Re: [Dev] Using default user attributes provided by Active Directory for SCIM operations

.wso2.com/display/IS500/Provisioning+Users+to+Active+Directory+User+Store+Using+SCIM > [2] > https://is.docs.wso2.com/en/5.10.0/setup/configuring-a-read-write-active-directory-user-store/ > > Thanks, > Gayashan > > On Wed, Mar 25, 2020 at 9:57 AM Johann Nallathamby > wrote:

Re: [Dev] Using default user attributes provided by Active Directory for SCIM operations

s-used-in-read-write-active-directory-userstore-manager > > Best Regards, > Gayashan > > On Sat, Feb 1, 2020 at 9:13 PM Darshana Gunawardana > wrote: > >> Hi Gayashan, >> >> Is this implemented in the product now? If so can you share details on >> the final approach you took.

Re: [Dev] Using default user attributes provided by Active Directory for SCIM operations

Hi Gayashan, On Tue, Dec 3, 2019 at 6:54 PM Gayashan Bombuwala wrote: > Hi all, > > Currently when managing users in Active Directory user store with SCIM, we > have mapped the SCIM core attributes to different attributes[1, 2] > supported by SCIM. > > e.g.

Re: [Dev] Passing service provider object to the postDeleteHandler of the ApplicationMgtListener

/blob/07c9b78564dbd4fd652ae323d3f3ef264cf5/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationMgtListener.java#L121 >> >> Regards, >> Gayashan. >> >> On Fri

Re: [Dev] Passing service provider object to the postDeleteHandler of the ApplicationMgtListener

Hi Gayashan, Though you introduce the method in the API, who calls the method? Now that there are two methods is the ApplicationMgtService going to call both the methods? Can't we read the Service Provider object based on the name rather than introducing a new method for it? Regards, Johann. On

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Darshana, On Sat, Sep 28, 2019 at 8:29 PM Darshana Gunawardana wrote: > Hi Johann, > > On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby > wrote: > >> Hi Thanuja, >> >> Did we consider sending the access token itself as a secure, http-only >> c

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Prakhash, On Mon, Sep 23, 2019 at 4:34 PM Prakhash Sivakumar wrote: > Hi Johann, > > On Sat, Sep 21, 2019 at 7:13 AM Johann Nallathamby > wrote: > >> Hi Thanuja, >> >> Did we consider sending the access token itself as a secure, http-only >> c

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Thanuja, Did we consider sending the access token itself as a secure, http-only cookie to the browser instead of binding it to a separate cookie? This will also simplify the development on the client side, in case someone wants to build their own SPA. Regards, Johann. On Mon, Sep 2, 2019 at

[Dev] [IAM] JIRA Not Resolved?

As far as I know we do support internationalization of /accountrecoveryendpoint [1]. However, seems the JIRA is still open for this [2]. At the same time I couldn't find a JIRA for internationalization of /dashboard. [1] https://github.com/wso2/carbon-identity-framework/pull/1566 [2]

Re: [Dev] [Architecture][IAM] Moving File Based Artifacts to Artifact Store

and still have configurations along with artifacts? Sorry if I am asking too many questions, but just want to be able to convince myself that we are doing the right thing here once and for all :) Thanks & Regards, Johann. > > Hence +1 to treat > >- Persist data as a blob (marshalled to

Re: [Dev] [IS] Rest API for scopes

Hi Janak, Thanks for brining this up. I also noticed this recently when I was doing some demo for a customer and was planning to send a mail on this. When we did the OIDC scopes management feature we should have addressed the OAuth2 scopes management as well. I searched back to see if there has

Re: [Dev] [Architecture][IAM] Moving File Based Artifacts to Artifact Store

Ignore the question Isura, I think Ruwan's reply contains the answer. Regards, Johann. On Thu, Jul 4, 2019 at 8:48 AM Johann Nallathamby wrote: > Hi Isura, > > On Fri, Jun 7, 2019 at 9:16 AM Isura Karunaratne wrote: > >> >> >> On Wed, Jun 5, 2019 at 9:34 AM Ru

Re: [Dev] [Architecture][IAM] Moving File Based Artifacts to Artifact Store

uot;environment variable" binding >> logic, to get proper support for environment to environment promotion of >> artifacts. yet, it can be done with a separate effort than this IMO. >> >> Hence +1 to treat >> >>- Persist data as a blob (marshalled t

[Dev] [IAM] Why IS SSO samples have a dependency to ClaimManagerProxy?

