Re: [Dev] Getting Invalid Scope Error While requesting IDToken With OIDC Scopes When Role Based Scope Validator Enabled

[Darshana Gunawardana]

Hi Isura\Sarubi,

Why do we need to remove OIDC scopes from being validated?

How can we do role base scope validation, for a OIDC scope, if we needed,
in case?

Thanks,

On Mon, Feb 17, 2020 at 4:29 PM Isura Karunaratne  wrote:

>
>
> On Mon, Feb 17, 2020 at 2:59 PM Sarubi Thillainathan 
> wrote:
>
>> Hi All,
>>
>> When the role-based scope validator enabled we are granting the access
>> token upon validated scope. In the OpenID flow, when we are reqesting for
>> an ID token we can try the following for an example, where 'scope1' is bind
>> with role 'login-sp'.
>>
>> curl -u anKvtUmgg88qghLz5_AdzDMzIFAa:cQX5r6nDncXSaytrgVlZUx51teUa -k -d
>> "grant_type=password=kim=12345&*scope=openid scope1*"
>> -H "Content-Type:application/x-www-form-urlencoded"
>> https://localhost:9443/oauth2/token
>>
>> This will respond with an ID token if the user Kim is a member of the
>> role 'login-sp'.
>>
>> But when we try to obtain a custom claim value via ID token, we can pass
>> the OIDC scopes which are mapped with the corresponding user claims. As
>> example profile, email scopes.
>>
>> curl -u anKvtUmgg88qghLz5_AdzDMzIFAa:cQX5r6nDncXSaytrgVlZUx51teUa -k -d
>> "grant_type=password=kim=12345&*scope=openid scope1
>> email*" -H "Content-Type:application/x-www-form-urlencoded"
>> https://localhost:9443/oauth2/token -v
>>
>> When we are passing those OIDC scopes with the role-based scope validator
>> enabled, we are getting an error message as,
>>
>> {"error_description":"Invalid Scope!","error":"invalid_scope"}
>>
>> for the OIDC scopes except the scope named 'openid'.
>>
>> The reason is we have only removed the 'openid' scope from the list [1].
>> Then we try to validate, the scope is registered or not by only calling the
>> OAuth2 scopes binding service. Since we can't view the OIDC scopes
>> via OAuth2 scopes binding service we are resulting with an Invalid scope
>> error.
>>
>> To resolve this issue, we may need to remove the OIDC scopes from the
>> scope list before we validating the OAuth2 scopes.
>>
>> Appreciate your thoughts to tackle this issue with a better solution.
>>
> +1 to remove all the OIDC scopes since we can't register OAuth scopes with
> the same name.
>
> Cheers,
> Isura.
>
>>
>> [1]
>> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/c4a33c5cb4914d5b803878c8962a6d4a6f35995d/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/JDBCScopeValidator.java#L206-L220
>>
>>
>> Thanks,
>> Sarubi.
>> --
>> *Sarubi Thillainathan* | Senior Software Engineer | WSO2 Inc.
>> (m) +94 (0) 76 684 9101 | (e) sar...@wso2.com,stsa...@gmail.com
>>
>> *[image: https://wso2.com/signature] <https://wso2.com/signature>*
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Technical Lead | WSO2 <http://wso2.com/>
> *lean.enterprise.middleware*
> Email: is...@wso2.com
> Mob : +94 772 254 810
> Blog : https://medium.com/@isurakarunaratne
>
>
>
>

-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Using default user attributes provided by Active Directory for SCIM operations

[Darshana Gunawardana]

Hi Gayashan,

Is this implemented in the product now? If so can you share details on the
final approach you took.

Thanks,

On Thu, Jan 2, 2020 at 9:37 AM Johann Nallathamby  wrote:

> Hi Gayashan,
>
> On Tue, Dec 3, 2019 at 6:54 PM Gayashan Bombuwala 
> wrote:
>
>> Hi all,
>>
>> Currently when managing users in Active Directory user store with SCIM,
>> we have mapped the SCIM core attributes to different attributes[1, 2]
>> supported by SCIM.
>>
>> e.g. urn:ietf:params:scim:schemas:core:2.0:id (SCIM attribute)->
>> http://wso2.org/claims/userid (local claim) -> homePostalAddress (Active
>> Directory attribute)
>>
>> However, there are a set of attributes maintained by Active Directory
>> which we can use to map some of core SCIM attributes. We have considered
>> the following attributes for the moment.
>>
>>1. objectGuid (AD maintained attribute) ->
>>urn:ietf:params:scim:schemas:core:2.0:id (SCIM attribute)
>>2. whenCreated (AD maintained attribute) ->
>>urn:ietf:params:scim:schemas:core:2.0:created (SCIM attribute)
>>3. whenModified (AD maintained attribute)- ->
>>urn:ietf:params:scim:schemas:core:2.0:lastModified (SCIM attribute)
>>
>> We need to handle the mapping of these attributes in two scenarios.
>>
>>1. When reading values from the user store.
>>2. When writing values to the user store.
>>
>>
>> When reading from the user store we can introduce a hook to handle the
>> mapping of these special attributes. We can implement the hook in
>> AbstractUserStoreManager since local claim to user store property mapping
>> is done in that[3] level. When the attributes are mapped we may need to do
>> a conversion between data types for some attributes (e.g. objectGuid
>> property is stored in AD as an octetSting [3]). This hook will be a method
>> with the following signature.
>>
>> protected void processRetrievedSpecialClaims (Map
>> specialClaims)
>>
>
> Why do we need to have "special" in the method name? Shouldn't all
> attribute processing go through this method? Why limit this to certain
> claims? We don't need to decide beforehand what claims have to go through
> this method. If someone wants to handle certain claim in special way later
> on they can extend this particular method.
>
> Regards,
> Johann.
>
>
>>
>> However, when writing values to the user store, we need to handle the
>> special claims in the user store level [5]. We can do data type conversion
>> for special claim values here as well if required.
>> We will introduce an abstract hook in the AbstractUserStoreManager level
>> but will provide separate implementations in the user store level. This
>> hook will be a method with the following signature.
>>
>> protected void processSpecialClaimsForUpdating (Map
>> specialClaims)
>>
>> Note that the above mentioned new  behaviour will only be executed if a
>> specific user store property is enabled.
>>  Please let us know if you have any concerns regarding this approach.
>>
>> Best Regards,
>> Gayashan
>>
>> [1]
>> https://docs.wso2.com/display/IS570/Configuring+Active+Directory+User+Stores+for+SCIM+2.0+based+Inbound+Provisioning
>> [2] http://www.kouti.com/tables/userattributes.htm
>> [3]
>> https://docs.microsoft.com/en-us/windows/win32/adschema/s-string-octet
>> [4]
>> https://github.com/wso2/carbon-kernel/blob/eb6660d83a4ee29214924c5b7592fa30e259d7b5/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java#L5388
>> [5]
>> https://github.com/wso2/carbon-kernel/blob/eb6660d83a4ee29214924c5b7592fa30e259d7b5/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ActiveDirectoryUserStoreManager.java#L616
>>
>> --
>> *Gayashan Bombuwala*
>> Software Engineer | WSO2
>>
>> Email: gayash...@wso2.com
>> Phone: +94770548334
>>
>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>
>
>
> --
> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect |
> WSO2 Inc.
> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
> [image: Signature.jpg]
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Maintaining IS-Archetypes

[Darshana Gunawardana]

Do we have an archetype for PostAuthenticationHandlers?

On Wed, Oct 9, 2019 at 3:37 PM Inthirakumaaran Tharmakulasingham <
inthirakumaa...@wso2.com> wrote:

> Hi all,
>
> We had an offline discussion with  @Darshana Gunawardana
>  @Omindu Rathnaweera  @Jayanga
> Kaushalya  @Yasara Yasawardhana  @Janak
> Amarasena  @Pulasthi Mahawithana .
> There we decided the following
>
>- Regarding Maintenance:
>   - Have a separate repo for IS-archetypes. We planned to go with the
>   name *archetypes-is* for the repo
>   - Go with four-digit release
>  - major -- product release
>  - minor -- addition of a new archetype
>  - patch -- improve
>  - 4th digit -- track archetype life
>   - For each product version, a branch will be created and compatible
>   archetypes for that versions will be maintained there
>- Archetype Structure:
>   - The structure in the above mail is acceptable.
>   - Within comments, have the sample codes for the methods.
>   - Have the data holder pattern. But according to the situation, we
>   can drop this.
>   - The component name will be taken as input and appended as a
>   prefix.
>  - eg for user operation event listener --
>  {listener-name}UserOperationEventListener.java
>
> Please share your thoughts on this
>
> Thanks and Regards
> kumaaran
>
> On Wed, Sep 11, 2019 at 9:20 PM Inthirakumaaran Tharmakulasingham <
> inthirakumaa...@wso2.com> wrote:
>
>> Hi all,
>>
>> We have updated the dependency of user-event-listener-archetype[1] and
>> now it can work on IS 5.8.0. While deciding on where to put these
>> archetypes, let's try to finalize the format of archetypes by analyzing the
>> user-event-listener-archetype.
>>
>> Following is the structure of this archetype.
>>
>> carbon-user-operation-eventListener-archetype
>>> └── src
>>> ├── main
>>> │   └── resources
>>> │   ├── META-INF
>>> │   │   └── maven
>>> │   │   └── archetype-metadata.xml
>>> │   └── archetype-resources
>>> │   ├── pom.xml
>>> │   └── src
>>> │   └── main
>>> │   └── java
>>> │   ├──
>>> __listener-name-prefix__UserOperationEventListener.java
>>> │   └── internal
>>> │   └──
>>> __listener-name-prefix__UserOperationEventListenerServiceComponent.java
>>> └── test
>>> └── resources
>>> └── projects
>>> └── basic
>>> ├── archetype.properties
>>> └── goal.txt
>>
>>
>> We have to think of the components we can add to this archetypes. Eg we
>> can add data-holder class which could help the user to customize these
>> archetypes.
>>
>> Then we have to consider the naming as well, eg what group id should be
>> given for which archetype or how the classes in the archetype should be
>> named whether to add a suffix or have a fixed name
>>
>> Please share your thoughts on this
>>
>> [1]https://github.com/wso2-extensions/archetypes/pull/26
>>
>> On Wed, Aug 7, 2019 at 7:25 PM Kanapriya Kuleswararajan <
>> kanapr...@wso2.com> wrote:
>>
>>> Hi Shankar,
>>>
>>> On Wed, Aug 7, 2019 at 4:56 PM Selvaratnam Uthaiyashankar <
>>> shan...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Aug 7, 2019 at 2:23 PM Tharindu Bandara 
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Find the best approach to maintain the archetypes (in a single repo or
>>>>>> inside the feature repo).
>>>>>
>>>>>
>>>> I didn't understand what do we meant by feature repo here. Still it is
>>>> going to be single repo right?
>>>>
>>>
>>> The feature repo means, we thought to maintain the archetype in the same
>>> repository where the feature is in. In that way, if we upgrade the product
>>> or any feature component with the latest dependencies, we can update the
>>> archetypes and can maintain the releases for archetypes as well (we may
>>> need to maintain the old archetype version as there can be users who still
>>> use the old product versions with lower dependency versions).
>>>
>>>>
>>>> When we created the 

Re: [Dev] Removing assertion expiry time check when setting the "exp" claim in a new JWT token

[Darshana Gunawardana]

Hi Gayashan,

I assume you are talking about Password Grant flow which generated self
contained access tokens rather the default opaque tokens.

If that flow, there is no assertion involved, so we don't want to consider
a "assertion expiry time" (that does not exist in this flow) when
calculating the exp claim in the self contained access token. So we can
remove this logic in the JWTTokenIssuer class...

Please correct me if I am wrong.

Thanks,


On Wed, Oct 23, 2019 at 10:19 AM Gayashan Bombuwala 
wrote:

> Hi all,
>
> Currently, when issuing a JWT token in exchange for a password grant
> assertion, we do the comparison [1].
>
> When setting the "exp" claim, we check whether the expiration time of the
> assertion is earlier than the expiration time defined by the service
> provider. If that is the case, we set the "exp" claim of the new token to
> expiration time of the assertion.
>
> The reason for doing this comparison is because when an IDP issue a
> password grant, the IDP trusts that the original validity period will be
> preserved when the Identity Server issue a new token in exchange of the
> password grant assertion.
>
> Based on the discussion we had offline, we decided to refactor the code
> where the above mentioned logic will not be carried out.
>
> [1]
> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/ac03fc9eeff9b183430963c5590753bd7d245e23/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L524
>
> Best Regards,
>
> --
> *Gayashan Bombuwala*
> Software Engineer | WSO2
>
> Email: gayash...@wso2.com
> Phone: +94770548334
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

[Darshana Gunawardana]

Hi Thanuja,

On Sat, Sep 28, 2019 at 8:28 PM Darshana Gunawardana 
wrote:

> Hi Johann,
>
> On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby 
> wrote:
>
>> Hi Thanuja,
>>
>> Did we consider sending the access token itself as a secure, http-only
>> cookie to the browser instead of binding it to a separate cookie? This will
>> also simplify the development on the client side, in case someone wants to
>> build their own SPA.
>>
>
> Here which domain you assumed that the cookie will be set to?
>
> Assuming it the client's domain, there are two limitations.
>
>1. Setting the token as a cookie is an additional task that client had
>to do since OP (in this case IS) cannot set cookies for some external
>client domain.
>2. Having the token stored in http-only cookie block accessing it's
>from client-side scripts, which is a main blocker for SPAs.
>
>
> Assuming it the server-side domain and assuming you want to automatically
> handle authorization for the API based on the access token that already
> present in the cookie, there are two concerns,
>
>1. This will open up CSRF vulnerability as any malicious client
>running on the same browser can also access APIs successfully.
>2. If the API gateway handling authorization in back-channel mode,
>
> And Thanuja, I think, the current approach that we are looking also does
not handle this above point (#2).

>
>1. The cookie has to set to the API gateway's domain
>   2. API gateway has to do an additional non-standard way of handing
>   this cookie and attach it to the authorization header.
>
> Hence we should evaluate the above two cases and validate whether there
are no limitations with the current approach.

Thanks,

>
> Thanks,
>
>>
>> Regards,
>> Johann.
>>
>> On Mon, Sep 2, 2019 at 12:26 PM Thanuja Jayasinghe 
>> wrote:
>>
>>> Hi All,
>>>
>>> With the introduction of new IAM portal applications, there is a
>>> requirement to provide additional security measures to secure these SPAs.
>>> We have already implemented the OAuth2 authorization code flow(public
>>> client) with PKCE for these applications and with this feature, it will be
>>> possible to bind the access token to the browser instance. So, an
>>> additional security measure will be enforced as the combination of the
>>> access token and browser token(cookie) validated while accessing the IS
>>> APIs.
>>> Support for configuring this option using OAuth2 application
>>> configuration and browser token persistence will be added as well.
>>>
>>> Updated request/response flow is as follows,
>>> [image: Blank Diagram (1).png]
>>>
>>> Thanks,
>>> Thanuja
>>>
>>> --
>>> *Thanuja Lakmal*
>>> Technical Lead
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891
>>>
>>
>>
>> --
>> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect |
>> WSO2 Inc.
>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
>> [image: Signature.jpg]
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com *
> *Mobile: +94718566859*Lean . Enterprise . Middleware
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

[Darshana Gunawardana]

Hi Johann,

On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby  wrote:

> Hi Thanuja,
>
> Did we consider sending the access token itself as a secure, http-only
> cookie to the browser instead of binding it to a separate cookie? This will
> also simplify the development on the client side, in case someone wants to
> build their own SPA.
>

Here which domain you assumed that the cookie will be set to?

Assuming it the client's domain, there are two limitations.

   1. Setting the token as a cookie is an additional task that client had
   to do since OP (in this case IS) cannot set cookies for some external
   client domain.
   2. Having the token stored in http-only cookie block accessing it's from
   client-side scripts, which is a main blocker for SPAs.


Assuming it the server-side domain and assuming you want to automatically
handle authorization for the API based on the access token that already
present in the cookie, there are two concerns,

   1. This will open up CSRF vulnerability as any malicious client running
   on the same browser can also access APIs successfully.
   2. If the API gateway handling authorization in back-channel mode,
  1. The cookie has to set to the API gateway's domain
  2. API gateway has to do an additional non-standard way of handing
  this cookie and attach it to the authorization header.


Thanks,

>
> Regards,
> Johann.
>
> On Mon, Sep 2, 2019 at 12:26 PM Thanuja Jayasinghe 
> wrote:
>
>> Hi All,
>>
>> With the introduction of new IAM portal applications, there is a
>> requirement to provide additional security measures to secure these SPAs.
>> We have already implemented the OAuth2 authorization code flow(public
>> client) with PKCE for these applications and with this feature, it will be
>> possible to bind the access token to the browser instance. So, an
>> additional security measure will be enforced as the combination of the
>> access token and browser token(cookie) validated while accessing the IS
>> APIs.
>> Support for configuring this option using OAuth2 application
>> configuration and browser token persistence will be added as well.
>>
>> Updated request/response flow is as follows,
>> [image: Blank Diagram (1).png]
>>
>> Thanks,
>> Thanuja
>>
>> --
>> *Thanuja Lakmal*
>> Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>
>
> --
> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect |
> WSO2 Inc.
> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
> [image: Signature.jpg]
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Rest API] [User Management] Profile support for user management Rest API

[Darshana Gunawardana]

Hi Dinali,

Multiple profiles are used to store different attributes of the user with a
different context, right?

In that way, we can consider different schemas definition in SCIM (user
schema, enterpriseUser schema, etc) can be used to represent the multiple
profiles of a user?

Thanks,

On Thu, Aug 15, 2019 at 6:33 PM Dinali Dabarera  wrote:

> Hi Ruwan,
>
> Multiple user profiles are only supported in JDBC user stores.
>
> If a user needs to manage his user details for public and private he can
> have two different profiles. For example, home profile which store personal
> data (home email, home mobile, home address, etc)and wso2 profiles which
> store wso2 details wso2 email, wso2 mobile, etc. We can view all the user
> profile names of a user and We can view user details based on the user
> profile.
>
> They are no many customers who use this multiple profile at the moment.
> One of our leading customer too uses different profiles for tenants when a
> tenant is created. Also applications like uber can have many profiles,
> hence this can be a valid reason as well.
>
> As per my findings, the main target of having profiles is to support
> multi-profile requirement of a user.
>
> Thanks and regards,
> Dinali
>
>
>
>
>
>
>
>
> On Thu, Aug 15, 2019 at 12:30 PM Ruwan Abeykoon  wrote:
>
>> Hi Dinali,
>> Can we list down the functionalities of the "user profile", and what it
>> is used for at current product versions. Then we can see what are our
>> options.
>>
>> Cheers,
>> Ruwan A
>>
>> On Thu, Aug 15, 2019 at 11:49 AM Dinali Dabarera  wrote:
>>
>>> Hi all,
>>>
>>> Currently, we have RemoteUserStoreManagerService for user management
>>> purposes as a SOAP service. As a REST API, we use SCIM API for the user
>>> management applications. We do support multiple profiles per user.
>>>
>>> But in RemoteUserStoreManagement Service we have a method   called
>>> "getAllProfileNames" which return all authenticated users'  profile names.
>>> Furthermore, below API methods too use *profile* as an optional
>>> parameter.
>>> getUserClaimValues(String userName, String profileName)
>>> getUserClaimValue(String userName, String claim, String profileName)
>>> getUserList(String claimUri, String claimValue, String profile)
>>> getUserClaimValuesForClaims(String userName, String[] claims, String
>>> profileName)
>>>
>>>
>>> But if we are planing to deprecate this *RemoteUserStoreManagerService *in
>>> our future releases we can only use SCIM as the Rest API for user
>>> management applucations. We can do almost all the actions in
>>> RemoteUserStoreManagerService using SCIM API, except Profile details. SCIM
>>> does not support user profiles at the moment.
>>>
>>> We have below concerns regarding "user profiles", in our future releases.
>>>
>>>- Are we still support user profiles in our future releases?
>>>- If we are not supporting, what do we do to customers who will
>>>migrate to our future releases? Are we thinking of any other alternative
>>>for profiles?
>>>-  If we support profiles, Shall we create a new Rest API for
>>>profile management? or Shall we introduce new meta data for the current
>>>SCIM API request and responses?
>>>
>>>
>>> Your  feedback on this is highly appreciated?
>>>
>>> Thank you!
>>> Dinali
>>>
>>> --
>>> *Dinali Rosemin Dabarera*
>>> Senior Software Engineer
>>> IAM Domain
>>> WSO2 Lanka (pvt) Ltd.
>>> Web: http://wso2.com/
>>> Email : gdrdabar...@gmail.com
>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
>>> Mobile: +94770198933
>>>
>>>
>>>
>>>
>>> <https://lk.linkedin.com/in/dinalidabarera>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> Ruwan Abeykoon | Director/Architect | WSO2 Inc.
>> (w) +947435800  | Email: ruw...@wso2.com
>>
>>
>
> --
> *Dinali Rosemin Dabarera*
> Senior Software Engineer
> IAM Domain
> WSO2 Lanka (pvt) Ltd.
> Web: http://wso2.com/
> Email : gdrdabar...@gmail.com
> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
> Mobile: +94770198933
>
>
>
>
> <https://lk.linkedin.com/in/dinalidabarera>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Limiting Concurrent Active Sessions Per User

[Darshana Gunawardana]

Thanks Gayashan for the clarification.

What are the improvements that we can further do?

Thanks,

On Mon, Aug 5, 2019 at 2:37 PM Gayashan Bombuwala 
wrote:

> Hi Darshana,
>
> I. This PR introduces 3 new JavaScript functions that can be used with
> adaptive authentication scripts.
>
>1. GetUserSessions - Retrieves all the active sessions for a given
>user.
>2. KillAllUserSessions - Kills all the active sessions of a given user.
>3. KillUserSession - Kills an active session with the given sessionId.
>
>
> II. Once the user is authenticated, user is presented with a UI prompt if
> there are any active sessions. Then the user can decide whether to kill or
> keep the active user sessions.
>
> Best Regards.
>
> On Mon, Aug 5, 2019 at 2:30 PM Darshana Gunawardana 
> wrote:
>
>> Hi Gayashan,
>>
>> Can you briefly describe what was covered in this PR?
>>
>> Thanks,
>>
>>
>> On Mon, Aug 5, 2019 at 2:04 PM Gayashan Bombuwala 
>> wrote:
>>
>>> Hi,
>>>
>>> This functionality has been implemented in
>>> https://github.com/wso2-extensions/identity-conditional-auth-functions/pull/49
>>>
>>> Best Regards
>>>
>>> On Tue, Jul 30, 2019 at 4:33 PM Gayashan Bombuwala 
>>> wrote:
>>>
>>>> Hi Darshana,
>>>>
>>>> Noted with thanks.
>>>>
>>>> On Tue, Jul 30, 2019 at 4:08 PM Darshana Gunawardana 
>>>> wrote:
>>>>
>>>>> Hi Gayashan,
>>>>>
>>>>> +1 for the approach.
>>>>>
>>>>> Once you get to the 3rd step please share the initial functional
>>>>> interfaces that need to achieve this requirement and have a design review
>>>>> on that.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Tue, 30 Jul 2019, 15:45 Gayashan Bombuwala, 
>>>>> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> With regards to the issue #6012
>>>>>> <https://github.com/wso2/product-is/issues/6012>, I'm planning to
>>>>>> work on it by accomplishing the following steps.
>>>>>>
>>>>>>1. Getting myself familiarised with the APIs for listing and
>>>>>>deleting active user sessions.
>>>>>>2. Implementing a dummy function.
>>>>>>3. Implementing the logic in two separate functions for listing
>>>>>>active sessions and deleting active sessions.
>>>>>>
>>>>>>
>>>>>> Best Regards
>>>>>> --
>>>>>> *Gayashan Bombuwala*
>>>>>> Software Engineer | WSO2
>>>>>>
>>>>>> Email: gayash...@wso2.com
>>>>>> Phone: +94770548334
>>>>>>
>>>>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>>>>
>>>>>
>>>>
>>>> --
>>>> *Gayashan Bombuwala*
>>>> Software Engineer | WSO2
>>>>
>>>> Email: gayash...@wso2.com
>>>> Phone: +94770548334
>>>>
>>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>>
>>>
>>>
>>> --
>>> *Gayashan Bombuwala*
>>> Software Engineer | WSO2
>>>
>>> Email: gayash...@wso2.com
>>> Phone: +94770548334
>>>
>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com *
>> *Mobile: +94718566859*Lean . Enterprise . Middleware
>>
>
>
> --
> *Gayashan Bombuwala*
> Software Engineer | WSO2
>
> Email: gayash...@wso2.com
> Phone: +94770548334
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Limiting Concurrent Active Sessions Per User

[Darshana Gunawardana]

Hi Gayashan,

Can you briefly describe what was covered in this PR?

Thanks,


On Mon, Aug 5, 2019 at 2:04 PM Gayashan Bombuwala 
wrote:

> Hi,
>
> This functionality has been implemented in
> https://github.com/wso2-extensions/identity-conditional-auth-functions/pull/49
>
> Best Regards
>
> On Tue, Jul 30, 2019 at 4:33 PM Gayashan Bombuwala 
> wrote:
>
>> Hi Darshana,
>>
>> Noted with thanks.
>>
>> On Tue, Jul 30, 2019 at 4:08 PM Darshana Gunawardana 
>> wrote:
>>
>>> Hi Gayashan,
>>>
>>> +1 for the approach.
>>>
>>> Once you get to the 3rd step please share the initial functional
>>> interfaces that need to achieve this requirement and have a design review
>>> on that.
>>>
>>> Thanks,
>>>
>>> On Tue, 30 Jul 2019, 15:45 Gayashan Bombuwala, 
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> With regards to the issue #6012
>>>> <https://github.com/wso2/product-is/issues/6012>, I'm planning to work
>>>> on it by accomplishing the following steps.
>>>>
>>>>1. Getting myself familiarised with the APIs for listing and
>>>>deleting active user sessions.
>>>>2. Implementing a dummy function.
>>>>3. Implementing the logic in two separate functions for listing
>>>>active sessions and deleting active sessions.
>>>>
>>>>
>>>> Best Regards
>>>> --
>>>> *Gayashan Bombuwala*
>>>> Software Engineer | WSO2
>>>>
>>>> Email: gayash...@wso2.com
>>>> Phone: +94770548334
>>>>
>>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>>
>>>
>>
>> --
>> *Gayashan Bombuwala*
>> Software Engineer | WSO2
>>
>> Email: gayash...@wso2.com
>> Phone: +94770548334
>>
>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>
>
>
> --
> *Gayashan Bombuwala*
> Software Engineer | WSO2
>
> Email: gayash...@wso2.com
> Phone: +94770548334
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Some configs in registry.xml file are not found in the new config model in IS-5.9.0

[Darshana Gunawardana]

Hi Piraveena,

Is the "indexingConfiguration" only config that has been missed in the
5.9.0 when compared to 5.8.0?

Thanks,

On Fri, Aug 2, 2019 at 6:28 PM Piraveena Paralogarajah 
wrote:

> Hi all,
>
> When I go through the registry.xml file in the IS-5.9.0-m5 pack, some
> configs which are in IS 5.8.0 are missing.
>
> The following * *config is found in IS 5.8.0 pack.
> But it is not found in IS-5.9.0-m5 according to the current config model.
>
> 
> false
> 35
> 5
> 
> 40
> 
> 40
> 
>
> /_system/local/repository/components/org.wso2.carbon.registry/indexing/lastaccesstime
> 
> 
>  class="org.wso2.carbon.registry.indexing.indexer.MSExcelIndexer"
> mediaTypeRegEx="application/vnd.ms-excel"/>
>  class="org.wso2.carbon.registry.indexing.indexer.MSPowerpointIndexer"
> mediaTypeRegEx="application/vnd.ms-powerpoint"/>
>  class="org.wso2.carbon.registry.indexing.indexer.MSWordIndexer"
> mediaTypeRegEx="application/msword"/>
>  class="org.wso2.carbon.registry.indexing.indexer.PDFIndexer"
> mediaTypeRegEx="application/pdf"/>
>  class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer"
> mediaTypeRegEx="application/xml"/>
>  class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer"
> mediaTypeRegEx="application/(.)+\+xml"/>
>  class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer"
> mediaTypeRegEx="application/swagger\+json"/>
>  class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer"
> mediaTypeRegEx="application/(.)+\+json"/>
>  class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer"
> mediaTypeRegEx="text/(.)+"/>
>  class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer"
> mediaTypeRegEx="application/x-javascript"/>
> 
> 
>  pathRegEx="/_system/config/repository/dashboards/gadgets/swfobject1-5/.*[.]html"/>
>  pathRegEx="/_system/local/repository/components/org[.]wso2[.]carbon[.]registry/mount/.*"/>
> 
> 
>
> Some new configs are available according to the new config model in
> registry.xml file. Are there any reasons for removing this particular
> config from registry.xml in the new configuration model?
>
> Thanks,
> Piraveena
> *Piraveena Paralogarajah*
> Software Engineer | WSO2 Inc.
> *(m)* +94776099594 | *(e)* pirave...@wso2.com
>
>

-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Issues with Role Based Adaptive Authentication example

[Darshana Gunawardana]

On Thu, Aug 1, 2019 at 11:32 AM Sherene Mahanama  wrote:

> Hi,
>
> As discussed offline, since there is no identity.xml.j2 file in 5.8.0, I
> have not updated the 5.8.0 doc [1].
>

Yes.. Both of the issues reported by Gayashan, only affected to IS 5.9.0..


> It would be good if it's possible to add this to the file by default in
> 5.9.0.. else, please let me know and I will update the 5.9.0 doc [2].
>

IMO, in one angle, default configs should be production-ready ones, so we
cannot have custom web apps to be allowed by default in the identity.xml...
On the other hand, we should improve the user experience of the person who
tries the guide by having minimal changes.

This is a place we can utilize "dev" or new profile like "poc" or "samples"
with the new config model.

For the moment, let's add this config to the 5.9.0 docs and then decide
whether we can utilize a new config profile to simplify configurations of
samples and use that.

