date:20170831

Re: [Dev] [IS] Usage of "kid" JWT header parameter

2017-08-31 Thread Hasanthi Purnima Dissanayake

Hi Gayan,

It seems we can use [1] which contains the exact logic to generate 'kid'
value. WDYT?

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L1568

Thanks,



Hasanthi Dissanayake

Software Engineer | WSO2

E: hasan...@wso2.com
M :0718407133| http://wso2.com 

On Fri, Sep 1, 2017 at 10:10 AM, Gayan Gunawardana  wrote:

> In order to retrieve tenant public key to calculate kid value we can use
> same logic as in [1].
>
> boolean isJWTSignedWithSPKey = 
> OAuthServerConfiguration.getInstance().isJWTSignedWithSPKey();
> String tenantDomain = null;
> if(isJWTSignedWithSPKey) {
> tenantDomain = (String) 
> request.getProperty(MultitenantConstants.TENANT_DOMAIN);
> } else {
> tenantDomain = 
> request.getAuthorizationReqDTO().getUser().getTenantDomain();
> }
>
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/
> DefaultIDTokenBuilder.java#L434
>
> On Thu, Aug 31, 2017 at 11:24 PM, Darshana Gunawardana 
> wrote:
>
>> Will prioritize this for IS 5.4.0.
>>
>> Thanks,
>>
>> On Tue, Aug 29, 2017 at 11:47 PM, Prabath Siriwardena 
>> wrote:
>>
>>> Hope we will fix this for IS 5.4.0..?
>>>
>>> Thanks & regards,
>>> -Prabath
>>>
>>> On Tue, Aug 29, 2017 at 2:34 AM, Indunil Upeksha Rathnayake <
>>> indu...@wso2.com> wrote:
>>>
 Hi,

 On Mon, Aug 28, 2017 at 12:07 PM, Gayan Gunawardana 
 wrote:

>
>
> On Mon, Aug 28, 2017 at 11:48 AM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi,
>>
>> In IS, when signing the ID token, we are passing the "kid" header
>> parameter in the response.
>> https://github.com/wso2-extensions/identity-inbound-auth-oau
>> th/blob/master/components/org.wso2.carbon.identity.oauth/src
>> /main/java/org/wso2/carbon/identity/openidconnect/DefaultIDT
>> okenBuilder.java#L122
>>
>> As per the specification (Refer [1]) :
>>
>>> *The kid value is a key identifier used in identifying the key to be
>>> used to verify the signature.If the kid value is unknown to the RP, it
>>> needs to retrieve the contents of the OP's JWK Set again to obtain the 
>>> OP's
>>> current set of keys. *
>>>
>>
>> We have hard coded this "kid" value in the implementation level. What
>> happens if the signing key is a different one than the default one?
>>
>> Seems like this "kid" is like a hint to identify which specific key
>> to be used to validate the signature, when there are multiple keys. Is 
>> it a
>> valid use case in IS, since there cannot be multiple certs available in
>> resident IDP? And also is it correct to use a hard coded value from
>> back-end?
>>
> Having hard coded value is not correct. "kid" value should be
> generated based on certificate "thumbprint". Hard coded value would work
> for super tenant default keystore.
>

 Thanks. I have created a public JIRA in [1] to handle this.

 [1] https://wso2.org/jira/browse/IDENTITY-6311


>
>>
>>
>>
>> This is hard coded in JwksEndpoint as well.
>> https://github.com/wso2-extensions/identity-inbound-auth-oau
>> th/blob/master/components/org.wso2.carbon.identity.oauth.end
>> point/src/main/java/org/wso2/carbon/identity/oauth/endpoint/
>> jwks/JwksEndpoint.java#L54
>>
>> But in JWTTokenGenerator, we are not setting the "kid" parameter.
>> https://github.com/wso2-extensions/identity-inbound-auth-oau
>> th/blob/master/components/org.wso2.carbon.identity.oauth/src
>> /main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTo
>> kenGenerator.java#L293
>>
>> In which scenarios, this "kid" header parameter should be sent and
>> should not be sent? Recently we have implemented to sign the user info 
>> JWT
>> response and need to verify whether "kid" parameter should be sent there 
>> as
>> well.
>>
>>
>>
>> Appreciate your ideas on above concerns.
>>
>> [1] http://openid.net/specs/openid-connect-core-1_0.html
>>
>>
>> Thanks and Regards
>> --
>> Indunil Upeksha Rathnayake
>> Software Engineer | WSO2 Inc
>> Emailindu...@wso2.com
>> Mobile   0772182255 <077%20218%202255>
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