Folks, Why does all the IS SSO samples in [1], have a dependency on ClaimManagerProxy? 1. This is a fundamental mistake because a sample using standard federation protocols should be not coupled to the Identity Server. We should be able to run it against any other IdP to demonstrate

[Dev] Why "Analytics Engine" and "Consent Information Controller" configurations are under "Resident Identity Provider"?

Hi Folks, I just noticed that IS analytics engine configuration is under resident IdP configurations. How do we consider an analytics engine configuration as an Identity Provider configuration? Resident IdP configurations are ideally any "configurations" that impact runtime interactions with

Re: [Dev] [Architecture][IAM] Moving File Based Artifacts to Artifact Store

+1 to get rid of the artifacts for user stores. I think this was a wrong decision we made early on. On Tue, Jun 4, 2019 at 1:19 PM Hasanthi Purnima Dissanayake < hasan...@wso2.com> wrote: > Hi All, > > *Problem * > Currently, some artifacts like userstores , tenants' data, etc are stored > in

Re: [Dev] Authenticate to provision a user with OAuth with sufficient privileges fails

Hi Farasath, On Thu, Apr 25, 2019 at 9:26 AM Farasath Ahamed wrote: > > > On Thu, Apr 25, 2019 at 7:32 AM Johann Nallathamby > wrote: > >> Hi Malithi, >> >> On Thu, Apr 25, 2019 at 12:34 AM Malithi Edirisinghe >> wrote: >> >>> >&

Re: [Dev] Authenticate to provision a user with OAuth with sufficient privileges fails

Hi Malithi, On Thu, Apr 25, 2019 at 12:34 AM Malithi Edirisinghe wrote: > > > On Wed, Apr 24, 2019 at 11:13 PM Johann Nallathamby > wrote: > >> First of all, I don't understand what is the design issue with using >> OAuth2 as a handler in authenticating and auth

Re: [Dev] Authenticate to provision a user with OAuth with sufficient privileges fails

First of all, I don't understand what is the design issue with using OAuth2 as a handler in authenticating and authorizing access to Rest APIs by a client? Isn't that what OAuth2 is meant for typically? Secondly, I think if the use case contains secondary user stores and client expects to call

[Dev] [IAM] "Approve" option and consent don't work well together

Issue: https://github.com/wso2/product-is/issues/5066 Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]

Re: [Dev] Issue when enabling Resend OTP link

Many systems I have seen always have the resend OTP option enabled, whether or not the user has entered a wrong OTP. I guess this is because sometimes the user might not receive the OTP in his mobile due to network connectivity issues with the mobile provider. This will be a good improvement to

Re: [Dev] [IS] InCommon Federation Compliance for WSO2IS - UI Component

_ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.lin

Re: [Dev] [IAM] Configuring Different Federated Identity Providers for My Enterprise Customers

maintain. For those cases, instead of filtering out options at step 4 > above, we can write and use a custom function to dynamically inject the IdP > configured for the tenant at step 3. > > On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby > wrote: > >> Ping on this p

Re: [Dev] [IAM] Configuring Different Federated Identity Providers for My Enterprise Customers

rd to configure and >> maintain. For those cases, instead of filtering out options at step 4 >> above, we can write and use a custom function to dynamically inject the IdP >> configured for the tenant at step 3. >> >> On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby >&

Re: [Dev] [IAM] Configuring Different Federated Identity Providers for My Enterprise Customers

