.wso2.com/display/IS500/Provisioning+Users+to+Active+Directory+User+Store+Using+SCIM
> [2]
> https://is.docs.wso2.com/en/5.10.0/setup/configuring-a-read-write-active-directory-user-store/
>
> Thanks,
> Gayashan
>
> On Wed, Mar 25, 2020 at 9:57 AM Johann Nallathamby
> wrote:
s-used-in-read-write-active-directory-userstore-manager
>
> Best Regards,
> Gayashan
>
> On Sat, Feb 1, 2020 at 9:13 PM Darshana Gunawardana
> wrote:
>
>> Hi Gayashan,
>>
>> Is this implemented in the product now? If so can you share details on
>> the final approach you took.
Hi Gayashan,
On Tue, Dec 3, 2019 at 6:54 PM Gayashan Bombuwala
wrote:
> Hi all,
>
> Currently when managing users in Active Directory user store with SCIM, we
> have mapped the SCIM core attributes to different attributes[1, 2]
> supported by SCIM.
>
> e.g.
/blob/07c9b78564dbd4fd652ae323d3f3ef264cf5/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationMgtListener.java#L121
>>
>> Regards,
>> Gayashan.
>>
>> On Fri
Hi Gayashan,
Though you introduce the method in the API, who calls the method? Now that
there are two methods is the ApplicationMgtService going to call both the
methods? Can't we read the Service Provider object based on the name rather
than introducing a new method for it?
Regards,
Johann.
On
Hi Darshana,
On Sat, Sep 28, 2019 at 8:29 PM Darshana Gunawardana
wrote:
> Hi Johann,
>
> On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby
> wrote:
>
>> Hi Thanuja,
>>
>> Did we consider sending the access token itself as a secure, http-only
>> c
Hi Prakhash,
On Mon, Sep 23, 2019 at 4:34 PM Prakhash Sivakumar
wrote:
> Hi Johann,
>
> On Sat, Sep 21, 2019 at 7:13 AM Johann Nallathamby
> wrote:
>
>> Hi Thanuja,
>>
>> Did we consider sending the access token itself as a secure, http-only
>> c
Hi Thanuja,
Did we consider sending the access token itself as a secure, http-only
cookie to the browser instead of binding it to a separate cookie? This will
also simplify the development on the client side, in case someone wants to
build their own SPA.
Regards,
Johann.
On Mon, Sep 2, 2019 at
As far as I know we do support internationalization of
/accountrecoveryendpoint [1]. However, seems the JIRA is still open for
this [2]. At the same time I couldn't find a JIRA for internationalization
of /dashboard.
[1] https://github.com/wso2/carbon-identity-framework/pull/1566
[2]
and still have configurations along with artifacts?
Sorry if I am asking too many questions, but just want to be able to
convince myself that we are doing the right thing here once and for all :)
Thanks & Regards,
Johann.
>
> Hence +1 to treat
>
>- Persist data as a blob (marshalled to
Hi Janak,
Thanks for brining this up. I also noticed this recently when I was doing
some demo for a customer and was planning to send a mail on this.
When we did the OIDC scopes management feature we should have addressed the
OAuth2 scopes management as well. I searched back to see if there has
Ignore the question Isura, I think Ruwan's reply contains the answer.
Regards,
Johann.
On Thu, Jul 4, 2019 at 8:48 AM Johann Nallathamby wrote:
> Hi Isura,
>
> On Fri, Jun 7, 2019 at 9:16 AM Isura Karunaratne wrote:
>
>>
>>
>> On Wed, Jun 5, 2019 at 9:34 AM Ru
uot;environment variable" binding
>> logic, to get proper support for environment to environment promotion of
>> artifacts. yet, it can be done with a separate effort than this IMO.
>>
>> Hence +1 to treat
>>
>>- Persist data as a blob (marshalled t
Folks,
Why does all the IS SSO samples in [1], have a dependency on
ClaimManagerProxy?
1. This is a fundamental mistake because a sample using standard federation
protocols should be not coupled to the Identity Server. We should be able
to run it against any other IdP to demonstrate
Hi Folks,
I just noticed that IS analytics engine configuration is under resident IdP
configurations. How do we consider an analytics engine configuration as an
Identity Provider configuration?
Resident IdP configurations are ideally any "configurations" that impact
runtime interactions with
+1 to get rid of the artifacts for user stores. I think this was a wrong
decision we made early on.