Thanks,

>
> [1]
> https://docs.wso2.com/display/IS580/Configuring+a+Service+Provider+for+Adaptive+Authentication#ConfiguringaServiceProviderforAdaptiveAuthentication-Step01:SetUptheSamples
> [2]
> https://is.docs.wso2.com/en/5.9.0/tutorials/configuring-a-service-provider-for-adaptive-authentication
>
> Thanks,
> Sherene
>
> On Wed, Jul 31, 2019 at 3:42 PM Isura Karunaratne  wrote:
>
>> Hi Sherene, Yvonne,
>>
>> In order to fix [1], we need to update the document [2].  It is required
>> to add the following configuration in
>> /repository/resources/conf/templates/repository/conf/identity.xml.j2
>> as instructed in [1].
>>
>> **
>>
>> Please update the [2] by adding a new step.
>>
>> Cheers,
>> Isura.
>>
>> [1] https://github.com/wso2/product-is/issues/6023
>> [2]
>> https://docs.wso2.com/display/IS580/Configuring+a+Service+Provider+for+Adaptive+Authentication#ConfiguringaServiceProviderforAdaptiveAuthentication-Step01:SetUptheSamples
>>
>> On Tue, Jul 30, 2019 at 2:57 PM Darshana Gunawardana 
>> wrote:
>>
>>> [Looping Isura]
>>>
>>>
>>> On Tue, Jul 30, 2019 at 2:55 PM Darshana Gunawardana 
>>> wrote:
>>>
>>>> Hi Gayashan,
>>>>
>>>> Please see my comments below.
>>>>
>>>> On Tue, Jul 30, 2019 at 2:23 PM Gayashan Bombuwala 
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> I came across the following issues when trying out the Role Based
>>>>> Adaptive Authentication example
>>>>> <https://docs.wso2.com/display/IS580/Configuring+Role-Based+Adaptive+Authentication>
>>>>> .
>>>>>
>>>>>
>>>>>1. #6022 <https://github.com/wso2/product-is/issues/6022> -
>>>>>UsernameJavaScriptRegEx property configuration in usr-mgt.xml has been
>>>>>changed.
>>>>>
>>>>> We have to fix in the default config to avoid any configuration
>>>> changes during the guide.
>>>>
>>>>>
>>>>>1.
>>>>>2. #6023 <https://github.com/wso2/product-is/issues/6023> -
>>>>>Unauthorized error while following the "Role Based Adaptive 
>>>>> Authentication"
>>>>>example.
>>>>>
>>>>> This has to capture in docs.
>>>>
>>>> Thanks,
>>>>
>>>>>
>>>>>1.
>>>>>
>>>>>
>>>>> Best Regards
>>>>>
>>>>> --
>>>>> *Gayashan Bombuwala*
>>>>> Software Engineer | WSO2
>>>>>
>>>>> Email: gayash...@wso2.com
>>>>> Phone: +94770548334
>>>>>
>>>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>>
>>>> *Darshana Gunawardana*Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>>
>>>> *E-mail: darsh...@wso2.com *
>>>> *Mobile: +94718566859*Lean . Enterprise . Middleware
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com *
>>> *Mobile: +94718566859*Lean . Enterprise . Middleware
>>>
>>
>>
>> --
>>
>> *Isura Dilhara Karunaratne*
>> Technical Lead | WSO2 <http://wso2.com/>
>> *lean.enterprise.middleware*
>> Email: is...@wso2.com
>> Mob : +94 772 254 810
>> Blog : https://medium.com/@isurakarunaratne
>>
>>
>>
>>
>
> --
> Sherene Mahanama
> Senior Technical Writer
>
> WSO2 (pvt.) Ltd.
> Colombo, Sri Lanka
> Mobile: (+94) 777 <%28%2B94%29%20773131798>
> *994805*
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Limiting Concurrent Active Sessions Per User

[Darshana Gunawardana]

Hi Gayashan,

+1 for the approach.

Once you get to the 3rd step please share the initial functional interfaces
that need to achieve this requirement and have a design review on that.

Thanks,

On Tue, 30 Jul 2019, 15:45 Gayashan Bombuwala,  wrote:

> Hi All,
>
> With regards to the issue #6012
> , I'm planning to work on
> it by accomplishing the following steps.
>
>1. Getting myself familiarised with the APIs for listing and deleting
>active user sessions.
>2. Implementing a dummy function.
>3. Implementing the logic in two separate functions for listing active
>sessions and deleting active sessions.
>
>
> Best Regards
> --
> *Gayashan Bombuwala*
> Software Engineer | WSO2
>
> Email: gayash...@wso2.com
> Phone: +94770548334
>
> [image: https://wso2.com/signature] 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Issues with Role Based Adaptive Authentication example

[Darshana Gunawardana]

[Looping Isura]


On Tue, Jul 30, 2019 at 2:55 PM Darshana Gunawardana 
wrote:

> Hi Gayashan,
>
> Please see my comments below.
>
> On Tue, Jul 30, 2019 at 2:23 PM Gayashan Bombuwala 
> wrote:
>
>> Hi All,
>>
>> I came across the following issues when trying out the Role Based
>> Adaptive Authentication example
>> <https://docs.wso2.com/display/IS580/Configuring+Role-Based+Adaptive+Authentication>
>> .
>>
>>
>>1. #6022 <https://github.com/wso2/product-is/issues/6022> -
>>UsernameJavaScriptRegEx property configuration in usr-mgt.xml has been
>>changed.
>>
>> We have to fix in the default config to avoid any configuration changes
> during the guide.
>
>>
>>1.
>>2. #6023 <https://github.com/wso2/product-is/issues/6023> -
>>Unauthorized error while following the "Role Based Adaptive 
>> Authentication"
>>example.
>>
>> This has to capture in docs.
>
> Thanks,
>
>>
>>1.
>>
>>
>> Best Regards
>>
>> --
>> *Gayashan Bombuwala*
>> Software Engineer | WSO2
>>
>> Email: gayash...@wso2.com
>> Phone: +94770548334
>>
>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com *
> *Mobile: +94718566859*Lean . Enterprise . Middleware
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Issues with Role Based Adaptive Authentication example

[Darshana Gunawardana]

Hi Gayashan,

Please see my comments below.

On Tue, Jul 30, 2019 at 2:23 PM Gayashan Bombuwala 
wrote:

> Hi All,
>
> I came across the following issues when trying out the Role Based Adaptive
> Authentication example
> <https://docs.wso2.com/display/IS580/Configuring+Role-Based+Adaptive+Authentication>
> .
>
>
>1. #6022 <https://github.com/wso2/product-is/issues/6022> -
>UsernameJavaScriptRegEx property configuration in usr-mgt.xml has been
>changed.
>
> We have to fix in the default config to avoid any configuration changes
during the guide.

>
>1.
>2. #6023 <https://github.com/wso2/product-is/issues/6023> -
>Unauthorized error while following the "Role Based Adaptive Authentication"
>example.
>
> This has to capture in docs.

Thanks,

>
>1.
>
>
> Best Regards
>
> --
> *Gayashan Bombuwala*
> Software Engineer | WSO2
>
> Email: gayash...@wso2.com
> Phone: +94770548334
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Removing noisy info logs in HazelcastClusterMessageListener

[Darshana Gunawardana]

Nice..!

On Mon, Aug 13, 2018 at 3:44 PM Ruwan Abeykoon  wrote:

> Hi Darshana,
>
> I already fixed the issue with PR [1], but needs some improvements to get
> it merged.
>
> [1] https://github.com/wso2/carbon-kernel/pull/1825
>
> Cheers,
>
> On Mon, Aug 13, 2018 at 3:37 PM Darshana Gunawardana 
> wrote:
>
>> [Looping Dev list]
>>
>> Hi Devs,
>>
>> I have came across a scenario, in the wso2carbon.log file, out of ~20,000
>> logs, 19,000+ logs has been generated from [1].
>>
>> This is due to the latest changes to use invalidation messages to sync
>> data in the caches among the cluster, now the
>> HazelcastClusterMessageListener getting trigger more frequent manner.
>>
>> Shall we make [1] as a debug log?
>>
>> [1]
>> https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/clustering/hazelcast/HazelcastClusterMessageListener.java#L53
>>
>> Thanks,
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com *
>> *Mobile: +94718566859*Lean . Enterprise . Middleware
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
>

-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Removing noisy info logs in HazelcastClusterMessageListener

[Darshana Gunawardana]

[Looping Dev list]

Hi Devs,

I have came across a scenario, in the wso2carbon.log file, out of ~20,000
logs, 19,000+ logs has been generated from [1].

This is due to the latest changes to use invalidation messages to sync data
in the caches among the cluster, now the HazelcastClusterMessageListener
getting trigger more frequent manner.

Shall we make [1] as a debug log?

[1]
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/clustering/hazelcast/HazelcastClusterMessageListener.java#L53

Thanks,

-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] Modifying consent purposes associations

[Darshana Gunawardana]

Hi Omindu,

Could you explain the need of this functionality with the view of the end
user?

Thanks,

On Sun, Jul 22, 2018 at 11:06 PM Omindu Rathnaweera  wrote:

> Hi All,
>
> As per the current implementation, we do not allow to edit or delete
> consent purposes which are associated with a consent receipt. The reason
> behind such a design decision was to preserve the immutability of the
> consent receipt. Meaning, to prevent modifying the existing consent
> receipts which are associated with purposes if a purpose is modified.
>
> However, with the improvements we are introducing with 5.7.0 privacy
> features, Self Signup and JIT functionalities will have a tight dependency
> on purposes and there will be more involvement around configuring purposes.
> The purposes defined for these scenarios cannot be modified once they are
> associated with a consent receipt.
>
> Therefore it would be convenient for the users to have the option to
> modify the existing consent purposes. But doing so should not change the
> existing consent receipts.
>
> In order to achieve this requirement. I see the following
>
> i) We can provide the capability to modify the existing purposes. For this
> we may have to duplicate the purposes when adding receipts and reference
> the duplicated purpose from the receipt.
>
> ii) Without providing the capability to modify the purposes, we can
> maintain a separate association of purposes and Self signup/JIT similar
> to what we are doing for service providers. This way a user can pick what
> purposes should be associated with a certain flow without modifying the
> existing purposes.
>
> Appreciate your thoughts on this.
>
> Regards,
> Omindu.
>
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Restrict Admin console within localhost in WSO2 IS 5.5.0

[Darshana Gunawardana]

Hi Shiva,

This need to be configured in the host OS or in a firewall to block port
9443 (with default configs)..

Thanks,

On Sat, Jun 9, 2018 at 12:54 PM Shiva Kumar 
wrote:

> Hi All,
>
> I want to restrict access to admin console within localhost how I can
> configure WSO2 IS 5.5.0 for that.
>
> Thanks,
>
> Shiva
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com *
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Exception in Facebook Federated Authentication

[Darshana Gunawardana]

AFAIR, this seems to be an issue with handling email type usernames without
enabling email usernames..

Anyhow we have discussed to fix this from the sso consent implementation..
@Omindu: Do we have any git issue related to this?

Thanks,

On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana <gmgunaward...@gmail.com>
wrote:

>
> Hi Tharindu,
> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> Hi Gayan,
>>
>> It seems the error is coming form the consent management feature. If you
>> don't require this feature, you can simply turn it off from the following
>> property in identity.xml file.
>>
>> 
>> 
>> *false*
>> 
>>
>> Alternatively you can turn off the following listener from identity.xml
>> file too for getting rid of the issue.
>>
>> > />
>>
>
>> I could reproduce the same behavior and by setting any of the above
>> configs, I could avoid the error and successfully authenticate the SP app
>> (travelocity) with FB IDP.
>>
> Thanks for the explanation. I have already disabled consent management to
> get it work. I suppose globally disabling consent management feature or
> disabling the listener would not be a good solution.
>
>>
>> @IAM Team - If we keep using the consent management feature, do we need
>> any additional configuration? May be claim configuration to map the
>> particular user claims which should require obtaining user consent?
>>
>
>> Thanks,
>> TharinduE
>>
>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
>> gmgunaward...@gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> I have configured travelocity.com sample application as SAML inbound
>>> and Facebook as federated authenticator for IS-5.5.0. After adding Facebook
>>> credentials, got below UI.
>>>
>>>
>>> ​After enabling debug logs found below exception. Is there any further
>>> configuration I have to do to get it work ?
>>>
>>> [2018-04-14 20:25:49,655] ERROR {org.wso2.carbon.user.core.aut
>>> horization.JDBCAuthorizationManager} -  Error occurred while accessing
>>> Java Security Manager Privilege Block
>>> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.appl
>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>>> -  Error occurred while evaluating post authentication
>>> org.wso2.carbon.identity.application.authentication.framewor
>>> k.exception.PostAuthenticationFailedException: Error occurred while
>>> retrieving consent data of user: gmgunaward...@gmail.com for service
>>> provider: CafeLebens-Sample in tenant domain: carbon.super.
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
>>> handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
>>> handle(ConsentMgtPostAuthnHandler.java:106)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.services.PostAuthenticationMgtService.executePostAuthnHand
>>> ler(PostAuthenticationMgtService.java:109)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.services.PostAuthenticationMgtService.handlePostAuthentica
>>> tion(PostAuthenticationMgtService.java:78)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>>> andlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.DefaultAuthenticationRequestHandler.h
>>> andle(DefaultAuthenticationRequestHandler.java:134)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa
>>> ultRequestCoordinator.java:157)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic
>>> ationServlet.java:53)
>>> at org.wso2.carbon.identity.application.authentication.framewor
>>> k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica
>>> tionServlet.java:43)
>>>
>>> Thanks,
>>> Gayan
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : http://tharindue.blogspot.com
>> mobile : +94 775181586
>>
>
>
>
> --
> Gayan
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC2

[Darshana Gunawardana]

Hi all,

Thanks for testing WSO2 Identity Server 5.5.0-RC2.

Since this vote passed with 21 +1s and 0 -1s, we’re hereby closing this vote
 and proceeding with the Identity Server 5.5.0 GA release.

Thanks,


On Thu, Mar 15, 2018 at 3:15 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

> Tested the below scenarios on the IS 5.5.0 RC2 pack
>
>
>- Created an OAuth app using DCR endpoint
>- Added an application certificate for the service provider.
>- Tested the OIDC Authorization Code flow with plain JWT request
>object.
>- Enable option to enforce signature validation for request object.
>- Verified that authorization code request is rejected when plain jwt
>is sent as request object.
>- Verified that signature is validated when a signed jwt is sent as
>the request object.
>
>
> [+] Stable - Go ahead and release
>
>
> On Thu, Mar 15, 2018 at 2:52 PM, Prakhash Sivakumar <prakh...@wso2.com>
> wrote:
>
>> Hi all,
>>
>> I have reviewed the following reports prepared by the product team.
>>
>> 1. Dynamic analysis report
>> 2. Static analysis report.
>>
>> no issues with the analysis reports.
>>
>> +1, Go ahead and release.
>>
>> Thanks,
>> Prakhash
>>
>>
>>
>>
>> On Thu, Mar 15, 2018 at 2:45 PM, Jayanga Kaushalya <jayan...@wso2.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> I have tested the following,
>>>
>>> 1. Forget-me tool in IS RC2 pack.
>>> 2. Forget-me tool in IS Analytics RC2 pack.
>>>
>>> No blocking issues found.
>>>
>>> [+] Go ahead and release.
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Senior Software Engineer
>>> Mobile: +94777860160 <+94%2077%20786%200160>
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>>
>>>
>>> On Thu, Mar 15, 2018 at 1:26 PM, Ishara Karunarathna <isha...@wso2.com>
>>> wrote:
>>>
>>>> HI,
>>>>
>>>> Tested the consent mgt feature with SAML SSO. and basic user mgt
>>>> features.
>>>> No blocking issues found.
>>>>
>>>> [+] Stable - Go ahead and release
>>>>
>>>> -Ishara
>>>>
>>>> On Thu, Mar 15, 2018 at 1:08 PM, Pulasthi Mahawithana <
>>>> pulast...@wso2.com> wrote:
>>>>
>>>>> Tested below scenarios and no blocking issues found.,
>>>>>
>>>>>- Adding multi-Step workflow definitions
>>>>>- Adding workflow associations and Multi step approval for user
>>>>>add operation
>>>>>- Federation with twitter
>>>>>- Login analytics
>>>>>- Session Analytics
>>>>>
>>>>> No blocking issues found.
>>>>>
>>>>> [+] Stable - Go ahead and release
>>>>>
>>>>> On Thu, Mar 15, 2018 at 12:33 PM, Hasintha Indrajee <hasin...@wso2.com
>>>>> > wrote:
>>>>>
>>>>>> Tested below scenarios with MySQL database
>>>>>>
>>>>>> Authentication data publishing.
>>>>>> Custom OAuth client authenticators (Private key JWT client
>>>>>> authenticator.)
>>>>>>
>>>>>> Self registration with consents (for super and non super tenants)
>>>>>> SSO with missing mandatory claims and consents for SaaS apps. (SAML,
>>>>>> with and without mandatory claims)
>>>>>> Updating and revoking consents through dashboard for super tenant and
>>>>>> non super tenant users.
>>>>>> Consent erasure while apps (for SaaS scenarios) are deleted and users
>>>>>> are deleted.
>>>>>>
>>>>>> No blocking issues found and +1 to proceed with release.
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 15, 2018 at 5:19 AM, Darshana Gunawardana <
>>>>>> darsh...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> We are pleased to announce the second release candidate of WSO2
>>>>>>> Identity Server 5.5.0.
>>>>>>>
>>>>>>> This release fixes the following issues,
>>>>>>>
>>>>>>>-
>>>>>>>- 5.5.0-RC2 fixes
>>>&g

[Dev] [VOTE] Release WSO2 Identity Server 5.5.0 RC2

[Darshana Gunawardana]

Hi all,

We are pleased to announce the second release candidate of WSO2 Identity
Server 5.5.0.

This release fixes the following issues,

   -
   - 5.5.0-RC2 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC2>
   - 5.5.0-RC1 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1>
   - 5.5.0-Beta fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta>
   - 5.5.0-Alpha3 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3>
   - 5.5.0-Alpha2 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2>
   - 5.5.0-Alpha fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha>
   - 5.5.0-M4 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4>
   - 5.5.0-M3 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3>
   - 5.5.0-M2 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2>
   - 5.5.0-M1 fixes
   
<https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1>


Source and distribution

Runtime - https://github.com/wso2/product-is/releases/v5.5.0-rc2
Analytics - https://github.com/wso2/analytics-is/releases/v5.5.0-rc2


Please download, test the product and vote.

[+] Stable - go ahead and release
[-] Broken - do not release (explain why)


Thanks,
- WSO2 Identity and Access Management Team -

-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1

[Darshana Gunawardana]

ntTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
>   
> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
>
>
> This is only when the user login is performed in the flow. If the
> authorization request is sent in a browser where user is already loggedin,
> the issue is not occurring and flow works fine.
>
>>
>>> ​
>>>
>>> On Wed, Mar 14, 2018 at 7:52 PM, Sagara Gunathunga <sag...@wso2.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Mar 14, 2018 at 7:46 PM, Jayanga Kaushalya <jayan...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Sagara,
>>>>>
>>>>> Yes I have suggested other teams also to follow the IS convention in
>>>>> [1]. APIM team told me offline that they already changed. Hope others will
>>>>> do the same.
>>>>>
>>>>
>>>> Great.
>>>>
>>>> Thanks !
>>>>
>>>>>
>>>>> [1] [GDPR] Anonymization Tool default configurations/references are
>>>>> differed over the Products
>>>>>
>>>>> Thanks!
>>>>>
>>>>> *Jayanga Kaushalya*
>>>>> Senior Software Engineer
>>>>> Mobile: +94777860160 <+94%2077%20786%200160>
>>>>> WSO2 Inc. | http://wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Mar 14, 2018 at 7:37 PM, Sagara Gunathunga <sag...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 14, 2018 at 7:27 PM, Sathya Bandara <sat...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> We are calling-off this vote as we have found an issue,
>>>>>>>
>>>>>>>- for user-mgt ui component in EI product
>>>>>>>- in Windows environment
>>>>>>>
>>>>>>> Since we want to align same component versions among EI & IS, we
>>>>>>> will fix this and update versions in IS as well. Additionally we will 
>>>>>>> fix
>>>>>>> the issue in README.txt along with this.
>>>>>>>
>>>>>> Ruwan/Jayanga, shall we also look into the suggestion made by Lanka
>>>>>> in the "GDPR compliance for WSO2 products" thread ?
>>>>>>
>>>>>> Thanks !
>>>>>>
>>>>>>> We will do a RC2 and call for a vote soon.
>>>>>>>
>>>>>>> [1] https://github.com/wso2/product-ei/issues/2004
>>>>>>>
>>>>>>> On Wed, Mar 14, 2018 at 6:29 PM, Nilasini Thirunavukkarasu <
>>>>>>> nilas...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have tested the following flows in mysql.
>>>>>>>>
>>>>>>>>- User management, role management (Primary + Secondary user
>>>>>>>>store)
>>>>>>>>- OIDC flow (password grant, authorization code)(Primary +
>>>>>>>>Secondary user store)
>>>>>>>>- consent management with SAML SSO for primary and secondary
>>>>>>>>users.
>>>>>>>>- SAML assertion encryption and response signing.
>>>>>>>>
>>>>>>>>
>>>>>>>> I have tested the following flow with h2
>>>>>>>>
>>>>>>>>- federated scenario with two IS
>>>>>>>>
>>>>>>>> +1 to go ahead and release
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Nila.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Mar 14, 2018 at 6:15 PM, Darshana Gunawardana <
>>>>>>>> darsh...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Dilini,
>>>>>>>>>
>>>>>>>>> We will fix this, if we noted any blocker for RC1 release.. If
>>&

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1

[Darshana Gunawardana]

Hi Dilini,

We will fix this, if we noted any blocker for RC1 release.. If not, let's
continue on the vote considering this is a known issue..

Thanks,

On Wed, Mar 14, 2018 at 6:05 PM, Dilini Gunatilake <dili...@wso2.com> wrote:

> Hi,
>
> The README .txt contains references to old documentation and few other
> issues which is reported in [1]. Better if we can fix those. WDUT?
>
> [1] https://github.com/wso2/product-is/issues/2945
>
> Regards,
> Dilini
>
>
>
> On Wed, Mar 14, 2018 at 5:23 PM, Farasath Ahamed <farasa...@wso2.com>
> wrote:
>
>>
>> Tested Below scenario on the IS 5.5.0-RC1 pack with MSSQL database
>>
>>- Create an OAuth app using Dynamic Client Registration endpoint
>>- Configured mandatory claims for the service provider
>>- Tested OIDC Implicit flow with user consent management enabled
>>- Verified that the user claims sent in the id_token are filtered
>>based on user consent.
>>
>> +1 to go ahead and release
>>
>>
>> On Wed, Mar 14, 2018 at 11:16 AM, Sathya Bandara <sat...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> We are pleased to announce the first release candidate of WSO2 Identity
>>> Server 5.5.0.
>>>
>>> This is the first release candidate (RC) of the WSO2 Identity Server
>>> 5.5.0 release.
>>>
>>>
>>> This release fixes the following issues
>>>
>>>- 5.5.0-RC1 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1>
>>>- 5.5.0-Beta fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta>
>>>- 5.5.0-Alpha3 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3>
>>>- 5.5.0-Alpha2 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2>
>>>- 5.5.0-Alpha fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha>
>>>- 5.5.0-M4 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4>
>>>- 5.5.0-M3 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3>
>>>- 5.5.0-M2 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2>
>>>- 5.5.0-M1 fixes
>>>
>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1>
>>>
>>>
>>> Source and distribution
>>>
>>> Runtime - https://github.com/wso2/product-is/releases/tag/v5.5.0-rc1
>>> Analytics - https://github.com/wso2/analyt
>>> ics-is/releases/tag/v5.5.0-rc1
>>>
>>>
>>> Please download, test the product and vote.
>>>
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>>
>>> Thanks,
>>> - WSO2 Identity and Access Management Team -
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>
>>
>>
>> --
>> Farasath Ahamed
>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 <https://twitter.com/farazath619>
>> <http://wso2.com/signature>
>>
>>
>>
>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94771162518 <+94%2077%20116%202518>
> dili...@wso2.com
>
>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Invalid id in a feature pom file.

[Darshana Gunawardana]

Hi Pulasthi,

Does this change effect to any of product poms?

If so we need to check, any other products (like apim) and inform them on
this change.

Thanks,

On Fri, Mar 9, 2018 at 7:51 PM, Geeth Munasinghe <ge...@wso2.com> wrote:

> Hi Pulasthi, Jayanga,
>
> Thanks for the help.
>
>
>
> On Fri, Mar 9, 2018 at 7:45 PM, Pulasthi Mahawithana <pulast...@wso2.com>
> wrote:
>
>> Hi Geeth,
>>
>> Merged. Thanks for the fix.
>>
>> On Fri, Mar 9, 2018 at 7:40 PM, Geeth Munasinghe <ge...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> I created the fix in the following pull requests.
>>>
>>> https://github.com/wso2-extensions/identity-oauth2-grant-jwt/pull/19
>>>
>>> Thanks
>>> Geeth
>>>
>>> On Fri, Mar 9, 2018 at 7:31 PM, Geeth Munasinghe <ge...@wso2.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> It seems the following feature has an issue in the pom file
>>>>
>>>>
>>>> https://github.com/wso2-extensions/identity-oauth2-grant-jwt/blob/v1.0.9/feature/pom.xml
>>>>
>>>> org.wso2.carbon.identity.oauth2.grant.jwt
>>>>
>>>> It should be org.wso2.carbon.extension.identity.oauth2.jwt .
>>>>
>>>> Due to this reason, we are not able to build the IoT server 3.3.0. Can
>>>> someone please look into this?
>>>>
>>>> --
>>>> *Geeth Munasinghe*
>>>> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
>>>> *lean.enterprise.middleware.*
>>>>
>>>> email: ge...@wso2.com
>>>> phone:(+94) 777911226 <+94%2077%20791%201226>
>>>>
>>>> <http://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>> *Geeth Munasinghe*
>>> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
>>> *lean.enterprise.middleware.*
>>>
>>> email: ge...@wso2.com
>>> phone:(+94) 777911226 <+94%2077%20791%201226>
>>>
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> *Pulasthi Mahawithana*
>> Associate Technical Lead
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>> Blog: https://medium.com/@pulasthi7/
>>
>> <https://wso2.com/signature>
>>
>
>
>
> --
> *Geeth Munasinghe*
> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
> *lean.enterprise.middleware.*
>
> email: ge...@wso2.com
> phone:(+94) 777911226
>
> <http://wso2.com/signature>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Nilasini Thirunavukkarasu

[Darshana Gunawardana]

Hi All,

It's my pleasure to announce Nilasini Thirunavukkarasu as a WSO2 Committer.

She has been valuable contributor to the WSO2 Identity Server product and
to the IAM team. In recognition of her contribution, dedication and
commitment she has been voted as a WSO2 committer.

Congratulations Nila and keep up the good work...!

Thanks,


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Sathya Bandara

[Darshana Gunawardana]

Hi All,

It's my pleasure to announce Sathya Bandara as a WSO2 Committer.

She has been valuable contributor to the WSO2 Identity Server product and
to the IAM team. In recognition of her contribution, dedication and
commitment she has been voted as a WSO2 committer.

Congratulations Sathya and keep up the good work...!

Thanks,
-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Fwd: Query Regarding the JIRA BUG- IDEBTITY-4250

[Darshana Gunawardana]

Hi Monika,

Seems like you haven't subscribed to the dev mailing list properly.. So the
mails you sent to dev getting on hold.. For the moment, i have fwd the mail
to the dev mailing list on your behalf..

@Sathya: Can you check on this please..

Thanks,


-- Forwarded message --
From: Monika Sharma <monika.sha...@india.nec.com>
Date: Tue, Feb 20, 2018 at 8:29 AM
Subject: RE: Query Regarding the JIRA BUG- IDEBTITY-4250
To: Darshana Gunawardana <darsh...@wso2.com>, WSO2 Developers' List <
dev@wso2.org>


Hello sir ,



Thank you so much for giving your valuable time. I have tried by adding
requested claims in the SP.

I have added the following request claims in the SP :



1.   http://wso2.org/claims/userid

2.   http://wso2.org/claims/created

3.   http://wso2.org/claims/country

4.   http://wso2.org/claims/displayName

5.   http://wso2.org/claims/emailaddres

6.   http://wso2.org/claims/givenName

7.   http://wso2.org/claims/groups



And subject claim URI is:

1.   http://wso2.org/claims/emailaddres



Now response is as below:



{

"sub”: admin",

"give_name" : "admin",

  "email" : "ad...@wso2.com"

}



Only few information is displayed. Please let me know is it expected result
?



Thanks & Regards

Monika Sharma





*From:* Darshana Gunawardana [mailto:darsh...@wso2.com]
*Sent:* Saturday, February 17, 2018 10:13 PM
*To:* Monika Sharma; WSO2 Developers' List
*Subject:* Re: Query Regarding the JIRA BUG- IDEBTITY-4250



Hi Monika,



Have you added requested claims in the SP claim configurations section? If
you haven't added any requested claims, returning only the subject from the
userinfo endpoint is expected..



Try adding requested claims in the SP.



Regards,



On Fri, Feb 16, 2018 at 3:29 PM, Monika Sharma <monika.sha...@india.nec.com>
wrote:

Hello sir,



I have a query regarding the https://wso2.org/jira/browse/IDENTITY-4250  bug
of wso2 identity server. It has been fixed in 5.3.0 Beta version of wso2
identity server. But I am facing the same issue in the 5.3.0 release
version of wso2 identity server and also verified in the 5.4.0 release
version, problem is remains in both version. Please check this issue. I
have followed the below steps to reproduce this issue:

Steps :

1.   Register a SP for playground app
Callback URL - http://localhost:8080/playground2/oauth2client
Allowed Grant Types = Code

2.   Visit the URL http://localhost:8080/playground2/oauth2.jsp
<http://localhost:8080/playground2/oauth2.jsp>and enter the below details
and submit
Authorization Grant Type : Authorization Code
Client ID : (the client id received at the application registration)
Scope : openid
Callback URL : http://localhost:8080/playground2/oauth2client
Authorize Endpoint : https://localhost:9443/oauth2/authorize

3.   Enter user name and password of the admin and click on login

4.   Enter callback url and other info

5.   Enter the user info endpoint and click on get user info
https://localhost:9443/oauth2/userinfo?schema=openid

I have follow this link to register app https://docs.wso2.com/display/
IS530/Basic+Client+Profile+with+Playground
<https://docs.wso2.com/display/IS530/Basic+Client+Profile+with+Playground> and
try to access the user information through the curl command using a valid
access token



Issue: Only 'subject' field is returned when userinfo is requested by curl
command using a valid access token



e.g  curl -k -H "Authorization: Bearer YOUR_ACCESS_TOKEN" https://
localhost:9443/oauth2/userinfo?schema=openid



The following response is displayed:

{"sub":"admin”}



But Expected response should be displayed as below

{

   "sub":"admin",

   "email":"ad...@wso2.com",

   "website":"https://wso2.com; <https://wso2.com/>,

   "name":"admin",

   "family_name":"admin",

   "preferred_username":"admin",

   "given_name":"admin",

   "profile":"https://wso2.com; <https://wso2.com/>,

   "country":"Sri Lanka"

}



Thanks & Regards

Monika Sharma









-- 

Regards,



*Darshana Gunawardana*

Technical Lead

WSO2 Inc.; http://wso2.com
* E-mail: **darsh...@wso2.com* <darsh...@wso2.com>
* Mobile: +94718566859 <+94%2071%20856%206859>*
Lean . Enterprise . Middleware



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 5.5.0] Shall we get rid of DB backward compatibility code related to PKCE Support

[Darshana Gunawardana]

Hi Rushmin,

Thanks for bringing this up.. and +1 for the proposal..

