Re: [Dev] WSO2 IS 5.9.0 missing mysql CM_RECEIPT table ?
Hi Bernard, If you are changing the default datasource for consent (default is IDENTITY_DB), make sure you do the ncesary config changes following [1]. [1] - https://is.docs.wso2.com/en/5.9.0/setup/changing-datasource-consent-management/ Regards, Omindu. On Tue, Jan 7, 2020 at 3:45 PM Bernard Paris wrote: > Hi devs, > > I just installed WSO2 IS 590 with mysql DBs. > > I can create/edit a new service provider entry and it is shown in the > service providers list. > When I later try to delete it: > > > > In the logs : > > Caused by: java.sql.SQLSyntaxErrorException: Table > 'WSO2IS590_IDENTITY_DB.CM_RECEIPT' doesn't exist > > Strange because the CM_RECEIPT table is being looked up into > DB WSO2IS590_IDENTITY_DB, while I see this table in WSO2IS590_CONSENT_DB > > > What's the problem ?? > Thanks, > Bernard Paris > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Associate Technical Lead, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] SSO to AWS console with OIDC using WSO2 IS
Hi Nipuna, This is because we have secured the .well-known endpoint as a secure resource by default. If you check the identity.xml, you'll see an entry similar to below. Setting secured="false" (and restarting the server) should remove security from the endpoint. On Mon, Aug 5, 2019 at 4:33 PM Nipuna Prashan wrote: > Hi All, > > I need to integrate AWS console login with WSO2 IS. I found some videos > and blogs on how to achieve this using SAML, but I am interested to know > how the same can be done using OIDC which is supported by AWS. > > [image: image.png] > When configuring an identity provider from AWS console, we need to provide > the provider URL and the Audience (Client ID). I am tring this with WSO2 > Identity cloud. Therefore I tried the provider URL as > https://identity.cloud.wso2.com/oauth2/token, but the AWS console printed > the following error message. > > [image: image.png] > > Since AWS looks for .well-known/openid-configuration URL, I provided the > expected link as > https://identity.cloud.wso2.com/oauth2/oidcdiscovery/.well-known/openid-configuration. > Still > I am getting the same error message. > I got the 401 error message for an local pack curl URL as well. That > means, we have to provide basic auth credentials for OpenID Connect > Discovery. > > Sample working curl as per document [1] is curl -v -k --user admin:admin > https: > //localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration > > Is there an alternative way to achive $subject. Your thoughts would be > highly appreciated. > > [1] https://docs.wso2.com/display/IS570/OpenID+Connect+Discovery > > Regards, > Prashan. > -- > > *Nipuna Prashan* | Senior Software Engineer | WSO2 Inc. > (m) +94711852792 | | (e) pras...@wso2.com > WSO2, Inc.; http://wso2.com > > http://wso2.com/signature > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Associate Technical Lead, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Error while importing TOTPAdminService WSDL in SoapUI
Hi Chandima, Seems like having an enum in the AuthenticationContext [1] has lead to this situation. It could be that the axis2 version we are using doesn't have support for enums [2]. @IAM team In the TOTPAdmin service, we are expecting the AuthenticationContext as an input parameter for several operations.This should fixed in a backward compatible manner. Created [3] to track this. @Chandima, I don't think there's a workaround for this specific issue. Can you let us know what you are trying to achieve with the admin service to see whether there are any alternatives. [1] - https://github.com/wso2-extensions/identity-outbound-auth-totp/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/application/authenticator/totp/services/TOTPAdminService.java#L96 [2] - https://jira.apache.org/jira/browse/AXIS2-3967 [3] - https://github.com/wso2/product-is/issues/5999 Regards, Omindu. On Thu, Jul 25, 2019 at 4:59 PM Chandima Jayawickrama wrote: > Hi all, > > SoapUI gives an error as follows while trying to import the WSDL > for TOTPAdminService ( > https://:/services/TOTPAdminService?wsdl > <https://localhost:9443/services/TOTPAdminService?wsdl>). > > *Source:* https://localhost:9443/services/TOTPAdminService?wsdl > *Error:* type 'Enum@http://www.w3.org/2001/XMLSchema' not found. > > Is there a workaround for this? > Your input regarding how to proceed with this issue is highly appreciated. > > Thanks. > Best regards, > > -- > *Chandima Jayawickrama | *Software Engineer - Support | WSO2 Inc. > mobile : (+94) 770197121 | email : chandi...@wso2.com > [image: wso2-signature-general.png (439×78)] <https://wso2.com/signature> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Associate Technical Lead, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.8.0 RC3
b.com/wso2/product-is/milestone/75?closed=1> >>>>>>>- 5.8.0-Alpha5 fixes >>>>>>><https://github.com/wso2/product-is/milestone/74?closed=1> >>>>>>>- 5.8.0-Alpha4 fixes >>>>>>><https://github.com/wso2/product-is/milestone/73?closed=1> >>>>>>>- 5.8.0-Alpha3 fixes >>>>>>><https://github.com/wso2/product-is/milestone/72?closed=1> >>>>>>>- 5.8.0-Alpha2 fixes >>>>>>><https://github.com/wso2/product-is/milestone/71?closed=1> >>>>>>>- 5.8.0-Alpha fixes >>>>>>><https://github.com/wso2/product-is/milestone/70?closed=1> >>>>>>>- 5.8.0-M26 fixes >>>>>>><https://github.com/wso2/product-is/milestone/69?closed=1> >>>>>>>- 5.8.0-M25 fixes >>>>>>><https://github.com/wso2/product-is/milestone/68?closed=1> >>>>>>>- 5.8.0-M24 fixes >>>>>>><https://github.com/wso2/product-is/milestone/67?closed=1> >>>>>>>- 5.8.0-M6 fixes >>>>>>><https://github.com/wso2/product-is/milestone/64?closed=1> >>>>>>>- 5.8.0-M5 fixes >>>>>>><https://github.com/wso2/product-is/milestone/63?closed=1> >>>>>>>- 5.8.0-M4 fixes >>>>>>><https://github.com/wso2/product-is/milestone/62?closed=1> >>>>>>>- 5.8.0-M3 fixes >>>>>>><https://github.com/wso2/product-is/milestone/61?closed=1> >>>>>>>- 5.8.0-M2 fixes >>>>>>><https://github.com/wso2/product-is/milestone/60?closed=1> >>>>>>>- 5.8.0-M1 fixes >>>>>>><https://github.com/wso2/product-is/milestone/59?closed=1> >>>>>>> >>>>>>> >>>>>>> Source and distribution >>>>>>> >>>>>>> Runtime - https://github.com/wso2/product-is/releases/tag/v >>>>>>> <https://github.com/wso2/product-is/releases/download/v5.8.0-rc3/wso2is-5.8.0-rc3.zip> >>>>>>> 5.8.0-rc3 >>>>>>> <https://github.com/wso2/product-is/releases/download/v5.8.0-rc3/wso2is-5.8.0-rc3.zip> >>>>>>> Analytics - >>>>>>> https://github.com/wso2/analytics-is/releases/tag/v5.8.0-rc3 >>>>>>> <https://github.com/wso2/analytics-is/releases/download/v5.8.0-rc3/wso2is-analytics-5.8.0-rc3.zip> >>>>>>> >>>>>>> >>>>>>> Please download, test the product and vote. >>>>>>> >>>>>>> [+] Stable - go ahead and release >>>>>>> [-] Broken - do not release (explain why) >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> - WSO2 Identity and Access Management Team - >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Hasanthi Dissanayake >>>>>>> >>>>>>> Senior Software Engineer | WSO2 >>>>>>> >>>>>>> E: hasan...@wso2.com >>>>>>> M :0718407133| http://wso2.com <http://wso2.com/> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Hasanthi Dissanayake >>>>>> >>>>>> Senior Software Engineer | WSO2 >>>>>> >>>>>> E: hasan...@wso2.com >>>>>> M :0718407133| http://wso2.com <http://wso2.com/> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Shanika Wickramasinghe* >>>>> Software Engineer - QA Team >>>>> >>>>> Email: shani...@wso2.com >>>>> Mobile : +94713503563 >>>>> Web : http://wso2.com >>>>> >>>>> <http://wso2.com/signature> >>>>> >>>> >>>> >>>> -- >>>> *Isuranga Perera* | Software Engineer | WSO2 Inc. >>>> +94 71 735 7034 | isura...@wso2.com >>>> >>>> ___ >>>> Architecture mailing list >>>> architect...@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> >>> Hasanthi Dissanayake | Senior Software Engineer | WSO2 Inc. >>> (m) +94718407133 | (w) +94112145345 | Email: hasan...@wso2.com >>> >>> ___ >>> Architecture mailing list >>> architect...@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> Farasath Ahamed >> Associate Technical Lead, WSO2 Inc.: http://wso2.com >> Mobile: +94777603866 >> Blog: https://farasath.blogspot.com / https://medium.com/@farasath >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > *Thanuja Lakmal* > Technical Lead > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Associate Technical Lead, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GoogleApps and
Hi Thai, One option is to use just-in-time provisioning [1]. Google Apps can act as a SAML/OIDC identity provider as per to [2]. You can set up Google Apps as a federated IdP [3] in WSO2 IS and provision them to IS when a user logs in to IS through Google Apps. Please refer [4] on configuring JIT provisioning for an IDP. But if you are looking to import the users in a bulk manner, you will have to export the users manually (or through APIs) from Google apps and import them to IS using our APIs. [1] - https://docs.wso2.com/display/IS570/Identity+Provisioning#IdentityProvisioning-JustInTimeprovisioning [2] - https://cloud.googleblog.com/2015/10/Google-Apps-expands-identity-services-with-SAML-and-OIDC-to-connect-apps-securely.html [3] - https://docs.wso2.com/display/IS570/Adding+and+Configuring+an+Identity+Provider [4] - https://docs.wso2.com/display/IS570/Configuring+Just-In-Time+Provisioning+for+an+Identity+Provider Regards, Omindu. On Tue, Apr 9, 2019 at 5:35 PM Thai Nguyen wrote: > Hi there, > > I know that WSO2 Identity Server can provision accounts to GoogleApps. > What about the existing GoogleApps accounts? Can existing GoogleApps > accounts link/sync with WSO2 Identity Server's accounts? > I seem can't find any documentation about this. Any help would be > appreciated! > > Thanks, > > Thai > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Associate Technical Lead, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Identity Server does not validate SAML LogoutRequest Signatures
Hi MacRae, Thanks for reporting this. There seems to be an issue in the code base where the request signature validation is ignored for logout requests. I have created [1] to track this issue. We will address the issue in the upcoming release. [1] - https://github.com/wso2/product-is/issues/4048 Thanks, Omindu. On Tue, Nov 27, 2018 at 6:34 AM MacRae Linton wrote: > Hi All, > > Pardon me if this is not the right place to ask this kind of question. > I’ve been struggling to get the WSO2 Identity Server setup correctly to use > SAML for the last couple weeks and have hit a new wall. > > I have a single service provider with SAML inbound authentication > configured. I have the "Enable Signature Validation in Authentication > Requests and Logout Requests” checkbox checked. And so, if I send an > AuthnRequest that is not properly signed, it will error. However, if I send > a LogoutRequest with no signature (or with a signature made from a > completely different cert/key), it will log my user out without error. How > can I enable actual signature validation WSO2 IS? > > Cheers, > > -MacRae Linton > TrussWorks > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] About product documentation offline in PDF
Adding documentation team. On Sun, Oct 14, 2018 at 4:28 PM Jorge wrote: > Hi all. > How can I download the documentation in PDF format using this link: > https://docs.wso2.com/display/IS570/ . > > In previous versions I can, now I don´t see the option. > > Regards, > Jorge. > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] InCommon Federation Compliance for WSO2IS - UI Component