 --
 Indunil Upeksha Rathnayake
 Software Engineer | WSO2 Inc
 Emailindu...@wso2.com
 Mobile   0772182255 <077%20218%202255>

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,

Re: [Dev] [IS] Usage of "kid" JWT header parameter

2017-08-31 Thread Gayan Gunawardana

In order to retrieve tenant public key to calculate kid value we can use
same logic as in [1].

boolean isJWTSignedWithSPKey =
OAuthServerConfiguration.getInstance().isJWTSignedWithSPKey();
String tenantDomain = null;
if(isJWTSignedWithSPKey) {
tenantDomain = (String)
request.getProperty(MultitenantConstants.TENANT_DOMAIN);
} else {
tenantDomain = request.getAuthorizationReqDTO().getUser().getTenantDomain();
}


[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L434

On Thu, Aug 31, 2017 at 11:24 PM, Darshana Gunawardana 
wrote:

> Will prioritize this for IS 5.4.0.
>
> Thanks,
>
> On Tue, Aug 29, 2017 at 11:47 PM, Prabath Siriwardena 
> wrote:
>
>> Hope we will fix this for IS 5.4.0..?
>>
>> Thanks & regards,
>> -Prabath
>>
>> On Tue, Aug 29, 2017 at 2:34 AM, Indunil Upeksha Rathnayake <
>> indu...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> On Mon, Aug 28, 2017 at 12:07 PM, Gayan Gunawardana 
>>> wrote:
>>>


 On Mon, Aug 28, 2017 at 11:48 AM, Indunil Upeksha Rathnayake <
 indu...@wso2.com> wrote:

> Hi,
>
> In IS, when signing the ID token, we are passing the "kid" header
> parameter in the response.
> https://github.com/wso2-extensions/identity-inbound-auth-oau
> th/blob/master/components/org.wso2.carbon.identity.oauth/src
> /main/java/org/wso2/carbon/identity/openidconnect/DefaultIDT
> okenBuilder.java#L122
>
> As per the specification (Refer [1]) :
>
>> *The kid value is a key identifier used in identifying the key to be
>> used to verify the signature.If the kid value is unknown to the RP, it
>> needs to retrieve the contents of the OP's JWK Set again to obtain the 
>> OP's
>> current set of keys. *
>>
>
> We have hard coded this "kid" value in the implementation level. What
> happens if the signing key is a different one than the default one?
>
> Seems like this "kid" is like a hint to identify which specific key to
> be used to validate the signature, when there are multiple keys. Is it a
> valid use case in IS, since there cannot be multiple certs available in
> resident IDP? And also is it correct to use a hard coded value from
> back-end?
>
 Having hard coded value is not correct. "kid" value should be generated
 based on certificate "thumbprint". Hard coded value would work for super
 tenant default keystore.

>>>
>>> Thanks. I have created a public JIRA in [1] to handle this.
>>>
>>> [1] https://wso2.org/jira/browse/IDENTITY-6311
>>>
>>>

>
>
>
> This is hard coded in JwksEndpoint as well.
> https://github.com/wso2-extensions/identity-inbound-auth-oau
> th/blob/master/components/org.wso2.carbon.identity.oauth.end
> point/src/main/java/org/wso2/carbon/identity/oauth/endpoint/
> jwks/JwksEndpoint.java#L54
>
> But in JWTTokenGenerator, we are not setting the "kid" parameter.
> https://github.com/wso2-extensions/identity-inbound-auth-oau
> th/blob/master/components/org.wso2.carbon.identity.oauth/src
> /main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTo
> kenGenerator.java#L293
>
> In which scenarios, this "kid" header parameter should be sent and
> should not be sent? Recently we have implemented to sign the user info JWT
> response and need to verify whether "kid" parameter should be sent there 
> as
> well.
>
>
>
> Appreciate your ideas on above concerns.
>
> [1] http://openid.net/specs/openid-connect-core-1_0.html
>
>
> Thanks and Regards
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Emailindu...@wso2.com
> Mobile   0772182255 <077%20218%202255>
>