PKCE feature added in IS 5.2.0 and IS 5.1.0 to 5.2.0 migration intended to
be done without a schema migration.. That's why the code is written to
handle both cases..

But, we could have get rid of this, from 5.3.0 onwards, since migration to
520-530 mandate db migration hence we could mandate adding these columns as
well..

So, considering the current situation, we can handle adding this column
from the 540-550 migration and get rid from the obsolete code which makes
the OAuth DAOs bulky..

Regards,

On Sun, Feb 18, 2018 at 6:19 PM, Rushmin Fernando <rush...@wso2.com> wrote:

> Hi Ruwan,
>
> Sorry if I didn't explain it clearly.
>
> What I meant was ...
>
> The PKCE feature was shipped as an update to IS 5.3.0 initially and it
> had a schema change.
>
> So the code was added in a backward compatible way.
>
> But since 5.5.0 is a minor release we can get rid of the backward
> compatible code since the migration is any way there. (if time permits :-) )
>
> On Sun, Feb 18, 2018 at 6:06 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
>
>> Hi Rushmin,
>> Need clarification, do you mean the table not exist in DB case? DB
>> scripts can be created with migration script.
>>
>> Cheers,
>> Ruwan
>>
>>
>> On Sun, Feb 18, 2018 at 5:12 PM, Rushmin Fernando <rush...@wso2.com>
>> wrote:
>>
>>>
>>> AFAIK this code was introduced to protect backward compatibility while
>>> introducing PKCE support sometime back.
>>>
>>> We still see the following log.
>>>
>>> INFO {org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponent}
>>> -  PKCE Support enabled.
>>>
>>> Do we still need that code (not only the log but the backward
>>> compatibility code too)?
>>>
>>>
>>> --
>>> *Best Regards*
>>>
>>> *Rushmin Fernando*
>>> *Technical Lead*
>>>
>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>
>>> mobile : +94775615183
>>>
>>>
>>>
>>
>>
>> --
>>
>> *Ruwan Abeykoon*
>> *Associate Director/Architect**,*
>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>> *lean.enterprise.middleware.*
>>
>>
>
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>
> mobile : +94775615183
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Query Regarding the JIRA BUG- IDEBTITY-4250

[Darshana Gunawardana]

Hi Monika,

Have you added requested claims in the SP claim configurations section? If
you haven't added any requested claims, returning only the subject from the
userinfo endpoint is expected..

Try adding requested claims in the SP.

Regards,

On Fri, Feb 16, 2018 at 3:29 PM, Monika Sharma <monika.sha...@india.nec.com>
wrote:

> Hello sir,
>
>
>
> I have a query regarding the https://wso2.org/jira/browse/IDENTITY-4250  bug
> of wso2 identity server. It has been fixed in 5.3.0 Beta version of wso2
> identity server. But I am facing the same issue in the 5.3.0 release
> version of wso2 identity server and also verified in the 5.4.0 release
> version, problem is remains in both version. Please check this issue. I
> have followed the below steps to reproduce this issue:
>
> Steps :
>
> 1.   Register a SP for playground app
> Callback URL - http://localhost:8080/playground2/oauth2client
> Allowed Grant Types = Code
>
> 2.   Visit the URL http://localhost:8080/playground2/oauth2.jsp
> <http://localhost:8080/playground2/oauth2.jsp>and enter the below details
> and submit
> Authorization Grant Type : Authorization Code
> Client ID : (the client id received at the application registration)
> Scope : openid
> Callback URL : http://localhost:8080/playground2/oauth2client
> Authorize Endpoint : https://localhost:9443/oauth2/authorize
>
> 3.   Enter user name and password of the admin and click on login
>
> 4.   Enter callback url and other info
>
> 5.   Enter the user info endpoint and click on get user info
> https://localhost:9443/oauth2/userinfo?schema=openid
>
> I have follow this link to register app https://docs.wso2.com/display/
> IS530/Basic+Client+Profile+with+Playground
> <https://docs.wso2.com/display/IS530/Basic+Client+Profile+with+Playground> and
> try to access the user information through the curl command using a valid
> access token
>
>
>
> Issue: Only 'subject' field is returned when userinfo is requested by curl
> command using a valid access token
>
>
>
> e.g  curl -k -H "Authorization: Bearer YOUR_ACCESS_TOKEN" https://
> localhost:9443/oauth2/userinfo?schema=openid
>
>
>
> The following response is displayed:
>
> {"sub":"admin”}
>
>
>
> But Expected response should be displayed as below
>
> {
>
>"sub":"admin",
>
>"email":"ad...@wso2.com",
>
>"website":"https://wso2.com; <https://wso2.com/>,
>
>"name":"admin",
>
>"family_name":"admin",
>
>"preferred_username":"admin",
>
>"given_name":"admin",
>
>"profile":"https://wso2.com; <https://wso2.com/>,
>
>"country":"Sri Lanka"
>
> }
>
>
>
> Thanks & Regards
>
> Monika Sharma
>
>
>
>
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] OSGI bundle stopping mechanisms

[Darshana Gunawardana]

Hi Denuwanthi,

It's depend on the bundle type..

For an example, Oauth is a core bundle for a product like IS. So the
product should not start, if there are missing resources like required
database schemas.

Thanks,

On Tue, Feb 6, 2018 at 11:47 AM, Danesh Kuruppu <dan...@wso2.com> wrote:

> Hi Denuwanthi,
>
> We have a requirement where we need to interfere/stop the server start up,
>> if a certain condition is not fulfilled during the bundle startup.
>>
>> For that. is it ok to use following approach inside the bundle service
>> component if the particular condition is not met?
>> bundleContext.getBundle(0).stop();
>>
>
> Instead of shutting down osgi container completely, can we control this by
> not registering the service if certain condition is not satisfied. So
> inside bundle service component, we check the condition before registering
> the service. If the condition not satisfied, we return without registering
> the services.
>
> Thanks
> Danesh
>
>
>> Or is there any other proper  approach we can use?
>>
>> Thanks,
>>
>> --
>> Denuwanthi De Silva
>>
>>
>
>
> --
>
> *Danesh Kuruppu*
> Senior Software Engineer | WSO2
>
> Email: dan...@wso2.com
> Mobile: +94 (77) 1690552 <+94%2077%20169%200552>
> Web: WSO2 Inc <https://wso2.com/signature>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Consent Management APIs for IS 5.5.0

[Darshana Gunawardana]

On Thu, Feb 1, 2018 at 6:18 PM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> Hi Darshana,
>
> On Thu, Feb 1, 2018 at 5:42 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>>
>> On Thu, Feb 1, 2018 at 5:13 PM, Isura Karunaratne <is...@wso2.com> wrote:
>>
>>> Hi Darshana,
>>>
>>> On Thu, Feb 1, 2018 at 3:39 PM, Darshana Gunawardana <darsh...@wso2.com>
>>> wrote:
>>>
>>>> Hi Isura,
>>>>
>>>> How these concents are handled with state changes of related entities?
>>>>
>>>> For example,
>>>> > user delete
>>>> > sp delete
>>>>
>>>> This should be handled through a user operation event listener or event
>>> handler.
>>>
>>
>> Yes. So are we going to have relavent implementations with this feature?
>>
>
> As the API is not specific to a product these scenarios should be handled
> as a part of integrating the feature to the product.  We will handle these
> cases during the integration effort for product IS.
>

That makes sense.. +1 for the approach.

>
>
>>
>> Can there be any other cases similar to above?
>>
>
> Apart from the above scenarios, user store removal and tenant deactivation
> are 2 such cases. However, revoking consents for tenant deactivation is
> something we have to think a bit more as we can reactivate the tenants and
> once that it done, the consents will no longer be active.
>
>>
>> Thanks,
>>
>>> Isura.
>>>
>>>>
>>>> Thanks,
>>>>
>>>> On Wed, Jan 10, 2018 at 1:58 PM, Isura Karunaratne <is...@wso2.com>
>>>> wrote:
>>>>
>>>>> On Wed, Jan 10, 2018 at 12:44 PM, Godwin Shrimal <god...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Isuru,
>>>>>>
>>>>>> Please see below few suggestions.
>>>>>>
>>>>>> 1. API name of the Purpose Category (/pcategories) is not readable.
>>>>>> Why don't we use it as */**purpose-categories* ?
>>>>>> 2. What is /*category*/{purposeCategoryId}  API ? It shows API name
>>>>>> as /*category. *I think it should be renamed as below (According to
>>>>>> the suggestion in #1)
>>>>>>  /*purpose-categories*/{purposeCategoryId}
>>>>>>
>>>>>> 3. Change API /piicategories as /*pii-categories* since pii and
>>>>>> categories are two words.
>>>>>> 4. Change API /piicategory/{piiCategoryId} as /*pii-categories*
>>>>>> /{piiCategoryId}
>>>>>>
>>>>>
>>>>> +1. Modified the definition according to the suggestions. [1]
>>>>>
>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>
>>>>> Thanks
>>>>> Isura.
>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> Godwin
>>>>>>
>>>>>>
>>>>>> On Wed, Jan 10, 2018 at 1:54 PM, Isura Karunaratne <is...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Malithi / all,
>>>>>>>
>>>>>>> The updated API definition can be found in [1].
>>>>>>>
>>>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>>>
>>>>>>> Thanks
>>>>>>> Isura.
>>>>>>>
>>>>>>> On Tue, Jan 9, 2018 at 10:46 PM, Malithi Edirisinghe <
>>>>>>> malit...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> Noted below under revoke API definition
>>>>>>>> /consents/user/{piiPrincipalId}/
>>>>>>>>
>>>>>>>> piiprincipalID seems to be a field of the consent object. Shouldn't
>>>>>>>> this be a defined over a filter from piiPrincipalId attribute.
>>>>>>>>
>>>>>>>> Same applies to below I think.
>>>>>>>> /consents/service/{serviceId}/
>>>>>>>>
>>>>>>>> Moreover, add consents returns the consent receipt right. Or
>>>>>>>> receipt is an embedded resource of the consent ? Is there a specific 
>&g

Re: [Dev] Generalizing Post Authentictaion Handling in Authentictaion Framework.

[Darshana Gunawardana]

+1 Hasintha.. Have you done a poc on this?

Thanks,

On Thu, Feb 1, 2018 at 11:50 AM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

> At the present we have post authentication criteria which are evaluated
> upon authentication in an authentication flow. Examples are "Handling
> missing mandatory claims" and "Authorization handling". According to the
> current implementation these logics are bind towards our framework
> implementation so that if we need to add a new post authentication
> evaluation criteria, we do not have an alternative other than changing
> framework source.
>
> With emerging requirements we may need to add more post authentication
> criteria in the future. For an example, we may need to intercept post
> authentication and request for consent on requested claims. Likewise there
> may be other requirements to intercept post authentication flow.
>
> Foreseeing these requirements we are planing to generalize post
> authentication handling so that post authentication handling will no longer
> be a static part of framework. We should be able to add post authentication
> handlers as OSGI services. Upon this change, missing mandatory claim
> handler and authorization handler will be two OSGI post authentication
> handlers.
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] User store does not behave as expected when it is created through admin services with only mandatory parameters

[Darshana Gunawardana]

is case it is a must to add the optional parameters
>>>>>>>>>>>>>> in the request which is wrong. This hinders the usability aspect 
>>>>>>>>>>>>>> from the
>>>>>>>>>>>>>> user perspective. So, IMO we should document the full request as 
>>>>>>>>>>>>>> well as
>>>>>>>>>>>>>> handle it as per solution 2.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> As an API its not wrong not to send optional parameters, But
>>>>>>>>>>>>> yes. Its not working as expected if we not send them. Yes, we 
>>>>>>>>>>>>> need to fully
>>>>>>>>>>>>> document the request with optional parameters as suggested in 
>>>>>>>>>>>>> solution1 as
>>>>>>>>>>>>> an imidiate step. We may need implement the solution 2 in future. 
>>>>>>>>>>>>> Lets wait
>>>>>>>>>>>>> and see the feedback from IAM team.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2. Change backend to add default parameters (same as what
>>>>>>>>>>>>>>>>> we do in UI) if user is not sending additional parameters in 
>>>>>>>>>>>>>>>>> request
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> +1 for this solution. Here, the developer does not need to
>>>>>>>>>>>>>>>> worry about the 100 odd optional parameters at all. If he 
>>>>>>>>>>>>>>>> needs to change
>>>>>>>>>>>>>>>> few parameters, he can change only the required ones.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Wed, Dec 20, 2017 at 5:00 PM, Dilini Gunatilake <
>>>>>>>>>>>>>>>>> dili...@wso2.com> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi IAM Team,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I need to create a JDBC secondary user store via admin
>>>>>>>>>>>>>>>>>> services and I configured only the mandatory parameters and 
>>>>>>>>>>>>>>>>>> sent the
>>>>>>>>>>>>>>>>>> request. The request was successful and the user store was 
>>>>>>>>>>>>>>>>>> created.
>>>>>>>>>>>>>>>>>> However, when I tried to add a user to that user store, it 
>>>>>>>>>>>>>>>>>> says the
>>>>>>>>>>>>>>>>>> password length is invalid and did not let me create a user.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Request:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> xmlns:soap="http://www.w3.org/2003/05/soap-envelope; 
>>>>>>>>>>>>>>>>>> xmlns:xsd="http://org.apache.axis2/xsd; 
>>>>>>>>>>>>>>>>>> xmlns:xsd1="http://dto.configuration.store.user.identity.carbon.wso2.org/xsd;>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> created with admin 
>>>>>>>>>>>>>>>>>> services
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> false
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> PRIMARY-JDBC780-ATTRIBUTE-STORE
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>url
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> jdbc:mysql://localhost:3306/is520user
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>userName
>>>>>>>>>>>>>>>>>>wso2carbonxxx
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>password
>>>>>>>>>>>>>>>>>>wso2carbonxxx
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>driverName
>>>>>>>>>>>>>>>>>>com.mysql.jdbc.Driver
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>CountRetrieverClass
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> org.wso2.carbon.identity.user.store.count.jdbc.JDBCUserStoreCountRetriever
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>  
>>>>>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> This may be because I haven't configured the optional
>>>>>>>>>>>>>>>>>> parameters such as username/password regex etc. in the 
>>>>>>>>>>>>>>>>>> request. But, IMO
>>>>>>>>>>>>>>>>>> the request should work successfully with only mandatory 
>>>>>>>>>>>>>>>>>> parameters.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> If I do the same via management console, the additional
>>>>>>>>>>>>>>>>>> parameters will be populated in the UI and saved in the xml 
>>>>>>>>>>>>>>>>>> when we save
>>>>>>>>>>>>>>>>>> the configuration.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> If a developer needs to create a user store via admin
>>>>>>>>>>>>>>>>>> services, how can the developer achieve this? If the 
>>>>>>>>>>>>>>>>>> developer needs to
>>>>>>>>>>>>>>>>>> configure optional parameters, there are around 100 
>>>>>>>>>>>>>>>>>> parameters. What are
>>>>>>>>>>>>>>>>>> the must have additional parameters the user needs to 
>>>>>>>>>>>>>>>>>> configure or what is
>>>>>>>>>>>>>>>>>> the best way to handle this?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>> Dilini
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>>>>>>>>>>>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518>
>>>>>>>>>>>>>>>>>> dili...@wso2.com
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>>>>>>>>>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518>
>>>>>>>>>>>>>>>> dili...@wso2.com
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>>>>>>>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518>
>>>>>>>>>>>>>> dili...@wso2.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>
>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ___
>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>> Dev@wso2.org
>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> Tharindu Edirisinghe
>>>>>>>>>>>> Senior Software Engineer | WSO2 Inc
>>>>>>>>>>>> Platform Security Team
>>>>>>>>>>>> Blog : http://tharindue.blogspot.com
>>>>>>>>>>>> mobile : +94 775181586 <+94%2077%20518%201586>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>>>>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518>
>>>>>>>>>>> dili...@wso2.com
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ___
>>>>>>>>>>> Dev mailing list
>>>>>>>>>>> Dev@wso2.org
>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Sherene Mahanama
>>>>>>>>>> Technical Writer
>>>>>>>>>>
>>>>>>>>>> WSO2 (pvt.) Ltd.
>>>>>>>>>> Colombo, Sri Lanka
>>>>>>>>>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>>>>>>>>>> *994805*
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best Regards,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Chankami Maddumage*
>>>>>>>>> Software Engineer - QA Team
>>>>>>>>> WSO2 Inc; http://www.wso2.com/.
>>>>>>>>> Mobile: +94 (0) 73096 <%2B94%20%280%29%20773%20381%20250>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Sherene Mahanama
>>>>>>>> Technical Writer
>>>>>>>>
>>>>>>>> WSO2 (pvt.) Ltd.
>>>>>>>> Colombo, Sri Lanka
>>>>>>>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>>>>>>>> *994805*
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Sathya Bandara
>>>>>>> Software Engineer
>>>>>>> WSO2 Inc. http://wso2.com
>>>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>>>>>
>>>>>>> <+94%2071%20411%205032>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best Regards,
>>>>>>
>>>>>>
>>>>>> *Chankami Maddumage*
>>>>>> Software Engineer - QA Team
>>>>>> WSO2 Inc; http://www.wso2.com/.
>>>>>> Mobile: +94 (0) 73096 <%2B94%20%280%29%20773%20381%20250>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards,
>>>>>
>>>>>
>>>>> *Chankami Maddumage*
>>>>> Software Engineer - QA Team
>>>>> WSO2 Inc; http://www.wso2.com/.
>>>>> Mobile: +94 (0) 73096 <%2B94%20%280%29%20773%20381%20250>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sathya Bandara
>>>> Software Engineer
>>>> WSO2 Inc. http://wso2.com
>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>>
>>>> <+94%2071%20411%205032>
>>>>
>>>
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>>
>>> *Chankami Maddumage*
>>> Software Engineer - QA Team
>>> WSO2 Inc; http://www.wso2.com/.
>>> Mobile: +94 (0) 73096 <%2B94%20%280%29%20773%20381%20250>
>>>
>>>
>>
>>
>> --
>> Maneesha Wijesekara
>> Software Engineer - QA Team
>> WSO2 Inc.
>>
>> Email: manee...@wso2.com
>> Linkedin: http://linkedin.com/in/maneeshawijesekara
>> Mobile: +94712443119
>>
>
>
>
> --
> Sherene Mahanama
> Technical Writer
>
> WSO2 (pvt.) Ltd.
> Colombo, Sri Lanka
> Mobile: (+94) 777 <%28%2B94%29%20773131798>
> *994805*
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM]Implementing Eventing Mechanism in token/code insertion/deletion or revocation

[Darshana Gunawardana]

Hi Hasanthi,

On Tue, Jan 23, 2018 at 10:54 PM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi All,
>
> Requirement :
> We have a requirement to insert/update or delete a row from a db table
> once access token or authorization code is generated, revoked, code or
> token status changed or a refresh token is issued. Without directly
> invoking the db, we thought of implementing events to trigger when one of
> the above scenario happens.
>

Can you explain the need of a event mechanism for these use cases.. What
are the problems that we try to overcome using the new method?

Thanks,


> So the existing architecture is kind of service layer is responsible of
> issuing/revoking/deleting tokens or codes and this layer is directly
> invoking the DAO layer for db calls. So we have two places to implement
> events in the service layer or the DAO layer.
>
> Problem :
> If we are implementing the events in the service layer, then we have to
> trigger multiple events in multiple places as we are doing above operations
> in multiple places in the service layer. Also some of the service layer
> classes are extensible so we cannot guarantee that a third party extension
> developer will implement the events in the extended code.
>
> If we are implementing the events in the DAO layer, then the DAO layer
> isolation will be violated.
>
> Ideally there should be a middle layer in between the service layer and
> the DAO layer for such kind of situations. As we don't have such a middle
> layer, ATM we have implemented the events in the DAO layer.
>
> Highly appreciate any feedback on above.
>
> Thanks,
>
> --
>
> Hasanthi Dissanayake
>
> Senior Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com <http://wso2.com/>
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification regarding Requested Claims

[Darshana Gunawardana]

Hi Chankami,

You might trying with same user who already JIT provisioned.. In that case,
AFAIR association will not be created automatically. If you want to create
association for an already existing user in the IS, you have to follow
steps that Omindu mentioned.

Thanks,

On Tue, Jan 23, 2018 at 2:10 PM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> Hi Chankami,
>
> I tried a federate JIT scenario for a secondary userstore with FB,
> enabling 'Assert identity using mapped local subject identifier' as Isura
> mentioned and the missing claim was only prompted once as expected. When
> JIT provisioning IS automatically associates the provisioned user and the
> federated user hence it will not prompt for mandatory claims once the user
> submits it in the first time.
>
> Can you login to the provisioned user's dashboard and check the
> 'Associated Accounts' to see an association is created for that user. You
> will need to give login permission for the user in order to login to the
> dashboard.
>
> Regards,
> Omindu.
>
> On Tue, Jan 23, 2018 at 1:07 PM, Chankami Maddumage <chank...@wso2.com>
> wrote:
>
>> Thank you Ayehsha for the explanation.
>>
>> @Isura I enabled the above mentioned  property but the behavior is the
>> same. Is there any other property ?
>>
>> On Tue, Jan 23, 2018 at 12:32 PM, Isura Karunaratne <is...@wso2.com>
>> wrote:
>>
>>> Hi Chankami,
>>>
>>> Hope you are testing IS 5.4.0.
>>>
>>> Can you try the scenario while enabling "Assert identity using mapped
>>> local subject identifier" in SP "Local & Outbound Authentication
>>> Configuration" section?
>>>
>>> Thanks
>>> Isura.
>>>
>>> On Tue, Jan 23, 2018 at 12:13 PM, Ayesha Dissanayaka <aye...@wso2.com>
>>> wrote:
>>>
>>>> Hi Chankami,
>>>>
>>>> On Tue, Jan 23, 2018 at 11:33 AM, Chankami Maddumage <chank...@wso2.com
>>>> > wrote:
>>>>
>>>>> Hi IAM Team
>>>>>
>>>>> I have scenario to enforce users to provide missing required
>>>>> attributes while getting JIT provisioned to the local system.
>>>>>
>>>>> In order to achieve this I have set a *Mandatory Claim [1] *in SP and
>>>>> also all the users who logged in  will provisioning to secondary JDBC user
>>>>> store.
>>>>>
>>>>> *Clarification*
>>>>>
>>>>> Every time already logged in user login to system (Travelocity), it
>>>>> ask to enter the value for the mandatory Claim.
>>>>>
>>>>> So what is the expected behavior ?Or, user should enter value only in
>>>>> first login ?
>>>>>
>>>> This is the expected behavior of the server.
>>>> When SP has mandatory claims defined, corresponding SP application is
>>>> expecting values for the defined claims in the authentication response. If
>>>> the user hasn't provied those information to the IDP(Identity Server in
>>>> this case) initially, IDP requests those values from the user whenever
>>>> trying to authenticate to the particular SP.
>>>>
>>>> Thanks!
>>>> -Ayesha
>>>>
>>>>>
>>>>> [1]https://docs.wso2.com/display/IS540/Configuring+Claims+fo
>>>>> r+a+Service+Provider
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards,
>>>>>
>>>>>
>>>>> *Chankami Maddumage*
>>>>> Software Engineer - QA Team
>>>>> WSO2 Inc; http://www.wso2.com/.
>>>>> Mobile: +94 (0) 73096 <%2B94%20%280%29%20773%20381%20250>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Ayesha Dissanayaka*
>>>> Senior Software Engineer,
>>>> WSO2, Inc : http://wso2.com
>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
>>>> 20, Palm grove Avenue, Colombo
>>>> <https://maps.google.com/?q=20,+Palm+grove+Avenue,+Colombo=gmail=g>
>>>> 3
>>>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Isura Dilhara Karunaratne*
>>> Associate Technical Lead | WSO2
>>> Email: is...@wso2.com
>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>> Blog : http://isurad.blogspot.com/
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Best Regards,
>>
>>
>> *Chankami Maddumage*
>> Software Engineer - QA Team
>> WSO2 Inc; http://www.wso2.com/.
>> Mobile: +94 (0) 73096 <%2B94%20%280%29%20773%20381%20250>
>>
>>
>
>
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification regarding Requested Claims

[Darshana Gunawardana]

Is this JIT specific issue or this can be seen with simple SSO scenario
when SP request custom claims?

Thanks,

On Tue, Jan 23, 2018 at 4:58 PM, Chankami Maddumage <chank...@wso2.com>
wrote:

> Hi Omudu and Isura,
>
> Thanks you so much for looking into this issue.I have created a git ticket
> [1]
>
> [1]https://github.com/wso2/product-is/issues/2162
>
> On Tue, Jan 23, 2018 at 3:55 PM, Omindu Rathnaweera <omi...@wso2.com>
> wrote:
>
>> Isura and Myself tested the this in the QA setup. Seems to be this is
>> happening when custom claim mappings are added in the SP's claim configs.
>>
>> @Chankami, Looks like this is a bug. Can you create a git issue with the
>> steps to reproduce. I guess you can test the solution without having the
>> custom claim mappings for the moment.
>>
>> Regards,
>> Omindu.
>>
>> On Tue, Jan 23, 2018 at 2:13 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> Hi Chankami,
>>>
>>> You might trying with same user who already JIT provisioned.. In that
>>> case, AFAIR association will not be created automatically. If you want to
>>> create association for an already existing user in the IS, you have to
>>> follow steps that Omindu mentioned.
>>>
>>> Thanks,
>>>
>>> On Tue, Jan 23, 2018 at 2:10 PM, Omindu Rathnaweera <omi...@wso2.com>
>>> wrote:
>>>
>>>> Hi Chankami,
>>>>
>>>> I tried a federate JIT scenario for a secondary userstore with FB,
>>>> enabling 'Assert identity using mapped local subject identifier' as Isura
>>>> mentioned and the missing claim was only prompted once as expected. When
>>>> JIT provisioning IS automatically associates the provisioned user and the
>>>> federated user hence it will not prompt for mandatory claims once the user
>>>> submits it in the first time.
>>>>
>>>> Can you login to the provisioned user's dashboard and check the
>>>> 'Associated Accounts' to see an association is created for that user. You
>>>> will need to give login permission for the user in order to login to the
>>>> dashboard.
>>>>
>>>> Regards,
>>>> Omindu.
>>>>
>>>> On Tue, Jan 23, 2018 at 1:07 PM, Chankami Maddumage <chank...@wso2.com>
>>>> wrote:
>>>>
>>>>> Thank you Ayehsha for the explanation.
>>>>>
>>>>> @Isura I enabled the above mentioned  property but the behavior is the
>>>>> same. Is there any other property ?
>>>>>
>>>>> On Tue, Jan 23, 2018 at 12:32 PM, Isura Karunaratne <is...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Chankami,
>>>>>>
>>>>>> Hope you are testing IS 5.4.0.
>>>>>>
>>>>>> Can you try the scenario while enabling "Assert identity using
>>>>>> mapped local subject identifier" in SP "Local & Outbound
>>>>>> Authentication Configuration" section?
>>>>>>
>>>>>> Thanks
>>>>>> Isura.
>>>>>>
>>>>>> On Tue, Jan 23, 2018 at 12:13 PM, Ayesha Dissanayaka <aye...@wso2.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi Chankami,
>>>>>>>
>>>>>>> On Tue, Jan 23, 2018 at 11:33 AM, Chankami Maddumage <
>>>>>>> chank...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Hi IAM Team
>>>>>>>>
>>>>>>>> I have scenario to enforce users to provide missing required
>>>>>>>> attributes while getting JIT provisioned to the local system.
>>>>>>>>
>>>>>>>> In order to achieve this I have set a *Mandatory Claim [1] *in SP
>>>>>>>> and also all the users who logged in  will provisioning to secondary 
>>>>>>>> JDBC
>>>>>>>> user store.
>>>>>>>>
>>>>>>>> *Clarification*
>>>>>>>>
>>>>>>>> Every time already logged in user login to system (Travelocity), it
>>>>>>>> ask to enter the value for the mandatory Claim.
>>>>>>>>
>>>>>>>> So what is the expected behavior ?Or, user should enter value only
>>>>>>>> in first login ?
&

Re: [Dev] IDENTITY-6724 Tests and Documentation

[Darshana Gunawardana]

Thanks Isuranga.

@Ishara: Can we get this merge and included in the next weekly release?