Ping on this please! On Wed, Jul 18, 2018 at 5:26 PM Johann Nallathamby wrote: > Hi IAM Team, > > Following is the use case I want to accomplish. But I am not able to > figure out how I would be able to do it. > > I have IS running with multiple tenants. Each tenant is an ent

[Dev] [IAM] Configuring Different Federated Identity Providers for My Enterprise Customers

hann. -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https

[Dev] [IAM] Showing the Secret Key along with the QR code in the TOTP Login Page

and then selecting it from the photo gallery and giving it to the Google authenticator. Regards, Johann. -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <h

Re: [Dev] [Architecture] [IAM] eIDAS profile support for SAML

o2.com> >> wrote: >> >>> If extensions are coming in the SAML AuthnRequest from the SP, then, >>> IIRC, that *same extension* will be copied to the AuthnRequest going to >>> the Federated IdP. Is that behaviour acceptable for this scenario? Please >>&

Re: [Dev] [Architecture] [IAM] eIDAS profile support for SAML

iki/display/CEFDIGITAL/How+ > does+it+work+-+eIDAS+solution > [2] https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/ > 2016/12/16/eIDAS+Technical+Specifications+v.+1.1 > [3] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf > > Thanks and Regards &g

Re: [Dev] Setting commonAuth Cookie even after failing authorization in a fresh login attempt.

gt; >>>>>> WDYT ? >>>>>> >>>>>> >>>>>> [1] https://docs.wso2.com/display/IS530/Configuring+Access+C >>>>>> ontrol+Policy+for+a+Service+Provider >>>>>> >>>>>> >>>>>&g

Re: [Dev] [IAM] Defining Two Regex Patterns in User Store Configuration and Claim Configuration is Wrong

On Tue, Jan 23, 2018 at 10:16 AM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Johann, > > > > On Tue, Jan 23, 2018 at 8:07 AM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi IAM Team, >> >> We have two regex patterns for user names and

[Dev] [IAM] Defining Two Regex Patterns in User Store Configuration and Claim Configuration is Wrong

leware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https://medium.com/@johann_nallathamby>* Twitter: *@dj_nallaa*

Re: [Dev] Places we are using super tenant keystore

ddleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > -- *Johann Dilantha Nallathamb

Re: [Dev] Self Contained Access Tokens in IS 5.4.0

> > <http://wso2.com/signature> > > > > On Fri, Nov 17, 2017 at 6:48 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> >> >> On Fri, Nov 17, 2017 at 6:39 PM, Malithi Edirisinghe <malit...@wso2.com> >> wrote: >> >>>

Re: [Dev] Self Contained Access Tokens in IS 5.4.0

On Fri, Nov 17, 2017 at 6:39 PM, Malithi Edirisinghe <malit...@wso2.com> wrote: > > > On Fri, Nov 17, 2017 at 6:12 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi Farasath, >> >> On Fri, Nov 17, 2017 at 5:35 PM, Farasath Ahamed <farasa.

Re: [Dev] Self Contained Access Tokens in IS 5.4.0

Hi Farasath, On Fri, Nov 17, 2017 at 5:35 PM, Farasath Ahamed <farasa...@wso2.com> wrote: > > On Fri, Nov 17, 2017 at 3:23 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Self contained JWT's may get quite large and if we set it as the default >&g

Re: [Dev] Self Contained Access Tokens in IS 5.4.0

Self contained JWT's may get quite large and if we set it as the default size in the script, for users who are not using self contained JWT also it is going to consume large space in the database. Did we think about storing a hash of the access token? On Fri, Nov 17, 2017 at 3:06 PM, Isura

Re: [Dev] WSO2 Identity Server 5.4.0 Alpha 8 Released !!!