 --
 Gayan Gunawardana
 Senior Software Engineer; WSO2 Inc.; http://wso2.com/
 Email: ga...@wso2.com
 Mobile: +94 (71) 8020933

>>>
>>>
>>>
>>> --
>>> Indunil Upeksha Rathnayake
>>> Software Engineer | WSO2 Inc
>>> Emailindu...@wso2.com
>>> Mobile   0772182255 <077%20218%202255>
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> Twitter : @prabath
>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>>
>> Mobile : +1 650 625 7950 <(650)%20625-7950>
>>
>> http://facilelogin.com
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com *
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>



-- 
Gayan Gunawardana
Senior Software Engineer; WSO2 Inc.; http://wso2.com/
Email: ga...@wso2.com
Mobile: +94 (71) 8020933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Usage of "kid" JWT header parameter

2017-08-31 Thread Darshana Gunawardana

Will prioritize this for IS 5.4.0.

Thanks,

On Tue, Aug 29, 2017 at 11:47 PM, Prabath Siriwardena 
wrote:

> Hope we will fix this for IS 5.4.0..?
>
> Thanks & regards,
> -Prabath
>
> On Tue, Aug 29, 2017 at 2:34 AM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi,
>>
>> On Mon, Aug 28, 2017 at 12:07 PM, Gayan Gunawardana 
>> wrote:
>>
>>>
>>>
>>> On Mon, Aug 28, 2017 at 11:48 AM, Indunil Upeksha Rathnayake <
>>> indu...@wso2.com> wrote:
>>>
 Hi,

 In IS, when signing the ID token, we are passing the "kid" header
 parameter in the response.
 https://github.com/wso2-extensions/identity-inbound-auth-oau
 th/blob/master/components/org.wso2.carbon.identity.oauth/src
 /main/java/org/wso2/carbon/identity/openidconnect/DefaultIDT
 okenBuilder.java#L122

 As per the specification (Refer [1]) :

> *The kid value is a key identifier used in identifying the key to be
> used to verify the signature.If the kid value is unknown to the RP, it
> needs to retrieve the contents of the OP's JWK Set again to obtain the 
> OP's
> current set of keys. *
>

 We have hard coded this "kid" value in the implementation level. What
 happens if the signing key is a different one than the default one?

 Seems like this "kid" is like a hint to identify which specific key to
 be used to validate the signature, when there are multiple keys. Is it a
 valid use case in IS, since there cannot be multiple certs available in
 resident IDP? And also is it correct to use a hard coded value from
 back-end?

>>> Having hard coded value is not correct. "kid" value should be generated
>>> based on certificate "thumbprint". Hard coded value would work for super
>>> tenant default keystore.
>>>
>>
>> Thanks. I have created a public JIRA in [1] to handle this.
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-6311
>>
>>
>>>

 This is hard coded in JwksEndpoint as well.
 https://github.com/wso2-extensions/identity-inbound-auth-oau
 th/blob/master/components/org.wso2.carbon.identity.oauth.end
 point/src/main/java/org/wso2/carbon/identity/oauth/endpoint
 /jwks/JwksEndpoint.java#L54

 But in JWTTokenGenerator, we are not setting the "kid" parameter.
 https://github.com/wso2-extensions/identity-inbound-auth-oau
 th/blob/master/components/org.wso2.carbon.identity.oauth/src
 /main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTo
 kenGenerator.java#L293

 In which scenarios, this "kid" header parameter should be sent and
 should not be sent? Recently we have implemented to sign the user info JWT
 response and need to verify whether "kid" parameter should be sent there as
 well.

 Appreciate your ideas on above concerns.