On Tue, Jun 4, 2019 at 1:19 PM Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi All,
>
> *Problem *
> Currently, some artifacts like userstores , tenants' data, etc are stored
> in
Hi Farasath,
On Thu, Apr 25, 2019 at 9:26 AM Farasath Ahamed wrote:
>
>
> On Thu, Apr 25, 2019 at 7:32 AM Johann Nallathamby
> wrote:
>
>> Hi Malithi,
>>
>> On Thu, Apr 25, 2019 at 12:34 AM Malithi Edirisinghe
>> wrote:
>>
>>>
>&
Hi Malithi,
On Thu, Apr 25, 2019 at 12:34 AM Malithi Edirisinghe
wrote:
>
>
> On Wed, Apr 24, 2019 at 11:13 PM Johann Nallathamby
> wrote:
>
>> First of all, I don't understand what is the design issue with using
>> OAuth2 as a handler in authenticating and auth
First of all, I don't understand what is the design issue with using OAuth2
as a handler in authenticating and authorizing access to Rest APIs by a
client? Isn't that what OAuth2 is meant for typically?
Secondly, I think if the use case contains secondary user stores and client
expects to call
Issue:
https://github.com/wso2/product-is/issues/5066
Thanks & Regards,
Johann.
--
*Johann Dilantha Nallathamby* | Associate Director/Solutions Architect |
WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
[image: Signature.jpg]
Many systems I have seen always have the resend OTP option enabled, whether
or not the user has entered a wrong OTP. I guess this is because sometimes
the user might not receive the OTP in his mobile due to network
connectivity issues with the mobile provider. This will be a good
improvement to
_
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<http://www.lin
maintain. For those cases, instead of filtering out options at step 4
> above, we can write and use a custom function to dynamically inject the IdP
> configured for the tenant at step 3.
>
> On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby
> wrote:
>
>> Ping on this p
rd to configure and
>> maintain. For those cases, instead of filtering out options at step 4
>> above, we can write and use a custom function to dynamically inject the IdP
>> configured for the tenant at step 3.
>>
>> On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby
>&
Ping on this please!
On Wed, Jul 18, 2018 at 5:26 PM Johann Nallathamby wrote:
> Hi IAM Team,
>
> Following is the use case I want to accomplish. But I am not able to
> figure out how I would be able to do it.
>
> I have IS running with multiple tenants. Each tenant is an ent
hann.
--
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<http://www.linkedin.com/in/johann-nallathamby>*
Medium: *https://medium.com/@johann_nallathamby
<https
and then selecting it from the photo gallery and giving it to
the Google authenticator.
Regards,
Johann.
--
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<h
o2.com>
>> wrote:
>>
>>> If extensions are coming in the SAML AuthnRequest from the SP, then,
>>> IIRC, that *same extension* will be copied to the AuthnRequest going to
>>> the Federated IdP. Is that behaviour acceptable for this scenario? Please
>>&
iki/display/CEFDIGITAL/How+
> does+it+work+-+eIDAS+solution
> [2] https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/
> 2016/12/16/eIDAS+Technical+Specifications+v.+1.1
> [3] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
>
> Thanks and Regards
&g
gt;
>>>>>> WDYT ?
>>>>>>
>>>>>>
>>>>>> [1] https://docs.wso2.com/display/IS530/Configuring+Access+C
>>>>>> ontrol+Policy+for+a+Service+Provider
>>>>>>
>>>>>>
>>>>>&g
On Tue, Jan 23, 2018 at 10:16 AM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi Johann,
>
>
>
> On Tue, Jan 23, 2018 at 8:07 AM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Hi IAM Team,
>>
>> We have two regex patterns for user names and
leware
Mobile: *+94 77 7776950*
LinkedIn: *http://www.linkedin.com/in/johann-nallathamby
<http://www.linkedin.com/in/johann-nallathamby>*
Medium: *https://medium.com/@johann_nallathamby
<https://medium.com/@johann_nallathamby>*
Twitter: *@dj_nallaa*
ddleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
--
*Johann Dilantha Nallathamb
>
> <http://wso2.com/signature>
>
>
>
> On Fri, Nov 17, 2017 at 6:48 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>>
>>
>> On Fri, Nov 17, 2017 at 6:39 PM, Malithi Edirisinghe <malit...@wso2.com>
>> wrote:
>>
>>>
On Fri, Nov 17, 2017 at 6:39 PM, Malithi Edirisinghe <malit...@wso2.com>
wrote:
>
>
> On Fri, Nov 17, 2017 at 6:12 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Hi Farasath,
>>
>> On Fri, Nov 17, 2017 at 5:35 PM, Farasath Ahamed <farasa.
