parameter.
>>
>> If we take a look at how we handle this is SAML, we have an 

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Godwin Shrimal]

should be corrected as "Chaining Mode".


Thanks
Godwin

On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal  wrote:

> "Encryption Method" is the correct term/word here? AFAIK It's cipher
> chaining mode. I know it's a technical word, but still, I feel like we have
> to use correct naming. Something  like "Chaning Mode".
>
>
> Thanks
> Godwin
>
> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I have completed the second phase of the project, providing service
>> provider level configurations in admin dashboard to configure encryption
>> algorithm and encryption method. With this update, once you enable
>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>> will appear with supported encryption algorithms and supported encryption
>> methods. These supported algorithms are pulled from the identity.xml file.
>>
>>
>>
>> Respective git issue and pull requests are as follows.
>>
>>- https://github.com/wso2/product-is/issues/2387
>>- https://github.com/wso2/carbon-identity-framework/pull/1416
>>- https://github.com/wso2-extensions/identity-inbound-auth-
>>oauth/pull/832
>>
>> I have also updated the docs as well.
>>
>> Thanks,
>> Vihanga.
>>
>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I was able to complete the initial development of the proposed project,
>>> encrypted id token support in OIDC flow. Following are the links related to
>>> the development.
>>>
>>>- An issue was created in product-is repository to track the
>>>development.
>>>   - https://github.com/wso2/product-is/issues/2336
>>>- Pull request is made to identity-inbound-auth-oauth repository
>>>with required updates.
>>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>   th/pull/798
>>>- Pull request is made to product-is repository with updated
>>>playground application to test the feature
>>>- https://github.com/wso2/product-is/pull/2313
>>>- Code review was held to review the code written in both PRs.
>>>
>>> All PRs are merged by now.
>>> Currently, I'm working on integration test to test the newly added
>>> feature.
>>>
>>> Thanks,
>>> Vihanga
>>>
>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Yes, Farasath. As for the offline discussions with Drashana, I came to
 the same conclusion and exploring the SAML sample app right now.

 Although I'm not sure about signing JWE. I couldn't find anything
 specific about that in the RFC. Also, the API in Nimbus only expects the
 claims set and the public key of the client to create and encrypt a JWE.
 Please do let me know if you find something else.

 On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
 wrote:

>
>
> On Friday, February 9, 2018, Vihanga Liyanage 
> wrote:
>
>> [- Engineering, Strategy]
>> [+ Architecture, Dev]
>>
>> Thanks,
>> Vihanga
>>
>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi Farasath,
>>>
>>> For the above two points IMO it would be better to provide an option
 at Service Provider OAuth/OIDC configuration. This will be similar to 
 what
 we have done for SAML.

>>>
>>> That is the initial idea came to me as well. But shouldn't the
>>> clients have a choice of deciding that as well? May be through a request
>>> parameter. To use either JWS or JWE, the client have to support them 
>>> right?
>>>
>>
> By enabling the option to encrypt id_token in the service provider
> configs the client is acknowledging that it can support encrypted
> id_tokens.
>
> AFAIK even for JWE we need to first sign and then encrypt. Also I
> couldn't find any reference on a standard approach to allow clients to
> switch between JWS and JWE via a request parameter.
>
> If we take a look at how we handle this is SAML, we have an option in
> the SAML configs to say whether the assertion needs to be encrypted or 
> not.
> Once the option to encrypt assertion is enabled SAML assertions will 
> always
> be encrypted for the particular service provider (ie. There is no
> requirement to switch between signed or encrypted assertions)
>
> IMO we can follow the same approach. WDYT?
>
>
 On a separate note, any specific reason why we are discussing this
 in strategy and not in Dev and architecture mailing lists?

 I feel that we need to discuss this feature in architecture mailing
 list to get the input from community.

>>>
>>> No such specific reason at all. On the previous project I did, the
>>> mail was asked to sent to engineering and strategy. 

Re: [Dev] [APIM] Synchronous call from apim-gateway to Google Analytics

[Dushani Wellappili]

Hi all,

please note that I have created an issue [1] in git repository.