 [1] http://openid.net/specs/openid-connect-core-1_0.html

 Thanks and Regards
 --
 Indunil Upeksha Rathnayake
 Software Engineer | WSO2 Inc
 Emailindu...@wso2.com
 Mobile   0772182255 <077%20218%202255>

>>>
>>>
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Indunil Upeksha Rathnayake
>> Software Engineer | WSO2 Inc
>> Emailindu...@wso2.com
>> Mobile   0772182255 <077%20218%202255>
>>
>
>
>
> --
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950 <(650)%20625-7950>
>
> http://facilelogin.com
>

-- 
Regards,

*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

2017-08-31 Thread Thilina Madumal

+1 to remove the links as Johann has suggested.

Regards,
Thilina.

On Thu, Aug 31, 2017 at 11:40 AM, Johann Nallathamby 
wrote:

> +1 to remove these links. I think better UX is the solution than asking
> users to read more docs.
>
> Regards,
> Johann.
>
> On Thu, Aug 31, 2017 at 11:04 AM, Samuel Gnaniah  wrote:
>
>> Our strategy here is to remove these help links and walk through the UI
>> with the dev team to make the UIs and forms easier to configure without
>> requiring additional documentation. This is the stragety we are following
>> for all products.
>>
>> Thanks,
>>
>> --
>>
>> *Samuel Gnaniah*
>> Lead Technical Writer
>>
>> WSO2 (pvt.) Ltd.
>> Colombo, Sri Lanka
>> (+94) 773131798 <+94%2077%20313%201798>
>>
>> On Thu, Aug 31, 2017 at 10:51 AM, Sherene Mahanama 
>> wrote:
>>
>>> +documentation, +shiraz, +samuel
>>>
>>> On Thu, Aug 31, 2017 at 10:50 AM, Sherene Mahanama 
>>> wrote:
>>>
 Hi Team,

 We can use [1] as the base URL as it will always point to the latest
 docs of IS. If we export an html page though, when we update the doc page
 with improvements the changes won't get reflected in the help page right
 unless we export again every time we make a change?

 [1] https://docs.wso2.com/identity-server

 Thanks,
 Sherene

 On Thu, Aug 31, 2017 at 10:38 AM, Omindu Rathnaweera 
 wrote:

> One other option would be to export an html from the doc page and
> include it in the product.
>
> On Thu, Aug 31, 2017 at 10:35 AM, Johann Nallathamby 
> wrote:
>
>> Only problem I see is if Internet access is not available from the
>> client's machine which can access the carbon console, which could be the
>> case sometimes.
>>
>> On Thu, Aug 31, 2017 at 10:22 AM, Thilina Madumal <
>> thilina...@wso2.com> wrote:
>>
>>> Hi Devs,
>>>
>>> Currently, in IS Management Console, the context sensitive help
>>> pages are outdated. See [1].
>>> Even though the content is up to date, the content is not
>>> informative enough IMO.
>>>
>>> If we are to update the help-pages, we need to make them up to date
>>> and informative enough.
>>> The concern is if we are to do so;
>>>
>>>1. The effort is significantly high
>>>2. Also, it is kind of writing another set of documentation
>>>
>>> We already have a nice set of documentation for the Product IS.
>>> Therefore shall we link the already available IS documentation to
>>> Help Pages of IS Management Console? WDYT?
>>>
>>> [1] https://wso2.org/jira/browse/IDENTITY-446
>>>
>>> Thanks & Regards,
>>> Thilina.
>>>
>>> --
>>> *Thilina Madumal*
>>> *Software Engineer | **WSO2*
>>> Email: thilina...@wso2.com
>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>> Web:  http://wso2.com
>>>
>>> 
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Sherene Mahanama
 Technical Writer

 WSO2 (pvt.) Ltd.
 Colombo, Sri Lanka
 Mobile: (+94) 777 <%28%2B94%29%20773131798>
 *994805*

>>>
>>>
>>>
>>> --
>>> Sherene Mahanama
>>> Technical Writer
>>>
>>> WSO2 (pvt.) Ltd.
>>> Colombo, Sri Lanka
>>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>>> *994805*
>>>
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 Documentation Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to documentation+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
*Thilina Madumal*
*Software Engineer | **WSO2*
Email: thilina...@wso2.com
Mobile: *+ <+94%2077%20767%201807>94 774553167*
Web:  http://wso2.com

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Sathya Bandara

On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby  wrote:

> Hi Sathya,
>
> On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara  wrote:
>
>> Hi Johann,
>>
>> IMO having two separate LDAP attributes for the same claims in both SCIM1
>> and SCIM2 would be redundant and cause problems in maintaining user
>> attributes.
>>
>
> True. I didn't say this is the correct solution. I only mentioned it as a
> work around for someone who wants to use both without any conflicts until
> we find a alternative or deprecate SCIM 1.1 :)
>
>
>> If we need to have both listeners enabled at the time I would suggest to
>> use a common util method to generate IDs and do the mappings for the claims
>> that are common to both protocols.
>>
>
> Didn't get how this would help exactly. May be I am missing some context.
>
> However, after reading through your first reply again, now I have another
> question. Why do both the listeners get executed when adding a new user? I
> know they both will get triggered. But can't we look at the dialect URI at
> the top and skip the execution if it's not for that listener?
>
> When adding a user through normal approach(management console) when SCIM
> is enabled, it is not possible to figure out the dialect URI. In this case
> this will not work AFAIU.
>
> Thanks,
> Sathya
>
> Regards,
> Johann.
>
>
>>
>> Thanks,
>> Sathya
>>
>> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
>> wrote:
>>
>>> Will it work if we have two separate attributes for the problematic
>>> attributes like SCIM ID? If that works I guess that is one solution.
>>>
>>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>>> think that's a good solution. Introduces direct coupling between two
>>> implementations.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>>>
 Hi Thilina,

 If we enable both SCIM1 and SCIM2 listeners at the same time two
 different SCIM IDs will be generated for the same user when adding a new
 user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
 LDAP user attributes. Even though both listeners get triggered only the
 SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
 response will contain the SCIM ID generated by SCIM2 listener.

 Thanks,
 Sathya

 On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
 wrote:

>
> Hi all,
>
> While I was trying to fix IDENTITY-6315
>  I got to know that we
> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity 
> Server.
> Is it because of this specific issue or is there any other reasons?
>
> Thanks & Regards,
> Thilina.
>
> --
> *Thilina Madumal*
> *Software Engineer | **WSO2*
> Email: thilina...@wso2.com
> Mobile: *+ <+94%2077%20767%201807>94 774553167*
> Web:  http://wso2.com
>
> 
>
>


 --
 Sathya Bandara
 Software Engineer
 WSO2 Inc. http://wso2.com
 Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

 <+94%2071%20411%205032>

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Senior Lead Solutions Engineer
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

2017-08-31 Thread Johann Nallathamby

IAM Folks,

Can we do a better fix for this? I don't seem to agree with this fix.

1. We have written super tenant specific code. We shows that we treat super
tenant differently and can be error prone.
2. The problem still remains for already created tenants.

Another thing we need to address is that (not related to this issue), some
deployments require to have different DNS names for tenants.

My suggestion:
Make this field a text box that is modifiable.

Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in that?

Regards,
Johann.

-- Forwarded message --
From: Farasath Ahamed (JIRA) 
Date: Thu, May 18, 2017 at 1:54 AM
Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata URLs
are always pointing to localhost:9443
To: carbon-j...@wso2.org


Farasath Ahamed

*created* an issue

WSO2 Identity Server  / [image:
Improvement]  IDENTITY-5948

Generated IdP metadata URLs are always pointing to localhost:9443

Issue Type: [image: Improvement] Improvement
Affects Versions: 5.3.0-GA
Assignee: Thanuja Lakmal

Components: saml2-sso
Created: 18/May/17 1:53 AM
Fix Versions: 5.3.1-GA
Priority: [image: High] High
Reporter: Farasath Ahamed


During the first startup if we do not change the hostname of the IS server.
All endpoints related to SAML configs gets generated for localhost.

Thereafter even if you change the hostname still they will remain as
hostname,

http://www.w3.org/2000/09/xmldsig#;>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=https://localhost:9443/samlsso;
ResponseLocation="https://localhost:9443/samlsso"/>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedhttps://localhost:9443/samlsso"/>https://localhost:9443/samlsso"/>

Any new tenants created after the hostname change will have the correct URL
with the hostname. But super tenant's metadata URL becomes unusable.