Regards,

On Sat, Jan 6, 2018 at 12:22 PM, Isuranga Perera <isurangamper...@gmail.com>
wrote:

> Hi,
>
> Please find unit tests [2] and documentation [3] related to JIRA [1]
>
> [1] https://wso2.org/jira/browse/IDENTITY-6724
> [2] https://github.com/wso2/balana/pull/83
> [3] https://docs.google.com/document/d/1s2OFakY6vkcEjyOctY_
> DTYa5GqAPVr7cHyq2uk2vlM4/edit?usp=sharing
> <https://docs.google.com/document/d/1s2OFakY6vkcEjyOctY_DTYa5GqAPVr7cHyq2uk2vlM4/edit?usp=sharing>
>
>
> Best Regards
> Isuranga Perera
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SSLPeerUnverifiedException when creating a workflow definition using external workflow engine

[Darshana Gunawardana]

.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(
> CarbonContextCreatorValve.java:57)
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:445)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1115)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:637)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> doRun(NioEndpoint.java:1775)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> run(NioEndpoint.java:1734)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.axis2.AxisFault: SSL peer failed hostname validation
> for name: 192.168.48.116
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at org.apache.axis2.transport.http.HTTPSender.sendViaPost(
> HTTPSender.java:199)
> at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.
> writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(
> CommonsHTTPTransportSender.java:278)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
> at org.apache.axis2.description.OutInAxisOperationClient.send(
> OutInAxisOperation.java:430)
> at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(
> OutInAxisOperation.java:225)
> at org.apache.axis2.client.OperationClient.execute(
> OperationClient.java:149)
> at org.wso2.carbon.bpel.stub.upload.BPELUploaderStub.uploadService(
> BPELUploaderStub.java:196)
> at org.wso2.carbon.identity.workflow.impl.util.WorkflowDeployerClient.
> uploadBPEL(WorkflowDeployerClient.java:74)
> at org.wso2.carbon.identity.workflow.impl.BPELDeployer.
> deployArtifacts(BPELDeployer.java:153)
> at org.wso2.carbon.identity.workflow.impl.BPELDeployer.
> generateAndDeployArtifacts(BPELDeployer.java:133)
> ... 83 more
> Caused by: javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed
> hostname validation for name: 192.168.48.116
> at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.
> verifyHostname(TLSProtocolSocketFactory.java:233)
> at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(
> TLSProtocolSocketFactory.java:194)
> at org.apache.commons.httpclient.HttpConnection.open(
> HttpConnection.java:707)
> at org.apache.commons.httpclient.MultiThreadedHttpConnectionMan
> ager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionMan
> ager.java:1361)
> at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(
> HttpMethodDirector.java:387)
> at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
> HttpMethodDirector.java:171)
> at org.apache.commons.httpclient.HttpClient.executeMethod(
> HttpClient.java:397)
> at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(
> AbstractHTTPSender.java:673)
> at org.apache.axis2.transport.http.HTTPSender.sendViaPost(
> HTTPSender.java:195)
> ... 94 more
>
>
> Thanks,
> Sashika
>
> --
>
> *Sashika WijesingheSoftware Engineer - QA Team*
> Mobile : +94 (0) 774537487
> sash...@wso2.com
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Removing duplicate implementation from new release rather than depreciating it.

[Darshana Gunawardana]

Hi Harsha,

If the endpoint definition, or internal SPIs going to be changed, we have
to deprecate the existing implementation as the general rule.

But in this case, we still have the same functionality exposed with
different underlying implementation and this really don't have any SPIs
associated with. So i'm +1 to remove the older implementation that we had
in IS 5.3.0 and have only the new implementation with IS 5.4.0.

Thanks,

On Mon, Oct 23, 2017 at 4:48 PM, Harsha Thirimanna <hars...@wso2.com> wrote:

>
> On Mon, Oct 23, 2017 at 4:42 PM, Sagara Gunathunga <sag...@wso2.com>
> wrote:
>
>>
>>
>> On Mon, Oct 23, 2017 at 4:36 PM, Harsha Thirimanna <hars...@wso2.com>
>> wrote:
>>
>>> Hi Dev,
>>>
>>> Since we have new DCR/DCRM endpoint with new CXF implementation, shall
>>> we remove the old endpoint and impl from the new release rather than
>>> depreciating it and update the migration documentation based on that ?
>>>
>>> Because we are doing the unit testing improvement on top of all the
>>> component and we don't need to duplicate the effort like these duplicate
>>> implementation.
>>>
>>> WDYT ?
>>>
>>
>> In general there is no point to ship same endpoint/feature two times but
>> is there any impact  on removing old endpoint ?
>>
>
> ​Hi Sagara,​
>
> ​Yes, you are correct and it may be give some more issues if we don't fix
> some issues in both places in next release.​
>
> We must update the information in migration guide and there are no any
> other problems as I know the context.
>
>
> J
> ​ohan/Ishara/NuwanD can give more information around this.
> ​
>
>>
>> Thanks !
>>
>>>
>>> *Harsha Thirimanna*
>>> *Associate Tech Lead | WSO2*
>>>
>>> Email: hars...@wso2.com
>>> Mob: +94715186770 <+94%2071%20518%206770>
>>> Blog: http://harshathirimanna.blogspot.com/
>>> Twitter: http://twitter.com/harshathirimann
>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha
>>> rsha-thirimanna/10/ab8/122
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Sagara Gunathunga
>>
>> Director; WSO2, Inc.;  http://wso2.com
>> V.P Apache Web Services;http://ws.apache.org/
>> Linkedin; http://www.linkedin.com/in/ssagara
>> Blog ;  http://ssagara.blogspot.com
>> Mobile : +9471 <+94%2071%20565%209887>2149951
>>
>>
>


-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How do you enable Audience Restriction and Recipient Validation using the IdentitySAMLSSOConfigService ?

[Darshana Gunawardana]

Hi Chamara,

Those ticks are only for better UX.. Use needed audience and
recipient values in the relevant elements you mentioned above and the UI
will be populated with check boxes ticked..

Thanks,

On Wed, Oct 18, 2017 at 4:29 PM, Chamara Ariyarathne <chama...@wso2.com>
wrote:

> Hi all,
>
> I am using the addRPServiceProvider method of
> IdentitySAMLSSOConfigServiceservice to add a SAML2 Web SSO Configuration.
> While using that if I want to enable Audience Restriction and Recipient
> Validation.
>
> Which parameters in the request should I use and how?
>
> All I can see in the template request is the two tags as;
>
> ?
> ?
>
> --
> *Chamara Ariyarathne*
> WSO2 Inc; http://www.wso2.com/
> Mobile; *+94772786766 <+94%2077%20278%206766>*
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] What is the correct behavior when user store selected from Inbound Provisioning Configuration

[Darshana Gunawardana]

There is no hard rule to specify which one should be the correct approach
in this case. Since there is always room to override this setting using
specific SP's configuration, I think current approach is ok.

Thanks,

On Tue, Sep 19, 2017 at 12:30 AM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
>
> On Tue, Sep 19, 2017 at 12:13 AM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Since we returning the correct username in the response, its should be
>> ok. This is a configuration issue if the client is expecting otherway.
>>
> I think it is better if there is a way to inform client application about
> configuration issue. There is a possibility that SCIM consumers may not
> look into admin console configurations at all. Also there is a high
> possibility to client application to depend on only http response code.
>
>>
>> Thanks,
>>
>> On Tue, Sep 19, 2017 at 12:10 AM, Gayan Gunawardana <ga...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Mon, Sep 18, 2017 at 11:42 PM, Darshana Gunawardana <
>>> darsh...@wso2.com> wrote:
>>>
>>>> Ok, now you asked the real question :)
>>>>
>>>> Yes I agree with the expected results you mentioned for all three
>>>> cases. I have checked this behaviour on a latest pack[1][2] and it only
>>>> provision user to specified userstore in the SP configuration in the case 3
>>>> which is a reasonable behariour. (I'm using locally built 5.4.0-SNAPSHOT
>>>> version, which is slightly newer than 5.4.0-alpha2)
>>>>
>>>> What is the pack that you have tried?
>>>>
>>> I have used 5.4.0-alpha2 and your observation is correct i haven't get
>>> expected result due to some wrong configurations.
>>> We have to think about case 03 carefully because client application may
>>> understand as provisioning is successful but it may not be the intended
>>> user store.
>>>
>>>>
>>>> [1]
>>>> Sample Request:
>>>> POST /wso2/scim/Users HTTP/1.1
>>>> Host: localhost:9443
>>>> Content-Type: application/json
>>>> Authorization: Basic YWRtaW46YWRtaW4=
>>>> Cache-Control: no-cache
>>>> Postman-Token: a07e5cab-f4e9-52dd-d245-1b65552c5539
>>>>
>>>> {
>>>>   "schemas": [
>>>>
>>>>   ],
>>>>   "userName": "LDAP/darra...@wso2.com",
>>>>   "password": "darray"
>>>> }
>>>>
>>>> [2]
>>>> Sample Response:
>>>> {
>>>> "meta": {
>>>> "created": "2017-09-18T23:28:23",
>>>> "location": "https://localhost:9443/wso2/s
>>>> cim/Users/3d5b1153-79ef-4ea9-9b47-31c92a2bd3dd",
>>>> "lastModified": "2017-09-18T23:28:23"
>>>> },
>>>> "schemas": [
>>>> "urn:scim:schemas:core:1.0"
>>>> ],
>>>> "id": "3d5b1153-79ef-4ea9-9b47-31c92a2bd3dd",
>>>> "userName": "H2/darra...@wso2.com"
>>>> }
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> On Mon, Sep 18, 2017 at 11:00 PM, Gayan Gunawardana <ga...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Mon, Sep 18, 2017 at 10:27 PM, Darshana Gunawardana <
>>>>> darsh...@wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 18, 2017 at 7:58 PM, Gayan Gunawardana <ga...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> ​
>>>>>>> When user store selected from Inbound Provisioning Configuration
>>>>>>> should we allow to provision other user stores as well ?
>>>>>>>
>>>>>>
>>>>>> No.
>>>>>>
>>>>>>
>>>>>>> For an example if we selected "TEST" as user store from Inbound
>>>>>>> Provisioning Configuration, can we provision to PRIMARY user store as 
>>>>>>> well ?
>>>>>>>
>>>>>>
>>>>>> No.
>>>>>>
>>>>> Thanks Darshana but currently it works other way.
>>>>>
>>>>

Re: [Dev] What is the correct behavior when user store selected from Inbound Provisioning Configuration

[Darshana Gunawardana]

Since we returning the correct username in the response, its should be ok.
This is a configuration issue if the client is expecting otherway.

Thanks,

On Tue, Sep 19, 2017 at 12:10 AM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
>
> On Mon, Sep 18, 2017 at 11:42 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Ok, now you asked the real question :)
>>
>> Yes I agree with the expected results you mentioned for all three cases.
>> I have checked this behaviour on a latest pack[1][2] and it only provision
>> user to specified userstore in the SP configuration in the case 3 which is
>> a reasonable behariour. (I'm using locally built 5.4.0-SNAPSHOT version,
>> which is slightly newer than 5.4.0-alpha2)
>>
>> What is the pack that you have tried?
>>
> I have used 5.4.0-alpha2 and your observation is correct i haven't get
> expected result due to some wrong configurations.
> We have to think about case 03 carefully because client application may
> understand as provisioning is successful but it may not be the intended
> user store.
>
>>
>> [1]
>> Sample Request:
>> POST /wso2/scim/Users HTTP/1.1
>> Host: localhost:9443
>> Content-Type: application/json
>> Authorization: Basic YWRtaW46YWRtaW4=
>> Cache-Control: no-cache
>> Postman-Token: a07e5cab-f4e9-52dd-d245-1b65552c5539
>>
>> {
>>   "schemas": [
>>
>>   ],
>>   "userName": "LDAP/darra...@wso2.com",
>>   "password": "darray"
>> }
>>
>> [2]
>> Sample Response:
>> {
>> "meta": {
>> "created": "2017-09-18T23:28:23",
>> "location": "https://localhost:9443/wso2/s
>> cim/Users/3d5b1153-79ef-4ea9-9b47-31c92a2bd3dd",
>> "lastModified": "2017-09-18T23:28:23"
>> },
>> "schemas": [
>> "urn:scim:schemas:core:1.0"
>> ],
>> "id": "3d5b1153-79ef-4ea9-9b47-31c92a2bd3dd",
>> "userName": "H2/darra...@wso2.com"
>> }
>>
>> Thanks,
>>
>>
>> On Mon, Sep 18, 2017 at 11:00 PM, Gayan Gunawardana <ga...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Mon, Sep 18, 2017 at 10:27 PM, Darshana Gunawardana <
>>> darsh...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Mon, Sep 18, 2017 at 7:58 PM, Gayan Gunawardana <ga...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>> ​
>>>>> When user store selected from Inbound Provisioning Configuration
>>>>> should we allow to provision other user stores as well ?
>>>>>
>>>>
>>>> No.
>>>>
>>>>
>>>>> For an example if we selected "TEST" as user store from Inbound
>>>>> Provisioning Configuration, can we provision to PRIMARY user store as 
>>>>> well ?
>>>>>
>>>>
>>>> No.
>>>>
>>> Thanks Darshana but currently it works other way.
>>>
>>>>
>>>> Given that you are already an expert on the provisioning area, I
>>>> suppose you already knew the answers for above questions but you have a
>>>> followup question in mind. May I know what that is? :)
>>>>
>>> I do not have specific follow up question :) just wanted to avoid
>>> confusion of sending user store domain in request and selecting user store
>>> domain from service provider.
>>> case 01: Do not select user store domain from service provider and
>>> sending user store domain in the request.
>>> expectation: User store domain can be extracted from request and
>>> provision to respective user store.
>>>
>>> case 02: Select user store domain from service provider and send request
>>> without user store domain.
>>> expectation: User store domain can be taken from service provider
>>> configurations.
>>>
>>> case 03: Select user store domain from service provider and send
>>> different user store domain in the request.
>>> expectation: In this case we can either throw an exception or we can
>>> provision users to user store configured in service provider.
>>>
>>> I guess you are agree with case 01, case 02 but what about case 03 ?
>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>>>
>&

Re: [Dev] What is the correct behavior when user store selected from Inbound Provisioning Configuration

[Darshana Gunawardana]

Ok, now you asked the real question :)

Yes I agree with the expected results you mentioned for all three cases. I
have checked this behaviour on a latest pack[1][2] and it only provision
user to specified userstore in the SP configuration in the case 3 which is
a reasonable behariour. (I'm using locally built 5.4.0-SNAPSHOT version,
which is slightly newer than 5.4.0-alpha2)

What is the pack that you have tried?

[1]
Sample Request:
POST /wso2/scim/Users HTTP/1.1
Host: localhost:9443
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4=
Cache-Control: no-cache
Postman-Token: a07e5cab-f4e9-52dd-d245-1b65552c5539

{
  "schemas": [

  ],
  "userName": "LDAP/darra...@wso2.com",
  "password": "darray"
}

[2]
Sample Response:
{
"meta": {
"created": "2017-09-18T23:28:23",
"location": "
https://localhost:9443/wso2/scim/Users/3d5b1153-79ef-4ea9-9b47-31c92a2bd3dd
",
"lastModified": "2017-09-18T23:28:23"
},
"schemas": [
"urn:scim:schemas:core:1.0"
],
"id": "3d5b1153-79ef-4ea9-9b47-31c92a2bd3dd",
"userName": "H2/darra...@wso2.com"
}

Thanks,


On Mon, Sep 18, 2017 at 11:00 PM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
>
> On Mon, Sep 18, 2017 at 10:27 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>>
>>
>> On Mon, Sep 18, 2017 at 7:58 PM, Gayan Gunawardana <ga...@wso2.com>
>> wrote:
>>
>>>
>>> ​
>>> When user store selected from Inbound Provisioning Configuration should
>>> we allow to provision other user stores as well ?
>>>
>>
>> No.
>>
>>
>>> For an example if we selected "TEST" as user store from Inbound
>>> Provisioning Configuration, can we provision to PRIMARY user store as well ?
>>>
>>
>> No.
>>
> Thanks Darshana but currently it works other way.
>
>>
>> Given that you are already an expert on the provisioning area, I suppose
>> you already knew the answers for above questions but you have a followup
>> question in mind. May I know what that is? :)
>>
> I do not have specific follow up question :) just wanted to avoid
> confusion of sending user store domain in request and selecting user store
> domain from service provider.
> case 01: Do not select user store domain from service provider and sending
> user store domain in the request.
> expectation: User store domain can be extracted from request and provision
> to respective user store.
>
> case 02: Select user store domain from service provider and send request
> without user store domain.
> expectation: User store domain can be taken from service provider
> configurations.
>
> case 03: Select user store domain from service provider and send different
> user store domain in the request.
> expectation: In this case we can either throw an exception or we can
> provision users to user store configured in service provider.
>
> I guess you are agree with case 01, case 02 but what about case 03 ?
>
>>
>> Thanks,
>>
>>
>>>
>>> Thanks,
>>> Gayan
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] What is the correct behavior when user store selected from Inbound Provisioning Configuration

[Darshana Gunawardana]

On Mon, Sep 18, 2017 at 7:58 PM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
> ​
> When user store selected from Inbound Provisioning Configuration should we
> allow to provision other user stores as well ?
>

No.


> For an example if we selected "TEST" as user store from Inbound
> Provisioning Configuration, can we provision to PRIMARY user store as well ?
>

No.

Given that you are already an expert on the provisioning area, I suppose
you already knew the answers for above questions but you have a followup
question in mind. May I know what that is? :)

Thanks,


>
> Thanks,
> Gayan
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SCIM 2.0 as default in IS 5.4.0

[Darshana Gunawardana]

Hi Prabath,

We do have two endpoints for SCIM 1.1 & SCIM 2. But there are some
listeners we need to enable in order to populated relevant metadata such as
ID, Created\Modified dates against the correct URI specified by the each
specification.

Given that, different clients may use different protocol of they already
support, we should have ability to have both protocols working
simultaneously.

Created: https://wso2.org/jira/browse/IDENTITY-6458 to track this.

Thanks,

On Mon, Sep 18, 2017 at 8:11 AM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi Gayan,
>
> Due to the limitation we have in the user core level, we don't support
> complex filtering, pagination, sorting. Refer [1] & [2].
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> provisioning-scim2/blob/v1.0.5/components/org.wso2.carbon.
> identity.scim2.common/src/main/java/org/wso2/carbon/
> identity/scim2/common/impl/SCIMUserManager.java#L834
> [2] https://github.com/wso2-extensions/identity-inbound-
> provisioning-scim2/blob/v1.0.5/components/org.wso2.carbon.
> identity.scim2.common/src/main/java/org/wso2/carbon/
> identity/scim2/common/impl/SCIMUserManager.java#L793
>
> Thanks,
>
> On Mon, Sep 18, 2017 at 7:50 AM, Gayan Gunawardana <ga...@wso2.com> wrote:
>
>>
>>
>> On Mon, Sep 11, 2017 at 9:14 PM, Vindula Jayawardana <
>> vindula...@cse.mrt.ac.lk> wrote:
>>
>>> Hi,
>>>
>>> +1 for this as the global adoption of SCIM 2.0 is right on the track as
>>> Ishara has mentioned.
>>>
>> @Vindula
>> Do we support pagination, complex filters and bulk operation to resolve
>> cyclic dependencies. As I know you have implemented these features but
>> there are some limitations because of C4 user core component. I am not sure
>> about the meaning of word "default" but if we are promoting SCIM 2.0,  have
>> to inform what is the real value getting out of it.
>>
>>>
>>> Thanks
>>>
>>> *Vindula Jayawardana*
>>> Computer Science and Engineering Dept.
>>> University of Moratuwa
>>> mobile : +713462554
>>> Email : vindula...@cse.mrt.ac.lk
>>>
>>> <https://www.facebook.com/vindula.jayawardana>
>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b>
>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts>
>>> <https://twitter.com/vindulajay>
>>>
>>> *“Respect is how to treat everyone, not just those you want to impress.
>>> "*
>>>
>>>
>>> *-Richard Branson-*
>>>
>>>
>>>
>>> On 11 September 2017 at 19:10, Darshana Gunawardana <darsh...@wso2.com>
>>> wrote:
>>>
>>>> One aspect is that we don't have a SCIM 2.0 outbound provisioning
>>>> connector available. So IS to IS provisioning will not be smooth until we
>>>> get the outbound provisioning connector ready.
>>>>
>>>> On Mon, Sep 11, 2017 at 5:34 PM, Pulasthi Mahawithana <
>>>> pulast...@wso2.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Shall we make $subject instead of SCIM 1.1? Any known issues on having
>>>>> it as default? Users who are migrating from older versions will still have
>>>>> SCIM 1.1 configs and won't be affected as they would keep the old configs.
>>>>>
>>>>>
>>>>> --
>>>>> *Pulasthi Mahawithana*
>>>>> Senior Software Engineer
>>>>> WSO2 Inc., http://wso2.com/
>>>>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>>>>> Blog: https://medium.com/@pulasthi7/
>>>>>
>>>>> <https://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>>
>>>> *Darshana Gunawardana*Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>>
>>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>> Middleware
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Gayan Gunawardana
>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>> Email: ga...@wso2.com
>> Mobile: +94 (71) 8020933
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SCIM 2.0 as default in IS 5.4.0

[Darshana Gunawardana]

Hi Gayan,

Due to the limitation we have in the user core level, we don't support
complex filtering, pagination, sorting. Refer [1] & [2].

[1]
https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/blob/v1.0.5/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java#L834
[2]
https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/blob/v1.0.5/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java#L793

Thanks,

On Mon, Sep 18, 2017 at 7:50 AM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
>
> On Mon, Sep 11, 2017 at 9:14 PM, Vindula Jayawardana <
> vindula...@cse.mrt.ac.lk> wrote:
>
>> Hi,
>>
>> +1 for this as the global adoption of SCIM 2.0 is right on the track as
>> Ishara has mentioned.
>>
> @Vindula
> Do we support pagination, complex filters and bulk operation to resolve
> cyclic dependencies. As I know you have implemented these features but
> there are some limitations because of C4 user core component. I am not sure
> about the meaning of word "default" but if we are promoting SCIM 2.0,  have
> to inform what is the real value getting out of it.
>
>>
>> Thanks
>>
>> *Vindula Jayawardana*
>> Computer Science and Engineering Dept.
>> University of Moratuwa
>> mobile : +713462554
>> Email : vindula...@cse.mrt.ac.lk
>>
>> <https://www.facebook.com/vindula.jayawardana>
>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b>
>> <https://plus.google.com/u/0/+VindulaJayawardana/posts>
>> <https://twitter.com/vindulajay>
>>
>> *“Respect is how to treat everyone, not just those you want to impress. "*
>>
>>
>> *-Richard Branson-*
>>
>>
>>
>> On 11 September 2017 at 19:10, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> One aspect is that we don't have a SCIM 2.0 outbound provisioning
>>> connector available. So IS to IS provisioning will not be smooth until we
>>> get the outbound provisioning connector ready.
>>>
>>> On Mon, Sep 11, 2017 at 5:34 PM, Pulasthi Mahawithana <
>>> pulast...@wso2.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> Shall we make $subject instead of SCIM 1.1? Any known issues on having
>>>> it as default? Users who are migrating from older versions will still have
>>>> SCIM 1.1 configs and won't be affected as they would keep the old configs.
>>>>
>>>>
>>>> --
>>>> *Pulasthi Mahawithana*
>>>> Senior Software Engineer
>>>> WSO2 Inc., http://wso2.com/
>>>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>>>> Blog: https://medium.com/@pulasthi7/
>>>>
>>>> <https://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>> Middleware
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Datasource support in secondary user stores

[Darshana Gunawardana]

[looping dev]

On Tue, Sep 12, 2017 at 10:51 PM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi Harsha,
>
> Using datasources for secondary userstores not works in the tenant.
>
> * In order to load the realm its need datasources be loaded
> * In order to load datasources its need realm be loaded
>
> So we have to go forward with reading needed db tuning parameters as
> properties of the userstore config.
>
> Thanks,
>
> On Tue, Sep 12, 2017 at 10:38 PM, Harsha Thirimanna <hars...@wso2.com>
> wrote:
>
>> Hi All,
>>
>> Currently we are not supporting $subject and don't we need to address
>> this because we can't tune up the database config within secondary user
>> store config now.
>> At least we have to improve that part in secondary user stores now. But
>> it is not the right solution.
>>
>> WDYT ?
>>
>> https://wso2.org/jira/browse/IDENTITY-6419
>>
>>
>> *Harsha Thirimanna*
>> *Associate Tech Lead | WSO2*
>>
>> Email: hars...@wso2.com
>> Mob: +94715186770 <+94%2071%20518%206770>
>> Blog: http://harshathirimanna.blogspot.com/
>> Twitter: http://twitter.com/harshathirimann
>> Linked-In: linked-in: http://www.linkedin.com/pub/ha
>> rsha-thirimanna/10/ab8/122
>> <http://wso2.com/signature>
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSoC] SCIM 2.0 Compliance Test Suite

[Darshana Gunawardana]

Hi Johann,

Regarding integrating the test shite to our integration test framework,
Nila worked on a PoC[1] and was able to get the reflect result from the
test suit to our integration tests. At the end of this effort, our test
coverage will increase by 25 tests since it current it 25 tests in the SCIM
2.0 test suite.

Moreover Pulasthi is checking on running the test suite against multiple
configuration settings of the Identity Server. ie. Different combinations
of Super-Tenant\Tenant, Primary\Secondary userstores, Email\Non-Email
usernames etc. In fact, this effort would give us limitations we have with
the SCIM 2.0 test suite, and if we have general requirements we can
incorporate to the test suite itself.

Idea is to utilize the SCIM 2.0 test suite for the in house automation as
much as possible while making the test suite stronger.

[1] https://github.com/wso2/product-is/pull/1366

Thanks,


On Tue, Sep 12, 2017 at 12:12 AM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi Vindula,
>
> Awesome contribution indeed..!!
>
> The final demo you done was impressive and covered all the things we
> needed to be done with compliancy test suite.
>
> During the session, it has been able to deploy the current version to wso2
> integration cloud [1], so anyone can just use current test suite without
> worrying about building & deploying.
>
> Thanks Vindula for the all the hard work and lets keep on improving this
> project to make all SCIM 2.0 integrations seamless :)
>
> [1] https://compliance-scim2.wso2apps.com/scimproxycompliance/
>
> Thanks,
>
> On Sat, Sep 2, 2017 at 3:58 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> Hi Vindula,
>>
>> Great contribution!! :) Since we are going to promote use of SCIM 2.0
>> from IS 5.4.0 onwards this compliance test suite will life much easier with
>> fixes and improvements we are going to add to SCIM 2.0 implementation.
>>
>> *@Darshana/Omindu*:
>> How do we plan to integrate this with our test framework? Or any other
>> ways of integrating this to our jenkins build so that SCIM 2.0 tests are
>> aways run before a release?
>>
>> Regards,
>> Johann.
>>
>> On Mon, Aug 28, 2017 at 1:49 PM, Vindula Jayawardana <
>> vindula...@cse.mrt.ac.lk> wrote:
>>
>>> Hi All,
>>>
>>> I submitted the completed project and thanks a lot for reviewing and
>>> merging the PR [1]. Please find below the final related links for the SCIM
>>> 2.0 Compliance Test Suite.
>>>
>>>- Github repo: scim2-compliance-test-suite [2]
>>>- Blog on the project: SCIM 2.0 Compliance Test Suite — GSoC 2017
>>>with WSO2 [3]
>>>- Screencast of the test suite: SCIM 2.0 Compliance Test Suite Demo
>>>[4]
>>>- Project readme [5]
>>>
>>> [1]: https://github.com/wso2-incubator/scim2-compliance-test
>>> -suite/pull/1
>>> [2]: https://github.com/wso2-incubator/scim2-compliance-test-suite
>>> [3]: https://medium.com/@vindulajayawardana/scim-2-0-compliance-t
>>> est-suite-737fd4ace3cc
>>> [4]: https://www.youtube.com/watch?v=XJ53x_8oAWg=youtu.be
>>> [5]: https://github.com/wso2-incubator/scim2-compliance-test
>>> -suite/blob/master/README.md
>>>
>>> Please let me know if there is anything that needs to be done by my end.
>>>
>>> Thank you,
>>> *Vindula Jayawardana*
>>> Computer Science and Engineering Dept.
>>> University of Moratuwa
>>> mobile : +713462554
>>> Email : vindula...@cse.mrt.ac.lk
>>>
>>> <https://www.facebook.com/vindula.jayawardana>
>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b>
>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts>
>>> <https://twitter.com/vindulajay>
>>>
>>> *“Respect is how to treat everyone, not just those you want to impress.
>>> "*
>>>
>>>
>>> *-Richard Branson-*
>>>
>>>
>>>
>>> _______
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSoC] SCIM 2.0 Compliance Test Suite

[Darshana Gunawardana]

Hi Vindula,

Awesome contribution indeed..!!

The final demo you done was impressive and covered all the things we needed
to be done with compliancy test suite.

During the session, it has been able to deploy the current version to wso2
integration cloud [1], so anyone can just use current test suite without
worrying about building & deploying.

Thanks Vindula for the all the hard work and lets keep on improving this
project to make all SCIM 2.0 integrations seamless :)

[1] https://compliance-scim2.wso2apps.com/scimproxycompliance/

Thanks,

On Sat, Sep 2, 2017 at 3:58 PM, Johann Nallathamby <joh...@wso2.com> wrote:

> Hi Vindula,
>
> Great contribution!! :) Since we are going to promote use of SCIM 2.0 from
> IS 5.4.0 onwards this compliance test suite will life much easier with
> fixes and improvements we are going to add to SCIM 2.0 implementation.
>
> *@Darshana/Omindu*:
> How do we plan to integrate this with our test framework? Or any other
> ways of integrating this to our jenkins build so that SCIM 2.0 tests are
> aways run before a release?
>
> Regards,
> Johann.
>
> On Mon, Aug 28, 2017 at 1:49 PM, Vindula Jayawardana <
> vindula...@cse.mrt.ac.lk> wrote:
>
>> Hi All,
>>
>> I submitted the completed project and thanks a lot for reviewing and
>> merging the PR [1]. Please find below the final related links for the SCIM
>> 2.0 Compliance Test Suite.
>>
>>- Github repo: scim2-compliance-test-suite [2]
>>- Blog on the project: SCIM 2.0 Compliance Test Suite — GSoC 2017
>>with WSO2 [3]
>>- Screencast of the test suite: SCIM 2.0 Compliance Test Suite Demo
>>[4]
>>- Project readme [5]
>>
>> [1]: https://github.com/wso2-incubator/scim2-compliance-test-suite/pull/1
>> [2]: https://github.com/wso2-incubator/scim2-compliance-test-suite
>> [3]: https://medium.com/@vindulajayawardana/scim-2-0-compliance-t
>> est-suite-737fd4ace3cc
>> [4]: https://www.youtube.com/watch?v=XJ53x_8oAWg=youtu.be
>> [5]: https://github.com/wso2-incubator/scim2-compliance-test
>> -suite/blob/master/README.md
>>
>> Please let me know if there is anything that needs to be done by my end.
>>
>> Thank you,
>> *Vindula Jayawardana*
>> Computer Science and Engineering Dept.
>> University of Moratuwa
>> mobile : +713462554
>> Email : vindula...@cse.mrt.ac.lk
>>
>> <https://www.facebook.com/vindula.jayawardana>
>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b>
>> <https://plus.google.com/u/0/+VindulaJayawardana/posts>
>> <https://twitter.com/vindulajay>
>>
>> *“Respect is how to treat everyone, not just those you want to impress. "*
>>
>>
>> *-Richard Branson-*
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SCIM 2.0 as default in IS 5.4.0

[Darshana Gunawardana]

One aspect is that we don't have a SCIM 2.0 outbound provisioning connector
available. So IS to IS provisioning will not be smooth until we get the
outbound provisioning connector ready.