[1] https://github.com/wso2/product-apim/issues/2922


*Dushani Wellappili*
Software Engineer - WSO2

Email : dusha...@wso2.com
Mobile : +94779367571
Web : https://wso2.com/



On Wed, Mar 7, 2018 at 5:25 PM, Dushani Wellappili 
wrote:

> Hi Rukshan,
>
> Thank you for the answer. Yes, now in the existing code, event publishing
> task is done by the same PassThroughMessageProcessor thread.  I will create
> a git issue.
>
>
> *Dushani Wellappili*
> Software Engineer - WSO2
>
> Email : dusha...@wso2.com
> Mobile : +94779367571 <+94%2077%20936%207571>
> Web : https://wso2.com/
>
>
>
> On Wed, Mar 7, 2018 at 3:34 PM, Rukshan Premathunga 
> wrote:
>
>> Hi Dushani,
>>
>> I'm not sure it is possible to publish event async to google APIs. But we
>> can implement in a way that handover the event publishing task to a
>> separate thread and continue.
>> So please create a git issue and we will looking to it.
>>
>> Thanks and Regards
>>
>> On Wed, Mar 7, 2018 at 3:11 PM, Dushani Wellappili 
>> wrote:
>>
>>> Hi all,
>>>
>>> The api-manager gateway performs a https GET call to publish to google
>>> analytics [1]. It is a synchronous call.
>>>
>>> If so, the round trip time for an api invocation would depend on the
>>> Internet connection speed in publishing to google analytics.
>>>
>>> Is there any specific reason for making the call, synchronous?
>>>
>>> Appreciate your comments on this.
>>>
>>> [1] https://github.com/wso2/carbon-commons/blob/master/component
>>> s/ganalytics/org.wso2.carbon.ganalytics.publisher/src/main/j
>>> ava/org/wso2/carbon/ganalytics/publisher/GoogleAnalyticsData
>>> Publisher.java#L81
>>>
>>> Thank you,
>>> Regards
>>>
>>>
>>> *Dushani Wellappili*
>>> Software Engineer - WSO2
>>>
>>> Email : dusha...@wso2.com
>>> Mobile : +94779367571 <+94%2077%20936%207571>
>>> Web : https://wso2.com/
>>>
>>>
>>>
>>
>>
>> --
>> Rukshan Chathuranga.
>> Software Engineer.
>> WSO2, Inc.
>> +94711822074 <+94%2071%20182%202074>
>>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI] JSON null value taking as "null" String

[Senduran]

Hi Godwin,

As a workaround you can try the following.

This happens because of the following property contains null as string
value


So instead of reading the property in the argument, evaluating the JSON
path will solve I think
i.e


Regards
Senduran

On Wed, Mar 7, 2018 at 5:13 PM, Godwin Shrimal  wrote:

> Hi All,
>
> If we pass a JSON Payload with a null value, it is considering that null
> value as "null" string. Please see a sample API and payload
>
> API
> 
>
> 
>
>   
>
>   type="STRING"/>
>
>   scope="default" type="STRING"/>
>
>   scope="default" type="STRING"/>
>
>  
>
> 
>
>http://www.test.com.;>
>
>   $1
>
>   $2
>
>   $3
>
>
>
> 
>
> 
>
> *   *
>
>
>
>
>
> 
>
>  
>
>  
>
>  
>
> 
>
>  
>
>  
>
>   
>
>   
>
>  
>
>   
>
>
>
> Payload
> ==
>
> {
>
>"id":null,
>
>"contractid":"test",
>
>"dealid":"test1"
>
> }
>
> According to above sample highlight argument passing to dss service as
> "null" string. It looks this is a bug.
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Godwin Shrimal]

"Encryption Method" is the correct term/word here? AFAIK It's cipher
chaining mode. I know it's a technical word, but still, I feel like we have
to use correct naming. Something  like "Chaning Mode".