Basically, the endpoint in SAML Metadata file is static values.
IMO we should generate them dynamically so that any change to an
environment parameter would be reflected correctly.
[image: Add Comment]
 Add Comment


This message was sent by Atlassian JIRA (v7.2.2#72004-sha1:9d51328)
[image: Atlassian logo]

___
Carbon-jira mailing list
carbon-j...@wso2.org
https://wso2.org/cgi-bin/mailman/listinfo/carbon-jira




-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] List of claims returned in IDToken and Userinfo don't get updated when we update requested claims configuration

2017-08-31 Thread Johann Nallathamby

IAM Folks,

List of claims returned in IDToken and Userinfo don't get updated when we
update requested claims configuration. This doesn't get updated even if we
try from a fresh browser instance. The only way to get out of this seems to
be revoking the token.

This seems to be a big usability issue for evaluation users and first
experience becomes really bad.  Can we get this fixed for IS 5.4.0 [1]?

[1] https://wso2.org/jira/browse/IDENTITY-6327

Thanks & Regards,
Johann.

-- 

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IAM] Unable to create user with "email verification" and "request password" using SCIM

2017-08-31 Thread Johann Nallathamby

IAM Folks,

Following seems to be a blocker for IS 5.4.0 and we need to immediately fix
this.

The only Rest API we have now to create new users is SCIM. And we are not
able to create users with "email verification" and "request password".

[1] https://wso2.org/jira/browse/IDENTITY-6326

Thanks & Regards,
Johann.

-- 

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [EI][Datasources] X-CSRF-TOKEN not included in the form submission when saving a datasource therefore getting 403-Forbidden

2017-08-31 Thread Manuri Amaya Perera

Hi,

$subject can be reproduced with the docker image shared at [1]. But when
trying the same with the server in a non-containerized environment this
issue does not occur.

When I checked the source of newdatasource.jsp on the browser, in the happy
scenario,



element was present in the jsp page.

But in the error scenario, this element was not present.

So, when loading the page, the call to the servlet that injects the token
has not been executed properly. To verify this, I debugged the csrfguard
source[2] and noticed that, the request does not go thorugh
CsrfGuardFilter. Also the status of the request in the browser was "
net::ERR_CONTENT_DECODING_FAILED".

Any idea why this happens only when the server is run in a container?

[1] https://github.com/wso2/product-ei/issues/696
[2] https://github.com/aramrami/OWASP-CSRFGuard

Thanks,
Manuri

-- 

*Manuri Amaya Perera*

*Senior Software Engineer*

*WSO2 Inc.*

*Blog: http://manuriamayaperera.blogspot.com
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Johann Nallathamby

Hi Sathya,

On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara  wrote:

> Hi Johann,
>
> IMO having two separate LDAP attributes for the same claims in both SCIM1
> and SCIM2 would be redundant and cause problems in maintaining user
> attributes.
>

True. I didn't say this is the correct solution. I only mentioned it as a
work around for someone who wants to use both without any conflicts until
we find a alternative or deprecate SCIM 1.1 :)


> If we need to have both listeners enabled at the time I would suggest to
> use a common util method to generate IDs and do the mappings for the claims
> that are common to both protocols.
>

Didn't get how this would help exactly. May be I am missing some context.

However, after reading through your first reply again, now I have another
question. Why do both the listeners get executed when adding a new user? I
know they both will get triggered. But can't we look at the dialect URI at
the top and skip the execution if it's not for that listener?

Regards,
Johann.


>
> Thanks,
> Sathya
>
> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
> wrote:
>
>> Will it work if we have two separate attributes for the problematic
>> attributes like SCIM ID? If that works I guess that is one solution.
>>
>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>> think that's a good solution. Introduces direct coupling between two
>> implementations.
>>
>> Regards,
>> Johann.
>>
>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>>
>>> Hi Thilina,
>>>
>>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>>> different SCIM IDs will be generated for the same user when adding a new
>>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>>> LDAP user attributes. Even though both listeners get triggered only the
>>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>>> response will contain the SCIM ID generated by SCIM2 listener.
>>>
>>> Thanks,
>>> Sathya
>>>
>>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>>> wrote:
>>>

 Hi all,

 While I was trying to fix IDENTITY-6315
  I got to know that we
 can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
 Is it because of this specific issue or is there any other reasons?