The Public JIRA version still says Alpha-8 "unreleased". Can we fix this? And if we are planning for Alpha-9 can we add that as new version? Regards, Johann. On Fri, Nov 10, 2017 at 1:26 AM, Jayanga Kaushalya wrote: > The WSO2 Identity and Access Management team is pleased

Re: [Dev] [Charon] Charon 3 missing password setter method for User

Any SCIM experts who can answer this query? Regards, Johann. On Thu, Nov 9, 2017 at 2:35 PM, Johann Nallathamby <joh...@wso2.com> wrote: > *[+IAM Team]* > > On Thu, Nov 9, 2017 at 2:11 PM, Isuranga Perera <isurangamper...@gmail.com > > wrote: > >> Hi All, >

Re: [Dev] [Charon] Charon 3 missing password setter method for User

*[+IAM Team]* On Thu, Nov 9, 2017 at 2:11 PM, Isuranga Perera wrote: > Hi All, > > Even though Charon 2 User class has setter methods for password and other > attributes Charon 3 doesn't provide most of those setter methods. So is > there any other way I can set the

Re: [Dev] How to configure SCIM to generate an email when ask password option is provided for user creation

Again I think we've missed the point to explain why we need to define claims to get this feature working. If that was explained, naturally a user will think when he is sending a request using SCIM APIs whether he has included these claims also. And then he will follow that by thinking if he has

Re: [Dev] How to configure SCIM to generate an email when ask password option is provided for user creation

On Sat, Nov 4, 2017 at 12:27 PM, Sashika Wijesinghe wrote: > Hi Sathya, > > Thanks for the configuration requirements provided above. It helps to > resolve the issue. > > According to the current implementation, since we are mapping the claims > for SCIM extension isn't it

Re: [Dev] How to configure the IS Dashboard for a IS cluster fronted by Nginx

Hi Sashika, Please follow [1] to get your scenario working. [1] http://isurad.blogspot.com/2016/02/wso2-identity-server- 510-behind_18.html *@Samuel*: This has been already discussed in [1], and have two L1 Documentation JIRAs [2,3]. [1] has been created before IS 5.2.0 release. I thought we

Re: [Dev] Can we use placeholders for host name and port in IS connector configurations

Hi Malithi, +1 to use placeholders like we do in IS. This prevents the user from falling into trouble and I can say that the IS user experience after we provided placeholder support in IS 5.1.0 has been much better. Regards, Johann. On Tue, Oct 24, 2017 at 12:09 AM, Malithi Edirisinghe

Re: [Dev] AuthenticationAdmin is not configured as an admin service

By definition admin services are services that require authentication and authorization. This is the parameter you find in the services.xml of the service. If that is set to false then it is not an admin service. AuthenticationAdmin is the service to do authentication. So obviously you can't have

[Dev] [IAM] Pre-configure "Identity Claim" mappings for widely used Local Authenticators

IAM Devs, Currently to setup some of the local authenticators it's a hassle to copy paste the claim URIs from the documentation and configure attribute mappings. It will be much easier if these mappings are available OOTB, and mapped to meaningful attributes. Also if we have this pre-configured

Re: [Dev] Making it easy to setup dialects for well known Identity Providers for existing IS deployments

On Mon, Oct 16, 2017 at 1:28 AM, Johann Nallathamby <joh...@wso2.com> wrote: > IAM Devs, > > I think for all the well know Identity Providers (including social > authentication sites) we have the practice of defining a claim dialect in > claim management to do mapping

[Dev] Making it easy to setup dialects for well known Identity Providers for existing IS deployments

IAM Devs, I think for all the well know Identity Providers (including social authentication sites) we have the practice of defining a claim dialect in claim management to do mapping easily without having to duplicate for each IdP in each tenant. For the OOTB connectors we may be shipping these

Re: [Dev] Shall we remove InfoRecoverySample from product-is?

wrote: > >> Hi Johann, >> >> Since we are still keeping the deprecated SOAP APIs we'll keep the sample >> also till the next major version. >> > Yes. +1 to keep the sample since we support SOAP apis too. > > Thanks > Isura > >> >> On Mon, Sep 4, 2017

Re: [Dev] Please review and merge PR

Hi Isuranga, First of all thank you for your contribution to WSO2 Identity Server. However, can you please follow the following protocol in order to get your PRs merged faster. 1. Create one JIRA per issue. Make sure you give the description clearly. Add the PRs related to the issue in the

[Dev] Fwd: SCIM enable in user store level.