Thanks
Godwin

On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage  wrote:

> Hi all,
>
> [Update]
> I have completed the second phase of the project, providing service
> provider level configurations in admin dashboard to configure encryption
> algorithm and encryption method. With this update, once you enable
> encrypting id tokens for an SP in the admin dashboard, two select boxes
> will appear with supported encryption algorithms and supported encryption
> methods. These supported algorithms are pulled from the identity.xml file.
>
>
>
> Respective git issue and pull requests are as follows.
>
>- https://github.com/wso2/product-is/issues/2387
>- https://github.com/wso2/carbon-identity-framework/pull/1416
>- https://github.com/wso2-extensions/identity-inbound-
>auth-oauth/pull/832
>
> I have also updated the docs as well.
>
> Thanks,
> Vihanga.
>
> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I was able to complete the initial development of the proposed project,
>> encrypted id token support in OIDC flow. Following are the links related to
>> the development.
>>
>>- An issue was created in product-is repository to track the
>>development.
>>   - https://github.com/wso2/product-is/issues/2336
>>- Pull request is made to identity-inbound-auth-oauth repository with
>>required updates.
>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>   th/pull/798
>>- Pull request is made to product-is repository with updated
>>playground application to test the feature
>>- https://github.com/wso2/product-is/pull/2313
>>- Code review was held to review the code written in both PRs.
>>
>> All PRs are merged by now.
>> Currently, I'm working on integration test to test the newly added
>> feature.
>>
>> Thanks,
>> Vihanga
>>
>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
>> wrote:
>>
>>> Yes, Farasath. As for the offline discussions with Drashana, I came to
>>> the same conclusion and exploring the SAML sample app right now.
>>>
>>> Although I'm not sure about signing JWE. I couldn't find anything
>>> specific about that in the RFC. Also, the API in Nimbus only expects the
>>> claims set and the public key of the client to create and encrypt a JWE.
>>> Please do let me know if you find something else.
>>>
>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
>>> wrote:
>>>


 On Friday, February 9, 2018, Vihanga Liyanage  wrote:

> [- Engineering, Strategy]
> [+ Architecture, Dev]
>
> Thanks,
> Vihanga
>
> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
> wrote:
>
>> Hi Farasath,
>>
>> For the above two points IMO it would be better to provide an option
>>> at Service Provider OAuth/OIDC configuration. This will be similar to 
>>> what
>>> we have done for SAML.
>>>
>>
>> That is the initial idea came to me as well. But shouldn't the
>> clients have a choice of deciding that as well? May be through a request
>> parameter. To use either JWS or JWE, the client have to support them 
>> right?
>>
>
 By enabling the option to encrypt id_token in the service provider
 configs the client is acknowledging that it can support encrypted
 id_tokens.

 AFAIK even for JWE we need to first sign and then encrypt. Also I
 couldn't find any reference on a standard approach to allow clients to
 switch between JWS and JWE via a request parameter.

 If we take a look at how we handle this is SAML, we have an option in
 the SAML configs to say whether the assertion needs to be encrypted or not.
 Once the option to encrypt assertion is enabled SAML assertions will always
 be encrypted for the particular service provider (ie. There is no
 requirement to switch between signed or encrypted assertions)

 IMO we can follow the same approach. WDYT?


>>> On a separate note, any specific reason why we are discussing this
>>> in strategy and not in Dev and architecture mailing lists?
>>>
>>> I feel that we need to discuss this feature in architecture mailing
>>> list to get the input from community.
>>>
>>
>> No such specific reason at all. On the previous project I did, the
>> mail was asked to sent to engineering and strategy. So I followed the 
>> same
>> protocol. I'll change that now.
>>
>>>
>>>

 Thanks,
 Vihanga.

 --

 Vihanga Liyanage

 Software Engineer | WS*O₂* Inc.

 M : +*94710124103* | 

Re: [Dev] [APIM] Synchronous call from apim-gateway to Google Analytics

[Dushani Wellappili]

Hi Rukshan,

Thank you for the answer. Yes, now in the existing code, event publishing
task is done by the same PassThroughMessageProcessor thread.  I will create
a git issue.