 Thanks & Regards,
 Thilina.

 --
 *Thilina Madumal*
 *Software Engineer | **WSO2*
 Email: thilina...@wso2.com
 Mobile: *+ <+94%2077%20767%201807>94 774553167*
 Web:  http://wso2.com

 


>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Chamila Wijayarathna

We should not have two different IDs if there is no difference in the
format (eg: length) for ID's in spec IMO

On Thu, Aug 31, 2017 at 4:59 PM, Sathya Bandara  wrote:

> Hi Johann,
>
> IMO having two separate LDAP attributes for the same claims in both SCIM1
> and SCIM2 would be redundant and cause problems in maintaining user
> attributes. If we need to have both listeners enabled at the time I would
> suggest to use a common util method to generate IDs and do the mappings for
> the claims that are common to both protocols.
>
> Thanks,
> Sathya
>
> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
> wrote:
>
>> Will it work if we have two separate attributes for the problematic
>> attributes like SCIM ID? If that works I guess that is one solution.
>>
>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>> think that's a good solution. Introduces direct coupling between two
>> implementations.
>>
>> Regards,
>> Johann.
>>
>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>>
>>> Hi Thilina,
>>>
>>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>>> different SCIM IDs will be generated for the same user when adding a new
>>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>>> LDAP user attributes. Even though both listeners get triggered only the
>>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>>> response will contain the SCIM ID generated by SCIM2 listener.
>>>
>>> Thanks,
>>> Sathya
>>>
>>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>>> wrote:
>>>

 Hi all,

 While I was trying to fix IDENTITY-6315
  I got to know that we
 can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
 Is it because of this specific issue or is there any other reasons?

 Thanks & Regards,
 Thilina.

 --
 *Thilina Madumal*
 *Software Engineer | **WSO2*
 Email: thilina...@wso2.com
 Mobile: *+ <+94%2077%20767%201807>94 774553167*
 Web:  http://wso2.com

 


>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Sathya Bandara

Hi Johann,

IMO having two separate LDAP attributes for the same claims in both SCIM1
and SCIM2 would be redundant and cause problems in maintaining user
attributes. If we need to have both listeners enabled at the time I would
suggest to use a common util method to generate IDs and do the mappings for
the claims that are common to both protocols.

Thanks,
Sathya

On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
wrote:

> Will it work if we have two separate attributes for the problematic
> attributes like SCIM ID? If that works I guess that is one solution.
>
> Or we need to have one listener for both SCIM 1 and SCIM2. But don't think
> that's a good solution. Introduces direct coupling between two
> implementations.
>
> Regards,
> Johann.
>
> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>
>> Hi Thilina,
>>
>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>> different SCIM IDs will be generated for the same user when adding a new
>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>> LDAP user attributes. Even though both listeners get triggered only the
>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>> response will contain the SCIM ID generated by SCIM2 listener.
>>
>> Thanks,
>> Sathya
>>
>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>> wrote:
>>
>>>
>>> Hi all,
>>>
>>> While I was trying to fix IDENTITY-6315
>>>  I got to know that we
>>> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>>> Is it because of this specific issue or is there any other reasons?
>>>
>>> Thanks & Regards,
>>> Thilina.
>>>
>>> --
>>> *Thilina Madumal*
>>> *Software Engineer | **WSO2*
>>> Email: thilina...@wso2.com
>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>> Web:  http://wso2.com
>>>
>>> 
>>>
>>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

2017-08-31 Thread Johann Nallathamby

+1 to remove these links. I think better UX is the solution than asking
users to read more docs.

Regards,
Johann.