Hi Sahan, Not sure whether this is a valid concern as I don't have much context on updating SP and IdP metadata. Is there a basis on deciding the auto refresh interval? A requirement like refreshing every 2 days or every week isn't valid ? I believe the time set for refreshing is in server timezone, correct ? If so better to mention that information as well and the last update column should reflect the time information as well. On a side note, is there a reference I can use to get more on what exactly updating SP and IdP metadata does ? Regards, Omindu. On Wed, Sep 26, 2018 at 12:56 PM Sahan Gunathilaka wrote: > Hi All, > One of the major requirements to comply WSO2 IS with InCommon Federation > is to support *auto refreshment* of metadata of participating Service > Providers and Identity Providers at IS. Following is the designed UI to > provide this requirement. > > [image: Screenshot_2018-09-26 WSO2 Management Console.png] > > *"Enable Auto Refresh*" check box and "*Refresh Time*" drop box can be > set to automate the refreshing cycle. All service providers' and identity > providers' configurations will be updated according to them after clicking > on "*Save*" button. > > "*Force Refresh*" button lets users to refresh metadata instantly based > on the latest update of metadata file at the InCommon Federation. > > "*Clear All*" button will remove all the configured data and result "0" > for both "Total Service Providers" and "Total Identity Providers" in the > table. > > If you have any suggestion on this, please let me know. > > Thank you! > Best Regards! > > -- > *Sahan Gunathilaka* > Intern - Software Engineering > *WSO2* > mobile: +94776343266 > > [image: http://wso2.com/signature] > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] iat, exp and nbf values of token introspection when 'token_string' is a JWT
Hi Team,
During token introspection we can request the user information related to
the access token in a form of a JWT. This JWT is sent under the parameter '
token_string'.
Ex:
{
"token_string":"eyJ4NXQiO... (JWT)",
"active":true,
"token_type":"Bearer",
"exp":1536076577,
"iat":1536072977,
"nbf":1536072977,
"client_id":"5qqc07uvtnnouDYzxe63jLlnjOEa",
"username":"admin@carbon.super"
}
The exp (Expiration Time), iat (Issued At), nbf (Not Before) values in the
above response is based on the original token issue time and this the
expected outcome as per the specification [1].
However there's a confusion when it comes to setting these values in the
JWT sent with 'token_string'.
The current behavior is that 'iat' in the JWT is calculated based on the
issued time of the introspecting access token but the 'exp' value is
calculated based on the creation time of the JWT.
I would like you know your opinion on what these values should based on.
Should it be same as the access tokens iat, exp, and nbf or should they be
based on the generation time the JWT it self ?
[1] - https://tools.ietf.org/html/rfc7662#page-6
Thanks,
Omindu
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IAM: MFA not enable for the saas enabled SP
Hi Achini, I did a quick test on 5.5 with but didn't notice any issues issue. How are you configuring the SP, If it's from the SOAP API, can you share the requests you are using to configure the SP/IDP ? Regards, Omindu. On Fri, Aug 10, 2018 at 1:51 PM Achini Jayasena wrote: > Hi All, > > I'm trying to execute a scenario with tenant. SP created with saas enable > and MFA configuration. (Step 01: basic authentication and step 2: facebook > authentication). But here step 02 authentication not required. I try this > with the users from the same tenant and users from another tenant. > > Product version: 5.5 > > Is this the expected behavior? > > > *Thanks & Best Regards!* > > *Achini Jayasena* > *Software Engineer - QA | WSO2* > > Email: achi...@wso2.com > Mobile: +943 882 897 > > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] 'ORA-00972: identifier is too long' thrown when running IS Integration Tests with Oracle 12.1.0.2
ers.utils.ServerLogReader] > - at > oracle.jdbc.driver.OracleStatementWrapper.execute(OracleStatementWrapper.java:300) > INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] > - at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source) INFO > [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] > - at java.lang.reflect.Method.invoke(Method.java:498) INFO > [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at > org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:114) > INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] > - at com.sun.proxy.$Proxy19.execute(Unknown Source) INFO > [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at > org.wso2.carbon.identity.core.persistence.IdentityDBInitializer.executeSQL(IdentityDBInitializer.java:318) > INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] > - ... 31 more INFO > [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - > Caused by: Error : 972, Position : 13, Sql = CREATE INDEX > IDX_IDN_AUTH_SESSION_STORE_TIME ON IDN_AUTH_SESSION_STORE (TIME_CREATED) , > OriginalSql = CREATE INDEX IDX_IDN_AUTH_SESSION_STORE_TIME ON > IDN_AUTH_SESSION_STORE (TIME_CREATED) , Error Msg = ORA-00972: identifier > is too long INFO > [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - > INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] > - at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:498) INFO > [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - ... > 49 more > > > [1] > https://stackoverflow.com/questions/3085562/ora-00972-identifier-is-too-long-alias-column-name#3085571 > > Regards > Maneesha > > > -- > Maneesha Wijesekara > Software Engineer - QA Team > WSO2 Inc. > > Email: manee...@wso2.com > Linkedin: http://linkedin.com/in/maneeshawijesekara > Mobile: +94712443119 > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IAM: Exception while invoke service method deleteIdP
Hi Achini,
What's the IS version you've tried this on ? Also noted that there's an
error in the endpoint url, hope that's a typo htt*t*ps://localhost:9443/
services/IdentityProviderMgtService
Regards,
Omindu.