On Mon, Sep 11, 2017 at 5:34 PM, Pulasthi Mahawithana <pulast...@wso2.com>
wrote:

> Hi,
>
> Shall we make $subject instead of SCIM 1.1? Any known issues on having it
> as default? Users who are migrating from older versions will still have
> SCIM 1.1 configs and won't be affected as they would keep the old configs.
>
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: https://medium.com/@pulasthi7/
>
> <https://wso2.com/signature>
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?

[Darshana Gunawardana]

t;>>>>>> could be
>>>>>>>>>> the case sometimes.
>>>>>>>>>>
>>>>>>>>>> On Thu, Aug 31, 2017 at 10:22 AM, Thilina Madumal <
>>>>>>>>>> thilina...@wso2.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Devs,
>>>>>>>>>>>
>>>>>>>>>>> Currently, in IS Management Console, the context sensitive help
>>>>>>>>>>> pages are outdated. See [1].
>>>>>>>>>>> Even though the content is up to date, the content is not
>>>>>>>>>>> informative enough IMO.
>>>>>>>>>>>
>>>>>>>>>>> If we are to update the help-pages, we need to make them up to
>>>>>>>>>>> date and informative enough.
>>>>>>>>>>> The concern is if we are to do so;
>>>>>>>>>>>
>>>>>>>>>>>1. The effort is significantly high
>>>>>>>>>>>2. Also, it is kind of writing another set of documentation
>>>>>>>>>>>
>>>>>>>>>>> We already have a nice set of documentation for the Product IS.
>>>>>>>>>>> Therefore shall we link the already available IS documentation
>>>>>>>>>>> to Help Pages of IS Management Console? WDYT?
>>>>>>>>>>>
>>>>>>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-446
>>>>>>>>>>>
>>>>>>>>>>> Thanks & Regards,
>>>>>>>>>>> Thilina.
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Thilina Madumal*
>>>>>>>>>>> *Software Engineer | **WSO2*
>>>>>>>>>>> Email: thilina...@wso2.com
>>>>>>>>>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>>>>>>>>>> Web:  <http://goog_716986954>http://wso2.com
>>>>>>>>>>>
>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Thanks & Regards,
>>>>>>>>>>
>>>>>>>>>> *Johann Dilantha Nallathamby*
>>>>>>>>>> Senior Lead Solutions Engineer
>>>>>>>>>> WSO2, Inc.
>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>
>>>>>>>>>> Mobile - *+9476950*
>>>>>>>>>> Blog - *http://nallaa.wordpress.com
>>>>>>>>>> <http://nallaa.wordpress.com>*
>>>>>>>>>>
>>>>>>>>>> ___
>>>>>>>>>> Dev mailing list
>>>>>>>>>> Dev@wso2.org
>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Omindu Rathnaweera
>>>>>>>>> Senior Software Engineer, WSO2 Inc.
>>>>>>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>>>>>>>
>>>>>>>>> ___
>>>>>>>>> Dev mailing list
>>>>>>>>> Dev@wso2.org
>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Sherene Mahanama
>>>>>>>> Technical Writer
>>>>>>>>
>>>>>>>> WSO2 (pvt.) Ltd.
>>>>>>>> Colombo, Sri Lanka
>>>>>>>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>>>>>>>> *994805*
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Sherene Mahanama
>>>>>>> Technical Writer
>>>>>>>
>>>>>>> WSO2 (pvt.) Ltd.
>>>>>>> Colombo, Sri Lanka
>>>>>>> Mobile: (+94) 777 <%28%2B94%29%20773131798>
>>>>>>> *994805*
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks & Regards,
>>>>>
>>>>> *Johann Dilantha Nallathamby*
>>>>> Senior Lead Solutions Engineer
>>>>> WSO2, Inc.
>>>>> lean.enterprise.middleware
>>>>>
>>>>> Mobile - *+9476950*
>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "WSO2 Documentation Group" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to documentation+unsubscr...@wso2.com.
>>>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Thilina Madumal*
>>>> *Software Engineer | **WSO2*
>>>> Email: thilina...@wso2.com
>>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>>> Web:  <http://goog_716986954>http://wso2.com
>>>>
>>>> <http://wso2.com/signature>
>>>>
>>>>
>>>
>>>
>>> --
>>> Shiraz Azad
>>> Technical Writer
>>> WSO2 Inc.
>>>
>>> Mobile: 0094777062384
>>>
>>
>>
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  <http://goog_716986954>http://wso2.com
>>
>> <http://wso2.com/signature>
>>
>>
>
>
> --
> Shiraz Azad
> Technical Writer
> WSO2 Inc.
>
> Mobile: 0094777062384
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 Documentation Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to documentation+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Usage of "kid" JWT header parameter

[Darshana Gunawardana]

Will prioritize this for IS 5.4.0.

Thanks,

On Tue, Aug 29, 2017 at 11:47 PM, Prabath Siriwardena <prab...@wso2.com>
wrote:

> Hope we will fix this for IS 5.4.0..?
>
> Thanks & regards,
> -Prabath
>
> On Tue, Aug 29, 2017 at 2:34 AM, Indunil Upeksha Rathnayake <
> indu...@wso2.com> wrote:
>
>> Hi,
>>
>> On Mon, Aug 28, 2017 at 12:07 PM, Gayan Gunawardana <ga...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Mon, Aug 28, 2017 at 11:48 AM, Indunil Upeksha Rathnayake <
>>> indu...@wso2.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> In IS, when signing the ID token, we are passing the "kid" header
>>>> parameter in the response.
>>>> https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>> th/blob/master/components/org.wso2.carbon.identity.oauth/src
>>>> /main/java/org/wso2/carbon/identity/openidconnect/DefaultIDT
>>>> okenBuilder.java#L122
>>>>
>>>> As per the specification (Refer [1]) :
>>>>
>>>>> *The kid value is a key identifier used in identifying the key to be
>>>>> used to verify the signature.If the kid value is unknown to the RP, it
>>>>> needs to retrieve the contents of the OP's JWK Set again to obtain the 
>>>>> OP's
>>>>> current set of keys. *
>>>>>
>>>>
>>>> We have hard coded this "kid" value in the implementation level. What
>>>> happens if the signing key is a different one than the default one?
>>>>
>>>> Seems like this "kid" is like a hint to identify which specific key to
>>>> be used to validate the signature, when there are multiple keys. Is it a
>>>> valid use case in IS, since there cannot be multiple certs available in
>>>> resident IDP? And also is it correct to use a hard coded value from
>>>> back-end?
>>>>
>>> Having hard coded value is not correct. "kid" value should be generated
>>> based on certificate "thumbprint". Hard coded value would work for super
>>> tenant default keystore.
>>>
>>
>> Thanks. I have created a public JIRA in [1] to handle this.
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-6311
>>
>>
>>>
>>>>
>>>>
>>>>
>>>> This is hard coded in JwksEndpoint as well.
>>>> https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>> th/blob/master/components/org.wso2.carbon.identity.oauth.end
>>>> point/src/main/java/org/wso2/carbon/identity/oauth/endpoint
>>>> /jwks/JwksEndpoint.java#L54
>>>>
>>>> But in JWTTokenGenerator, we are not setting the "kid" parameter.
>>>> https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>> th/blob/master/components/org.wso2.carbon.identity.oauth/src
>>>> /main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTo
>>>> kenGenerator.java#L293
>>>>
>>>> In which scenarios, this "kid" header parameter should be sent and
>>>> should not be sent? Recently we have implemented to sign the user info JWT
>>>> response and need to verify whether "kid" parameter should be sent there as
>>>> well.
>>>>
>>>>
>>>>
>>>> Appreciate your ideas on above concerns.
>>>>
>>>> [1] http://openid.net/specs/openid-connect-core-1_0.html
>>>>
>>>>
>>>> Thanks and Regards
>>>> --
>>>> Indunil Upeksha Rathnayake
>>>> Software Engineer | WSO2 Inc
>>>> Emailindu...@wso2.com
>>>> Mobile   0772182255 <077%20218%202255>
>>>>
>>>
>>>
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Indunil Upeksha Rathnayake
>> Software Engineer | WSO2 Inc
>> Emailindu...@wso2.com
>> Mobile   0772182255 <077%20218%202255>
>>
>
>
>
> --
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950 <(650)%20625-7950>
>
> http://facilelogin.com
>



-- 
Regards,


*Darshana Gunawardana*Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Admin/Tenant Admin Users cannot be filtered to get the SCIM ID

[Darshana Gunawardana]

Hi,

We have the same issue for admin group. Created another JIRA to track the
that issue.

https://wso2.org/jira/browse/IDENTITY-6205

Thanks,

On Fri, Jul 21, 2017 at 2:37 PM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:

> Hi,
>
>
>
> On Fri, Jul 21, 2017 at 2:29 PM, Gayan Gunawardana <ga...@wso2.com> wrote:
>
>> Whatever the implementation behavior should be identical among user list
>> command and user filter command. With new implementation if admin user has
>> SCIM ID it will be returned from both list and filter.
>>
>
> Yes.  I have created a JIRA to handle this issue.
>
> [1] https://wso2.org/jira/browse/IDENTITY-6177
>
>
>> On Fri, Jul 21, 2017 at 2:17 PM, Hasanthi Purnima Dissanayake <
>> hasan...@wso2.com> wrote:
>>
>>> Hi Indunil,
>>>
>>> Please refer following mail in Architecture [1]. Seems Sathya is going
>>> to provide SCIM support for admin users by generating admin users' SCIM
>>> userId. After this implementation it seems this issue will be fixed.
>>>
>>> [1] mail : [Architecture] [IS] SCIM Support for Admin Users
>>>
>>> Thanks,
>>>
>>> Hasanthi Dissanayake
>>>
>>> Software Engineer | WSO2
>>>
>>> E: hasan...@wso2.com
>>> M :0718407133| http://wso2.com <http://wso2.com/>
>>>
>>> On Fri, Jul 21, 2017 at 2:11 PM, Gayan Gunawardana <ga...@wso2.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Fri, Jul 21, 2017 at 2:06 PM, Indunil Upeksha Rathnayake <
>>>> indu...@wso2.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have checked followings with IS 5.3.0 WUM updated pack.
>>>>>
>>>>> 1) List users
>>>>> curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users
>>>>> Result: *{"Errors":[{"description":"Users not found in the user
>>>>> store.","code":"404"}]}*
>>>>>
>>>>> 2) Filter admin user
>>>>> curl -v -k --user admin:admin https://localhost:9443/wso2/sc
>>>>> im/Users?filter=userName+Eq+%22admin%22
>>>>> Result:
>>>>> *{"schemas":["urn:scim:schemas:core:1.0"],"totalResults":1,"Resources":[{"userName":"admin"}]}*
>>>>>
>>>>> Seems like there is a contradiction here. When listing all the users,
>>>>> admin user details won't retrieved, but retrieved with the filtering. 
>>>>> Since
>>>>> admin user doesn't have a SCIM ID, it shouldn't retrieved in any 
>>>>> scenarios.
>>>>> WDT?
>>>>>
>>>> Yes so filter command should not return admin user if it doesn't have
>>>> SCIM ID.
>>>>
>>>>>
>>>>> Thanks and Regards
>>>>>
>>>>>
>>>>> On Fri, Nov 6, 2015 at 9:33 AM, Nadeesha Meegoda <nadees...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Thanks Chamila. Unerstood!
>>>>>>
>>>>>> On Thu, Nov 5, 2015 at 9:48 PM, Chamila Wijayarathna <
>>>>>> cham...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi Nadeesha,
>>>>>>>
>>>>>>> As I mentioned in my previous mail, super admin and tenant admin are
>>>>>>> not created with a SCIM ID, so you can't retrieve them using SCIM GET.
>>>>>>>
>>>>>>> I was suggesting above request to get other users of tenant, if you
>>>>>>> are interested, since the command you were using previously for 
>>>>>>> retrieving
>>>>>>> tenant users were wrong.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> On Thu, Nov 5, 2015 at 5:03 PM, Nadeesha Meegoda <nadees...@wso2.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> So I requested to get the SCIM ID as what Chamila mentioned by the
>>>>>>>> following command
>>>>>>>> curl -v -k --user ten...@new.com:123456
>>>>>>>> https://localhost:9443/wso2/scim/Users?filter=userNameEqtenant
>>>>>>>>
>>>>>>>> But still this doesn't give an

Re: [Dev] Error while building the product-is

[Darshana Gunawardana]

KIPPED
>>> [INFO] Identity Server : identity-authenticators .. SKIPPED
>>> [INFO] Identity Server : Social-authenticators  SKIPPED
>>> [INFO] Identity Server : Provisioning Connectors .. SKIPPED
>>> [INFO] Identity Server : identity-local-authenticators  SKIPPED
>>> [INFO] Identity Server : oauth2-grant-types ... SKIPPED
>>> [INFO] Identity Server  SKIPPED
>>> [INFO] Identity Server : Samples .. SKIPPED
>>> [INFO] Identity Server : User Mgt Samples . SKIPPED
>>> [INFO] Samples/Remote User Management . SKIPPED
>>> [INFO] Identity Server : SCIM Samples . SKIPPED
>>> [INFO] scim-provisioning .. SKIPPED
>>> [INFO] Identity Server : OAuth 1.0a samples with Identity Server SKIPPED
>>> [INFO] WSO2 Carbon - OAuth10a Resource Owner Equivalent ... SKIPPED
>>> [INFO] Identity Server : OAuth2.0 Samples with Identity Server 5.2.0
>>> SKIPPED
>>> [INFO] OAuth 2.0 Playground App with WSO2 Identity Server 5.2.0 SKIPPED
>>> [INFO] OAuth 2.0 Custom Grant . SKIPPED
>>> [INFO] Identity Server : SSO Samples .. SKIPPED
>>> [INFO] Travelocity.COM ServiceProvider / RelyingParty Webapp SKIPPED
>>> [INFO] Identity Server : XACML Samples  SKIPPED
>>> [INFO] WSO2 Entitlement Sample Online Trading . SKIPPED
>>> [INFO] Identity Server : STS Samples .. SKIPPED
>>> [INFO] STS Client . SKIPPED
>>> [INFO] Identity Server : Passive STS Samples .. SKIPPED
>>> [INFO] PassiveSTSSample ... SKIPPED
>>> [INFO] org.wso2.identity.passivests.filter  SKIPPED
>>> [INFO] PassiveSTSSampleApp  SKIPPED
>>> [INFO] Identity Server : InfoRecoverySample Maven Webapp .. SKIPPED
>>> [INFO] InfoRecoverySample Maven Webapp  SKIPPED
>>> [INFO] Identity Server : Workflow Samples . SKIPPED
>>> [INFO] sample-handler . SKIPPED
>>> [INFO] Identity Server Integration Tests .. SKIPPED
>>> [INFO] WSO2 IS - Integration Test Admin Clients Module  SKIPPED
>>> [INFO] WSO2 IS - Integration UI Pages Module .. SKIPPED
>>> [INFO] WSO2 IS - Integration Test Utils Module  SKIPPED
>>> [INFO] Custom Attribute Finder  SKIPPED
>>> [INFO] WSO2 Identity Integration Test Common .. SKIPPED
>>> [INFO] Identity Test Back-end Module ...... SKIPPED
>>> [INFO] org.wso2.identity.integration.test . SKIPPED
>>> [INFO] 
>>> 
>>> [INFO] BUILD FAILURE
>>> [INFO] 
>>> 
>>> [INFO] Total time: 04:26 min
>>> [INFO] Finished at: 2017-07-20T13:57:21+05:30
>>> [INFO] Final Memory: 94M/783M
>>> [INFO] 
>>> ​
>>> Please kindly help.
>>>
>>> Thanks,
>>> Piraveena
>>> *Piraveena Paralogarajah*
>>> Intern- Software Engineering | WSO2
>>> *Email *: pirave...@wso2.com
>>> *Mobile* : +94776099594 <+94%2077%20609%209594>
>>> <http://wso2.com/signature>
>>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Ramith Jayasinghe
> Technical Lead
> WSO2 Inc., http://wso2.com
> lean.enterprise.middleware
>
> E: ram...@wso2.com
> P: +94 777542851 <+94%2077%20754%202851>
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite

[Darshana Gunawardana]

>>>>>>>>> enough to understand the nature of the tests and basics 
>>>>>>>>>>>> information to be
>>>>>>>>>>>> captured. I agree on the fact that the configuration options 
>>>>>>>>>>>> should be more
>>>>>>>>>>>> flexible. Let's capture this in the project proposal if you 
>>>>>>>>>>>> haven't already.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Omindu.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Sun, Apr 2, 2017 at 1:26 PM, Vindula Jayawardana <
>>>>>>>>>>>> vindula...@cse.mrt.ac.lk> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I shared my draft proposal in GSoC dashboard and I kindly
>>>>>>>>>>>>> request your feedback in improving the proposal.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thank you,
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Vindula Jayawardana*
>>>>>>>>>>>>> Computer Science and Engineering Dept.
>>>>>>>>>>>>> University of Moratuwa
>>>>>>>>>>>>> mobile : +713462554
>>>>>>>>>>>>> Email : vindul...@gmail.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://www.facebook.com/vindula.jayawardana>
>>>>>>>>>>>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b>
>>>>>>>>>>>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts>
>>>>>>>>>>>>> <https://twitter.com/vindulajay>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *“Respect is how to treat everyone, not just those you want to
>>>>>>>>>>>>> impress. "*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *-Richard Branson-*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 30 March 2017 at 23:13, Vindula Jayawardana <
>>>>>>>>>>>>> vindula...@cse.mrt.ac.lk> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> As mentioned above, I looked at the SCIM 1.1 compliance test
>>>>>>>>>>>>>> suite [1]. Due to the reason that the SCIM 1.1 test suite 
>>>>>>>>>>>>>> requires an
>>>>>>>>>>>>>> internet facing SCIM 1.1 server to run the tests against, I 
>>>>>>>>>>>>>> setup-ed an
>>>>>>>>>>>>>> Identity Server instance in AWS [2]. However when the test are 
>>>>>>>>>>>>>> run, it
>>>>>>>>>>>>>> fails due to /ServiceProviderConfigs and /Schemas endpoints. As 
>>>>>>>>>>>>>> WSO2 SCIM
>>>>>>>>>>>>>> 1.1 support [3] is not covering the mentioned two endpoints,
>>>>>>>>>>>>>> tests are failing when run.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> However in order to get an idea on how the result
>>>>>>>>>>>>>> representation had been done in SCIM 1.1 compliance test suit, I 
>>>>>>>>>>>>>> mocked the
>>>>>>>>>>>>>> /S

Re: [Dev] Please review and merge the pull request

[Darshana Gunawardana]

Hi Farasath,

It seems like the PR **url** is correct but the hyperlink is wrong. Just
adding the PR link again to avoid the confusion.

https://github.com/wso2/carbon-kernel/pull/1456

Regards,


On Fri, Jul 28, 2017 at 6:58 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

>
>
>
> On Fri, Jul 28, 2017 at 6:29 PM, Dewni Weeraman <de...@wso2.com> wrote:
>
>>
>> Hi,
>>
>> Please merge the pull request [1] which contains the fix for [2].
>>
>> [1] - https://github.com/wso2/carbon-kernel/pull/1456
>> <https://github.com/wso2/carbon-kernel/pull/1445>
>>
>
> This PR is already merged. Is this the correct one you intended?
>
>
>> [2] - https://github.com/wso2/carbon-kernel/issues/1455
>>
>>
>> Regards,
>> Dewni Weeraman
>>
>> --
>> *Dewni Weeraman*
>> Trainee Software Engineer | WSO2
>>
>> Email: de...@wso2.com
>> Mobile: +94772979049 <+94%2077%20297%209049>
>> Web: http://wso2.com/
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Default Claim Mapping for Multiple User Stores from claim-config.xml

[Darshana Gunawardana]

Same file used to initialize tenant's claim mappings.

If we have mapped attributes of secondary user stores in the
claim-config.xml, that would not applicable for tenants since in normal
tenant creation there would be on the primary user store available to them.

So keep in mind handle those scenarios, if we are to implement this.

Thanks,

On Fri, Jun 16, 2017 at 6:30 AM, Isura Karunaratne <is...@wso2.com> wrote:

> Hi,
>
> On Thu, Jun 15, 2017 at 8:46 PM, Gayan Gunawardana <ga...@wso2.com> wrote:
>
>> Hi All,
>>
>> 
>> http://wso2.org/claims/givenname
>> First Name
>> givenName
>> First Name
>> 
>> 1
>> 
>>  
>>
>> With this configuration *givenName *map to*
>> http://wso2.org/claims/givenname <http://wso2.org/claims/givenname> *for*
>> PRIMARY *user store
>>
>> *. *
>> In IS 5.3.0 we can set map attribute from drop down for multiple user
>> stores.
>>
>>
>> ​
>> Is there a way to do same configuration from claim-config.xml ? If not
>> isn't it better to support by changing structure of claim-config.xml ?
>>
>
> AFAIK, there is no such a way to configure secondary user stores mapped
> attributes from claim-config.xml file. Claim config file reads only the
> first server startup and tenant creation. Since we can deploy secondary
> userstores in first startup, +1 to support this.
>
> Thanks
> Isura.
>
>>
>> Thanks,
>> Gayan
>>
>> --
>> Gayan Gunawardana
>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>> Email: ga...@wso2.com
>> Mobile: +94 (71) 8020933
>>
>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Senior Software Engineer | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS][IS 5.3.0] Account locking

[Darshana Gunawardana]

Hi Danushka,

Your requirement is not much clear.. Can you please elaborate more?

Thanks,

On Fri, Mar 10, 2017 at 10:21 AM, Danushka Fernando <danush...@wso2.com>
wrote:

> If we want both account locking and if we have enabled automatic login as
> well. For another user story, if we set locked claim of the user, will that
> also get unlocked after certain time? Or is that just for automatic locking?
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS][5.3.0] Account locking in new method

[Darshana Gunawardana]

Hi Danushka,

Try setting,

*account.lock.handler.enable=true*
in conf/identity/identity-event.properties file.

Thanks,

On Fri, Mar 10, 2017 at 8:57 AM, Danushka Fernando <danush...@wso2.com>
wrote:

> Hi All
> According to [1] there are two methods of doing Account Locking in IS
> 5.3.0. For new method we provide resident idp configs which will affect
> only to current tenant.
> Do we have file configs which we can set these over all tenants?
>
> [1] https://docs.wso2.com/display/IS530/User+Account+
> Locking+and+Account+Disabling
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Exceeding the 65535 bytes limit - idp-mgt-edit.jsp - method _jspService(HttpServletRequest, HttpServletResponse)

[Darshana Gunawardana]

n.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(
> HttpHeaderSecurityFilter.java:120)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.
> doFilter(CharacterSetFilter.java:61)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(
> HttpHeaderSecurityFilter.java:120)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:218)
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:110)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:506)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:169)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
> at org.wso2.carbon.identity.context.rewrite.valve.
> TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)
> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(
> AuthorizationValve.java:91)
> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.
> invoke(AuthenticationValve.java:60)
> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.
> continueInvocation(CompositeValve.java:99)
> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.
> invoke(CarbonTomcatValve.java:47)
> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(
> TenantLazyLoaderValve.java:57)
> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.
> invokeValves(TomcatValveContainer.java:47)
> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(
> CompositeValve.java:62)
> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValv
> e.invoke(CarbonStuckThreadDetectionValve.java:159)
> at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:962)
> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(
> CarbonContextCreatorValve.java:57)
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:452)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1087)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:637)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> doRun(NioEndpoint.java:1760)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> run(NioEndpoint.java:1719)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
>
> [2] - https://github.com/wso2/carbon-identity-framework/
> blob/v5.7.5/components/idp-mgt/org.wso2.carbon.idp.mgt.
> ui/src/main/resources/web/idpmgt/idp-mgt-edit.jsp
>
> Thanks,
> Nisala
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Identity Server 5.3.0 as a Key Manager with API Manager 2.1.0

[Darshana Gunawardana]

Thanks Chamalee for the information..!!

On Wed, Feb 15, 2017 at 8:37 PM, Chamalee De Silva <chama...@wso2.com>
wrote:

> hi Gottfried,
>
>
> The new documentation are ready and please refer [1] or [2] according to
> your requirement.
>
> @Darshana,
> Yes, It is available at [3].
>
>
>
> [1] https://docs.wso2.com/display/AM210/Configuring+WSO2+
> Identity+Server+as+a+Key+Manager
> [2] https://docs.wso2.com/display/AM210/Configuring+the+Pre-
> Packaged+Identity+Server+with+API+Manager
> [3]  http://product-dist.wso2.com/downloads/api-manager/2.1.
> 0/identity-server/wso2is-5.3.0.zip
>
>
>
> hi Go
>
> On Wed, Feb 15, 2017 at 6:20 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>>
>>
>> On Tue, Feb 14, 2017 at 11:00 PM, Chamalee De Silva <chama...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Now it is possible to use IS as KM with API Manager 2.1.0.
>>> The P2 repo [1] is updated with the Key Manager features and by
>>> installing Key Manager version 6.1.66 in WSO2 IS 5.3.0 you will be able to
>>> use IS as Key Manager for API Manager 2.1.0.
>>> The configuration steps are almost same as in the documentation [2].
>>>
>>> We are in the process of updating the documentation for Configuring WSO2
>>> IS 5.3.0 as Key Manager for WSO2 API Manager 2.1.0 and the new
>>> documentation will be available soon.
>>>
>>
>> Thanks Chamalee for the response. Will there be a pre configured IS as
>> Key Manager for IS 5.3.0 + APIM 2.1.0 for download?
>>
>> Regards,
>>
>>>
>>> We will update this thread when the documentation is available.
>>>
>>>
>>> [1] http://product-dist.wso2.com/p2/carbon/releases/wilkes/
>>> [2] https://docs.wso2.com/display/CLUSTER44x/Configuring+the
>>> +Identity+Server+5.2.0+as+a+Key+Manager+with+API+Manager+2.0.0
>>>
>>>
>>> Thanks,
>>> Chamalee
>>>
>>> On Tue, Feb 14, 2017 at 9:18 PM, Darshana Gunawardana <darsh...@wso2.com
>>> > wrote:
>>>
>>>> Hi Chamalee,
>>>>
>>>> Do you know the timelines of this?
>>>>
>>>> Thanks,
>>>>
>>>> On Tue, Feb 14, 2017 at 7:13 PM, Gottfried Szing <gottfr...@szing.eu>
>>>> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> Is there a timeline when it is possible to use Identity Server 5.3.0
>>>>> as a Key Manager with API Manager 2.1.0?
>>>>>
>>>>> Following the documentation for IS 5.2.0/AM 2.0.0 at
>>>>> https://docs.wso2.com/x/CKJlAw for the above setup always fails, no
>>>>> matter which version (5.0.3, 6.0.4, 6.1.66) of the keymanager is chosen.
>>>>> And a newer documenation is not available.
>>>>>
>>>>> Br,
>>>>>   Gottfried
>>>>> _______
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>>
>>>> *Darshana Gunawardana*Associate Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>>
>>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>> Middleware
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Chamalee De Silva*
>>> Software Engineer
>>> *WS**O2* Inc. :http://wso2.com/
>>>
>>> Office   :- *+94 11 2145345 <%2B94%2011%202145345>*
>>> mobile  :- *+94 7 <%2B94%2077%202782039>1 4315942*
>>>
>>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>
>
>
> --
> Thanks & Regards,
>
> *Chamalee De Silva*
> Software Engineer
> *WS**O2* Inc. :http://wso2.com/
>
> Office   :- *+94 11 2145345 <%2B94%2011%202145345>*
> mobile  :- *+94 7 <%2B94%2077%202782039>1 4315942*
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Identity Server 5.3.0 as a Key Manager with API Manager 2.1.0

[Darshana Gunawardana]

On Tue, Feb 14, 2017 at 11:00 PM, Chamalee De Silva <chama...@wso2.com>
wrote:

> Hi,
>
> Now it is possible to use IS as KM with API Manager 2.1.0.
> The P2 repo [1] is updated with the Key Manager features and by installing
> Key Manager version 6.1.66 in WSO2 IS 5.3.0 you will be able to use IS as
> Key Manager for API Manager 2.1.0.
> The configuration steps are almost same as in the documentation [2].
>
> We are in the process of updating the documentation for Configuring WSO2
> IS 5.3.0 as Key Manager for WSO2 API Manager 2.1.0 and the new
> documentation will be available soon.
>

Thanks Chamalee for the response. Will there be a pre configured IS as Key
Manager for IS 5.3.0 + APIM 2.1.0 for download?

Regards,

>
> We will update this thread when the documentation is available.
>
>
> [1] http://product-dist.wso2.com/p2/carbon/releases/wilkes/
> [2] https://docs.wso2.com/display/CLUSTER44x/Configuring+
> the+Identity+Server+5.2.0+as+a+Key+Manager+with+API+Manager+2.0.0
>
>
> Thanks,
> Chamalee
>
> On Tue, Feb 14, 2017 at 9:18 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Hi Chamalee,
>>
>> Do you know the timelines of this?
>>
>> Thanks,
>>
>> On Tue, Feb 14, 2017 at 7:13 PM, Gottfried Szing <gottfr...@szing.eu>
>> wrote:
>>
>>> Hi
>>>
>>> Is there a timeline when it is possible to use Identity Server 5.3.0 as
>>> a Key Manager with API Manager 2.1.0?
>>>
>>> Following the documentation for IS 5.2.0/AM 2.0.0 at
>>> https://docs.wso2.com/x/CKJlAw for the above setup always fails, no
>>> matter which version (5.0.3, 6.0.4, 6.1.66) of the keymanager is chosen.
>>> And a newer documenation is not available.
>>>
>>> Br,
>>>   Gottfried
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>
>
>
> --
> Thanks & Regards,
>
> *Chamalee De Silva*
> Software Engineer
> *WS**O2* Inc. :http://wso2.com/
>
> Office   :- *+94 11 2145345 <%2B94%2011%202145345>*
> mobile  :- *+94 7 <%2B94%2077%202782039>1 4315942*
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Identity Server 5.3.0 as a Key Manager with API Manager 2.1.0

[Darshana Gunawardana]

Hi Chamalee,

Do you know the timelines of this?