IAM team can we change the default value here for IS 5.4.0? I think we discussed the same during IS 5.3.0 release also but somehow have missed to change it for JDBCUserStoreManager. Regards, Johann. -- Forwarded message -- From: Johann Nallathamby <joh...@wso2.com> Date: Tu

Re: [Dev] [IS][XACML] Introducing a Custom functionId

Will someone be able to shed some light on this issue sooner than later, because Isuranga is trying to contribute a useful feature to WSO2 IS, which is discussed in [1]. [1] [IAM] Restful API to Evaluate Permission Tree in IS Regards, Johann. On Thu, Oct 5, 2017 at 7:22 PM, Johann Nallathamby

Re: [Dev] [IS][XACML] Introducing a Custom functionId

*[+Asela, IAM Team]* On Thu, Oct 5, 2017 at 7:20 PM, Isuranga Perera wrote: > Hi All, > > I'm trying to introduce a new XACML function in IS 5.3. This is the > procedure I followed so far. > >- Create the new class by extending the *FunctionBase* abstract class. >

Re: [Dev] SCIM 2.0 as default in IS 5.4.0

Any thoughts on the above idea or did we fix it in a different way? On Sat, Sep 23, 2017 at 9:46 AM, Johann Nallathamby <joh...@wso2.com> wrote: > See if this idea would work? > > We currently set a threadlocal variable inside the SCIM endpoint > component, to identify the SCI

[Dev] Some clarifications regarding public JIRA resolution

1. I can see new states Done/Not Done. When do we use them? For improvements or tasks? 2. JIRAs filtered here

[Dev] Fwd: [Carbon-jira] [jira] (IDENTITY-6330) [IS]When configured secondary jdbc userstore canot login with the secondary userstore user

1. Can someone explain the reason for the issue and relevance of the fix to the issue reported here? I can understand the issue here. I also assume I understand the reason for the issue. But better someone explains. What I don't seem to understand is the relevance of the fix here. It seems to me

Re: [Dev] What is the correct behavior when user store selected from Inbound Provisioning Configuration

IMO, returning the username with userstore domain in the response may be seen as an unwanted sensitive information leak in this setup. Ideally in these kind of scenarios expectation is service provider doesn't need to know the user store domain name where his users are created. Therefore they can

Re: [Dev] SCIM 2.0 as default in IS 5.4.0

See if this idea would work? We currently set a threadlocal variable inside the SCIM endpoint component, to identify the SCIM service provider inside some of our implementations. Can we improve this variable value to also identify the SCIM version? This way the relevant listeners will check for

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

On Fri, Sep 1, 2017 at 10:36 PM, Johann Nallathamby <joh...@wso2.com> wrote: > In that case can we set a threadlocal variable in order to identify the > SCIM version? Based on that the correct listener will execute and the other > will not. Since SCIM1.1 listener will check f

Re: [Dev] Remove outdated feature "Usage plan for the tenant"

IINM this comes from carbon-multitenancy. Not a identity feature. So if we are removing it needs to be removed from all the products. +1 to remove obsolete features if possible to avoid confusion. WSO2 Cloud uses a completely different model I suppose. On Sun, Sep 17, 2017 at 2:34 PM, Nilasini

Re: [Dev] Need to change the type of some variables to make the Identity Server, OIDC compliant.