*Dushani Wellappili*
Software Engineer - WSO2

Email : dusha...@wso2.com
Mobile : +94779367571
Web : https://wso2.com/



On Wed, Mar 7, 2018 at 3:34 PM, Rukshan Premathunga 
wrote:

> Hi Dushani,
>
> I'm not sure it is possible to publish event async to google APIs. But we
> can implement in a way that handover the event publishing task to a
> separate thread and continue.
> So please create a git issue and we will looking to it.
>
> Thanks and Regards
>
> On Wed, Mar 7, 2018 at 3:11 PM, Dushani Wellappili 
> wrote:
>
>> Hi all,
>>
>> The api-manager gateway performs a https GET call to publish to google
>> analytics [1]. It is a synchronous call.
>>
>> If so, the round trip time for an api invocation would depend on the
>> Internet connection speed in publishing to google analytics.
>>
>> Is there any specific reason for making the call, synchronous?
>>
>> Appreciate your comments on this.
>>
>> [1] https://github.com/wso2/carbon-commons/blob/master/component
>> s/ganalytics/org.wso2.carbon.ganalytics.publisher/src/main/
>> java/org/wso2/carbon/ganalytics/publisher/GoogleAna
>> lyticsDataPublisher.java#L81
>>
>> Thank you,
>> Regards
>>
>>
>> *Dushani Wellappili*
>> Software Engineer - WSO2
>>
>> Email : dusha...@wso2.com
>> Mobile : +94779367571 <+94%2077%20936%207571>
>> Web : https://wso2.com/
>>
>>
>>
>
>
> --
> Rukshan Chathuranga.
> Software Engineer.
> WSO2, Inc.
> +94711822074 <+94%2071%20182%202074>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Test failure in axis2 transport when the axis2 version is upgraded

[Chanika Geeganage]

Hi,

I tried to upgrade the axis2 version (1.6.1-wso2v24) in
wso2-axis2-transport repo. I'm getting the following test failures in the
JMS transport test cases.

org.apache.axis2.AxisFault: Did not receive a JMS response within 3 ms
to destination : direct://amq.direct/TempQueue3347121a-c9c8-44dc-
b1c6-1df603d7d02c/tmp_8af87fef-ddef-4eb9-9655-945482ad6941?exclusive='true'='true'
with JMS correlation ID : ID:94912946-a240-4c95-b21b-f886c0aa9437
at org.apache.axis2.transport.base.AbstractTransportSender.
handleException(AbstractTransportSender.java:234)
at org.apache.axis2.transport.jms.JMSSender.waitForResponseAndProcess(
JMSSender.java:415)
at org.apache.axis2.transport.jms.JMSSender.sendOverJMS(
JMSSender.java:349)
at org.apache.axis2.transport.jms.JMSSender.sendMessage(
JMSSender.java:205)
at org.apache.axis2.transport.base.AbstractTransportSender.invoke(
AbstractTransportSender.java:119)
at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:525)
at org.apache.axis2.transport.base.AbstractTransportListener.
handleIncomingMessage(AbstractTransportListener.java:336)
at org.apache.axis2.transport.jms.JMSMessageReceiver.
processThoughEngine(JMSMessageReceiver.java:214)
at org.apache.axis2.transport.jms.JMSMessageReceiver.
onMessage(JMSMessageReceiver.java:124)
at org.apache.axis2.transport.jms.ServiceTaskManager$
MessageListenerTask.handleMessage(ServiceTaskManager.java:645)
at org.apache.axis2.transport.jms.ServiceTaskManager$
MessageListenerTask.run(ServiceTaskManager.java:526)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$
1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

Only the following PRs were merged after 1.6.1-wso2v23 release in axis2. If
I reverted the fix [1] and tests were passed.

[1] https://github.com/wso2/wso2-axis2/pull/127/files
[2] https://github.com/wso2/wso2-axis2/pull/132/files

-- 
Best Regards..

Chanika Geeganage
+94773522586 <+94%2077%20352%202586>
WSO2, Inc.; http://wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [EI] JSON null value taking as "null" String

[Godwin Shrimal]

Hi All,

If we pass a JSON Payload with a null value, it is considering that null
value as "null" string. Please see a sample API and payload

API




  

 

 

 

 



   http://www.test.com.;>

  $1

  $2

  $3

   





*   *

   

   



 

 

 



 

 

  

  

 

  

   

Payload
==

{

   "id":null,

   "contractid":"test",

   "dealid":"test1"

}

According to above sample highlight argument passing to dss service as
"null" string. It looks this is a bug.


Thanks
Godwin

-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM] Synchronous call from apim-gateway to Google Analytics

[Rukshan Premathunga]

Hi Dushani,

I'm not sure it is possible to publish event async to google APIs. But we
can implement in a way that handover the event publishing task to a
separate thread and continue.
So please create a git issue and we will looking to it.