On Mon, Jul 30, 2018 at 4:21 PM Achini Jayasena wrote:
> Hi All,
>
> In Jmeter, I'm trying to delete the Idp from API call. Even though the IDP
> delete ,I'm getting following error in the response. And also there are no
> errors available in the logs
>
> *Request:*
> http://schemas.xmlsoap.org/soap/envelope/;
> xmlns:mgt="http://mgt.idp.carbon.wso2.org;>
>
>
>
>
> ${IdentityProviderName}
>
>
>
>
> *Response:*
>
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/;>
>
>
> soapenv:Server
> Exception occurred while trying to invoke service
> method deleteIdP
>
>
>
>
>
> *Jmeter version:* 3.3
>
> *Endpoint:*
> htttps://localhost:9443/services/IdentityProviderMgtService.IdentityProviderMgtServiceHttpsSoap11Endpoint
>
> Anyone have an idea why I'm getting this exception ?
>
>
>
> *Thanks & Best Regards!*
>
> *Achini Jayasena*
> *Software Engineer - QA | WSO2*
>
> Email: achi...@wso2.com
> Mobile: +943 882 897
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Deprecating Mepin Authenticator
Hi Biruntha, Are there any plans to update the connector with the new APIs ? Thanks, Omindu. On Tue, Jul 24, 2018 at 11:04 AM Biruntha Gnaneswaran wrote: > Hi All, > > We are planning to deprecate Mepin authenticator[1] from the store[2]. In > our Mepin authenticator, we are using the Mepin simple_api endpoint [3] to > authenticate and retrieve user information. Since this endpoint has been > deprecated recently and giving 502 Bad Gateway error, we are planning to > deprecate. > > Please let us know if there are any concerns. > > [1] https://docs.wso2.com/display/ISCONNECTORS/MePIN+Authenticator > [2] > https://store.wso2.com/store/assets/isconnector/details/00902cc7-5efc-4b8f-aae7-930e999f8058 > [3] https://api.mepin.com/simple_api/ > > Thanks, > -- > Biruntha > > Software Engineer > WSO2 > Email: birun...@wso2.com > LinkedIn: https://lk.linkedin.com/in/biruntha > Mobile : +94773718986 > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IAM] Modifying consent purposes associations
Hi All, As per the current implementation, we do not allow to edit or delete consent purposes which are associated with a consent receipt. The reason behind such a design decision was to preserve the immutability of the consent receipt. Meaning, to prevent modifying the existing consent receipts which are associated with purposes if a purpose is modified. However, with the improvements we are introducing with 5.7.0 privacy features, Self Signup and JIT functionalities will have a tight dependency on purposes and there will be more involvement around configuring purposes. The purposes defined for these scenarios cannot be modified once they are associated with a consent receipt. Therefore it would be convenient for the users to have the option to modify the existing consent purposes. But doing so should not change the existing consent receipts. In order to achieve this requirement. I see the following i) We can provide the capability to modify the existing purposes. For this we may have to duplicate the purposes when adding receipts and reference the duplicated purpose from the receipt. ii) Without providing the capability to modify the purposes, we can maintain a separate association of purposes and Self signup/JIT similar to what we are doing for service providers. This way a user can pick what purposes should be associated with a certain flow without modifying the existing purposes. Appreciate your thoughts on this. Regards, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Giving the different Access tokens in API manager 2.5.0 when try to generate new tokens before expired the access token.
Hi Fazlan/Nalaka, This behavior is not there in the IS 5.6.0 release candidate. I did a small test by reverting the APIMTokenIssuer to the default one and the issue got resolved. Better to check the APIMTokenIssuer. On Mon, Jul 2, 2018 at 7:48 PM Fazlan Nazeem wrote: > This seems to be true. > > @IS team, What is the reason to expire the token before the expiry time > and without a revocation request? > > On Mon, Jul 2, 2018 at 2:31 PM Nalaka Senarathna wrote: > >> In the latest release of API manager if we try to generate new access >> tokens before it expired using "password grant type " output is different >> access tokens with the same refresh token. when checking the database it >> shows the state is "EXPIRED" of the previous access token. >> >> In earlier releases, if the access token is not expired output was the >> same access token when trying to generate using the password grant type. >> >> Is that change made by intentionally In new release? >> >> regards. >> -- >> *Nalaka Senarathna* >> *Associate Software Engineer | WSO2* >> >> *Email : nala...@wso2.com * >> *Mobile : +94714118474* >> *web : https://wso2.com <https://wso2.com>* >> <https://wso2.com/signature> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Thanks & Regards, > > *Fazlan Nazeem* > Senior Software Engineer > WSO2 Inc > Mobile : +94772338839 > fazl...@wso2.com > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > Regards, Omindu -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3