Thanks,

On Tue, Feb 14, 2017 at 7:13 PM, Gottfried Szing <gottfr...@szing.eu> wrote:

> Hi
>
> Is there a timeline when it is possible to use Identity Server 5.3.0 as a
> Key Manager with API Manager 2.1.0?
>
> Following the documentation for IS 5.2.0/AM 2.0.0 at
> https://docs.wso2.com/x/CKJlAw for the above setup always fails, no
> matter which version (5.0.3, 6.0.4, 6.1.66) of the keymanager is chosen.
> And a newer documenation is not available.
>
> Br,
>   Gottfried
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] C5 Support for filtering

[Darshana Gunawardana]

[Re adding Vindula]

On Tue, Feb 14, 2017 at 10:31 AM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi all,
>
> Have we made any progress on this? Assuming that we are not covered these,
> i have created few JIRAs to track these.. Please resolve them, if those are
> already implemented or add any JIRA that needed to be added more.
>
> https://wso2.org/jira/browse/IDENTITY-5748 : "Add support for complex
> filters for user core and expose the same from product (SCIM) API"
> https://wso2.org/jira/browse/IDENTITY-5749 : "Add support for pagination
> for user core and expose the same from product (SCIM) API"
> https://wso2.org/jira/browse/IDENTITY-5750 : "Add support for sorting for
> user core and expose the same from product (SCIM) API"
> https://wso2.org/jira/browse/IDENTITY-5751 : "Add support for
> filtering\sorting\pagination together for user core and expose the same
> from product (SCIM) API"
>
> Thanks,
>
>
> On Fri, Nov 4, 2016 at 2:25 PM, Johann Nallathamby <joh...@wso2.com>
> wrote:
>
>> We need to support simple filters, pagination and sorting from user-core
>> APIs. I don't think there is a defined list of complex filters; it is
>> endless. So we can't support it from user-core. So what we can do is we can
>> provide a default implementation to evaluate complex filters using simple
>> filters in SCIMUserManager, and if someone wants to extend it they need to
>> extend SCIMUserManager implementation.
>>
>> On Fri, Nov 4, 2016 at 1:15 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Do we have the support for complex filters, pagination, sorting from the
>>> C5 user-core?
>>>
>>> If not, we should support these since these are some major limitations
>>> we had in C4 user-core and we should avoid those limitations in C5.
>>>
>>> Thanks,
>>>
>>> On Thu, Oct 20, 2016 at 9:41 AM, Vindula Jayawardana <vind...@wso2.com>
>>> wrote:
>>>
>>>> Hi Chamila,
>>>>
>>>> On Tue, Oct 18, 2016 at 4:18 PM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Johann, Vindula,
>>>>>
>>>>> On Tue, Oct 18, 2016 at 3:59 PM, Johann Nallathamby <joh...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Oct 18, 2016 at 10:05 AM, Vindula Jayawardana <
>>>>>> vind...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> With the current user core implementation we support only the equal
>>>>>>> filter (e.g. userName Eq "john"). However SCIM 2.0 specification [1]
>>>>>>> specify total of 10 such simple filters and complex filters which are
>>>>>>> combinations of simple filters using logical and grouping operators 
>>>>>>> (e.g.
>>>>>>> userType ne "Employee" and not (emails co "example.com" or
>>>>>>> emails.value co "example.org")). As we are in the process of C5
>>>>>>> implementation, have we considered the other filter type 
>>>>>>> implementations as
>>>>>>> well?
>>>>>>>
>>>>>>
>>>>>> Yes we need to consider these features in the extended user-core
>>>>>> implementation.
>>>>>>
>>>>>>>
>>>>>>> Moreover if we are supporting the complex filters, are we supporting
>>>>>>> it by simple filter by filter basis or the entire complex filter as a
>>>>>>> whole? If we are looking for the simple filter by filter basis, there 
>>>>>>> will
>>>>>>> be performance issues as well.
>>>>>>>
>>>>>>
>>>>>> It is better if we provide complex filters from extended user-core
>>>>>> itself for performance reasons. However if time doesn't permit to 
>>>>>> implement
>>>>>> all those APIs, we can have a scim UserManager implementation which will
>>>>>> call multiple simple filters and combine the result and return. Obviously
>>>>>> as you said performance of such implementation will be low. But it is
>>>>>> acceptable as an interim solution until extended user-core implementati

Re: [Dev] [IS] C5 Support for filtering

[Darshana Gunawardana]

Hi all,

Have we made any progress on this? Assuming that we are not covered these,
i have created few JIRAs to track these.. Please resolve them, if those are
already implemented or add any JIRA that needed to be added more.

https://wso2.org/jira/browse/IDENTITY-5748 : "Add support for complex
filters for user core and expose the same from product (SCIM) API"
https://wso2.org/jira/browse/IDENTITY-5749 : "Add support for pagination
for user core and expose the same from product (SCIM) API"
https://wso2.org/jira/browse/IDENTITY-5750 : "Add support for sorting for
user core and expose the same from product (SCIM) API"
https://wso2.org/jira/browse/IDENTITY-5751 : "Add support for
filtering\sorting\pagination together for user core and expose the same
from product (SCIM) API"

Thanks,


On Fri, Nov 4, 2016 at 2:25 PM, Johann Nallathamby <joh...@wso2.com> wrote:

> We need to support simple filters, pagination and sorting from user-core
> APIs. I don't think there is a defined list of complex filters; it is
> endless. So we can't support it from user-core. So what we can do is we can
> provide a default implementation to evaluate complex filters using simple
> filters in SCIMUserManager, and if someone wants to extend it they need to
> extend SCIMUserManager implementation.
>
> On Fri, Nov 4, 2016 at 1:15 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Hi,
>>
>> Do we have the support for complex filters, pagination, sorting from the
>> C5 user-core?
>>
>> If not, we should support these since these are some major limitations we
>> had in C4 user-core and we should avoid those limitations in C5.
>>
>> Thanks,
>>
>> On Thu, Oct 20, 2016 at 9:41 AM, Vindula Jayawardana <vind...@wso2.com>
>> wrote:
>>
>>> Hi Chamila,
>>>
>>> On Tue, Oct 18, 2016 at 4:18 PM, Chamila Wijayarathna <
>>> cdwijayarat...@gmail.com> wrote:
>>>
>>>> Hi Johann, Vindula,
>>>>
>>>> On Tue, Oct 18, 2016 at 3:59 PM, Johann Nallathamby <joh...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Tue, Oct 18, 2016 at 10:05 AM, Vindula Jayawardana <
>>>>> vind...@wso2.com> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> With the current user core implementation we support only the equal
>>>>>> filter (e.g. userName Eq "john"). However SCIM 2.0 specification [1]
>>>>>> specify total of 10 such simple filters and complex filters which are
>>>>>> combinations of simple filters using logical and grouping operators (e.g.
>>>>>> userType ne "Employee" and not (emails co "example.com" or
>>>>>> emails.value co "example.org")). As we are in the process of C5
>>>>>> implementation, have we considered the other filter type implementations 
>>>>>> as
>>>>>> well?
>>>>>>
>>>>>
>>>>> Yes we need to consider these features in the extended user-core
>>>>> implementation.
>>>>>
>>>>>>
>>>>>> Moreover if we are supporting the complex filters, are we supporting
>>>>>> it by simple filter by filter basis or the entire complex filter as a
>>>>>> whole? If we are looking for the simple filter by filter basis, there 
>>>>>> will
>>>>>> be performance issues as well.
>>>>>>
>>>>>
>>>>> It is better if we provide complex filters from extended user-core
>>>>> itself for performance reasons. However if time doesn't permit to 
>>>>> implement
>>>>> all those APIs, we can have a scim UserManager implementation which will
>>>>> call multiple simple filters and combine the result and return. Obviously
>>>>> as you said performance of such implementation will be low. But it is
>>>>> acceptable as an interim solution until extended user-core implementation
>>>>> supports all the filters.
>>>>>
>>>> Can you please explain, what you refer as complex filters here? I think
>>>> we need to implement operators listed in table 3 and 4 in the specification
>>>> and implement a generic way to build complex queries reusing them. I don't
>>>> think it would be practical to more complex filters, there can be large
>>>> amount of complex filters that can be created by combining these simple

Re: [Dev] [VOTE] Release WSO2 Identity Server 5.3.0- RC3

[Darshana Gunawardana]

Tested following features in RC3.

   - XACML Rest profile
   - Rule base provisioning
   - Authorization Rules for SSO
   - Dynamic Client Registration


[+] Stable : Go ahead and release

Thanks,

On Mon, Jan 9, 2017 at 1:00 PM, Ashen Weerathunga <as...@wso2.com> wrote:

> Hi,
>
> Tested the following IS Analytics features with IS Runtime,
>
>- Login attempts analytics
>- Login session analytics
>- Suspicious login alerts
>- Customizing alerts using template manager
>
> [+] Stable - go ahead and release
>
> Thanks,
> Ashen
>
> On Mon, Jan 9, 2017 at 11:51 AM, Thanuja Jayasinghe <than...@wso2.com>
> wrote:
>
>> Hi,
>>
>> Tested following,
>>
>>- Account recovery with notification
>>- Account recovery with security questions
>>- Recaptcha
>>- Self signup
>>
>> [+] Stable - go ahead and release
>>
>> Thanks,
>> Thanuja
>>
>> On Mon, Jan 9, 2017 at 11:05 AM, Rushmin Fernando <rush...@wso2.com>
>> wrote:
>>
>>> Tested following features with MSSQL
>>>
>>> 1) SAML flow
>>> 2) OAuth
>>> 3) OIDC
>>> 4) SAML metedata profile
>>>
>>>   [+] Stable - go ahead and release
>>>
>>> Best Regards
>>> Rushmin
>>>
>>> On Mon, Jan 9, 2017 at 9:33 AM, Dinali Dabarera <din...@wso2.com> wrote:
>>>
>>>> Hi,
>>>> I tested the following on the Identity Server 5.3.0-RC3 pack,
>>>>
>>>>- Discovery
>>>>- DCR
>>>>- Form Post
>>>>- Introspection
>>>>- SCIM API
>>>>- User Management
>>>>
>>>> Worked fine without any issues.
>>>> [+] Stable - go ahead and release
>>>>
>>>> On Fri, Jan 6, 2017 at 10:06 PM, Pulasthi Mahawithana <
>>>> pulast...@wso2.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> This is the 3rd Release Candidate of WSO2 Identity Server 5.3.0.
>>>>>
>>>>> Please download, test the product and vote. Vote will be open for 72
>>>>> hours or as needed.
>>>>>
>>>>> This release fixes the following issues:
>>>>>
>>>>> Runtime : https://wso2.org/jira/issues/?filter=13612
>>>>> Analytics : https://wso2.org/jira/issues/?filter=13614
>>>>>
>>>>> Source and distribution
>>>>>
>>>>> Run-time : https://github.com/wso2/prod
>>>>> uct-is/releases/tag/v5.3.0-rc3
>>>>> Analytics : https://github.com/wso2/anal
>>>>> ytics-is/releases/tag/v5.3.0-rc3
>>>>>
>>>>> Please vote as follows.
>>>>> [+] Stable - go ahead and release
>>>>> [-] Broken - do not release (explain why)
>>>>>
>>>>> Thanks,
>>>>> - WSO2 Identity Server Team -
>>>>>
>>>>> --
>>>>> *Pulasthi Mahawithana*
>>>>> Senior Software Engineer
>>>>> WSO2 Inc., http://wso2.com/
>>>>> Mobile: +94-71-5179022 <+94%2071%20517%209022>
>>>>> Blog: http://blog.pulasthi.org
>>>>>
>>>>> <https://wso2.com/signature>
>>>>>
>>>>> ___
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Dinali Rosemin Dabarera*
>>>> Software Engineer
>>>> WSO2 Lanka (pvt) Ltd.
>>>> Web: http://wso2.com/
>>>> Email : gdrdabar...@gmail.com
>>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
>>>> Mobile: +94770198933 <+94%2077%20019%208933>
>>>>
>>>>
>>>>
>>>>
>>>> <https://lk.linkedin.com/in/dinalidabarera>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> *Best Regards*
>>>
>>> *Rushmin Fernando*
>>> *Technical Lead*
>>>
>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>
>>> mobile : +94775615183
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Thanuja Lakmal*
>> Senior Software Engineer
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891 +94758009992
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Ashen Weerathunga*
> Software Engineer
> WSO2 Inc.: http://wso2.com
> lean.enterprise.middleware
>
> Email: as...@wso2.com
> Mobile: tel:94716042995 <94716042995>
> LinkedIn: *http://lk.linkedin.com/in/ashenweerathunga
> <http://lk.linkedin.com/in/ashenweerathunga>*
> <http://wso2.com/signature>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Logs in Wso2 IS

[Darshana Gunawardana]

Hi Koné,

There is another possible way of getting audit log in the UI. It should be
able to log audit logs to wso2carbon.log by changing log appenders in
log4j.properties file and get those logs visible in the log monitoring UI.
Haven't tested this, but it should be possible.

Regards,

On Wed, Jan 4, 2017 at 4:08 PM, Koné Alioune Badara <
kon...@etna-alternance.net> wrote:

> Hello,
>
> Thank you for the answer, is it planned to add that audit in the UI? If
> not, is there a possibility to add an external pluggin to do so?
>
> Regards.
>
> 2017-01-04 10:57 GMT+01:00 Darshana Gunawardana <darsh...@wso2.com>:
>
>> Hi Koné,
>>
>> The default management console does not provide the capability to monitor
>> audit logs from its UI.
>>
>> Adding our analytics experts to get more insight from our log analyzing
>> efforts.
>>
>> Thanks,
>>
>> On Wed, Jan 4, 2017 at 2:54 PM, Koné Alioune Badara <
>> kon...@etna-alternance.net> wrote:
>>
>>> Hello,
>>>
>>> Yes it is exactly what I mean.
>>>
>>> Regards.
>>>
>>> 2017-01-04 9:41 GMT+01:00 Chamila Wijayarathna <cdwijayarat...@gmail.com
>>> >:
>>>
>>>> Hi Koné,
>>>>
>>>> What you mean by having the log in the management console? You want to
>>>> see the log in a UI page in management console?
>>>>
>>>> On Wed, Jan 4, 2017 at 7:37 PM, Koné Alioune Badara <
>>>> kon...@etna-alternance.net> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> Thank you for your answers, is there anyway to have this log in the
>>>>> management console?
>>>>>
>>>>> Regards.
>>>>>
>>>>> 2017-01-04 2:19 GMT+01:00 Chamila Wijayarathna <
>>>>> cdwijayarat...@gmail.com>:
>>>>>
>>>>>> I reporter issue with audit logs in profile update at [1
>>>>>> <https://wso2.org/jira/browse/IDENTITY-5557>]. Please feel free to
>>>>>> close if not relevant.
>>>>>>
>>>>>> [1]. https://wso2.org/jira/browse/IDENTITY-5557
>>>>>>
>>>>>> On Wed, Jan 4, 2017 at 10:01 AM, Chamila Wijayarathna <
>>>>>> cdwijayarat...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Koné,
>>>>>>>
>>>>>>> You can find logs for user creation and deletion at
>>>>>>> /repository/logs/audit file. It also logs change password events. 
>>>>>>> However
>>>>>>> it does not seem to log user profile update events which IMO should be
>>>>>>> logged as well.
>>>>>>>
>>>>>>> @Johann : Is there any particular reason for not logging user
>>>>>>> profile updates at audit logs?
>>>>>>>
>>>>>>> Regards!
>>>>>>>
>>>>>>> On Wed, Jan 4, 2017 at 4:05 AM, Koné Alioune Badara <
>>>>>>> kon...@etna-alternance.net> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> Where can I find the logs of user created/updated/deleted in Wso2IS
>>>>>>>> management console?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> --
>>>>>>>> Cordialement,
>>>>>>>>
>>>>>>>> Alioune B KONÉ.
>>>>>>>>
>>>>>>>> ___
>>>>>>>> Dev mailing list
>>>>>>>> Dev@wso2.org
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Chamila Dilshan Wijayarathna,
>>>>>>> PhD Research Student
>>>>>>> The University of New South Wales (UNSW Canberra)
>>>>>>> Australian Centre for Cyber Security
>>>>>>> Australian Defence Force Academy
>>>>>>> PO Box 7916, Canberra BA ACT 2610
>>>>>>> Australia
>>>>>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Chamila Dilshan Wijayarathna,
>>>>>> PhD Research Student
>>>>>> The University of New South Wales (UNSW Canberra)
>>>>>> Australian Centre for Cyber Security
>>>>>> Australian Defence Force Academy
>>>>>> PO Box 7916, Canberra BA ACT 2610
>>>>>> Australia
>>>>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cordialement,
>>>>>
>>>>> Alioune B KONÉ.
>>>>> MASTER ETNA 2016.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Chamila Dilshan Wijayarathna,
>>>> PhD Research Student
>>>> The University of New South Wales (UNSW Canberra)
>>>> Australian Centre for Cyber Security
>>>> Australian Defence Force Academy
>>>> PO Box 7916, Canberra BA ACT 2610
>>>> Australia
>>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>>
>>>>
>>>
>>>
>>> --
>>> Cordialement,
>>>
>>> Alioune B KONÉ.
>>> MASTER ETNA 2016.
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>
>
>
> --
> Cordialement,
>
> Alioune B KONÉ.
> MASTER ETNA 2016.
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.3.0- RC2

[Darshana Gunawardana]

Hi all,

We have decided to call off the RC2 vote since we had to redo some some
policy templates shipping with the product.

Thanks,

On Wed, Jan 4, 2017 at 10:09 PM, Pulasthi Mahawithana <pulast...@wso2.com>
wrote:

> Hi All,
>
> This is the 2nd Release Candidate of WSO2 Identity Server 5.3.0.
>
> Please download, test the product and vote. Vote will be open for 72 hours
> or as needed.
>
> This release fixes the following issues:
>
> Runtime : https://wso2.org/jira/issues/?filter=13612
> Analytics : https://wso2.org/jira/issues/?filter=13614
>
> Source and distribution
>
> Run-time   : https://github.com/wso2/prod
> uct-is/releases/tag/v5.3.0-rc2
> Analytics   : https://github.com/wso2/anal
> ytics-is/releases/tag/v5.3.0-rc2
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> - WSO2 Identity Server Team -
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: http://blog.pulasthi.org
>
> <https://wso2.com/signature>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] Permission to create roles and assign users to them

[Darshana Gunawardana]

Hi Chamila\Hanen,

Yes. you need to have "'/permission/admin/manage/identity'" permission to
manage roles from the UI. Since we are doing multiple management operation
via management console we require much higher level of permissions. But
Relevant backend services (UserAdmin service) do support finer level
permission ("/permission/admin/manage/identity/usermgt") then if some
external client need to connect with restricted permissions still it's
possible. But indeed this UIs can be improved to support fine
grained permissions. Since we are working on the IS 6.0.0 which is based on
next gen Carbon 5 platform with complete re-design of the product with
parallel to IS 5.3.0 release, we did not focus on major redesigning of UI
and related UI permissions with the IS 5.3.0.

Giving you bit of insight of IS 6.0.0 effort, we have plans to decouple
persona that use identity server for different types of administration and
provide separate views for each of those. You will be able to follow up on
those discussions on architecture list soon.

We have created https://wso2.org/jira/browse/IDENTITY-5560 to track this
specific improvement, and it will consider fixing this in a future release.

Thanks

On Wed, Jan 4, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote:

> Hi,
>
> Actually I tried most of the combinations and the smallest set of
> permissions allowing users to create roles is by selecting the whole
> "Identity" permissions block. Why 
> Sometimes we want some type of users to be able to only create users and
> assign them to some roles, the rest of the application (IdP, SP, Key
> stores, Workflow mgt, etc.) isn't trivial to them and is not even in their
> scope of responsibility. Why such limitation?
>
> Regards,
> Hanen
>
> On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna <
> cdwijayarat...@gmail.com> wrote:
>
>> Hi,
>>
>> It looks like you need to have '/permission/admin/manage/identity' to do
>> this using management console. However, when looking at code if you are
>> doing it using API calls, having "User Management" and "Role Management"
>> should be enough to do this.
>>
>> It should work with "Roles Management" IMO, I'm not sure why it's not
>> implemented like that.
>> @Johann, Darshana : Any idea on this?
>>
>> On Wed, Jan 4, 2017 at 10:42 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>>
>>> Hello,
>>>
>>> What is the permission that gives the user the possibility to create
>>> roles and assign users to them? I tried "Roles Management" permission but
>>> it's not doing the trick.
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Chamila Dilshan Wijayarathna,
>> PhD Research Student
>> The University of New South Wales (UNSW Canberra)
>> Australian Centre for Cyber Security
>> Australian Defence Force Academy
>> PO Box 7916, Canberra BA ACT 2610
>> Australia
>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>
>>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

[Darshana Gunawardana]

Hi Hanen,

As of the current behaviour of the management console, it cannot hide
primary user store from the drop down for tenant users.

There are two ways to enforce this,
* Add backend validation for restricting user creation in primary userstore
for tenant users (this requires a listener implementation for user
management operations)
* Write a separate dashboard with these customizations (this requires to
develop separate webapp)

Thanks,

On Wed, Jan 4, 2017 at 7:48 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote:

> Hi,
>
> Is there a way to restrict tenant users (having the permission to create
> other users) to a secondary user store; I noticed PRIMARY user store is
> always there when trying to create a new user even for tenant users, it
> leads to some confusion and some users can persist other newly created
> users on the PRIMARY, can't we grey out this drop down so that it works for
> only one secondary user store?
>
> Regards,
> Hanen
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Logs in Wso2 IS

[Darshana Gunawardana]

Hi Koné,

The default management console does not provide the capability to monitor
audit logs from its UI.

Adding our analytics experts to get more insight from our log analyzing
efforts.

Thanks,

On Wed, Jan 4, 2017 at 2:54 PM, Koné Alioune Badara <
kon...@etna-alternance.net> wrote:

> Hello,
>
> Yes it is exactly what I mean.
>
> Regards.
>
> 2017-01-04 9:41 GMT+01:00 Chamila Wijayarathna <cdwijayarat...@gmail.com>:
>
>> Hi Koné,
>>
>> What you mean by having the log in the management console? You want to
>> see the log in a UI page in management console?
>>
>> On Wed, Jan 4, 2017 at 7:37 PM, Koné Alioune Badara <
>> kon...@etna-alternance.net> wrote:
>>
>>> Hello,
>>>
>>> Thank you for your answers, is there anyway to have this log in the
>>> management console?
>>>
>>> Regards.
>>>
>>> 2017-01-04 2:19 GMT+01:00 Chamila Wijayarathna <cdwijayarat...@gmail.com
>>> >:
>>>
>>>> I reporter issue with audit logs in profile update at [1
>>>> <https://wso2.org/jira/browse/IDENTITY-5557>]. Please feel free to
>>>> close if not relevant.
>>>>
>>>> [1]. https://wso2.org/jira/browse/IDENTITY-5557
>>>>
>>>> On Wed, Jan 4, 2017 at 10:01 AM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Koné,
>>>>>
>>>>> You can find logs for user creation and deletion at
>>>>> /repository/logs/audit file. It also logs change password events. However
>>>>> it does not seem to log user profile update events which IMO should be
>>>>> logged as well.
>>>>>
>>>>> @Johann : Is there any particular reason for not logging user profile
>>>>> updates at audit logs?
>>>>>
>>>>> Regards!
>>>>>
>>>>> On Wed, Jan 4, 2017 at 4:05 AM, Koné Alioune Badara <
>>>>> kon...@etna-alternance.net> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> Where can I find the logs of user created/updated/deleted in Wso2IS
>>>>>> management console?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> --
>>>>>> Cordialement,
>>>>>>
>>>>>> Alioune B KONÉ.
>>>>>>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Chamila Dilshan Wijayarathna,
>>>>> PhD Research Student
>>>>> The University of New South Wales (UNSW Canberra)
>>>>> Australian Centre for Cyber Security
>>>>> Australian Defence Force Academy
>>>>> PO Box 7916, Canberra BA ACT 2610
>>>>> Australia
>>>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Chamila Dilshan Wijayarathna,
>>>> PhD Research Student
>>>> The University of New South Wales (UNSW Canberra)
>>>> Australian Centre for Cyber Security
>>>> Australian Defence Force Academy
>>>> PO Box 7916, Canberra BA ACT 2610
>>>> Australia
>>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>>
>>>>
>>>
>>>
>>> --
>>> Cordialement,
>>>
>>> Alioune B KONÉ.
>>> MASTER ETNA 2016.
>>>
>>
>>
>>
>> --
>> Chamila Dilshan Wijayarathna,
>> PhD Research Student
>> The University of New South Wales (UNSW Canberra)
>> Australian Centre for Cyber Security
>> Australian Defence Force Academy
>> PO Box 7916, Canberra BA ACT 2610
>> Australia
>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>
>>
>
>
> --
> Cordialement,
>
> Alioune B KONÉ.
> MASTER ETNA 2016.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Carbon Kernel 4.4.11 RC2

[Darshana Gunawardana]

Built IS 5.3.0 SNAPSHOT and found no issues in integration tests.

[x] Stable - Go ahead and release.

Regards,

On Wed, Dec 21, 2016 at 8:14 PM, Kalpa Welivitigoda <kal...@wso2.com> wrote:

> Hi folks,
>
> This is the 2nd release candidate of WSO2 Carbon Kernel 4.4.11.
>
> This release fixes the following issues
> https://wso2.org/jira/issues/?filter=13618
>
> Please download and test your products with kernel 4.4.11 RC2 and vote.
> The vote will be open for 72 hours or as longer as needed.
>
> Source and binary distribution files:
> http://svn.wso2.org/repos/wso2/people/kalpaw/wso2carbon-
> 4.4.11/wso2carbon-4.4.11-rc2.zip
>
> Maven staging repository
> https://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1065
>
> The tag to be voted upon :
> https://github.com/wso2/carbon-kernel/releases/tag/v4.4.11-rc2
>
> [ ] Broken - Do not release (explain why)
> [ ] Stable  - Go ahead and release
>
> Thank you
> Platform Team
>
>
> --
> Best Regards,
>
> Kalpa Welivitigoda
> Senior Software Engineer, WSO2 Inc. http://wso2.com
> Email: kal...@wso2.com
> Mobile: +94776509215 <+94%2077%20650%209215>
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
> _______
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Carbon Kernel 4.4.11 RC1

[Darshana Gunawardana]

Hi all,

Please keep the vote on hold.

Thanks,

On Wed, Dec 21, 2016 at 3:31 PM, Chamalee De Silva <chama...@wso2.com>
wrote:

> Tested with API Manager database functionalities for following databases.
>
>-  Oracle 11g
>-  MySQL 5.6
>- PostgreSQL 9.3
>
>
> No issues found.
>
> [x] Stable  -  Go ahead and release
>
>
>
> On Wed, Dec 21, 2016 at 3:26 PM, Praminda Jayawardana <prami...@wso2.com>
> wrote:
>
>> Tested with APIM (basic functionality testing and integration tests). No
>> issues found.
>>
>>  [x] Stable -Go ahead and release
>>
>>
>> On Wed, Dec 21, 2016 at 3:19 PM, Vindula Jayawardana <vind...@wso2.com>
>> wrote:
>>
>>>
>>> Built IS 5.3.0 SNAPSHOT and found no issues in identity provisioning.
>>>
>>>
>>>> [x] Stable  - Go ahead and release
>>>>
>>>> --
>>> *Vindula Jayawardana*
>>> Trainee Software Engineer
>>> Mobile : +94 713 462554 <+94%2071%20346%202554>
>>> Email : vind...@wso2.com
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> *Praminda Jayawardana*
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> Mobile : +94 (0) 716 590918 <+94%2071%20659%200918>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Chamalee De Silva*
> Software Engineer
> *WS**O2* Inc. :http://wso2.com/
>
> Office   :- *+94 11 2145345 <%2B94%2011%202145345>*
> mobile  :- *+94 7 <%2B94%2077%202782039>1 4315942*
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Carbon Kernel 4.4.11 RC1

[Darshana Gunawardana]

Built IS 5.3.0 SNAPSHOT and found no issues in integration tests.

[x] Stable - Go ahead and release.

On Wed, Dec 21, 2016 at 2:11 PM, Rushmin Fernando <rush...@wso2.com> wrote:

> Verified user management functionalities.
>
> [x] Stable - Go ahead and release.
>
> On Wed, Dec 21, 2016 at 12:52 AM, Danesh Kuruppu <dan...@wso2.com> wrote:
>
>> Hi Devs,
>>
>> This is the 1st release candidate of WSO2 Carbon Kernel 4.4.11.
>>
>> This release fixes the following issues
>> https://wso2.org/jira/issues/?filter=13618
>>
>> Please download and test your products with kernel 4.4.11 RC1 and vote. The
>> vote will be open for 72 hours or as longer as needed.
>>
>> Source and binary distribution files:
>> https://github.com/wso2/carbon-kernel/archive/v4.4.11-rc1.zip
>> http://svn.wso2.org/repos/wso2/people/danesh/wso2carbon-4.4.
>> 11/rc1/wso2carbon-4.4.11.zip
>>
>> <http://svn.wso2.org/repos/wso2/people/thusithad/4.4.10/wso2carbon-4.4.10.zip>
>> Maven staging repository
>> https://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1061
>>
>> The tag to be voted upon :
>> https://github.com/wso2/carbon-kernel/releases/tag/v4.4.11-rc1
>>
>> [ ] Broken - Do not release (explain why)
>> [ ] Stable  - Go ahead and release
>>
>> Thank you
>> Platform Team
>> --
>>
>> *Danesh Kuruppu*
>> Senior Software Engineer | WSO2
>>
>> Email: dan...@wso2.com
>> Mobile: +94 (77) 1690552 <+94%2077%20169%200552>
>> Web: WSO2 Inc <https://wso2.com/signature>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>
> mobile : +94775615183
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Change display name of authenticators to provide better UX

[Darshana Gunawardana]

Hi Devs,

I'm working on improving UX of federated authenticator configurations and
doing minor fixes on idp UI side.

While doing that, I noticed that Email OTP connector and SMS OTP connector
display names can be improved.

Created [1] to track this and sent the PRs for needed fixes. Can you please
test, review and update those connectors for IS 5.3.0 release?

Meanwhile please check with other connectors as well. I just noticed these
two, since IS 5.3.0 bundles only these two.

[1] https://wso2.org/jira/browse/ISCONNECT-43

Thanks,

-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS-5.3.0] Controlling visibility of "Monitor Users Login Sessions" gadget based on permission.

[Darshana Gunawardana]

Hi Ayesha,

Use the permission string as: ""/permission/admin/manage/
identity/authentication/session/delete" for the session terminate operation
since that the convention we follows.