On Thu, Aug 31, 2017 at 11:04 AM, Samuel Gnaniah  wrote:

> Our strategy here is to remove these help links and walk through the UI
> with the dev team to make the UIs and forms easier to configure without
> requiring additional documentation. This is the stragety we are following
> for all products.
>
> Thanks,
>
> --
>
> *Samuel Gnaniah*
> Lead Technical Writer
>
> WSO2 (pvt.) Ltd.
> Colombo, Sri Lanka
> (+94) 773131798 <+94%2077%20313%201798>
>
> On Thu, Aug 31, 2017 at 10:51 AM, Sherene Mahanama 
> wrote:
>
>> +documentation, +shiraz, +samuel
>>
>> On Thu, Aug 31, 2017 at 10:50 AM, Sherene Mahanama 
>> wrote:
>>
>>> Hi Team,
>>>
>>> We can use [1] as the base URL as it will always point to the latest
>>> docs of IS. If we export an html page though, when we update the doc page
>>> with improvements the changes won't get reflected in the help page right
>>> unless we export again every time we make a change?
>>>
>>> [1] https://docs.wso2.com/identity-server
>>>
>>> Thanks,
>>> Sherene
>>>
>>> On Thu, Aug 31, 2017 at 10:38 AM, Omindu Rathnaweera 
>>> wrote:
>>>
 One other option would be to export an html from the doc page and
 include it in the product.

 On Thu, Aug 31, 2017 at 10:35 AM, Johann Nallathamby 
 wrote:

> Only problem I see is if Internet access is not available from the
> client's machine which can access the carbon console, which could be the
> case sometimes.
>
> On Thu, Aug 31, 2017 at 10:22 AM, Thilina Madumal  > wrote:
>
>> Hi Devs,
>>
>> Currently, in IS Management Console, the context sensitive help pages
>> are outdated. See [1].
>> Even though the content is up to date, the content is not informative
>> enough IMO.
>>
>> If we are to update the help-pages, we need to make them up to date
>> and informative enough.
>> The concern is if we are to do so;
>>
>>1. The effort is significantly high
>>2. Also, it is kind of writing another set of documentation
>>
>> We already have a nice set of documentation for the Product IS.
>> Therefore shall we link the already available IS documentation to
>> Help Pages of IS Management Console? WDYT?
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-446
>>
>> Thanks & Regards,
>> Thilina.
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  http://wso2.com
>>
>> 
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Omindu Rathnaweera
 Senior Software Engineer, WSO2 Inc.
 Mobile: +94 771 197 211 <+94%2077%20119%207211>

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Sherene Mahanama
>>> Technical Writer
>>>
>>> WSO2 (pvt.) Ltd.
>>> Colombo, Sri Lanka
>>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>>> *994805*
>>>
>>
>>
>>
>> --
>> Sherene Mahanama
>> Technical Writer
>>
>> WSO2 (pvt.) Ltd.
>> Colombo, Sri Lanka
>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>> *994805*
>>
>
>


-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Johann Nallathamby

Will it work if we have two separate attributes for the problematic
attributes like SCIM ID? If that works I guess that is one solution.

Or we need to have one listener for both SCIM 1 and SCIM2. But don't think
that's a good solution. Introduces direct coupling between two
implementations.

Regards,
Johann.

On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:

> Hi Thilina,
>
> If we enable both SCIM1 and SCIM2 listeners at the same time two different
> SCIM IDs will be generated for the same user when adding a new user through
> SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same LDAP user
> attributes. Even though both listeners get triggered only the SCIM1 ID is
> mapped to the user ID attribute. But the SCIM2 user creation response will
> contain the SCIM ID generated by SCIM2 listener.
>
> Thanks,
> Sathya
>
> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
> wrote:
>
>>
>> Hi all,
>>
>> While I was trying to fix IDENTITY-6315
>>  I got to know that we can't
>> enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>> Is it because of this specific issue or is there any other reasons?
>>
>> Thanks & Regards,
>> Thilina.
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  http://wso2.com
>>
>> 
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Usage of "kid" JWT header parameter

Re: [Dev] [IS] Usage of "kid" JWT header parameter

Re: [Dev] [IS] Usage of "kid" JWT header parameter

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

[Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

[Dev] List of claims returned in IDToken and Userinfo don't get updated when we update requested claims configuration

[Dev] [IAM] Unable to create user with "email verification" and "request password" using SCIM

[Dev] [EI][Datasources] X-CSRF-TOKEN not included in the form submission when saving a datasource therefore getting 403-Forbidden

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

14 matches

Site Navigation

Mail list logo

Footer information