Hi Farasath,
On Fri, Nov 17, 2017 at 5:35 PM, Farasath Ahamed <farasa...@wso2.com> wrote:
>
> On Fri, Nov 17, 2017 at 3:23 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Self contained JWT's may get quite large and if we set it as the default
>&g
Self contained JWT's may get quite large and if we set it as the default
size in the script, for users who are not using self contained JWT also it
is going to consume large space in the database.
Did we think about storing a hash of the access token?
On Fri, Nov 17, 2017 at 3:06 PM, Isura
The Public JIRA version still says Alpha-8 "unreleased". Can we fix this?
And if we are planning for Alpha-9 can we add that as new version?
Regards,
Johann.
On Fri, Nov 10, 2017 at 1:26 AM, Jayanga Kaushalya
wrote:
> The WSO2 Identity and Access Management team is pleased
Any SCIM experts who can answer this query?
Regards,
Johann.
On Thu, Nov 9, 2017 at 2:35 PM, Johann Nallathamby <joh...@wso2.com> wrote:
> *[+IAM Team]*
>
> On Thu, Nov 9, 2017 at 2:11 PM, Isuranga Perera <isurangamper...@gmail.com
> > wrote:
>
>> Hi All,
>
*[+IAM Team]*
On Thu, Nov 9, 2017 at 2:11 PM, Isuranga Perera
wrote:
> Hi All,
>
> Even though Charon 2 User class has setter methods for password and other
> attributes Charon 3 doesn't provide most of those setter methods. So is
> there any other way I can set the
Again I think we've missed the point to explain why we need to define
claims to get this feature working. If that was explained, naturally a user
will think when he is sending a request using SCIM APIs whether he has
included these claims also. And then he will follow that by thinking if he
has
On Sat, Nov 4, 2017 at 12:27 PM, Sashika Wijesinghe
wrote:
> Hi Sathya,
>
> Thanks for the configuration requirements provided above. It helps to
> resolve the issue.
>
> According to the current implementation, since we are mapping the claims
> for SCIM extension isn't it
Hi Sashika,
Please follow [1] to get your scenario working.
[1] http://isurad.blogspot.com/2016/02/wso2-identity-server-
510-behind_18.html
*@Samuel*:
This has been already discussed in [1], and have two L1 Documentation JIRAs
[2,3]. [1] has been created before IS 5.2.0 release. I thought we
Hi Malithi,
+1 to use placeholders like we do in IS. This prevents the user from
falling into trouble and I can say that the IS user experience after we
provided placeholder support in IS 5.1.0 has been much better.
Regards,
Johann.
On Tue, Oct 24, 2017 at 12:09 AM, Malithi Edirisinghe
By definition admin services are services that require authentication and
authorization. This is the parameter you find in the services.xml of the
service. If that is set to false then it is not an admin service.
AuthenticationAdmin is the service to do authentication. So obviously you
can't have
IAM Devs,
Currently to setup some of the local authenticators it's a hassle to copy
paste the claim URIs from the documentation and configure attribute
mappings. It will be much easier if these mappings are available OOTB, and
mapped to meaningful attributes. Also if we have this pre-configured
On Mon, Oct 16, 2017 at 1:28 AM, Johann Nallathamby <joh...@wso2.com> wrote:
> IAM Devs,
>
> I think for all the well know Identity Providers (including social
> authentication sites) we have the practice of defining a claim dialect in
> claim management to do mapping
IAM Devs,
I think for all the well know Identity Providers (including social
authentication sites) we have the practice of defining a claim dialect in
claim management to do mapping easily without having to duplicate for each
IdP in each tenant. For the OOTB connectors we may be shipping these
wrote:
>
>> Hi Johann,
>>
>> Since we are still keeping the deprecated SOAP APIs we'll keep the sample
>> also till the next major version.
>>
> Yes. +1 to keep the sample since we support SOAP apis too.
>
> Thanks
> Isura
>
>>
>> On Mon, Sep 4, 2017
Hi Isuranga,
First of all thank you for your contribution to WSO2 Identity Server.
However, can you please follow the following protocol in order to get your
PRs merged faster.
1. Create one JIRA per issue. Make sure you give the description clearly.
Add the PRs related to the issue in the
IAM team can we change the default value here for IS 5.4.0? I think we
discussed the same during IS 5.3.0 release also but somehow have missed to
change it for JDBCUserStoreManager.