Thanks and Regards

On Wed, Mar 7, 2018 at 3:11 PM, Dushani Wellappili 
wrote:

> Hi all,
>
> The api-manager gateway performs a https GET call to publish to google
> analytics [1]. It is a synchronous call.
>
> If so, the round trip time for an api invocation would depend on the
> Internet connection speed in publishing to google analytics.
>
> Is there any specific reason for making the call, synchronous?
>
> Appreciate your comments on this.
>
> [1] https://github.com/wso2/carbon-commons/blob/master/
> components/ganalytics/org.wso2.carbon.ganalytics.
> publisher/src/main/java/org/wso2/carbon/ganalytics/publisher/
> GoogleAnalyticsDataPublisher.java#L81
>
> Thank you,
> Regards
>
>
> *Dushani Wellappili*
> Software Engineer - WSO2
>
> Email : dusha...@wso2.com
> Mobile : +94779367571 <+94%2077%20936%207571>
> Web : https://wso2.com/
>
>
>


-- 
Rukshan Chathuranga.
Software Engineer.
WSO2, Inc.
+94711822074
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [APIM] Synchronous call from apim-gateway to Google Analytics

[Dushani Wellappili]

Hi all,

The api-manager gateway performs a https GET call to publish to google
analytics [1]. It is a synchronous call.

If so, the round trip time for an api invocation would depend on the
Internet connection speed in publishing to google analytics.

Is there any specific reason for making the call, synchronous?

Appreciate your comments on this.

[1]
https://github.com/wso2/carbon-commons/blob/master/components/ganalytics/org.wso2.carbon.ganalytics.publisher/src/main/java/org/wso2/carbon/ganalytics/publisher/GoogleAnalyticsDataPublisher.java#L81

Thank you,
Regards


*Dushani Wellappili*
Software Engineer - WSO2

Email : dusha...@wso2.com
Mobile : +94779367571
Web : https://wso2.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] ERROR: Axis2Server

[Sashika Wijesinghe]

Hi Pendekal,

This issue [1] is fixed in the latest EI 6.1.1 update. Could you try out
the scenario in latest EI 6.1.1 update (6.1.1-update23) pack?

[1] https://github.com/wso2/product-ei/issues/570

Regards,
Sashika

On Wed, Mar 7, 2018 at 1:38 PM, Yohanna Fernando  wrote:

> Forwarded mail to dev@wso2.org.
>
> On Wed, Mar 7, 2018 at 12:36 PM, Pendekal Sanketh <
> pendekal.sank...@bridgesgi.com> wrote:
>
>> Hey,
>>While starting axis2server.bat, I got the following error:
>>  Server could not start due to class loading issue
>> java.lang.NoSuchMethodException: samples.util.SampleAxis2Server
>> .startServer([Ljava.lang.String;)
>>
>> What has to be done for the above error?
>> --
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. It may also be privileged or otherwise protected by work product
>> immunity or other legal rules. If you have received it by mistake, please
>> let us know by e-mail reply and delete it from your system; you may not
>> copy this message or disclose its contents to anyone.
>>
>
>
>
> --
> Yohanna Fernando
> Training & Certification
> WSO2 Inc.
> http://wso2.com
>
> E-mail: yoha...@wso2.com
> Cell: +94779021159 <+94%2077%20902%201159>
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

*Sashika WijesingheSoftware Engineer - QA Team*
Mobile : +94 (0) 774537487
sash...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Siddhi long value comparison

[Niveathika Rajendran]

Hi Dinusha,

The reason for the above issue is that the '259200'  value, we get from
the multiplication exceeds the maximum value of the int datatype(
2,147,483,647).

As per the use case, since only the 30 in the multiplication needs to be
configured, you can use the following query,

*from democondition[ timediff > 30***8640l ]*
*select timediff, status*
*insert into finalStream;*

Best Regards,
Niveathika Rajendran



On Tue, Mar 6, 2018 at 2:13 PM, Dinusha Dissanayake 
wrote:

> Hi all,
>
> I came across with an issue regarding comparing a long value.
> My intention was to check if the time difference is greater that 30 days,
> and then insert the corresponding values to target stream.
>
> I tested this behavior with APIM Analytics 2.0.0.
>
> However I noticed an unusual behavior.
>
> I have mentioned an example stream below.
>
> *@Import('demoConditions:1.0.0')*
> *define stream democondition (timediff long, status bool);*
>
> *@Export('finalStream:1.0.0')*
> *define stream finalStream (timediff long, status bool);*
>
>
> *from democondition[timediff > 30*24*60*60*1000]*
> *select timediff, status*
> *insert into finalStream;*
>
> Ideally, If I give a value greater than 30*24*60*60*1000 only, values
> should be inserted into finalStream.
> However I observed even if I give 1 as timeDiff, the values in timeDiff
> and status get inserted into finalStream.
>
> When I check the validity of the execution plan through the admin console,
> it gets success.
> However I replaced the value 30*24*60*60*1000 with 259200 and it
> produces and error.
>
>
>
> However when I append the "l" add the end (259200l), it got worked.
> I tried to use the same with 30*24*60*60*1000 -> 30l*24l*60l*60l*1000l
> and I couldn't get it worked since it produce an error while validating the
> script.
>
> The reason I am using 30*24*60*60*1000 is because I want the value "30" to
> be configured. It should be changed using the template manager.
>
> Please advice on how should I get it into working?
>
> Thanks,
> DinushaD.
>
>
> --
> Dinusha Dissanayake
> Software Engineer
> WSO2 Inc
> Mobile: +94712939439 <+94%2071%20293%209439>
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Best Regards,
*Niveathika Rajendran,*
*Software Engineer.*
*Mobile : +94 077 903 7536*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to comment or remove an xml element during package preparing time

[Naduni Pamudika]

On Wed, Mar 7, 2018 at 1:26 PM, Madhawa Gunasekara 
wrote:

> Hi Naduni,
>
> You can use ant plugin [1]. Here is a sample config [2]
>
> [1] https://ant.apache.org/manual/Tasks/replace.html
> [2] https://github.com/wso2-attic/product-dss/blob/master/
> modules/distribution/pom.xml#L321
>
> Thanks Madhawa. I was able to get it done using the ant plugin.

Thanks,
Naduni

> Thanks,
> Madhawa
>
> On Wed, Mar 7, 2018 at 12:27 PM, Naduni Pamudika  wrote:
>
>> Hi All,
>>
>> I have a requirement to comment out the below element in identity.xml
>> when building the micro-gateway distribution.
>>
>> http://wso2.org/projects/carbon/carbon.xml;>
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>
>> I tried using the maven replacer plugin by adding a configuration as
>> below, but it didn't work as it replaced the value of the class attribute
>> with an empty string.
>>
>> 
>> 
>> ${basedir}/../../p2-profile/micro-gateway/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/identity.xml
>> 
>> 
>> /Server/OAuth/ScopeValidators
>> 
>> (org.wso2.carbon.identity.oauth2.validators.XACMLScopeValidator)
>> 
>> 
>> 
>> 
>>
>> Does anyone know how to get this done using the replacer plugin or any
>> other plugin?
>>
>> Thanks,
>> Naduni
>>
>> --
>> *Naduni Pamudika*
>> Software Engineer | WSO2
>> Mobile: +94 719 143658 <+94%2071%20914%203658>
>> [image: http://wso2.com/signature] 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Madhawa Gunasekara*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94 719411002 <+94+719411002>
> blog: *http://madhawa-gunasekara.blogspot.com
> *
> linkedin: *http://lk.linkedin.com/in/mgunasekara
> *
>



-- 
*Naduni Pamudika*
Software Engineer | WSO2
Mobile: +94 719 143658 <+94%2071%20914%203658>
[image: http://wso2.com/signature] 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] ERROR: Axis2Server

[Yohanna Fernando]

Forwarded mail to dev@wso2.org.