and try accessing >>>>>>the SP to verify the consents are asked again. >>>>>>- Delete the SP, login to the dashboard and see whether the >>>>>>consents are deleted for that SP. >>>>>> >>>>>> No blocking issues are found. >>>>>> >>>>>> [+] Stable - go ahead and release. >>>>>> >>>>>> Thanks, >>>>>> Vihanga. >>>>>> >>>>>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> We are pleased to announce the third release candidate of WSO2 >>>>>>> Identity Server 5.6.0. >>>>>>> >>>>>>> This release fixes the following issues >>>>>>> >>>>>>>- 5.6.0-RC Fixes >>>>>>><https://github.com/wso2/product-is/milestone/40?closed=1> >>>>>>>- 5.6.0-Beta Fixes >>>>>>><https://github.com/wso2/product-is/milestone/39?closed=1> >>>>>>>- 5.6.0-Alpha2 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/43?closed=1> >>>>>>>- 5.6.0-Alpha Fixes >>>>>>><https://github.com/wso2/product-is/milestone/38?closed=1> >>>>>>>- 5.6.0-M7 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/37?closed=1> >>>>>>>- 5.6.0-M6 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/36?closed=1> >>>>>>>- 5.6.0-M5 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/35?closed=1> >>>>>>>- 5.6.0-M4 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/34?closed=1> >>>>>>>- 5.6.0-M3 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/33?closed=1> >>>>>>>- 5.6.0-M2 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/31?closed=1> >>>>>>>- 5.6.0-M1 Fixes >>>>>>><https://github.com/wso2/product-is/milestone/30?closed=1> >>>>>>> >>>>>>> Source and distribution, >>>>>>> Runtime - >>>>>>> https://github.com/wso2/product-is/releases/tag/v5.6.0-rc3 >>>>>>> Analytics - >>>>>>> https://github.com/wso2/analytics-is/releases/v5.6.0-rc3 >>>>>>> >>>>>>> Please download, test the product and vote. >>>>>>> >>>>>>> [+] Stable - go ahead and release >>>>>>> [-] Broken - do not release (explain why) >>>>>>> >>>>>>> Thanks, >>>>>>> WSO2 Identity and Access Management Team >>>>>>> -- >>>>>>> >>>>>>> Madawa Soysa / Senior Software Engineer >>>>>>> mada...@wso2.com / +94714616050 >>>>>>> >>>>>>> *WSO2 Inc.* >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> <https://wso2.com/signature> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Vihanga Liyanage >>>>>> >>>>>> Software Engineer | WS*O₂* Inc. >>>>>> >>>>>> M : +*94710124103* | http://wso2.com >>>>>> >>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>> >>>>>> ___ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sathya Bandara >>>>> Software Engineer >>>>> WSO2 Inc. http://wso2.com >>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>>> >>>>> <+94%2071%20411%205032> >>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Dewni Weeraman* >>>> Trainee Software Engineer | WSO2 >>>> >>>> Email: de...@wso2.com >>>> Mobile: +94772979049 >>>> Web: http://wso2.com/ >>>> >>>> >>>> >>>> >>>> ___ >>>> Architecture mailing list >>>> architect...@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> Hasanthi Dissanayake >>> >>> Senior Software Engineer | WSO2 >>> >>> E: hasan...@wso2.com >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> ___ >>> Architecture mailing list >>> architect...@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> *Pulasthi Mahawithana* >> Associate Technical Lead >> WSO2 Inc., http://wso2.com/ >> Mobile: +94-71-5179022 >> Blog: https://medium.com/@pulasthi7/ >> >> <https://wso2.com/signature> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > > > > *Kind Regards,Nipuni Bhagya* > > *Software Engineering Intern* > *WSO2* > > > > *Mobile : +94 0779028904* > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Where should we commit clean up stored procedures for Identity Server ?
Hi Rushmin, We have added the OAuth token cleanup script to [1]. However +1 for moving this to product-is repo. Btw, if we are adding this to the product-is repo, it's better if we can have the scripts for all supported DB flavors. [1] - https://github.com/wso2/samples-is/tree/master/token-cleanup-scripts Regards, Omindu. On Wed, May 30, 2018 at 1:16 PM Rushmin Fernando wrote: > > We finished an effort to improve the MySQL stored procedures which are > used for the following data clean-up tasks. > > 1) OAuth2 access token and authorization code > 2) Session data > 3) Confirmation code > > IMO *IS_HOME/dbscripts/stored-procedures* is the best place to add these > stored procedures. > > Are there any other suggestions? > > > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94775615183 > > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Retry with authenticators for adaptive authentication.
Thanks for the clarification!
On Tue, May 15, 2018 at 9:31 AM Maduranga Siriwardena <madura...@wso2.com>
wrote:
> Hi Omindu,
>
> This applies only if you are enabling the script. Otherwise it will behave
> as before without any change.
>
> Thanks,
>
> On Tue, May 15, 2018 at 9:26 AM Omindu Rathnaweera <omi...@wso2.com>
> wrote:
>
>> Hi Maduranga,
>>
>> On Mon, May 14, 2018 at 11:57 AM Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>> After trying several methods to implement a retry mechanism, we decided
>>> to go for below approach.
>>>
>>> Authentication framework will not prompt for retrying unless it is
>>> specifically written in the script. So if we want to retry the
>>> authentication, the conditional authentication script would be like below.
>>>
>>
>> Not sure whether I got this right. But does this mean, moving forward, if
>> we need the retry behavior of the basic authenticator, we will have to get
>> it done through a script ?
>>
>>
>>>
>>> function onInitialRequest(context) {
>>> retryCount = 3;
>>> executeBasicAuth(context, retryCount);
>>> }
>>>
>>> function executeBasicAuth(context, retryCount) {
>>>Log.info('--- executeBasicAuth retryCount ' + retryCount);
>>>executeStep({
>>>id: '1',
>>>on: {
>>>success: function (context) {
>>>Log.info('--- authentication succcessfull ');
>>>var isAdmin = hasRole(context, 'admin');
>>>Log.info('--- Has Admin ' + isAdmin);
>>>if (isAdmin) {
>>>executeStep({id: '2'});
>>>}
>>>},
>>>fail: function (context) {
>>> Log.info('--- fail retryCount ' + retryCount);
>>> --retryCount;
>>> if (retryCount > 0) {
>>> executeBasicAuth(context, retryCount);
>>> } else {
>>> Log.info('--- login failed ');
>>> }
>>>}
>>>}
>>>});
>>> }
>>>
>>>
>>> This script will try to authenticate the user 3 times in case
>>> credentials are incorrect. This approach will ensure that the
>>> authentication flow is strictly controlled by the script and there is no
>>> unnecessary/unwanted behavior.