I would like to see others comments also. Since this is a spec violation do we need to be backward compatible? I would say we don't have to be. But I know we can have users who want like it to be a breaking change. So it's important what other IAM members think. If we need to have a property we

Re: [Dev] [IAM] Resource value of OIDC discovery

Also if the discovery endpoint is secured with the authorization valve then cross tenant restriction is enforced at the valve itself. That is if the authenticating user's tenant domain is not matching with the resource's tenant domain, unless we have enabled cross tenant access in the valve it

[Dev] IDENTITY-6405 seems to be a duplicate of IDENTITY-3966

Hi Nila, IDENTITY-6405 seems to be a duplicate of IDENTITY-3966. At least they seem to be very much related. Therefore I have resolved as duplicate. Please reopen if that isn't the case. Regards, Johann. -- Forwarded message -- From: Nilasini Thirunavukkarasu (JIRA)

[Dev] Public JIRA resolved as Not A Bug without Reason

Sathya/IAM Folks, It is not acceptable to resolve JIRAs without any reason. Can we please include the reason as why it is not a bug? To me it looks like a clear bug. [1] https://wso2.org/jira/browse/IDENTITY-6375 Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* Senior Lead

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

On Tue, Sep 12, 2017 at 5:01 PM, Johann Nallathamby <joh...@wso2.com> wrote: > IMO Help link are good for a public facing application. E.g. API Store, > Google Apps, etc. I don't think for a administrator application help link > is necessary. Administrator applications are genera

Re: [Dev] Avoid Invoking REST endpoints from SSO login page

On Sat, Sep 16, 2017 at 1:46 PM, Farasath Ahamed <farasa...@wso2.com> wrote: > > > > On Sat, Sep 16, 2017 at 1:38 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> I also have the same concerns as Hasintha. The only viable solution seems >> to

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

On Sat, Sep 16, 2017 at 1:37 PM, Farasath Ahamed <farasa...@wso2.com> wrote: > > > > > On Sat, Sep 16, 2017 at 1:21 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Tenant domain of the application should always be read from the resource >>

Re: [Dev] Avoid Invoking REST endpoints from SSO login page

I also have the same concerns as Hasintha. The only viable solution seems to be Pulasthi's which is to do the HEAD call to a URL which we know that doesn't consume much resources. If needed we can even introduce a resource like that for this purpose if already not available. It's kind of like

Re: [Dev] Dynamic client registration request fails due to no user information in the request header.

Tenant domain of the application should always be read from the resource path - i.e. URL. We can't read it from the user since we will have to support SaaS mode, which is to authenticate with a super tenant user and create the application in a tenant. Please note that this is a standard pattern

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

ugh. >>>>>> With that assumption, we can go ahead and can remove the help links. >>>>>> WDYT? >>>>>> >>>>>> Making UI self-explain better can be achieved in the 5.5.0 release >>>>>> since there is a plan to re-write the UI. &

Re: [Dev] [IS] GSoC 2017 - WS-Trust Implementation for IS6

Hi Maheshika, Can we have repo created for this project under wso2-incubator? Name: "mss4j-ws-trust" Regards, Johann. On Tue, Sep 5, 2017 at 11:59 AM, Johann Nallathamby <joh...@wso2.com> wrote: > Great job Isuranga over the past 3 months in completing this project!! >

Re: [Dev] [IS] GSoC 2017 - WS-Trust Implementation for IS6

ble to complete the WS-Trust Implementation for Identity Server 6 > with all the functional requirements. > > Project Repository [1] > Documentation [2] > > I would like to thanks my mentors Johann Nallathamby, Malithi Edirisinghe, > Kasun Gajasinghe who gave an immense suppor

Re: [Dev] Some concerns on IDENTITY-6324

Hi Isura, On Mon, Sep 4, 2017 at 9:35 PM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Johann, > > On Mon, Sep 4, 2017 at 8:18 PM Johann Nallathamby <joh...@wso2.com> wrote: > >> Hi Hasanthi/Nuwandi/IAM Team, >> >> 1. Can we please add a de

[Dev] Shall we remove InfoRecoverySample from product-is?

If we are going to keep it in product-is we need to maintain compatibility with latest APIs. But I think we have even resolved some public JIRAs mentioning the fact that we now support this in identity-mgt webapp. So we don't need a separate sample for this. So, I think we can do $subject.