Thanks,

On Thu, Nov 24, 2016 at 12:09 PM, Ayesha Dissanayaka <aye...@wso2.com>
wrote:

> Hi all,
>
> As I am working on IDENTITY-5277
> <https://wso2.org/jira/browse/IDENTITY-5277> , I have added new set of
> permissions to permission tree as below.
>
> ​
>
> In the dashboard app, gadget is visible users who has
> "/permission/admin/manage/identity/authentication/session/view"
> permission or higher.
>
> Session termination is only allowed to users with
> "/permission/admin/manage/identity/authentication/session/terminate" or
> higher. For that SessionManagementService is secured with this permission.
>
> Thanks!
> -Ayesha
>
> --
> *Ayesha Dissanayaka*
> Software Engineer,
> WSO2, Inc : http://wso2.com
> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
> 20, Palmgrove Avenue, Colombo 3
> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS-5.3.0-M5] What is the use of asking for email when "Username Recovery with email notification"

[Darshana Gunawardana]

On Wed, Nov 23, 2016 at 12:12 PM, Ayesha Dissanayaka <aye...@wso2.com>
wrote:

> Hi,
>
> As I am working on fixing https://wso2.org/jira/browse/IDENTITY-5284, in
> the user-name recovery UI we have below two options.
>
>1. Making First name, Last name and Email mandatory in the recovery UI
>2. Keep them optional and validate at the back-end only if fields are
>provided by the client.
>
>
Its better to have option #2 as in the OOTB product. Anybody who use this
capability in real scenario usually customize (with their own theming etc.)
will have the flexibility to change the UI behaves.

> What is the preferred behavior from above considering UX?
>
> Further, backend recovery API doesn't validate First name, Last name and
> Email claims as mandatory and tries to find a user based on *provided
> claim* values. [1] As of now, this validation returns user-name whenever
> a matching user is found based on order of claims. It doesn't consider all
> the claims.
>
As mentioned above, user can forced to fill any claim from the UI and the
backend API serves in a generic way by validating only the set of claims
its receives.

Thanks,

> From the client webapp it filter out First name, Last name and Email
> claims for user-name recovery along with any other mandatory claims in the
> system.
>
> [1] https://github.com/wso2-extensions/identity-governance/blob/master/
> components/org.wso2.carbon.identity.recovery/src/main/
> java/org/wso2/carbon/identity/recovery/username/
> NotificationUsernameRecoveryManager.java#L182
> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2-extensions%2Fidentity-governance%2Fblob%2Fmaster%2Fcomponents%2Forg.wso2.carbon.identity.recovery%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fidentity%2Frecovery%2Fusername%2FNotificationUsernameRecoveryManager.java%23L182=D=1=AFQjCNFVaciYduqr0Q10LuUHi2K7hx62yA>
>
> [2] https://github.com/wso2/carbon-identity-framework/
> blob/master/components/identity-mgt/org.wso2.carbon.
> identity.mgt.endpoint/src/main/webapp/username-recovery.jsp#L45
> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-identity-framework%2Fblob%2Fmaster%2Fcomponents%2Fidentity-mgt%2Forg.wso2.carbon.identity.mgt.endpoint%2Fsrc%2Fmain%2Fwebapp%2Fusername-recovery.jsp%23L45=D=1=AFQjCNGG3uBbYgcQQzHySILythLgJ8I9yw>
> Regards,
> -Ayesha
>
>
> On Thu, Oct 27, 2016 at 8:39 PM, Ayesha Dissanayaka <aye...@wso2.com>
> wrote:
>
>> Yes. It is not a good user experience to be able to send random email
>> address and still be able to recover information.
>>
>> Created bug jira https://wso2.org/jira/browse/IDENTITY-5284.
>>
>> On Thu, Oct 27, 2016 at 6:57 PM, Johann Nallathamby <joh...@wso2.com>
>> wrote:
>>
>>> Then we need to open a "Bug" jira and fix it IMO :). The current one can
>>> be left as an improvement for future to dynamically decide to show claims
>>> to uniquely identify the user.
>>>
>>> On Thu, Oct 27, 2016 at 6:15 PM, Ayesha Dissanayaka <aye...@wso2.com>
>>> wrote:
>>>
>>>>
>>>> On Thu, Oct 27, 2016 at 6:07 PM, Johann Nallathamby <joh...@wso2.com>
>>>> wrote:
>>>>
>>>>> But then at least we have to make sure all the fields that we show are
>>>>> validated. Otherwise as pointed out in the first mail it is confusing for
>>>>> the user right? Are the claims configurable? All the claims we show in the
>>>>> UI must be validated or we must not show them IMO.
>>>>>
>>>>
>>>> Agreed with Johan.
>>>> Same as I mentioned in Jira,
>>>>
>>>> "As of now if one entry is enough to identify a user in the user
>>>> stores, others get discarded. Instead it should ask for more information
>>>> from user on demand manner or should validate all the entry values at 
>>>> once."
>>>>
>>>> --
>>>> *Ayesha Dissanayaka*
>>>> Software Engineer,
>>>> WSO2, Inc : http://wso2.com
>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
>>>> 20, Palmgrove Avenue, Colombo 3
>>>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>

[Dev] WSO2 Identity Server 5.3.0 Alpha2 Released !!

[Darshana Gunawardana]

The WSO2 Identity Server team is pleased to announce the release of WSO2
Identity Server 5.3.0 Alpha2. You can download this distribution from
following locations.


Runtime : https://github.com/wso2/product-is/releases/tag/v5.3.0-alpha2
Analytics : https://github.com/wso2/analytics-is/releases/tag/v5.3.0-alpha2

Following list contains all the features, improvements and bug fixes
available with this alpha2 release.


*Runtime*
Patch

   - [IDENTITY-5206 <https://wso2.org/jira/browse/IDENTITY-5206>] - When
   Jit Provisioning, it always uses default subject ID as the username of the
   provisioning user.
   - [IDENTITY-5224 <https://wso2.org/jira/browse/IDENTITY-5224>] - "Ask
   Password" email sent randomly for some user registrations with passwords
   - [IDENTITY-5282 <https://wso2.org/jira/browse/IDENTITY-5282>] - Roles
   assigned to the users are not returning with SCIM with shared user store

Bug

   - [IDENTITY-5060 <https://wso2.org/jira/browse/IDENTITY-5060>] - Unable
   to start wso2is after configured Mysql database
   - [IDENTITY-5181 <https://wso2.org/jira/browse/IDENTITY-5181>] -
   Configured sub claim in service provider not retrieving by userinfo endpoint
   - [IDENTITY-5209 <https://wso2.org/jira/browse/IDENTITY-5209>] - Cannot
   log in while both org.wso2.carbon.identity.mgt.IdentityMgtEventListener
   and org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener
   registered
   - [IDENTITY-5232 <https://wso2.org/jira/browse/IDENTITY-5232>] - Cannot
   disable saml configuration properties in Federated authenticator.
   - [IDENTITY-5239 <https://wso2.org/jira/browse/IDENTITY-5239>] - Scope
   claims and Requested claims are compared without trimming
   - [IDENTITY-5244 <https://wso2.org/jira/browse/IDENTITY-5244>] - Issues
   when Manually terminating user session (admin feature) via portal ap
   - [IDENTITY-5259 <https://wso2.org/jira/browse/IDENTITY-5259>] - The
   roles are not coming back in scim/me - Primary userstore /me is not working
   when usernames are duplicated within userstores
   - [IDENTITY-5260 <https://wso2.org/jira/browse/IDENTITY-5260>] - JWT
   bearer grant type doesn't work with Identity Server 5.2.0 or later.
   - [IDENTITY-5319 <https://wso2.org/jira/browse/IDENTITY-5319>] -
   Identity db scripts are not synced
   - [IDENTITY-5326 <https://wso2.org/jira/browse/IDENTITY-5326>] - NPE in
   request path authenticator flow when there are mandatory claims defined
   - [IDENTITY-5345 <https://wso2.org/jira/browse/IDENTITY-5345>] - NPE if
   the response type is other than "code" or "token"

New Feature

   - [IDENTITY-5343 <https://wso2.org/jira/browse/IDENTITY-5343>] - Add
   support for OAuth 2.0 Form Post Response Mode



Analytics
Bug

   - [ANLYIS-151 <https://wso2.org/jira/browse/ANLYIS-151>] - Unable to
   import Geo Location Dataset to Postgresql
   - [ANLYIS-159 <https://wso2.org/jira/browse/ANLYIS-159>] - On 'Login
   Attempts' page, when there is no stats for last hour; donut charts relevant
   to 'last year' or 'last 30 days' filter remains for last hour filter as
   well.
   - [ANLYIS-166 <https://wso2.org/jira/browse/ANLYIS-166>] - Filter
   applied in login attempts page gets removed when navigating to
   overall/local/federated page using see more link.
   - [ANLYIS-175 <https://wso2.org/jira/browse/ANLYIS-175>] - Abnormal Long
   Session alerts are not appeared in alerts summary view
   - [ANLYIS-176 <https://wso2.org/jira/browse/ANLYIS-176>] -
   ISAnalytics-SparkScript-AlertLongSessions Spark Script doesn't execute
   in background as for the cron expression.
   - [ANLYIS-177 <https://wso2.org/jira/browse/ANLYIS-177>] - Alert
   dashboard - data table pagination filter criteria not functioning correctly
   - [ANLYIS-178 <https://wso2.org/jira/browse/ANLYIS-178>] - Default
   templated spark scripts are not getting scheduled




*How To Contribute*
Your feedback are most welcome!
Mailing Lists
Join our mailing list and correspond with the developers directly.

   - Developer List : dev@wso2.org | Subscribe <dev-requ...@wso2.org> | Mail
   Archive <http://wso2.org/mailarchive/dev/>
   - User Forum : StackOverflow
   <http://stackoverflow.com/questions/tagged/wso2is>

Reporting Issues
We encourage you to report issues, improvements and feature requests
regarding WSO2 Identity Server through public WSO2 Identity Server Runtime
JIRA <https://wso2.org/jira/browse/IDENTITY> and Analytics JIRA
<https://wso2.org/jira/browse/ANLYIS>

~ The WSO2 Identity Server Team ~

-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Delete operation on /Me endpoint in SCIM 2.0

[Darshana Gunawardana]

On Fri, Nov 11, 2016 at 10:27 AM, Vindula Jayawardana <vind...@wso2.com>
wrote:

> Hi All,
>
> In SCIM /Me endpoint, an authenticated user should be able to delete
> himself as mentioned in specification [1]. However when I try to do that
> using the current user core, I get a user store exception saying
> 'LoggedInUser Cannot delete logged in user'.
>
> One way of how I can handle this is , as mentioned in specification itself
> [2], can respond to HTTP DELETE on /Me endpoint with a HTTP status code 501
> as we can not support it.
>

+1. This is ok for C4. But with the C5 i don't think we have a restriction
on this.

Thanks,


> Or else is there any other good way of handling this ?
>
> Any thoughts on this is highly appreciated.
>
> [1] https://tools.ietf.org/html/rfc7644#section-3.2
> [2] https://tools.ietf.org/html/rfc7644#section-3.11
> --
> *Vindula Jayawardana*
> Trainee Software Engineer
> Mobile : +94 713 462554
> Email : vind...@wso2.com
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] C5 Support for filtering

[Darshana Gunawardana]

Hi,

Do we have the support for complex filters, pagination, sorting from the C5
user-core?

If not, we should support these since these are some major limitations we
had in C4 user-core and we should avoid those limitations in C5.

Thanks,

On Thu, Oct 20, 2016 at 9:41 AM, Vindula Jayawardana <vind...@wso2.com>
wrote:

> Hi Chamila,
>
> On Tue, Oct 18, 2016 at 4:18 PM, Chamila Wijayarathna <
> cdwijayarat...@gmail.com> wrote:
>
>> Hi Johann, Vindula,
>>
>> On Tue, Oct 18, 2016 at 3:59 PM, Johann Nallathamby <joh...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Tue, Oct 18, 2016 at 10:05 AM, Vindula Jayawardana <vind...@wso2.com>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> With the current user core implementation we support only the equal
>>>> filter (e.g. userName Eq "john"). However SCIM 2.0 specification [1]
>>>> specify total of 10 such simple filters and complex filters which are
>>>> combinations of simple filters using logical and grouping operators (e.g.
>>>> userType ne "Employee" and not (emails co "example.com" or
>>>> emails.value co "example.org")). As we are in the process of C5
>>>> implementation, have we considered the other filter type implementations as
>>>> well?
>>>>
>>>
>>> Yes we need to consider these features in the extended user-core
>>> implementation.
>>>
>>>>
>>>> Moreover if we are supporting the complex filters, are we supporting it
>>>> by simple filter by filter basis or the entire complex filter as a whole?
>>>> If we are looking for the simple filter by filter basis, there will be
>>>> performance issues as well.
>>>>
>>>
>>> It is better if we provide complex filters from extended user-core
>>> itself for performance reasons. However if time doesn't permit to implement
>>> all those APIs, we can have a scim UserManager implementation which will
>>> call multiple simple filters and combine the result and return. Obviously
>>> as you said performance of such implementation will be low. But it is
>>> acceptable as an interim solution until extended user-core implementation
>>> supports all the filters.
>>>
>> Can you please explain, what you refer as complex filters here? I think
>> we need to implement operators listed in table 3 and 4 in the specification
>> and implement a generic way to build complex queries reusing them. I don't
>> think it would be practical to more complex filters, there can be large
>> amount of complex filters that can be created by combining these simple
>> filter. Please correct me if I'm wrong.
>>
>
> What I meant by complex filters is exactly what you have mentioned above.
> Yes we can build large amount of complex filters (complex queries) by
> combining the simple filters using operators listed in table 3 and 4.
>
>>
>> Also what different would it made when we are handling these filters in
>> user-core level and when handling using scimUserManager level? Are you
>> reffering to the fact that when we need "username sw a" , we can retrieve
>> only  the users who have username start with 'a' from database/ldap, so
>> that we can achieve higher performance?
>>
>> In addition to that, I believe it would be good to consider other SCIM
>> operations such as sorting and pagination at the same time. If we can come
>> up with a generic design, that would be better. Otherwise, we'll have to
>> put a huge effort to embed those functionalities again.
>>
>
> Yes agree. We need a generic design which will ease our work in the long
> run.
>
>>
>> Cheers
>> -Chamila
>>
>>>
>>>> Any thoughts on the matter is highly appreciated.
>>>>
>>>> [1] https://tools.ietf.org/html/rfc7644#section-3.4.2.2
>>>>
>>>> Thank you,
>>>>
>>>> *Vindula Jayawardana*
>>>> Trainee Software Engineer
>>>> Mobile : +94 713 462554
>>>> vind...@wso2.com
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>>
&g

Re: [Dev] Current time is not picked by XACML engine

[Darshana Gunawardana]

On Mon, Oct 31, 2016 at 11:43 AM, Pulasthi Mahawithana <pulast...@wso2.com>
wrote:

> Hi Asela,
>
> On Mon, Oct 31, 2016 at 9:36 AM, Asela Pathberiya <as...@wso2.com> wrote:
>
>>
>>
>> On Sun, Oct 30, 2016 at 8:07 PM, Pulasthi Mahawithana <pulast...@wso2.com
>> > wrote:
>>
>>> Hi,
>>>
>>> I wrote a XACML policy which has a rule involving the current time. When
>>> a request is made the XACML response is given as below.
>>>
>>> >> lt>Indeterminate>> Value="urn:oasis:names:tc:xacml:1.0:status:missing-attribute"/>Couldn't
>>> find AttributeDesignator attribute
>>> http://www.w3.org/20
>>> 01/XMLSchema#time" Category="urn:oasis:names:tc:x
>>> acml:3.0:attribute-category:environment" >
>>> 
>>>
>>> Although the "CurrentEnvModule" class is able to provide the current
>>> time. It is not not even called.
>>>
>>> When I debugged for the reason, I found out that at [1], the callHelper
>>> method (which will pick the missing values from attribute finders) is not
>>> called when the 'mapAttributes' do not have the category of the missing
>>> attribute. Since the 'mappedAttributes' are taken from the XACML request,
>>> according to the current implementation, The request should have at least
>>> one attribute each from the categories we include in the policy. In my case
>>> I need to send an attribute from "urn:oasis:names:tc:xacml:3.0:
>>> attribute-category:environment" category in the XACML request in order
>>> to get the current time.
>>>
>>> Is this intentional? Shouldn't we move the code at [1] to L146?
>>>
>>
>> Yes.. it seems to be.  Please check line 5277 in XACML spec [2]
>>
>> [2] http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
>>
>
> From this section what I interpret is, If we are sending any attributes in
> XACML request related to environment, we should send them under
> "urn:oasis:names:tc:xacml:3.0:attribute-category:environment" category.
> Not under any other category. It doesn't mean that we must send them in
> request (if we are using them in policies). Please correct me if I got it
> wrong.
>

+1

>
>
>>
>>
>>>
>>> [1] https://github.com/wso2/balana/blob/master/modules/balan
>>> a-core/src/main/java/org/wso2/balana/ctx/xacml3/XACML3Evalua
>>> tionCtx.java#L142-L144
>>> --
>>> *Pulasthi Mahawithana*
>>> Senior Software Engineer
>>> WSO2 Inc., http://wso2.com/
>>> Mobile: +94-71-5179022
>>> Blog: http://blog.pulasthi.org
>>>
>>> <https://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>>  +358 449 228 979
>>
>> http://soasecurity.org/
>> http://xacmlinfo.org/
>>
>
>
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022
> Blog: http://blog.pulasthi.org
>
> <https://wso2.com/signature>
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS-5.3.0-M5] User-name recovery for users in secondary user-store and email users

[Darshana Gunawardana]

On Fri, Oct 28, 2016 at 3:27 PM, Ayesha Dissanayaka <aye...@wso2.com> wrote:

> Hi,
>
> In IS-5.3.0-M5, configured a secondary user-store _TEST_ and added a user
> with username "ayesha" into TEST domain. Then updated profile information,
> Firstname, Lastname and email accordingly. Now from dashboad app when
> trying to recover username for this user, the email sent to ayesha's email
> address says the username is "ayesha".
>
> However, we cannot login to dashboad with username "ayesha" as it is in
> secondary user-store.
>

This should be possible. Are you getting any errors in UI or in console? If
not can you enable debug logs in user.core and see any error getting
printed?

Thanks,


> Instead has to use TEST/ayesha as the username.
>
> In this case shouldn't the recovery email send the username along with
> domain name.(ex: TEST/ayesha)?
>
> Similarly, when email username is used (ex: aye...@wso2.com) in-order to
> login to dashboard app need to provide tenant domain as well. (i.e.
> aye...@wso2.com@carbon.super). But recovery email sends the username as "
> aye...@wso2.com" which is not able to log-into dashboard.
>
> What should be the correct behavior here?
>
> [Note: To enable email user-names, I only changed relavent reg-ex in
> user-mgt.xml.  Didn't enable EnableEmailUserName property in carbon.xml,
> since it blocks working with tenant users]
>
> Thanks!
> -Ayesha
>
> --
> *Ayesha Dissanayaka*
> Software Engineer,
> WSO2, Inc : http://wso2.com
> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
> 20, Palmgrove Avenue, Colombo 3
> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS-5.3.0-M5] What is the use of asking for email when "Username Recovery with email notification"

[Darshana Gunawardana]

As per the initial design, these entries used to filter a unique user. No
more validations.

If two users in the system having the firstname 'Darshana' then it will
check for the last name to get the unique user and keep on using additional
attributes until it can point to a unique user.

We should be able to change the entries that show in this recovery UI as
well.



On Thu, Oct 27, 2016 at 4:56 PM, Johann Nallathamby <joh...@wso2.com> wrote:

> Those claims are asked for user verification. Ideally the email you give
> here must match the one in your profile and it must be used to send the
> mail. If its working with two email addresses then there is some
> configuration issue.
>
> On Thu, Oct 27, 2016 at 4:50 PM, Ayesha Dissanayaka <aye...@wso2.com>
> wrote:
>
>> Hi,
>>
>> While testing 5.3.0-M5, I observe that it asks for below entires in order
>> to recover the username.
>>
>>-
>> *First name *
>>-
>> *Last name *
>>- *Email*
>>
>> Regardless of the value that we provide for *Email* field in User-name
>> Recovery page, correct username is emailed to the email address provided in
>> the user profile, if correct First name and Last name is provided.
>>
>> What is the purpose of asking for email here in recovery page?
>>
>> Regards,
>> -Ayesha
>>
>> --
>> *Ayesha Dissanayaka*
>> Software Engineer,
>> WSO2, Inc : http://wso2.com
>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
>> 20, Palmgrove Avenue, Colombo 3
>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Technical Lead & Product Lead of WSO2 Identity Server
> Governance Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 Identity Server 5.2.0- RC1

[Darshana Gunawardana]

Hi Devs,

Tested,

   - SAML SSO
   - Federation
   - JIT Provisioning
   - Google Provisioning

Did not find any blocking issue.

So here's my vote,

[+] Stable - go ahead and release

Thanks,

On Wed, Sep 14, 2016 at 2:59 AM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

> Tested IS Analytics including
>
>
>1. Enabling and disabling analytics (publishers),
>2. Data publishing through publishers.
>3. Analytics Dashboard functionalities.
>4. Session Analytics
>5. Login Analytics
>
>
>-  Variation over time
>-  Drilling down from different attributes
>-  Content of data table
>
> No blocking issues found.
> [+] Stable - go ahead and release
>
>
> On Sat, Sep 10, 2016 at 7:48 AM, Kasun Bandara <kas...@wso2.com> wrote:
>
>> Hi All,
>>
>> This is the 1st Release Candidate of WSO2 Identity Server 5.2.0
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> This release fixes the following issues:
>> https://wso2.org/jira/issues/?filter=13329
>>
>> Source and distribution
>>
>> Run-time   : https://github.com/wso2/produc
>> t-is/releases/tag/v5.2.0-rc1
>> Analytics   : https://github.com/wso2/analyt
>> ics-is/releases/tag/v5.2.0-rc1
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> - WSO2 Identity Server Team -
>>
>> --
>> Kasun Bandara
>> *Software Engineer*
>> Mobile : +94 (0) 718 338 360
>> <%2B94%20%280%29%20773%20451194>
>> kas...@wso2.com <thili...@wso2.com>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Installing APIM features to IS 5.2.0 beta2 pack says No features to be installed

[Darshana Gunawardana]

Hi Harsha,

Sorry, my understanding was APIM 2.0.0 KM version is 5.0.3. As per your
above reply it seems to be 6.0.4.

IS 5.2.0 should compatible with APIM 2.0.0 for KM installation. So we
should try KM 6.0.4 feature installation in IS 5.2.0. @Kavitha : Can you
please try that.

Thanks,

On Wed, Aug 24, 2016 at 11:47 PM, Harsha Kumara <hars...@wso2.com> wrote:

> Hi Darshana,
>
> It was due to version ranges of dependent feature that we specified in the
> key manager features doesn't match with feature version in IS 5.2.0-beta.
> We also haven't had a deep look on installing 5.0.3 version on IS 5.2.0
> releases.
>
> @kavitha Any reason we going to try 5.0.3 features with IS 5.2.0 beta
> instead of trying latest APIM feature versions which is 6.0.4. During the
> latest release we installed 6.0.4 features on IS 5.2.0 release.
>
> Thanks,
> Harsha
>
> On Wed, Aug 24, 2016 at 11:10 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Hi Harsha,
>>
>> Can you bit explain what was the issue?
>>
>> Thanks,
>>
>> On Wed, Aug 24, 2016 at 11:03 PM, Harsha Kumara <hars...@wso2.com> wrote:
>>
>>> Hi Kavitha,
>>>
>>> We won't be able to install 5.0.3 features on top of IS 5.2.0-beta due
>>> to dependency issues.
>>>
>>> Thanks,
>>> Harsha
>>>
>>> On Wed, Aug 24, 2016 at 5:52 PM, Kavitha Subramaniyam <kavi...@wso2.com>
>>> wrote:
>>>
>>>> Thanks Kasun.
>>>>
>>>> On Wed, Aug 24, 2016 at 5:50 PM, Kavitha Subramaniyam <kavi...@wso2.com
>>>> > wrote:
>>>>
>>>>> Found a public jira[1] created and updated the latest comment
>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4842
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Wed, Aug 24, 2016 at 5:21 PM, Kavitha Subramaniyam <
>>>>> kavi...@wso2.com> wrote:
>>>>>
>>>>>> Hi IS team,
>>>>>>
>>>>>> Here I'm using IS 5.2.0 beta2 (24/08 build) pack and p2 repo (4.4.7 -
>>>>>> P2 Repo - WSO2 API Manager 2.0.0) available here [1]. Once the repo
>>>>>> added, I could find the feature list 'API Key Manager 5.0.3' and I
>>>>>> was trying to install it; But cannot go with next and there were no
>>>>>> features to be installed (feature.jpeg showing the message displayed).
>>>>>>
>>>>>> Why this message comes and what would be done to install the features
>>>>>> success?
>>>>>>
>>>>>> [1] http://wso2.com/products/carbon/release-matrix/
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Kavitha.S
>>>>>> *Software Engineer -QA*
>>>>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>>>> kavi...@wso2.com <thili...@wso2.com>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Kavitha.S
>>>>> *Software Engineer -QA*
>>>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>>> kavi...@wso2.com <thili...@wso2.com>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Kavitha.S
>>>> *Software Engineer -QA*
>>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>> kavi...@wso2.com <thili...@wso2.com>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Harsha Kumara
>>> Software Engineer, WSO2 Inc.
>>> Mobile: +94775505618
>>> Blog:harshcreationz.blogspot.com
>>>
>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>
>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618
> Blog:harshcreationz.blogspot.com
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Installing APIM features to IS 5.2.0 beta2 pack says No features to be installed

[Darshana Gunawardana]

Hi Harsha,

Can you bit explain what was the issue?

Thanks,

On Wed, Aug 24, 2016 at 11:03 PM, Harsha Kumara <hars...@wso2.com> wrote:

> Hi Kavitha,
>
> We won't be able to install 5.0.3 features on top of IS 5.2.0-beta due to
> dependency issues.
>
> Thanks,
> Harsha
>
> On Wed, Aug 24, 2016 at 5:52 PM, Kavitha Subramaniyam <kavi...@wso2.com>
> wrote:
>
>> Thanks Kasun.
>>
>> On Wed, Aug 24, 2016 at 5:50 PM, Kavitha Subramaniyam <kavi...@wso2.com>
>> wrote:
>>
>>> Found a public jira[1] created and updated the latest comment
>>> [1] https://wso2.org/jira/browse/IDENTITY-4842
>>>
>>> Thanks,
>>>
>>> On Wed, Aug 24, 2016 at 5:21 PM, Kavitha Subramaniyam <kavi...@wso2.com>
>>> wrote:
>>>
>>>> Hi IS team,
>>>>
>>>> Here I'm using IS 5.2.0 beta2 (24/08 build) pack and p2 repo (4.4.7 -
>>>> P2 Repo - WSO2 API Manager 2.0.0) available here [1]. Once the repo
>>>> added, I could find the feature list 'API Key Manager 5.0.3' and I was
>>>> trying to install it; But cannot go with next and there were no features to
>>>> be installed (feature.jpeg showing the message displayed).
>>>>
>>>> Why this message comes and what would be done to install the features
>>>> success?
>>>>
>>>> [1] http://wso2.com/products/carbon/release-matrix/
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> --
>>>> Kavitha.S
>>>> *Software Engineer -QA*
>>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>> kavi...@wso2.com <thili...@wso2.com>
>>>>
>>>
>>>
>>>
>>> --
>>> Kavitha.S
>>> *Software Engineer -QA*
>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>> kavi...@wso2.com <thili...@wso2.com>
>>>
>>
>>
>>
>> --
>> Kavitha.S
>> *Software Engineer -QA*
>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>> kavi...@wso2.com <thili...@wso2.com>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618
> Blog:harshcreationz.blogspot.com
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Jaggerry][BPS] Check user permission using jaggery user.User not working for tenants

[Darshana Gunawardana]

Hi Milinda,

How this user.isAuthorized() method implemented? Is it invoking
getAllowedUIResourcesForUser() internally?

Thanks,

On Wed, Jul 27, 2016 at 11:55 AM, Milinda Perera <milin...@wso2.com> wrote:

> Hi,
>
> We are checking the user permission in jaggery in following way:
>
> function isUserAuthorized(username, permission, action, bpsUrl){
> var carbon = require('carbon'),
> process = require('process'),
> srv = new carbon.server.Server({url: bpsUrl}),
> tenantId = carbon.server.tenantId(),
> userManager = new carbon.user.UserManager(srv, tenantId),
> user = new carbon.user.User(userManager, username);
> return user.isAuthorized(permission, action);
> }
>
> it works perfectly fine for super tenant but get false for tenant users
> even they have relevant permission.
>
> Thanks,
> Milinda
>
> --
> Milinda Perera
> Software Engineer;
> WSO2 Inc. http://wso2.com ,
> Mobile: (+94) 714 115 032
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [AppM] SAML response signature validation in tenants

[Darshana Gunawardana]

On Fri, Aug 19, 2016 at 10:25 AM, Johann Nallathamby <joh...@wso2.com>
wrote:

> This is what we have the SSO agent for.
>

SSO Agent is not carbon specific. Hence it does not have reading tenant's
key and validating the signature.

SSO Agent have an interface to plug carbon use cases. AS SSO valve
reference shared above have that specific implementation. That
implementation invoked via sso agent.