>>>
>>> But with this approach we have a issue with how to get the
>>> authentication failure reason in case of a retrying step. At the moment in
>>> the basic authenticator, this failure message is set by checking
>>> "context.isRetrying()" [1]. With the new implementation, authentication
>>> framework is not aware if this is a retrying step or not. We are trying to
>>> find a solution for this. Any suggestions are welcome.
>>>
>>> [1]
>>> https://github.com/wso2-extensions/identity-local-auth-basicauth/blob/v5.3.7/components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java#L108
>>>
>>> Thanks,
>>> Maduranga.
>>>
>>>
>>>
>>> On Tue, May 8, 2018 at 12:26 PM Maduranga Siriwardena <
>>> madura...@wso2.com> wrote:
>>>
>>>> Hi Gayan,
>>>>
>>>> Thanks for the suggestion.
>>>>
>>>> Yes its better to provide a configuration to change the number of retry
>>>> attempts. Apart from the above mentioned behavior, we will consider this
>>>> also in the implementation.
>>>>
>>>> Thanks,
>>>>
>>>> On Tue, May 8, 2018 at 9:31 AM gayan gunawardana <
>>>> gmgunaward...@gmail.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Mon, May 7, 2018 at 7:17 PM, Maduranga Siriwardena <
>>>>> madura...@wso2.com> wrote:
>>>>>
>>>>>> Hi devs,
>>>>>>
>>>>>> In the Identity Server at the moment "retryAuthenticationEnabled"
>>>>>> method in the authenticators decide whether the user is allowed to retry
>>>>>> the authentication with that particular authenticator. Based on the
>>>>>> result
>>>>>> from this method, authenticator itself triggers the retry flow.
>>>>>>
>>>>>> B
Re: [Dev] Retry with authenticators for adaptive authentication.
Software Engineer >>>> WSO2 Inc; http://wso2.com/ >>>> >>>> Email: madura...@wso2.com >>>> Mobile: +94718990591 >>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>> <https://madurangasiriwardena.wordpress.com/>* >>>> <http://wso2.com/signature> >>>> >>>> _______ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Gayan >>> >> >> >> -- >> Maduranga Siriwardena >> Senior Software Engineer >> WSO2 Inc; http://wso2.com/ >> >> Email: madura...@wso2.com >> Mobile: +94718990591 >> Blog: *https://madurangasiriwardena.wordpress.com/ >> <https://madurangasiriwardena.wordpress.com/>* >> <http://wso2.com/signature> >> > > > -- > Maduranga Siriwardena > Senior Software Engineer > WSO2 Inc; http://wso2.com/ > > Email: madura...@wso2.com > Mobile: +94718990591 > Blog: *https://madurangasiriwardena.wordpress.com/ > <https://madurangasiriwardena.wordpress.com/>* > <http://wso2.com/signature> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Issue with MultiAttributeSeparator in IS 5.5.0
Hi Gayan, Can you try with a new user and see whether the MultiAttributeSeparator is getting affected. Regards, Omindu. On Mon, May 7, 2018 at 11:36 AM gayan gunawardana <gmgunaward...@gmail.com> wrote: > > > On Mon, May 7, 2018 at 10:18 AM, Nuwandi Wickramasinghe <nuwan...@wso2.com > > wrote: > >> Hi Gayan, >> >> What is the type of your UserStoreManager? >> > Default LDAP. > >> >> On Sun, May 6, 2018 at 11:48 PM, gayan gunawardana < >> gmgunaward...@gmail.com> wrote: >> >>> Hi Nuwandi, >>> >>> Thanks for writing steps [1]. It works in IS 5.3.0 without a problem. >>> However when I try same steps for IS 5.5.0 even I change >>> MultiAttributeSeparator it always break values from ','. Could you please >>> let me know are there any additional steps or public jira regarding the >>> issue. >>> >>> [1] >>> https://medium.com/@nuwandiwickramasinghe/wso2-identity-server-5-3-0-as-the-identity-provider-for-aws-management-console-dcdddefc2d79 >>> >>> Thanks, >>> Gayan >>> >> >> >> >> -- >> >> Best Regards, >> >> Nuwandi Wickramasinghe >> >> Senior Software Engineer >> >> WSO2 Inc. >> >> Web : http://wso2.com >> >> Mobile : 0719214873 >> > > > > -- > Gayan > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Exception in Facebook Federated Authentication
pl.DefaultAuthenticationRequestHandler.h >>>> andle(DefaultAuthenticationRequestHandler.java:134) >>>> at org.wso2.carbon.identity.application.authentication.framewor >>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa >>>> ultRequestCoordinator.java:157) >>>> at org.wso2.carbon.identity.application.authentication.framewor >>>> k.servlet.CommonAuthenticationServlet.doPost(CommonAuthentic >>>> ationServlet.java:53) >>>> at org.wso2.carbon.identity.application.authentication.framewor >>>> k.servlet.CommonAuthenticationServlet.doGet(CommonAuthentica >>>> tionServlet.java:43) >>>> >>>> Thanks, >>>> Gayan >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : http://tharindue.blogspot.com >>> mobile : +94 775181586 >>> >> >> >> >> -- >> Gayan >> > > > > -- > Regards, > > > *Darshana Gunawardana*Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859*Lean . Enterprise . Middleware > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Removing headers from API response
Hi Team, Is it possible to remove any header from the API response using [1] or is it specific to certain headers. Currently I'm getting the following headers in the response and I tried to remove them following [1]. Access-Control-Allow-Origin: Access-Control-Allow-Methods: Access-Control-Allow-Headers: Content-Type: Added the following in the main sequence but the headers were not removed. Is there something additional should be done other than adding the above to default sequences ? (Tried this in a WUM updated APIM 2.1.0). [1] - https://docs.wso2.com/display/AM210/Remove+Specific+Request+Headers+From+Response Thanks, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC2