[Dev] Some concerns on IDENTITY-6324

Hi Hasanthi/Nuwandi/IAM Team, 1. Can we please add a description in the JIRA as to what this JIRA is for? 2. The fix has made a public enum change: "MAX_ATTEMTS_EXCEEDED" -> "MAX_ATTEMTS_EXCEEDED". Is this intentional? In any case the spelling is still wrong. 3. We have introduced a new

Re: [Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

> > > On Mon, Sep 4, 2017 at 2:59 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi Rushmin, >> >> I think the better, easier, uncomplicated fix that also works for tenants >> will be to make this a text box with a default value instead of a lab

Re: [Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

the method name. > > @Darshana, could you review and merge it. > > Best Regards, > Rushmin > > [1] - https://github.com/wso2/carbon-identity-framework/pull/1043 > > On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >&

Re: [Dev] Should we trim usernames when authenticating at UserStore level?

+1 It should be consistent and I also don't think we should be trimming. On Sun, Sep 3, 2017 at 12:40 PM, Farasath Ahamed wrote: > Hi Devs, > > Noticed that we trim the username when performing authentication in LDAP > and AD Userstore Managers[1]. But we do not do trim the

Re: [Dev] [GSoC] SCIM 2.0 Compliance Test Suite

Hi Vindula, Great contribution!! :) Since we are going to promote use of SCIM 2.0 from IS 5.4.0 onwards this compliance test suite will life much easier with fixes and improvements we are going to add to SCIM 2.0 implementation. *@Darshana/Omindu*: How do we plan to integrate this with our test

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

the two implementations. All the SCIM operations must set this threadlocal. I don't see any better solution for this problem. Regards, Johann. On Thu, Aug 31, 2017 at 6:54 PM, Sathya Bandara <sat...@wso2.com> wrote: > > > On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby &

[Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

IAM Folks, Can we do a better fix for this? I don't seem to agree with this fix. 1. We have written super tenant specific code. We shows that we treat super tenant differently and can be error prone. 2. The problem still remains for already created tenants. Another thing we need to address is

[Dev] List of claims returned in IDToken and Userinfo don't get updated when we update requested claims configuration

IAM Folks, List of claims returned in IDToken and Userinfo don't get updated when we update requested claims configuration. This doesn't get updated even if we try from a fresh browser instance. The only way to get out of this seems to be revoking the token. This seems to be a big usability

[Dev] [IAM] Unable to create user with "email verification" and "request password" using SCIM

IAM Folks, Following seems to be a blocker for IS 5.4.0 and we need to immediately fix this. The only Rest API we have now to create new users is SCIM. And we are not able to create users with "email verification" and "request password". [1] https://wso2.org/jira/browse/IDENTITY-6326 Thanks &

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

adding a new user? I know they both will get triggered. But can't we look at the dialect URI at the top and skip the execution if it's not for that listener? Regards, Johann. > > Thanks, > Sathya > > On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby <joh...@wso2.com> >

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

>>> unless we export again every time we make a change? >>> >>> [1] https://docs.wso2.com/identity-server >>> >>> Thanks, >>> Sherene >>> >>> On Thu, Aug 31, 2017 at 10:38 AM, Omindu Rathnaweera <omi...@wso2.com> >&g

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

Will it work if we have two separate attributes for the problematic attributes like SCIM ID? If that works I guess that is one solution. Or we need to have one listener for both SCIM 1 and SCIM2. But don't think that's a good solution. Introduces direct coupling between two implementations.

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

Only problem I see is if Internet access is not available from the client's machine which can access the carbon console, which could be the case sometimes. On Thu, Aug 31, 2017 at 10:22 AM, Thilina Madumal wrote: > Hi Devs, > > Currently, in IS Management Console, the

[Dev] [IAM] Reusing Utilities

In fix [1], we've introduced a new Util class for URI validation. We already have a rich set of validations in [2]. Won't this help here? I think we do have URL pattern define here already. If we don't have a pattern defined we need to improve this utility and reuse everywhere. I already sent a

Re: [Dev] Is this fix correct? Can someone explain?