Regards,
Johann.
-- Forwarded message --
From: Johann Nallathamby <joh...@wso2.com>
Date: Tu
Will someone be able to shed some light on this issue sooner than later,
because Isuranga is trying to contribute a useful feature to WSO2 IS, which
is discussed in [1].
[1] [IAM] Restful API to Evaluate Permission Tree in IS
Regards,
Johann.
On Thu, Oct 5, 2017 at 7:22 PM, Johann Nallathamby
*[+Asela, IAM Team]*
On Thu, Oct 5, 2017 at 7:20 PM, Isuranga Perera
wrote:
> Hi All,
>
> I'm trying to introduce a new XACML function in IS 5.3. This is the
> procedure I followed so far.
>
>- Create the new class by extending the *FunctionBase* abstract class.
>
Any thoughts on the above idea or did we fix it in a different way?
On Sat, Sep 23, 2017 at 9:46 AM, Johann Nallathamby <joh...@wso2.com> wrote:
> See if this idea would work?
>
> We currently set a threadlocal variable inside the SCIM endpoint
> component, to identify the SCI
1. I can see new states Done/Not Done. When do we use them? For
improvements or tasks?
2. JIRAs filtered here
1. Can someone explain the reason for the issue and relevance of the fix to
the issue reported here?
I can understand the issue here. I also assume I understand the reason for
the issue. But better someone explains. What I don't seem to understand is
the relevance of the fix here. It seems to me
IMO, returning the username with userstore domain in the response may be
seen as an unwanted sensitive information leak in this setup. Ideally in
these kind of scenarios expectation is service provider doesn't need to
know the user store domain name where his users are created. Therefore they
can
See if this idea would work?
We currently set a threadlocal variable inside the SCIM endpoint component,
to identify the SCIM service provider inside some of our implementations.
Can we improve this variable value to also identify the SCIM version? This
way the relevant listeners will check for
On Fri, Sep 1, 2017 at 10:36 PM, Johann Nallathamby <joh...@wso2.com> wrote:
> In that case can we set a threadlocal variable in order to identify the
> SCIM version? Based on that the correct listener will execute and the other
> will not. Since SCIM1.1 listener will check f
IINM this comes from carbon-multitenancy. Not a identity feature. So if we
are removing it needs to be removed from all the products.
+1 to remove obsolete features if possible to avoid confusion. WSO2 Cloud
uses a completely different model I suppose.
On Sun, Sep 17, 2017 at 2:34 PM, Nilasini
I would like to see others comments also.
Since this is a spec violation do we need to be backward compatible? I
would say we don't have to be. But I know we can have users who want like
it to be a breaking change. So it's important what other IAM members think.
If we need to have a property we
Also if the discovery endpoint is secured with the authorization valve then
cross tenant restriction is enforced at the valve itself. That is if the
authenticating user's tenant domain is not matching with the resource's
tenant domain, unless we have enabled cross tenant access in the valve it
Hi Nila,
IDENTITY-6405 seems to be a duplicate of IDENTITY-3966. At least they seem
to be very much related. Therefore I have resolved as duplicate. Please
reopen if that isn't the case.
Regards,
Johann.
-- Forwarded message --
From: Nilasini Thirunavukkarasu (JIRA)
Sathya/IAM Folks,
It is not acceptable to resolve JIRAs without any reason. Can we please
include the reason as why it is not a bug? To me it looks like a clear bug.
[1] https://wso2.org/jira/browse/IDENTITY-6375
Thanks & Regards,
Johann.
--
*Johann Dilantha Nallathamby*
Senior Lead
On Tue, Sep 12, 2017 at 5:01 PM, Johann Nallathamby <joh...@wso2.com> wrote:
> IMO Help link are good for a public facing application. E.g. API Store,
> Google Apps, etc. I don't think for a administrator application help link
> is necessary. Administrator applications are genera
On Sat, Sep 16, 2017 at 1:46 PM, Farasath Ahamed <farasa...@wso2.com> wrote:
>
>
>
> On Sat, Sep 16, 2017 at 1:38 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> I also have the same concerns as Hasintha. The only viable solution seems
>> to
On Sat, Sep 16, 2017 at 1:37 PM, Farasath Ahamed <farasa...@wso2.com> wrote:
>
>
>
>
> On Sat, Sep 16, 2017 at 1:21 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Tenant domain of the application should always be read from the resource
>>
I also have the same concerns as Hasintha. The only viable solution seems
to be Pulasthi's which is to do the HEAD call to a URL which we know that
doesn't consume much resources. If needed we can even introduce a resource
like that for this purpose if already not available. It's kind of like
Tenant domain of the application should always be read from the resource
path - i.e. URL.