Hi Team, Tried out the following scenarios. - SAML SSO with a super tenant SaaS app from a tenant user - Consent collection when using local claim dialect in SP configs - Consent collection when using custom claim dialect in SP configs - Attributes filtering in SAML response based on user consent - Viewing/Updating/Revoking receipts issued by tenant user for the SaaS app through self care portal - Setting expiration for an issued receipt through self care portal - Validating consent expiration during SSO - SAML SSO with a federated IdP (Google) with email username enabled - Consent collection when using local claim dialect and without requested claims in SP configs (Passthrough) - Consent collection when using local claim dialect and with requested claims in SP configs - Consent management REST APIs for super tenant and non super tenant. No blocking issue found. [+] Stable - Go ahead and release Regards, Omindu. On Thu, Mar 15, 2018 at 12:33 PM, Hasintha Indrajee <hasin...@wso2.com> wrote: > Tested below scenarios with MySQL database > > Authentication data publishing. > Custom OAuth client authenticators (Private key JWT client authenticator.) > > Self registration with consents (for super and non super tenants) > SSO with missing mandatory claims and consents for SaaS apps. (SAML, with > and without mandatory claims) > Updating and revoking consents through dashboard for super tenant and non > super tenant users. > Consent erasure while apps (for SaaS scenarios) are deleted and users are > deleted. > > No blocking issues found and +1 to proceed with release. > > > On Thu, Mar 15, 2018 at 5:19 AM, Darshana Gunawardana <darsh...@wso2.com> > wrote: > >> Hi all, >> >> We are pleased to announce the second release candidate of WSO2 Identity >> Server 5.5.0. >> >> This release fixes the following issues, >> >>- >>- 5.5.0-RC2 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC2> >>- 5.5.0-RC1 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1> >>- 5.5.0-Beta fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta> >>- 5.5.0-Alpha3 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3> >>- 5.5.0-Alpha2 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2> >>- 5.5.0-Alpha fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha> >>- 5.5.0-M4 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4> >>- 5.5.0-M3 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3> >>- 5.5.0-M2 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2> >>- 5.5.0-M1 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1> >> >> >> Source and distribution >> >> Runtime - https://github.com/wso2/product-is/releases/v5.5.0-rc2 >> Analytics - https://github.com/wso2/analytics-is/releases/v5.5.0-rc2 >> >> >> Please download, test the product and vote. >> >> [+] Stable - go ahead and release >> [-] Broken - do not release (explain why) >> >> >> Thanks, >> - WSO2 Identity and Access Management Team - >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Technical Lead >> WSO2 Inc.; http://wso2.com >> >> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >> *Mobile: +94718566859 <071%20856%206859>*Lean . Enterprise . Middleware >> > > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC1
gt;>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta> >>>>>>>>>>>>>- 5.5.0-Alpha3 fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3> >>>>>>>>>>>>>- 5.5.0-Alpha2 fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2> >>>>>>>>>>>>>- 5.5.0-Alpha fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha> >>>>>>>>>>>>>- 5.5.0-M4 fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4> >>>>>>>>>>>>>- 5.5.0-M3 fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3> >>>>>>>>>>>>>- 5.5.0-M2 fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2> >>>>>>>>>>>>>- 5.5.0-M1 fixes >>>>>>>>>>>>> >>>>>>>>>>>>> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Source and distribution >>>>>>>>>>>>> >>>>>>>>>>>>> Runtime - https://github.com/wso2/produc >>>>>>>>>>>>> t-is/releases/tag/v5.5.0-rc1 >>>>>>>>>>>>> Analytics - https://github.com/wso2/analyt >>>>>>>>>>>>> ics-is/releases/tag/v5.5.0-rc1 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Please download, test the product and vote. >>>>>>>>>>>>> >>>>>>>>>>>>> [+] Stable - go ahead and release >>>>>>>>>>>>> [-] Broken - do not release (explain why) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> - WSO2 Identity and Access Management Team - >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Sathya Bandara >>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>> WSO2 Inc. http://wso2.com >>>>>>>>>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>>>>>>>>>>> >>>>>>>>>>>>> <+94%2071%20411%205032> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Farasath Ahamed >>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>>>>> Mobile: +94777603866 >>>>>>>>>>>> Blog: blog.farazath.com >>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ___ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> architect...@wso2.org >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> *Dilini GunatilakeSoftware Engineer - QA Team* >>>>>>>>>>> Mobile : +94771162518 <+94%2077%20116%202518> >>>>>>>>>>> dili...@wso2.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ___ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> architect...@wso2.org >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Darshana Gunawardana*Technical Lead >>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>> >>>>>>>>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >>>>>>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise >>>>>>>>>> . Middleware >>>>>>>>>> >>>>>>>>>> ___ >>>>>>>>>> Architecture mailing list >>>>>>>>>> architect...