On Thu, Aug 24, 2017 at 3:57 AM, Isura Karunaratne <is...@wso2.com> wrote: > > On Thu, Aug 24, 2017 at 1:27 AM Johann Nallathamby <joh...@wso2.com> > wrote: > >> https://github.com/wso2/carbon-identity-framework/commit/1f2 >> df5faf2a46258791bdaf1d4c9474

Re: [Dev] WSO2 Identity Server 5.4.0-M3 Released!

IAM Team, Please note that the following JIRAs have not be fixed per se. According to the comments they have been resolved as "cannot reproduce", "won't fix" or "invalid". But the "Resolution" says "Fixed" which is incorrect. Can we change this and make sure in future we strictly follow proper

[Dev] [IAM] Can't we do the same fix by adding fragment component as a blacklisted pattern to our JS util method?

Can't we do $subject to fix [1]? I thought we were following this as a standard approach in our UI layer so that we can reuse these functionality in all our UIs. This is the approach we were following up until IS 5.3.0. Preventing entering fragment component could be a common requirement when

[Dev] Is this fix correct? Can someone explain?

https://github.com/wso2/carbon-identity-framework/commit/1f2df5faf2a46258791bdaf1d4c94741626e34a1 How is *resourceType* attribute mapped to *userType*? And why is AttributeID still *mail*? Regards, Johann. -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc.

[Dev] Critical issues found in Federated OpenID Connect authenticator

IAM Team, Following are 3 critical issues I came across with OpenID Connect when setting up a demo for a customer. IMO all these 3 issues need to be fixed for IS 5.4.0. Can someone please confirm if these can be fixed for IS 5.4.0? The fixes are quite simple. [1]

Re: [Dev] Two critical issues in IS 5.3.0 SCIM 1.1 implementation

r any kind of data JSON data. How come it is working for empty array? Is this double quote problem something related to how curl works? If we use a HTTP client don't we have this issue? If it's a curl problem then we shouldn't worry I suppose. Regards, Johann. > [1] https://wso2.org/jira/bro

[Dev] Two critical issues in IS 5.3.0 SCIM 1.1 implementation

IAM Team, I found below two critical issues in IS 5.3.0 SCIM 1.1 implementation. 1. Users/{id} PATCH operation expects the "schemas" attribute to be empty. If the core schema value is given it throws an error [1]. 2. "userName" attribute is mandatory in Users/{id} PATCH operation. This is not

Re: [Dev] Deploying multiple travelocity applications by renaming the web application name

Provided a fix for this issue: https://github.com/wso2/product-is/pull/1303. Please review and merge. On Sun, Aug 13, 2017 at 1:33 AM, Harsha Kumara wrote: > Created JIRA in [1] in a case of we going to add it. > > https://wso2.org/jira/browse/IDENTITY-6257 > > On Sun, Aug

Re: [Dev] Supporting attributes feature for SCIM filtering

where I got this problem originally from :). Will check. > > [1] https://medium.com/@pulasthi7/scim-list-users- > with-given-attributes-in-wso2-identity-server-5-3-0-8360522d3ea9 > > On Wed, Aug 2, 2017 at 2:10 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >&

Re: [Dev] Supporting attributes feature for SCIM filtering

So +1 for implementing attributes here as well. > Thanks for your feedback. Regards, Johann. > > Regards! > Chamila > > On Wed, Aug 2, 2017 at 6:23 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> >> >> On Tue, Jul 11, 2017 at 6:52 PM, Chamila

Re: [Dev] Supporting attributes feature for SCIM filtering

extra attributes, we can specifically request like in SCIM listing. Regards, Johann. > > Cheers > Chamila > > On Tue, Jul 11, 2017 at 11:08 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi IAM Team, >> >> Can we support "attributes" featu

Re: [Dev] JDBCUserstore Config "IsEmailUserName"

I have also seen this and feel it's redundant. If there is no real purpose for this can we deprecate it and remove any usage of this property? If it allows control per user store, then EnableEmailUserName is redundant in carbon.xml. Thoughts? On Tue, Aug 1, 2017 at 12:33 AM, Hasintha Indrajee

  1   2   3   4   5   6   >