Thanks


> @Rushmin, did you check the SSOAgent code? This was improved recently also
> and is used in AS 6.0. The goal of the implementation was to make it a
> library to be used everywhere in the platform. Can you please check on
> that? If there are any limitations we need to fix that library and try to
> use it everywhere we need it.
>
> Please check with Kernel team where to get this and use this.
>
> On Fri, Aug 19, 2016 at 9:56 AM, Ishara Karunarathna <isha...@wso2.com>
> wrote:
>
>> Hi,
>>
>> On Fri, Aug 19, 2016 at 9:47 AM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Thu, Aug 18, 2016 at 4:43 PM, Rushmin Fernando <rush...@wso2.com>
>>> wrote:
>>>
>>>>
>>>> In current App Manager the service providers of tenants are getting
>>>> created in the super tenant space.
>>>>
>>>> We are in the process of creating the service providers in the relevant
>>>> tenants.
>>>>
>>>> In the app manager gateway, we use SAML SSO to authenticate the users,
>>>> and the aforementioned service providers are used.
>>>>
>>>> When it comes to validating the the SAML response signature, I can see
>>>> that we can re-use
>>>> *org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil::getX509CredentialImplForTenant()*
>>>>
>>>> As per the code, it uses the tenant key store to get the certificates.
>>>> And we can get the certificate by using the tenant name as the alias
>>>>
>>>> @IS team, do you see any issues with re-using this code in our gateway ?
>>>>
>>>
>>> Using this util makes gateway -which is a client side(sp) component-
>>> depends on the SAML component -which is server side(idp) component-
>>>
>>> IMO, its not nice to have that dependency. Once example is, this
>>> dependency will expose you a samlsso (idp) endpoint from the gateway. And
>>> also gateway profile would need to have saml components and makes you to
>>> have whole framework related dependencies as well.
>>>
>>> Thinking about client side (sp) components which already doing this
>>> there are two components we have in wso2 platform.
>>> 1. Carbon SAML authenticator : https://github.com/wso2-exte
>>> nsions/identity-carbon-auth-saml2
>>> 2. AS SSO valve : https://github.com/wso2/carb
>>> on-deployment/blob/4.7.x/components/webapp-mgt/org.wso2.carb
>>> on.webapp.mgt/src/main/java/org/wso2/carbon/webapp/mgt/
>>> sso/SAMLSignatureValidatorImpl.java
>>>
>>> Better to use utls from those two components, if we have such methods.
>>> Most suitable component for gateway is #2, since carbon authenticator don't
>>> have usage in gateway.
>>>
>>> I guess it's even worthy initiate separate component to handle all these
>>> saml utils, given that we have isolated components across the platform and
>>> we have to fix huge number of components if we identified a core issue.
>>>
>> +1 with darshans idea. And later better to have some common set of
>> libraries to handle this kind of scenarios.
>>
>>>
>>> Thanks,
>>>
>>>
>>>> @Amila, in a cloud story do we need to configure the key aliases for
>>>> each tenant or can we live with the default alias (which is the tenant
>>>> domain name) ?
>>>>
>>>>
>>>>
>>>> --
>>>> *Best Regards*
>>>>
>>>> *Rushmin Fernando*
>>>> *Technical Lead*
>>>>
>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>>
>>>> mobile : +94772891266
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>
>>
>>
>>
>> --
>> Ishara Karunarathna
>> Associate Technical Lead
>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>
>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>> +94717996791
>>
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Technical Lead & Product Lead of WSO2 Identity Server
> Governance Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [AppM] SAML response signature validation in tenants

[Darshana Gunawardana]

On Thu, Aug 18, 2016 at 4:43 PM, Rushmin Fernando <rush...@wso2.com> wrote:

>
> In current App Manager the service providers of tenants are getting
> created in the super tenant space.
>
> We are in the process of creating the service providers in the relevant
> tenants.
>
> In the app manager gateway, we use SAML SSO to authenticate the users, and
> the aforementioned service providers are used.
>
> When it comes to validating the the SAML response signature, I can see
> that we can re-use
> *org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil::getX509CredentialImplForTenant()*
>
> As per the code, it uses the tenant key store to get the certificates. And
> we can get the certificate by using the tenant name as the alias
>
> @IS team, do you see any issues with re-using this code in our gateway ?
>

Using this util makes gateway -which is a client side(sp) component-
depends on the SAML component -which is server side(idp) component-

IMO, its not nice to have that dependency. Once example is, this dependency
will expose you a samlsso (idp) endpoint from the gateway. And also gateway
profile would need to have saml components and makes you to have whole
framework related dependencies as well.

Thinking about client side (sp) components which already doing this there
are two components we have in wso2 platform.
1. Carbon SAML authenticator :
https://github.com/wso2-extensions/identity-carbon-auth-saml2
2. AS SSO valve :
https://github.com/wso2/carbon-deployment/blob/4.7.x/components/webapp-mgt/org.wso2.carbon.webapp.mgt/src/main/java/org/wso2/carbon/webapp/mgt/sso/SAMLSignatureValidatorImpl.java

Better to use utls from those two components, if we have such methods. Most
suitable component for gateway is #2, since carbon authenticator don't have
usage in gateway.

I guess it's even worthy initiate separate component to handle all these
saml utils, given that we have isolated components across the platform and
we have to fix huge number of components if we identified a core issue.

Thanks,


> @Amila, in a cloud story do we need to configure the key aliases for each
> tenant or can we live with the default alias (which is the tenant domain
> name) ?
>
>
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>
> mobile : +94772891266
>
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on C5 permission model

[Darshana Gunawardana]

On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <prabus...@wso2.com>
wrote:

>
> Hi All,
>
> 1. Is there an  API method to get all the resources permitted to a
> particular user or a role?
>
> 2. With this permission model, are we going to introduce the email based
> authentication for the products, or remain with the username model?
>

New model should not treat email type usernames specifically.. ie. it
should work for both types of usernames without turning on of specific
configuration\flag.

Can you please explain why this is a concern for you?

Thanks,

>
> 3. In our current management console, we have one view to create the user,
> and another view to create the user profile according to the given
> http://wso2.org/claims. Is there a particular reason to have the user
> profile in a separate view? Do we need to have two views for user creation
> and profile in C5 model also?
>
> Any clarification on above matters is appreciated.
>
> Thanks and Regards,
> Prabushi
>
> --
> *Prabushi Samarakoon*
> Software Engineer
> Mobile: +94715434580
> Email: prabus...@wso2.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS-Analytics] Tenant domain of a login event using SaaS applicatioin.

[Darshana Gunawardana]

On Fri, Jul 15, 2016 at 3:47 PM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

> Hi All,
>
> For SaaS application what is the tenant domain related to a login event ?
> Is that the tenant domain which the SP is registered or is that the logged
> in user's tenant domain ?.
>
> If we consider sending out tenant domain as just a record, it's fine to
> add either (reasonable). But the problem is we need a specific tenant
> domain to publish this event. According to the current way of event
> publishing to the DAS, we need to start a tenant flow before publishing. In
> this case we need a specific tenant domain to publish this event. Or else
> do we need to publish this event to both tenant domains (starting two
> tenant flows) in a case of SaaS app ?.
>

+1

>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APPM] Role restricted apps are not visible to authorized users in tenant mode

[Darshana Gunawardana]

For UserstoreManager APIs it should pass tenant aware username.

>From realm service you get the 'tenant user realm' by providing the tenant
domain. After you pick up the specific realm(within a given realm) all
operations done in tenant aware manner. Same applies to user store manager
APIs.

Regards,

On Thu, Jul 14, 2016 at 11:09 AM, Thilini Shanika <thili...@wso2.com> wrote:

> Hi all,
>
> In App Manager the issue [1] has been reported due to the current behavior
> in artifact filtering in registry SolrClient. In tenant mode, if we set the
> fully qualified tenant username as the logged in user in App Store, in
> artifacts filtering in registry, primary role restricted apps are not
> retrieved for users with allowed read permissions. When we dig into the
> code base, we have noticed the following behaviour related to user core.
>
>- In SolrCient, artifacts are filtered based on the role list of users
>that has been retrieved by getRoleListOfUser(username) method in user core.
>- In user core, when we provide fully qualified tenant username as the
>username (ie: subscri...@wso2.com) in getRoleListOfUser(),  the
>primary roles are not retrieved( But the correct role list of internal
>roles are retrieved ie : Internal/subscriber)
>- So that the primary role restricted artifacts are not visible for
>users who has been assigned with permitted roles.
>
> Is this the expected behaviour? Your help in this is highly appreciated.
>
> [1] - https://wso2.org/jira/browse/APPM-1554
>
> --
> Thilini Shanika
> Senior Software Engineer
> WSO2, Inc.; http://wso2.com
> 20, Palmgrove Avenue, Colombo 3
>
> E-mail: tgtshan...@gmail.com
>
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: [IS] Missing requirement in building product-is from source

[Darshana Gunawardana]

x:maven-scr-plugin:1.7.2:scr (generate-scr-scrdescriptor) 
>>>>>> on
>>>>>> project org.wso2.carbon.identity.application.authentication.framework:
>>>>>> Execution generate-scr-scrdescriptor of goal
>>>>>> org.apache.felix:maven-scr-plugin:1.7.2:scr failed: Comparison method
>>>>>> violates its general contract! -> [Help 1]"
>>>>>>
>>>>>> I google and found that this is a known bug of apache felix, but it
>>>>>> didn't provide and solid way to solve other than to change jdk version
>>>>>> I tried changing version with no luck, any ideas?
>>>>>>
>>>>>> Also found similar error in dev list
>>>>>> http://mail.wso2.org/mailarchive/dev/2015-June/049912.html
>>>>>>
>>>>>> Thank You
>>>>>>
>>>>>> On Wed, Apr 27, 2016 at 4:46 PM, Chamila Wijayarathna <
>>>>>> cham...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi Manujith,
>>>>>>>
>>>>>>> It seems like your identity-framework or product-is is not upto date.
>>>>>>>
>>>>>>> Can you check what are the latest commits in both repos using git
>>>>>>> log and check if commits merged within last few days are there in your
>>>>>>> local repo?
>>>>>>>
>>>>>>> Thank You!
>>>>>>>
>>>>>>> On Wed, Apr 27, 2016 at 3:56 PM, Manujith Pallewatte <
>>>>>>> manujith...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I'm trying to setup the development environment to start working
>>>>>>>> for GSOC on the identity server, and I already downloaded and build the
>>>>>>>> carbon-identity-framework repo along with the extensions as mentioned 
>>>>>>>> in [1]
>>>>>>>>
>>>>>>>> Now I'm trying to build product-is from source as well, to make
>>>>>>>> sure I have all the dependencies before doing in changes to the 
>>>>>>>> source, but
>>>>>>>> running maven install in product is gives the following error
>>>>>>>>
>>>>>>>> "Missing requirement: Application Authentication Framework Server
>>>>>>>> Feature 5.0.9.SNAPSHOT
>>>>>>>> (org.wso2.carbon.identity.application.authentication.framework.server.feature.group
>>>>>>>> 5.0.9.SNAPSHOT) requires
>>>>>>>> 'org.wso2.carbon.tenant.mgt.common.server.feature.group [4.4.8,4.5.0)' 
>>>>>>>> but
>>>>>>>> it could not be found"
>>>>>>>>
>>>>>>>> I check the local maven repo and this package isnt available in it,
>>>>>>>> so why is maven not downloading this from the remote repository?
>>>>>>>>
>>>>>>>> Thank You
>>>>>>>>
>>>>>>>>
>>>>>>>> [1] https://gist.github.com/pulasthi7/3d365a3345371fd63f74
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> [image: Manujith Pallewatte on about.me]
>>>>>>>>
>>>>>>>> Manujith Pallewatte
>>>>>>>> about.me/manzzup
>>>>>>>>   <http://about.me/manzzup>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Chamila Dilshan Wijayarathna,*
>>>>>>> Software Engineer
>>>>>>> Mobile:(+94)788193620
>>>>>>> WSO2 Inc., http://wso2.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>>
>>>>>>
>>>>>> [image: Manujith Pallewatte on about.me]
>>>>>>
>>>>>> Manujith Pallewatte
>>>>>> about.me/manzzup
>>>>>>   <http://about.me/manzzup>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Chamila Dilshan Wijayarathna,*
>>>>>> Software Engineer
>>>>>> Mobile:(+94)788193620
>>>>>> WSO2 Inc., http://wso2.com/
>>>>>>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>> [image: Manujith Pallewatte on about.me]
>>>>>
>>>>> Manujith Pallewatte
>>>>> about.me/manzzup
>>>>>   <http://about.me/manzzup>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>> [image: Manujith Pallewatte on about.me]
>>>>
>>>> Manujith Pallewatte
>>>> about.me/manzzup
>>>>   <http://about.me/manzzup>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *Malithi Edirisinghe*
>>> Senior Software Engineer
>>> WSO2 Inc.
>>>
>>> Mobile : +94 (0) 718176807
>>> malit...@wso2.com
>>>
>>
>>
>>
>> --
>>
>> *Malithi Edirisinghe*
>> Senior Software Engineer
>> WSO2 Inc.
>>
>> Mobile : +94 (0) 718176807
>> malit...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950
>
> http://facilelogin.com
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Need a org.wso2.carbon.identity.saml.common bundle

[Darshana Gunawardana]

Will this be a seperate repo?

On Saturday, 25 June 2016, Omindu Rathnaweera <omi...@wso2.com> wrote:

> +1 for having a common bundle. Also if we are to bootstrap opensaml in the
> bundle's activator, better to do it in a manner so that the server startup
> time will not get affected.
>
> Regards,
> Omindu.
>
> On Sat, Jun 25, 2016 at 12:00 AM, Malithi Edirisinghe <malit...@wso2.com
> <javascript:_e(%7B%7D,'cvml','malit...@wso2.com');>> wrote:
>
>> +1
>>
>> We are also packing opensaml bundle with several features. I think it's
>> better if we can pack only from a common feature.
>>
>> Thanks,
>> Malithi.
>>
>> On Fri, Jun 24, 2016 at 11:16 PM, Farasath Ahamed <farasa...@wso2.com
>> <javascript:_e(%7B%7D,'cvml','farasa...@wso2.com');>> wrote:
>>
>>> +1.
>>>
>>> Currently, we are bootstrapping the OpenSAML library once in each of the
>>> above-mentioned components once. Bootstrapping OpenSAML is a heavy
>>> operation and it is only required to be done once within a JVM. We can
>>> avoid bootstrapping more than once if we could do it within the activator
>>> of this proposed SAML common bundle.
>>>
>>> Thanks.
>>>
>>> Farasath Ahamed
>>> Software Engineer,
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>>
>>> Email: farasa...@wso2.com
>>> <javascript:_e(%7B%7D,'cvml','farasa...@wso2.com');>
>>> Mobile: +94777603866
>>> Blog: blog.farazath.com
>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>
>>> On Fri, Jun 24, 2016 at 10:56 PM, Johann Nallathamby <joh...@wso2.com
>>> <javascript:_e(%7B%7D,'cvml','joh...@wso2.com');>> wrote:
>>>
>>>> We have many bundles using SAML2. Inbound and outbound SAML2 SSO
>>>> authenticators, Carbon authenticators, SAML2 grant type in OAuth2, SAML2
>>>> STS, Passive STS, entitlement, etc. Following items are seen duplicated in
>>>> these components.
>>>>
>>>> 1. Utility methods
>>>> 2. Constants
>>>> 3. Bootstrapping the OpenSAML library
>>>>
>>>> If we introduce a  org.wso2.carbon.identity.saml.common bundle we can
>>>> have all these stuff in this single component and avoid all the problems.
>>>> This bundle can be a dependency to all the necessary components and packed
>>>> in all relevant features.
>>>>
>>>> Created JIRA: https://wso2.org/jira/browse/IDENTITY-4729
>>>>
>>>> --
>>>> Thanks & Regards,
>>>>
>>>> *Johann Dilantha Nallathamby*
>>>> Technical Lead & Product Lead of WSO2 Identity Server
>>>> Governance Technologies Team
>>>> WSO2, Inc.
>>>> lean.enterprise.middleware
>>>>
>>>> Mobile - *+9476950*
>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>>>
>>>
>>>
>>
>>
>> --
>>
>> *Malithi Edirisinghe*
>> Associate Technical Lead
>> WSO2 Inc.
>>
>> Mobile : +94 (0) 718176807
>> malit...@wso2.com <javascript:_e(%7B%7D,'cvml','malit...@wso2.com');>
>>
>
>
>
> --
> Omindu Rathnaweera
> Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Force Password Reset and Password History validation

[Darshana Gunawardana]

Hi,

As I see these two requirements are orthogonal and better to discuss in
separate threads. If we consider one by one,

1. Password History Validation.

This is another layer of password pattern validation, which is done when an
user try to change his password.

Hashing method of old password matters only to this requirement and IMO we
should treat old passwords in the same manner for the current password,
hence the default option would be set the same hashing mechanism for both
old and current passwords. Having a configuration to override this
behaviour and set any password hashing mechanism is fine..

But if we implement  "allowing to change hashing algorithm", it would be
tricky to move current password to idn_password_history_data table with the
new hashing in scenarios like "password recovery", "change password by
admin" where old password is not provided.

One other thing should take note is, password hashing algorithm can vary
from one user store to another, hence hashing algorithm should be a picked
from idn_password_history_data table.


2. Force Password Reset.

This policy enforced when an user try to login.

During login, if user subjected to this policy, the default behaviour would
be to force to change password. As Dulanja mentioned, it will be useful
make password reset optional and give user to skip it, if the admin enable
that option.

If user wanted\have to change the password, it would initiate password
change flow... then depending on the Password history validation feature is
enabled or any other password policy is enabled, user have to enter suited
new password. My point is, Force password reset feature should take care
upto only initiating the password change flow, rest of the password change
flow is depends on password policy features.

As I recall, there was some other requirement came up with this feature
where an user should get an notification before (2weeks, 3days, 1day...
etc) he\she reach to the threshold period. We should implement these
features, in a way we could easily implement such supplementary requirments
as well.


If we consider generally for both these features,

1. What would needed to be configurable for service provider \ application
wise?
> IMO, Force Password Reset feature would be a configurable option for
service provider wise. Having this feature enabled for a service provider
would contribute towards to strong authentication index.

2. How to get use of underlying user store implementations?
> Some userstore implementations (LDAP\AD) do have OOTB support for both
these features. Its better if we can come up with a model where we can get
use of those implementations.

Thanks,
Darshana

On Mon, Jun 20, 2016 at 3:43 PM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> Hi,
>
>
>> All the passwords which are supposed to store in this table are old
>>> passwords (expired).
>>>
>>> - I think we don't need to use the same  password hashing algorithm
>>> (with or without salted value) which is defined user-mgt.xml for password
>>> history validation.
>>>
>>
>> IMO using the same hashing algo is cleaner. Isn't the current password
>> also stored in this table? If stored, it's mandatory to use salting.
>>
>
> I believe we should use either the hashing algorithm specified in the
> user-mgt.xml or provide a separate config to specify a hashing algo for
> password history.
>
> Consider the following scenario.
>
> Let's say we have specified the hashing algo in user-mgt.xml as SHA-512
> and we use SHA-256 (hard coded) to store old passwords. Given that the user
> has the option to maintain the old password during a periodic password
> reset, then the old password will be the same as the existing password if
> the user decides to stick with the old password. Now, in the history table
> the current password will be stored in a much weaker hash. This doesn't
> seems right, does it ? Also using the hashing algorithm specified in the
> user-mgt.xml or a different config means that we'll have to store the
> hashing algo in the history table.
>
> Regards,
> Omindu.
>
>
>>
>>
>>> - admin users can change other user's passwords without giving their old
>>> passwords. In that case, how can we find the old password hash value to
>>> store for password history validation?
>>>
>>>
>>> Your comments and suggestions are highly appreciated.
>>>
>>> Thanks
>>> Isura.
>>>
>>>
>>> Isura Dilhara Karunaratne
>>> Senior Software Engineer
>>>
>>> Mob +94 772 254 810
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>>

Re: [Dev] Fix for https://wso2.org/jira/browse/IDENTITY-4646

[Darshana Gunawardana]

Isura, can you please follow up on this. Thanks.

On Thursday, 16 June 2016, Vishanth Balasubramaniam <vishan...@wso2.com>
wrote:

> Hi,
>
> Please review and merge the following PRs.
>
>- https://github.com/wso2/carbon-identity-framework/pull/321
>- https://github.com/wso2/carbon-identity-framework/pull/322
>
> This is the fix for https://wso2.org/jira/browse/IDENTITY-4646
>
> To improve performance on user self registration in
> UserInformationRecoveryService of identity management.
>
> Regards,
> Vishanth
>
> --
> *Vishanth Balasubramaniam*
> Committer & PMC Member, Apache Stratos,
> Software Engineer, WSO2 Inc.; http://wso2.com
>
> mobile: *+94 77 17 377 18*
> about me: *http://about.me/vishanth <http://about.me/vishanth>*
>


-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Emm Alpha 2.1.0 first Build Errors Pls Help

[Darshana Gunawardana]

[ERROR]*
> *[ERROR]
> \JAVA\proMDM\product-emm-2.1.0-alpha\modules\apps\jax-rs\mdm-admin\src\main\java\org\wso2\carbon\mdm\api\Dashboard.java:[509,76]
> error: unreported exception DataAccessLayerException; must be caught or
> declared to be thrown*
> *[ERROR]*
> *[ERROR]
> \JAVA\proMDM\product-emm-2.1.0-alpha\modules\apps\jax-rs\mdm-admin\src\main\java\org\wso2\carbon\mdm\api\Dashboard.java:[583,14]
> error: exception SQLException is never thrown in body of corresponding try
> statement*
> *[ERROR]*
> *[ERROR]
> \JAVA\proMDM\product-emm-2.1.0-alpha\modules\apps\jax-rs\mdm-admin\src\main\java\org\wso2\carbon\mdm\api\Dashboard.java:[624,14]
> error: exception SQLException is never thrown in body of corresponding try
> statement*
> *[ERROR]*
> *[ERROR]
> \JAVA\proMDM\product-emm-2.1.0-alpha\modules\apps\jax-rs\mdm-admin\src\main\java\org\wso2\carbon\mdm\api\Dashboard.java:[574,60]
> error: unreported exception DataAccessLayerException; must be caught or
> declared to be thrown*
> *[ERROR]*
> *[ERROR]
> \JAVA\proMDM\product-emm-2.1.0-alpha\modules\apps\jax-rs\mdm-admin\src\main\java\org\wso2\carbon\mdm\api\Dashboard.java:[615,60]
> error: unreported exception DataAccessLayerException; must be caught or
> declared to be thrown*
> *[ERROR]*
> *[ERROR]
> \JAVA\proMDM\product-emm-2.1.0-alpha\modules\apps\jax-rs\mdm-admin\src\main\java\org\wso2\carbon\mdm\api\Operation.java:[126,39]
> error: method addOperation in interface DeviceManagementProviderService
> cannot be applied to given types;*
> *[ERROR] -> [Help 1]*
> *org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute
> goal org.apache.maven.plugins:maven-compiler-plugin:2.3.1:compile
> (default-compile) on project mdm-admin: Compilation failure*
> *at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)*
> *at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)*
> *at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)*
> *at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)*
> *at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)*
> *at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)*
> *at
> org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)*
> *at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)*
> *at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)*
> *at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)*
> *at org.apache.maven.cli.MavenCli.execute(MavenCli.java:862)*
> *at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:286)*
> *at org.apache.maven.cli.MavenCli.main(MavenCli.java:197)*
> *at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
> *at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
> *at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
> *at java.lang.reflect.Method.invoke(Method.java:483)*
> *at
> org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)*
> *at
> org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)*
> *at
> org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)*
> *at
> org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)*
> *Caused by: org.apache.maven.plugin.CompilationFailureException:
> Compilation failure*
> *at
> org.apache.maven.plugin.AbstractCompilerMojo.execute(AbstractCompilerMojo.java:656)*
> *at
> org.apache.maven.plugin.CompilerMojo.execute(CompilerMojo.java:128)*
> *at
> org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)*
> *at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)*
> *... 20 more*
> *[ERROR]*
> *[ERROR] Re-run Maven using the -X switch to enable full debug logging.*
> *[ERROR]*
> *[ERROR] For more information about the errors and possible solutions,
> please read the following articles:*
> *[ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
> <http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException>*
> *[ERROR]*
> *[ERROR] After correcting the problems, you can resume the build with the
> command*
> *[ERROR]   mvn  -rf :mdm-admin*
>
> *E:\JAVA\proMDM\product-emm-2.1.0-alpha>*
>



-- 
Regards,


*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Define the default authenticator/sequence to use a custom federated authenticator

[Darshana Gunawardana]

On Wed, Jun 1, 2016 at 7:03 AM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
>
> On Tue, May 31, 2016 at 10:51 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Hi Gayan,
>>
>> Ok.. What is the information you are looking for?
>>
>
> Changing default authenticator to Facebook authenticator in
> /conf/identity/service-providers/default.xml does not work as expected. Is
> there any thing wrong in my configuration ?
>

Yes. It's wrong according to 5.1.0 source. Have you followed up on the JIRA
that mentioned above? It does have relevant information.

Regards,


Regards,
>>
>> On Tue, May 31, 2016 at 9:26 PM, Gayan Gunawardana <ga...@wso2.com>
>> wrote:
>>
>>> with below configuration I am getting NPE
>>>
>>> 
>>> 
>>> 
>>> 1
>>> 
>>> 
>>>  
>>>
>>> facebook
>>>true
>>>  
>>>
>>> 
>>>
>>> FacebookAuthenticator
>>>
>>> true
>>>
>>> 
>>>  
>>>  
>>> 
>>> true
>>> true
>>> 
>>> 
>>> 
>>>
>>> ERROR
>>> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>>> -  Exception in Authentication Framework
>>> java.lang.NullPointerException
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.config.builder.UIBasedConfigurationBuilder.loadFederatedAuthenticators(UIBasedConfigurationBuilder.java:169)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.config.builder.UIBasedConfigurationBuilder.getSequence(UIBasedConfigurationBuilder.java:108)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade.getSequenceConfig(ConfigurationFacade.java:66)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.findPreviousAuthenticatedSession(DefaultRequestCoordinator.java:302)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.initializeFlow(DefaultRequestCoordinator.java:256)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:119)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
>>> at
>>> org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
>>> at
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:875)
>>> at
>>> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:191)
>>>
>>>
>>>
>>>
>>> On Sun, May 29, 2016 at 7:41 PM, Darshana Gunawardana <darsh...@wso2.com
>>> > wrote:
>>>
>>>> Also there are few complications when configuring federated scenario
>>>> for a file based service provider. Following JIRA has more information.
>>>>
>>>> https://wso2.org/jira/browse/IDENTITY-4581
>>>>
>>>> For an elegant solution, it should fix above JIRA first. Otherwise you
>>>> will be endup with duplicating the full IdP configuration inside the
>>>> service provider config.
>>>>
>>>>
>>>> On Sun, May 29, 2016 at 7:31 PM, Darshana Gunawardana <
>>>> darsh...@wso2.com> wrote:
>>>>
>>>>> Hi Farasath,
>>>>>
>>>>> It seems like my assumption is wrong. As per the code [1] doesn't read
>>>>> from application-authentication.xml to read default behaviour. It is
>>>>> reading from default service provider file
>>>>> (/conf/identity/service-providers/default.xml). IMO this is a bug, it need
>>>>> to pick that behaviour from the application-authentication.xml.
>>>>>
>>>>> [1]
>>>>> https://github.com/wso2/carbon-identity-framewo

Re: [Dev] [IS] Define the default authenticator/sequence to use a custom federated authenticator

[Darshana Gunawardana]

Hi Gayan,

Ok.. What is the information you are looking for?

Regards,

On Tue, May 31, 2016 at 9:26 PM, Gayan Gunawardana <ga...@wso2.com> wrote:

> with below configuration I am getting NPE
>
> 
> 
> 
> 1
> 
> 
>  
>
> facebook
>true
>  
>
> 
>
> FacebookAuthenticator
>
> true
>
> 
>  
>  
> 
> true
> true
> 
> 
> 
>
> ERROR
> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
> -  Exception in Authentication Framework
> java.lang.NullPointerException
> at
> org.wso2.carbon.identity.application.authentication.framework.config.builder.UIBasedConfigurationBuilder.loadFederatedAuthenticators(UIBasedConfigurationBuilder.java:169)
> at
> org.wso2.carbon.identity.application.authentication.framework.config.builder.UIBasedConfigurationBuilder.getSequence(UIBasedConfigurationBuilder.java:108)
> at
> org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade.getSequenceConfig(ConfigurationFacade.java:66)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.findPreviousAuthenticatedSession(DefaultRequestCoordinator.java:302)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.initializeFlow(DefaultRequestCoordinator.java:256)
> at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:119)
> at
> org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46)
> at
> org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37)
> at
> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:875)
>     at
> org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:191)
>
>
>
>
> On Sun, May 29, 2016 at 7:41 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Also there are few complications when configuring federated scenario for
>> a file based service provider. Following JIRA has more information.
>>
>> https://wso2.org/jira/browse/IDENTITY-4581
>>
>> For an elegant solution, it should fix above JIRA first. Otherwise you
>> will be endup with duplicating the full IdP configuration inside the
>> service provider config.
>>
>>
>> On Sun, May 29, 2016 at 7:31 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> Hi Farasath,
>>>
>>> It seems like my assumption is wrong. As per the code [1] doesn't read
>>> from application-authentication.xml to read default behaviour. It is
>>> reading from default service provider file
>>> (/conf/identity/service-providers/default.xml). IMO this is a bug, it need
>>> to pick that behaviour from the application-authentication.xml.
>>>
>>> [1]
>>> https://github.com/wso2/carbon-identity-framework/blob/master/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java#L799:L806
>>>
>>> Regards,
>>>
>>> On Sun, May 29, 2016 at 4:51 PM, Farasath Ahamed <farasa...@wso2.com>
>>> wrote:
>>>
>>>>
>>>> Hi All,
>>>>
>>>> When trying to set the "*Local & Outbound Authentication Configuration*"
>>>> for a Service Provider I noticed a default option. If someone wants to use
>>>> a custom/federated authenticator as the default option how can we achieve
>>>> this?
>>>>
>>>> Based on a discussion with Darshana, I tried to achieve this by
>>>> modifying the default sequence in application-authentication.xml file found
>>>> at IS_HOME/repository/conf/identity as below,
>>>>
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>
>>>> Even then I am redirected to use the default BasicAuthenticator
>>>> (username and password). Are there any o

Re: [Dev] [IS] Define the default authenticator/sequence to use a custom federated authenticator

[Darshana Gunawardana]

Also there are few complications when configuring federated scenario for a
file based service provider. Following JIRA has more information.

https://wso2.org/jira/browse/IDENTITY-4581

For an elegant solution, it should fix above JIRA first. Otherwise you will
be endup with duplicating the full IdP configuration inside the service
provider config.


On Sun, May 29, 2016 at 7:31 PM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi Farasath,
>
> It seems like my assumption is wrong. As per the code [1] doesn't read
> from application-authentication.xml to read default behaviour. It is
> reading from default service provider file
> (/conf/identity/service-providers/default.xml). IMO this is a bug, it need
> to pick that behaviour from the application-authentication.xml.
>
> [1]
> https://github.com/wso2/carbon-identity-framework/blob/master/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java#L799:L806
>
> Regards,
>
> On Sun, May 29, 2016 at 4:51 PM, Farasath Ahamed <farasa...@wso2.com>
> wrote:
>
>>
>> Hi All,
>>
>> When trying to set the "*Local & Outbound Authentication Configuration*"
>> for a Service Provider I noticed a default option. If someone wants to use
>> a custom/federated authenticator as the default option how can we achieve
>> this?
>>
>> Based on a discussion with Darshana, I tried to achieve this by modifying
>> the default sequence in application-authentication.xml file found at
>> IS_HOME/repository/conf/identity as below,
>>
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>
>> Even then I am redirected to use the default BasicAuthenticator (username
>> and password). Are there any other changes that need to be done to engage a
>> federated/custom authenticator as the default throughout IS?
>>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer,
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>>
>> Email: farasa...@wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>
>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Senior Software Engineer
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>



-- 
Regards,


*Darshana Gunawardana*Senior Software Engineer
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev