Re: [Dev] [GSoC 2017][ESB]Native inbound and connector for IBM MQ 8.0

[Hasitha Jayasundara]

Hi all,

Will it possible to arrange a meeting on Thursday or Friday this week?

Thanks

On Wed, Jun 7, 2017 at 9:22 AM, Malaka Silva  wrote:

> Sure No Worries
>
> On Wed, Jun 7, 2017 at 7:37 AM, Hasitha Jayasundara <
> hasithajayasunda...@gmail.com> wrote:
>
>> Hi all,
>>
>> Can we please move the meeting to next week?.Got a problem with Friday
>> evening.Really sorry for the inconvenience caused.
>>
>> Thanks
>>
>> On Tue, Jun 6, 2017 at 10:24 AM, Malaka Silva  wrote:
>>
>>> +1 I'll be available after 13.00
>>>
>>> On Tue, Jun 6, 2017 at 10:00 AM, Kevin Ratnasekera 
>>> wrote:
>>>
 +1

 On Tue, Jun 6, 2017 at 9:51 AM, Hasitha Jayasundara <
 hasithajayasunda...@gmail.com> wrote:

> Hi all,
>
> Friday afternoon fine me with.Any suggestions?
>
> On Mon, Jun 5, 2017 at 9:30 AM, Malaka Silva  wrote:
>
>> Wednesday morning or Friday afternoon fine with me.
>>
>> On Mon, Jun 5, 2017 at 9:26 AM, Kevin Ratnasekera 
>> wrote:
>>
>>> Hi Hasitha,
>>>
>>> Great progress so far, since the coding period have already started,
>>> we need to plan things ahead and come up with a proper milestone plan
>>> before we proceed anything further. Will it be possible you to join a
>>> meeting within this week?
>>>
>>> @malaka Can you please suggest possible time for you to have a
>>> meeting?
>>>
>>> Regards
>>> Kevin
>>>
>>> On Mon, May 29, 2017 at 10:34 AM, Hasitha Jayasundara <
>>> hasithajayasunda...@gmail.com> wrote:
>>>
 Hi all,

 I have updated the sample MQ-Client [1] to establish SSL
 connections with IBM WebSphere MQ. Still carry on the research with the
 provided links about the IBM specific options that can be added other 
 than
 SSL and will update the thread with the findings as soon as
 possible.Working on

 "Can we check if it is possible to have an alternative way to set
 SSL details other than system properties with IBM MQ client 
 libraries.The
 reason for that is we are limiting our self to one set of properties 
 per
 JVM. eg: System.setProperty("

 which discussed in the previous thread.

 [1] https://github.com/hasithajayasundara/IBM-MQ-client

 On Tue, May 23, 2017 at 7:12 AM, Malaka Silva 
 wrote:

> Hi Hasitha,
>
> Sounds good. It'll be good if you can come up with the list of IBM 
> specific
> options.
>
> On Tue, May 23, 2017 at 7:08 AM, Hasitha Jayasundara <
> hasithajayasunda...@gmail.com> wrote:
>
>> Hi all,
>>
>> I tried to implement sample MQ-Client that can connect to IBM MQ
>> and we can improve that to implement inbound endpoint and the 
>> connector.Will improve
>> that MQ-Client to support more ibm specific options such as SSL 
>> connections
>> within next few days.
>>
>> On Fri, May 19, 2017 at 11:07 AM, Hasitha Jayasundara <
>> hasithajayasunda...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> Thanks for the replies.I'll go through the links and let you
>>> know if there's any issue.
>>>
>>> On Fri, May 19, 2017 at 8:50 AM, Riyafa Abdul Hameed <
>>> riy...@wso2.com> wrote:
>>>
 Hi,

 See if this blog post could be of help:
 https://riyafa.wordpress.com/2016/02/21/sample-java-client-f
 or-websphere-mq-consumer-and-producer/

 Regards,
 Riyafa

 On Thu, May 18, 2017 at 9:13 PM, Malaka Silva 
 wrote:

> Hi Hasitha,
>
> You can find sample code done for IBM MQ 7.5. Here ESB acts as
> the consumer.
>
> What is required to do is ESB act as the consumer and producer
> for IBM MQ 8.0.
>
> Let me know if something is not clear?
>
> [1] https://github.com/wso2-attic/esb-connectors/pull/483/fi
> les
>
> On Tue, May 16, 2017 at 9:39 PM, Hasitha Jayasundara <
> hasithajayasunda...@gmail.com> wrote:
>
>> Hi ayya,
>>
>> As we discussed today can you provide me some materials to
>> get more familiar with IBM MQ 8.0?
>>
>> thanks
>>
>> --
>> *D.M.Hasitha Nadishan Jayasundara*
>> *Department of Electronic and Telecommunication Engineering*
>> University of Moratuwa
>> *mobile:* *+94711959266 

[Dev] Fwd: [Architecture] [IS] Features to be included in IS 5.4.0 which required for APIM 3.0

[Milan Perera]

Hi Indunil,

Please find my concerns on scope registration and binding below (inline).


>
>- Scope can be bound with roles or permissions - Uses scope to role
>binding in APIM and uses scope to permission binding in IoT.
>
>
>- Both of the above bindings are stored in "IDN_OAUTH2_SCOPE" table
>where roles and permissions both are stored as a comma separated string in
>same column named "ROLES". AFAIU, there is no indication with a prefix in
>scope registration, where to separate the two bindings.
> *There can be other bindings which will be added in future, isn't it
>better to renamed the field as "BINDINGS"? There can be a situation where
>both set of roles and permissions are bound to a scope? *
>
> ​+1 for renaming this since it makes sense to store them (permission/role)
in a generic field.​


>
>-
>
>
>- In scope validation, currently there are validators for role based
>and permission based. The corresponding validator will be selected based on
>the prefix (ex: Permission based scope validator only validates the scope
>which are having "perm" as the prefix of the scopes) and if scope prefix is
>not defined, those will directly go to the default role based scope
>validator. *How this prefix has to be considered and validated in
>scope registration with the bindings?*
>
> ​At the time IoT team developed this, we have implemented a scope
validating handler [1]​

​which picks the relevant scope validator based on the scope prefix (ex: if
prefix is 'perm', it picks PermissionBasedScopeValidator [2])​. This
handler is pointed in the identity.xml under ScopeValidator element. The
handler maintains a Map  in the data holder where scope validator will be stored against its
prefix at the service registration time. However, currently prefix of the
scope validators are set manually as in [3] and it would be ideal if we can
add a prefix attribute to the OAuth2ScopeValidator abstract class [4] so
that when implementing the validator, prefix can be defined. So by the time
it gets registered, we can easily call a getPrefix() method and have it
register. Similar approach is also being used in the APIM for registering
multiple scope issuers [5].

>
>- In scope registration, AFAIU, scope key and name are the essential
>details to be included. *What is the difference of theses and where
>these values will be used? scope key is the unique value which need to be
>considered in scope binding?*
>
> ​AFAIK, scope name is a human understandable name compared to the key and
it is used in the publisher at the time of scope assigning to a particular
resource. ​



​[1] ​https://github.com/wso2/carbon-device-mgt/blob/master/
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/
src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/
ScopeValidationHandler.java

[2] https://github.com/wso2/carbon-device-mgt/blob/master/
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/
src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/
PermissionBasedScopeValidator.java

[3] https://github.com/wso2/carbon-device-mgt/blob/master/
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/
src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/
OAuthExtensionServiceComponent.java#L70-L73

[4] https://github.com/wso2-extensions/identity-inbound-
auth-oauth/blob/master/components/org.wso2.carbon.
identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/
OAuth2ScopeValidator.java

[5] https://github.com/wso2/carbon-apimgt/blob/6.1.x/
components/apimgt/org.wso2.carbon.apimgt.keymgt/src/main/
java/org/wso2/carbon/apimgt/keymgt/internal/APIKeyMgtServiceComponent.
java#L232


​Regards,​

-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.4.0-M1 Released!