On Wed, Mar 7, 2018 at 12:36 PM, Pendekal Sanketh <
pendekal.sank...@bridgesgi.com> wrote:

> Hey,
>While starting axis2server.bat, I got the following error:
>  Server could not start due to class loading issue
> java.lang.NoSuchMethodException: samples.util.
> SampleAxis2Server.startServer([Ljava.lang.String;)
>
> What has to be done for the above error?
> --
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> It may also be privileged or otherwise protected by work product immunity
> or other legal rules. If you have received it by mistake, please let us
> know by e-mail reply and delete it from your system; you may not copy this
> message or disclose its contents to anyone.
>



-- 
Yohanna Fernando
Training & Certification
WSO2 Inc.
http://wso2.com

E-mail: yoha...@wso2.com
Cell: +94779021159

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Support for encrypted ID tokens in OIDC

[Denuwanthi De Silva]

On Wed, Mar 7, 2018 at 12:56 PM, Vihanga Liyanage  wrote:

> Even with signed id tokens, we didn't persist them in the database. Hense
> I didn't either. Do you see any value in doing so?
>
Then there is no problem.

>
> On Wed, Mar 7, 2018 at 12:46 PM, Denuwanthi De Silva 
> wrote:
>
>>
>>
>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage 
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I have completed the second phase of the project, providing service
>>> provider level configurations in admin dashboard to configure encryption
>>> algorithm and encryption method. With this update, once you enable
>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>> will appear with supported encryption algorithms and supported encryption
>>> methods. These supported algorithms are pulled from the identity.xml file.
>>>
>>
>> Do we persist the encrypted ID Token to database at any point? If so, is
>> there any comparison of encrypted ID token with the value in the database?
>> I'm asking this because you seem to be using encryption algorithm with
>> dynamic padding.
>>
>>>
>>>
>>>
>>> Respective git issue and pull requests are as follows.
>>>
>>>- https://github.com/wso2/product-is/issues/2387
>>>- https://github.com/wso2/carbon-identity-framework/pull/1416
>>>- https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>th/pull/832
>>>
>>> I have also updated the docs as well.
>>>
>>> Thanks,
>>> Vihanga.
>>>
>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi all,

 [Update]
 I was able to complete the initial development of the proposed project,
 encrypted id token support in OIDC flow. Following are the links related to
 the development.

- An issue was created in product-is repository to track the
development.
   - https://github.com/wso2/product-is/issues/2336
- Pull request is made to identity-inbound-auth-oauth repository
with required updates.
- https://github.com/wso2-extensions/identity-inbound-auth-oau
   th/pull/798
- Pull request is made to product-is repository with updated
playground application to test the feature
- https://github.com/wso2/product-is/pull/2313
- Code review was held to review the code written in both PRs.

 All PRs are merged by now.
 Currently, I'm working on integration test to test the newly added
 feature.

 Thanks,
 Vihanga

 On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage 
 wrote:

> Yes, Farasath. As for the offline discussions with Drashana, I came to
> the same conclusion and exploring the SAML sample app right now.
>
> Although I'm not sure about signing JWE. I couldn't find anything
> specific about that in the RFC. Also, the API in Nimbus only expects the
> claims set and the public key of the client to create and encrypt a JWE.
> Please do let me know if you find something else.
>
> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed 
> wrote:
>
>>
>>
>> On Friday, February 9, 2018, Vihanga Liyanage 
>> wrote:
>>
>>> [- Engineering, Strategy]
>>> [+ Architecture, Dev]
>>>
>>> Thanks,
>>> Vihanga
>>>
>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage 
>>> wrote:
>>>
 Hi Farasath,

 For the above two points IMO it would be better to provide an
> option at Service Provider OAuth/OIDC configuration. This will be 
> similar
> to what we have done for SAML.
>

 That is the initial idea came to me as well. But shouldn't the
 clients have a choice of deciding that as well? May be through a 
 request
 parameter. To use either JWS or JWE, the client have to support them 
 right?

>>>
>> By enabling the option to encrypt id_token in the service provider
>> configs the client is acknowledging that it can support encrypted
>> id_tokens.
>>
>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>> couldn't find any reference on a standard approach to allow clients to
>> switch between JWS and JWE via a request parameter.
>>
>> If we take a look at how we handle this is SAML, we have an option in
>> the SAML configs to say whether the assertion needs to be encrypted or 
>> not.
>> Once the option to encrypt assertion is enabled SAML assertions will 
>> always
>> be encrypted for the particular service provider (ie. There is no
>> requirement to switch between signed or encrypted assertions)
>>
>> IMO we can follow the same approach. WDYT?
>>
>>
> On a separate note, any specific reason why we are discussing