We can't read it from the user since we will have to support SaaS mode,
which is to authenticate with a super tenant user and create the
application in a tenant.
Please note that this is a standard pattern
ugh.
>>>>>> With that assumption, we can go ahead and can remove the help links.
>>>>>> WDYT?
>>>>>>
>>>>>> Making UI self-explain better can be achieved in the 5.5.0 release
>>>>>> since there is a plan to re-write the UI.
&
Hi Maheshika,
Can we have repo created for this project under wso2-incubator?
Name: "mss4j-ws-trust"
Regards,
Johann.
On Tue, Sep 5, 2017 at 11:59 AM, Johann Nallathamby <joh...@wso2.com> wrote:
> Great job Isuranga over the past 3 months in completing this project!!
>
ble to complete the WS-Trust Implementation for Identity Server 6
> with all the functional requirements.
>
> Project Repository [1]
> Documentation [2]
>
> I would like to thanks my mentors Johann Nallathamby, Malithi Edirisinghe,
> Kasun Gajasinghe who gave an immense suppor
Hi Isura,
On Mon, Sep 4, 2017 at 9:35 PM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi Johann,
>
> On Mon, Sep 4, 2017 at 8:18 PM Johann Nallathamby <joh...@wso2.com> wrote:
>
>> Hi Hasanthi/Nuwandi/IAM Team,
>>
>> 1. Can we please add a de
If we are going to keep it in product-is we need to maintain compatibility
with latest APIs. But I think we have even resolved some public JIRAs
mentioning the fact that we now support this in identity-mgt webapp. So we
don't need a separate sample for this.
So, I think we can do $subject.
Hi Hasanthi/Nuwandi/IAM Team,
1. Can we please add a description in the JIRA as to what this JIRA is for?
2. The fix has made a public enum change:
"MAX_ATTEMTS_EXCEEDED" -> "MAX_ATTEMTS_EXCEEDED".
Is this intentional? In any case the spelling is still wrong.
3. We have introduced a new
>
>
> On Mon, Sep 4, 2017 at 2:59 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Hi Rushmin,
>>
>> I think the better, easier, uncomplicated fix that also works for tenants
>> will be to make this a text box with a default value instead of a lab
the method name.
>
> @Darshana, could you review and merge it.
>
> Best Regards,
> Rushmin
>
> [1] - https://github.com/wso2/carbon-identity-framework/pull/1043
>
> On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>&
+1
It should be consistent and I also don't think we should be trimming.
On Sun, Sep 3, 2017 at 12:40 PM, Farasath Ahamed wrote:
> Hi Devs,
>
> Noticed that we trim the username when performing authentication in LDAP
> and AD Userstore Managers[1]. But we do not do trim the
Hi Vindula,
Great contribution!! :) Since we are going to promote use of SCIM 2.0 from
IS 5.4.0 onwards this compliance test suite will life much easier with
fixes and improvements we are going to add to SCIM 2.0 implementation.
*@Darshana/Omindu*:
How do we plan to integrate this with our test
the two implementations. All the SCIM operations must set this threadlocal.
I don't see any better solution for this problem.
Regards,
Johann.
On Thu, Aug 31, 2017 at 6:54 PM, Sathya Bandara <sat...@wso2.com> wrote:
>
>
> On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby &
IAM Folks,
Can we do a better fix for this? I don't seem to agree with this fix.
1. We have written super tenant specific code. We shows that we treat super
tenant differently and can be error prone.
2. The problem still remains for already created tenants.
Another thing we need to address is
IAM Folks,
List of claims returned in IDToken and Userinfo don't get updated when we
update requested claims configuration. This doesn't get updated even if we
try from a fresh browser instance. The only way to get out of this seems to
be revoking the token.
This seems to be a big usability
IAM Folks,
Following seems to be a blocker for IS 5.4.0 and we need to immediately fix
this.
The only Rest API we have now to create new users is SCIM. And we are not
able to create users with "email verification" and "request password".
[1] https://wso2.org/jira/browse/IDENTITY-6326
Thanks &
adding a new user? I
know they both will get triggered. But can't we look at the dialect URI at
the top and skip the execution if it's not for that listener?
Regards,
Johann.
>
> Thanks,
> Sathya
>
> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby <joh...@wso2.com>
>
>>> unless we export again every time we make a change?