[Pulasthi Mahawithana]

The WSO2 Identity Server team is pleased to announce the 1st Milestone of
WSO2 IdentityServer 5.4.0. You can download this distribution from
following location.

https://github.com/wso2/product-is/releases/tag/v5.4.0-m1

Following list contains all the features, improvements and bug fixes
available with this milestone.
Wish

   - [IDENTITY-4428 ] - Claim
   mapping for given name is incorecct

Patch

   - [IDENTITY-5834 ] - Under
   high concurrency UserStoreConfigXMLProcessor fails to decrypt the
   connection password in the secondary userstore file
   - [IDENTITY-5846 ] -
   Facebook authenticator does not work properly after recent Facebook API
   changes
   - [IDENTITY-5852 ] - OIDC
   logout fails when opbs cookie not properly cleared
   - [IDENTITY-5853 ] - SQL
   Syntax Error in VALIDATE_AUTHZ_CODE Query.
   - [IDENTITY-5919 ] - No
   tenant check when validating scopes in JDBCScopeValidator
   - [IDENTITY-5985 ] - In
   Postgres CON_APP_KEY constraint becomes all lower case, causing it to skip
   error handling procedure.
   - [IDENTITY-6026 ] -
   Retrieving user claims from cache always assume token, even when
   authorization code is given.

Bug

   - [IDENTITY-3001 ] -
   Exchanging SAML2 bearer tokens with OAuth2 not working when server(AM) is
   restarted
   - [IDENTITY-3198 ] - IS
   Dashboard Account Recovery blank page and exception in backend after
   changing challenge question of the user from SoapUI calling
   UserIdentityManagementAdminService
   - [IDENTITY-3222 ] -
   Challenge questions set through setChallengeQuestions operation are not
   shown in dashbaord
   - [IDENTITY-3473 ] - Web UI
   not creating valid XACML
   - [IDENTITY-3815 ] -
   [IS510][Cluster][OAuth/SAML][Load/Long] NPE - exception while processing
   task:com.hazelcast.spi.impl.eventservice.impl.LocalEventDispatcher
   - [IDENTITY-3863 ] -
   [RemoteUserStoreManagerService] Secondary user store users are not
   listed with getUserList
   - [IDENTITY-3967 ] - Claim
   related error after authenticating with OpenID Connect
   - [IDENTITY-4003 ] - Can not
   add users from console UI when multiple 'user search base' configured to
   user-mgt with '#' separated
   - [IDENTITY-4043 ] -
   [IS510][Cluster][OAuth/SAML][Long][mysql] SQLException: The total number
   of locks exceeds the lock table size
   - [IDENTITY-4112 ] - Revoked
   Access Token and Revoked Refresh Token returned back in token revoke
   endpoint response
   - [IDENTITY-4172 ] -
   ClassNotFoundException when trying to authentication with fido
   - [IDENTITY-4173 ] -
   Unlocking the locked users when restarting the server
   - [IDENTITY-4276 ] -
   Encrypting values in EndpointConfig.properties file with cipher tool fails
   to deploy authenticationendpoint web app
   - [IDENTITY-4332 ] -
   [Dashboard] Internal Error occured when Password is inputted with less than
   5 characters via Create Account
   - [IDENTITY-4394 ] - OpenID
   Connect Session Management Assumptions and Limitations
   - [IDENTITY-4420 ] - Error
   adding SAML2 Web SSO Configuration on Identity Server
   - [IDENTITY-4423 ] - Error
   in marshalling SAML response when use custom claim for objectSID
   - [IDENTITY-4427 ] - The
   regular expression to check valid user/rolename in user-mgmt.xml is wrong
   - [IDENTITY-4464 ] - SQL
   error while running following query - UPDATE IDN_OAUTH2_ACCESS_TOKEN set
   USER_DOMAIN = 'PRIMARY' where USER_DOMAIN is null;
   - [IDENTITY-4470 ] - Tenant
   domain is not returning within the JWT.
   - [IDENTITY-4512 ] - Cannot
   generate signed Authentication Context JWT for custom grant type sample
   - [IDENTITY-4534 ] - Error
   response for 

Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite

[Gayan Gunawardana]

Hi Vindula,

On Mon, Jun 5, 2017 at 4:14 PM, Vindula Jayawardana <
vindula...@cse.mrt.ac.lk> wrote:

> Hi,
>
> Kindly find the weekly update below.
>
> Within the week time span, I have been working on the webapp component
> proposed in the system architecture. In parallel, I also looked in to
> implementing scimcore component as well. In implementing the scimcore
> component, as we discussed in the previous mails, I used the Charon code
> (which relates to scheme specifications only) as a base code.
>
You suppose to use feign JAX-RS client right ? Can you directly use charon
core objects [1][2] in REST client or did you implement your own object
model ? I guess you may find json encoding and decoding problem with charon
core standard objects.