>>>
>>> [1] https://docs.wso2.com/identity-server
>>>
>>> Thanks,
>>> Sherene
>>>
>>> On Thu, Aug 31, 2017 at 10:38 AM, Omindu Rathnaweera <omi...@wso2.com>
>&g
Will it work if we have two separate attributes for the problematic
attributes like SCIM ID? If that works I guess that is one solution.
Or we need to have one listener for both SCIM 1 and SCIM2. But don't think
that's a good solution. Introduces direct coupling between two
implementations.
Only problem I see is if Internet access is not available from the client's
machine which can access the carbon console, which could be the case
sometimes.
On Thu, Aug 31, 2017 at 10:22 AM, Thilina Madumal
wrote:
> Hi Devs,
>
> Currently, in IS Management Console, the
In fix [1], we've introduced a new Util class for URI validation. We
already have a rich set of validations in [2].
Won't this help here? I think we do have URL pattern define here already.
If we don't have a pattern defined we need to improve this utility and
reuse everywhere.
I already sent a
On Thu, Aug 24, 2017 at 3:57 AM, Isura Karunaratne <is...@wso2.com> wrote:
>
> On Thu, Aug 24, 2017 at 1:27 AM Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> https://github.com/wso2/carbon-identity-framework/commit/1f2
>> df5faf2a46258791bdaf1d4c9474
IAM Team,
Please note that the following JIRAs have not be fixed per se. According to
the comments they have been resolved as "cannot reproduce", "won't fix" or
"invalid". But the "Resolution" says "Fixed" which is incorrect. Can we
change this and make sure in future we strictly follow proper
Can't we do $subject to fix [1]? I thought we were following this as a
standard approach in our UI layer so that we can reuse these functionality
in all our UIs. This is the approach we were following up until IS 5.3.0.
Preventing entering fragment component could be a common requirement when
https://github.com/wso2/carbon-identity-framework/commit/1f2df5faf2a46258791bdaf1d4c94741626e34a1
How is *resourceType* attribute mapped to *userType*? And why is
AttributeID still *mail*?
Regards,
Johann.
--
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
IAM Team,
Following are 3 critical issues I came across with OpenID Connect when
setting up a demo for a customer. IMO all these 3 issues need to be fixed
for IS 5.4.0.
Can someone please confirm if these can be fixed for IS 5.4.0? The fixes
are quite simple.
[1]
r any kind of data JSON data. How come it is
working for empty array?
Is this double quote problem something related to how curl works? If we use
a HTTP client don't we have this issue? If it's a curl problem then we
shouldn't worry I suppose.
Regards,
Johann.
> [1] https://wso2.org/jira/bro
IAM Team,
I found below two critical issues in IS 5.3.0 SCIM 1.1 implementation.
1. Users/{id} PATCH operation expects the "schemas" attribute to be empty.
If the core schema value is given it throws an error [1].
2. "userName" attribute is mandatory in Users/{id} PATCH operation. This is
not
Provided a fix for this issue: https://github.com/wso2/product-is/pull/1303.
Please review and merge.
On Sun, Aug 13, 2017 at 1:33 AM, Harsha Kumara wrote:
> Created JIRA in [1] in a case of we going to add it.
>
> https://wso2.org/jira/browse/IDENTITY-6257
>
> On Sun, Aug
where I got this problem originally
from :). Will check.
>
> [1] https://medium.com/@pulasthi7/scim-list-users-
> with-given-attributes-in-wso2-identity-server-5-3-0-8360522d3ea9
>
> On Wed, Aug 2, 2017 at 2:10 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>&
So +1 for implementing attributes here as well.
>
Thanks for your feedback.
Regards,
Johann.
>
> Regards!
> Chamila
>
> On Wed, Aug 2, 2017 at 6:23 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>>
>>
>> On Tue, Jul 11, 2017 at 6:52 PM, Chamila
extra attributes, we can specifically
request like in SCIM listing.
Regards,
Johann.
>
> Cheers
> Chamila
>
> On Tue, Jul 11, 2017 at 11:08 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Hi IAM Team,
>>
>> Can we support "attributes" featu
I have also seen this and feel it's redundant. If there is no real purpose
for this can we deprecate it and remove any usage of this property? If it
allows control per user store, then EnableEmailUserName is redundant in
carbon.xml.
Thoughts?
On Tue, Aug 1, 2017 at 12:33 AM, Hasintha Indrajee
1 - 100 of 512 matches
Mail list logo