[1]
https://github.com/wso2/charon/blob/master/modules/charon-core/src/main/java/org/wso2/charon3/core/objects/User.java
[2]
https://github.com/wso2/charon/blob/master/modules/charon-core/src/main/java/org/wso2/charon3/core/objects/Group.java

>
> In this week, I am planning on look into the scimcore component more with
> adhering to schema specification. Also I did not mock the SCIM 1.1 /Schemas
> endpoint in IS yet since it is not that urgent at the moment (it is helpful
> in understanding the protocol specification). Hence I will look into mock
> that as well since now I can work with protocol specification as well.
>
Could you able to run SCIM 1.1 compliance test if you mock /Schemas
endpoint ? This task also important to get an understanding about
compliance test.

>
> Thank you.
>
> *Vindula Jayawardana*
> Computer Science and Engineering Dept.
> University of Moratuwa
> mobile : +713462554
> Email : vindul...@gmail.com
>
> 
> 
> 
> 
>
> *“Respect is how to treat everyone, not just those you want to impress. "*
>
>
> *-Richard Branson-*
>
>
>
> On 29 May 2017 at 10:50, Gayan Gunawardana  wrote:
>
>>
>>
>> On Mon, May 29, 2017 at 1:21 AM, Vindula Jayawardana <
>> vindula...@cse.mrt.ac.lk> wrote:
>>
>>> Hi,
>>>
>>> I have been working on understanding more on the current SCIM 1.1 test
>>> suite. Hence I further analyzed it and identified the following
>>> possibilities.
>>>
>> +1
>>
>>>
>>> 1. Apart from the specification specific implementation aspects, a
>>> significant amount of code reuse can be done from the current code base.
>>> However as per the SCIM mailing list [1] some concerns were raised
>>> regarding the current structure of the implementation.
>>> 2. For the proposed scim core component, we can make use of the Charon
>>> [2] code base as a start.
>>>
>>> As Identity Server currently supports SCIM 2.0 in the C5 architecture
>>> only, I have added a PR [3] and a jira [4] to make it available for C4
>>> architecture as well. Greatly appreciate if you can review it and merge.
>>>
>> We will review [3],[4] btw can you continue the work with IS 6.0.0 in C5
>> ? I guess for compliance test it won't make much difference.
>>
>>>
>>> I am currently working in the webapp of the component architecture
>>> proposed and hoping to start implementing the scimcore component in the
>>> coming week. Apart from that, will look into mocking the /Schemas endpoint
>>> in the SCIM 1.1 implementation of Identity Server to get a better
>>> understanding on how the SCIM 1.1 test suite works with IS.
>>>
>> Great progress Vindula keep it up.
>>
>>>
>>> [1] - https://mailarchive.ietf.org/arch/msg/scim/JYFpusDrtQ94hnghv
>>> EPjczU4laE
>>> [2] - https://github.com/wso2/charon
>>> [3] - https://github.com/wso2-extensions/identity-inbound-provis
>>> ioning-scim2/pull/16
>>> [4] - https://wso2.org/jira/projects/IDENTITY/issues/IDENTITY-5942
>>>
>>> Thank you
>>>
>>> *Vindula Jayawardana*
>>> Computer Science and Engineering Dept.
>>> University of Moratuwa
>>> mobile : +713462554
>>> Email : vindul...@gmail.com
>>>
>>> 
>>> 
>>> 
>>> 
>>>
>>> *“Respect is how to treat everyone, not just those you want to impress.
>>> "*
>>>
>>>
>>> *-Richard Branson-*
>>>
>>>
>>>
>>> On 2 April 2017 at 18:29, Vindula Jayawardana 
>>> wrote:
>>>
 Hi Omindu,

 Thank you for the prompt feedback on the draft proposal. I incorporated
 the suggestions you made on the proposal.

 As also mentioned in the proposal, I made the configuration options
 more flexible by giving the manual configuration feasibility to the tester
 as an optional feature apart from what is mandatory in the project. I hope
 that would give us the required flexibility in the SCIM 2.0 compliance test
 suite in terms of configuration options.

 Thank you,