@wso2.org >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Nilasini Thirunavukkarasu >>>>>>>>> Software Engineer - WSO2 >>>>>>>>> >>>>>>>>> Email : nilas...@wso2.com >>>>>>>>> Mobile : +94775241823 <+94%2077%20524%201823> >>>>>>>>> Web : http://wso2.com/ >>>>>>>>> >>>>>>>>> >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Sathya Bandara >>>>>>>> Software Engineer >>>>>>>> WSO2 Inc. http://wso2.com >>>>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>>>>>> >>>>>>>> <+94%2071%20411%205032> >>>>>>>> >>>>>>>> ___ >>>>>>>> Dev mailing list >>>>>>>> Dev@wso2.org >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sagara Gunathunga >>>>>>> >>>>>>> Director; WSO2, Inc.; http://wso2.com >>>>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>>>> Blog ; http://ssagara.blogspot.com >>>>>>> Mobile : +9471 <+94%2071%20565%209887>2149951 >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sagara Gunathunga >>>>> >>>>> Director; WSO2, Inc.; http://wso2.com >>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>> Blog ; http://ssagara.blogspot.com >>>>> Mobile : +9471 <+94%2071%20565%209887>2149951 >>>>> >>>>> >>>>> ___ >>>>> Architecture mailing list >>>>> architect...@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> Thanks, >>>> -- >>>> Pushpalanka. >>>> -- >>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>> Mobile: +94779716248 >>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >>>> ushpalanka/ | Twitter: @pushpalanka >>>> >>>> >>> >>> >>> -- >>> Pushpalanka. >>> -- >>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>> Mobile: +94779716248 >>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >>> ushpalanka/ | Twitter: @pushpalanka >>> >>> >> >> >> -- >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p >> ushpalanka/ | Twitter: @pushpalanka >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Regards, > > > *Darshana Gunawardana*Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . > Middleware > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] wso 5.4.0-update-4
Hi Deepak,
This issue is fixed with [1] and will be available with IS 5.4.1-Update3
(Scheduled to be released within the week). However as a workaround, you
can modify the affected query as follows,
In /repository/conf/identity.xml file, change the the
DeleteExpiredDataTask query as follows. Note the parentheses surrounding *%d
*which addresses the syntax error of the query.
...
DELETE TOP *(%d)* FROM
IDN_AUTH_SESSION_STORE WHERE TIME_CREATED ? AND TENANT_ID =
?
[1] -https://github.com/wso2/carbon-identity-framework/pull/1366
Regards,
Omindu
On Thu, Feb 22, 2018 at 2:44 PM, Chiran Wijesekara <chir...@wso2.com> wrote:
> This is a known issue which persists in the version you use. However, it
> is fixed in the next release.
> + adding Omindu and Darshana
>
> On Wed, Feb 21, 2018 at 9:49 PM, Deepak Singla <deepak.sin...@edifecs.com>
> wrote:
>
>> Gentle Reminder
>>
>>
>>
>> *From:* Deepak Singla
>> *Sent:* Tuesday, February 20, 2018 11:17 AM
>> *To:* 'Chiran Wijesekara' <chir...@wso2.com>
>> *Cc:* WSO2 Developers' List <dev@wso2.org>
>> *Subject:* wso 5.4.0-update-4
>>
>>
>>
>> Hi Chiran
>>
>>
>>
>> I have installed Wso2_5.4.0-update-4 IS on window environment with
>> SQLServer-2014. I am getting below error in carbon logs after some time:
>>
>> TID: [] [] [2018-02-12 07:23:40,553] ERROR {org.wso2.carbon.identity.appl
>> ication.authentication.framework.store.SessionDataStore} - Error while
>> removing session data from the database for nano time 1517210607139156100
>> com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near
>> '5'.
>>
>>
>>
>> Any suggestion?
>>
>>
>>
>> Thanks
>>
>> Deepak
>>
>>
>>
>>
>>
>
>
>
> --
> *Chiran Wijesekara*
>
>
> *Software Engineering Intern | WSO2*Email: chir...@wso2.com
> Mobile: +94712990173web: www.wso2.com
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] Consent Management APIs for IS 5.5.0
Hi Darshana,
On Thu, Feb 1, 2018 at 5:42 PM, Darshana Gunawardana <darsh...@wso2.com>
wrote:
>
> On Thu, Feb 1, 2018 at 5:13 PM, Isura Karunaratne <is...@wso2.com> wrote:
>
>> Hi Darshana,
>>
>> On Thu, Feb 1, 2018 at 3:39 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> Hi Isura,
>>>
>>> How these concents are handled with state changes of related entities?
>>>
>>> For example,
>>> > user delete
>>> > sp delete
>>>
>>> This should be handled through a user operation event listener or event
>> handler.
>>
>
> Yes. So are we going to have relavent implementations with this feature?
>
As the API is not specific to a product these scenarios should be handled
as a part of integrating the feature to the product. We will handle these
cases during the integration effort for product IS.
>
> Can there be any other cases similar to above?
>
Apart from the above scenarios, user store removal and tenant deactivation
are 2 such cases. However, revoking consents for tenant deactivation is
something we have to think a bit more as we can reactivate the tenants and
once that it done, the consents will no longer be active.
>
> Thanks,
>
>> Isura.
>>
>>>
>>> Thanks,
>>>
>>> On Wed, Jan 10, 2018 at 1:58 PM, Isura Karunaratne <is...@wso2.com>
>>> wrote:
>>>
>>>> On Wed, Jan 10, 2018 at 12:44 PM, Godwin Shrimal <god...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Isuru,
>>>>>
>>>>> Please see below few suggestions.
>>>>>
>>>>> 1. API name of the Purpose Category (/pcategories) is not readable.
>>>>> Why don't we use it as */**purpose-categories* ?
>>>>> 2. What is /*category*/{purposeCategoryId} API ? It shows API name
>>>>> as /*category. *I think it should be renamed as below (According to
>>>>> the suggestion in #1)
>>>>> /*purpose-categories*/{purposeCategoryId}
>>>>>
>>>>> 3. Change API /piicategories as /*pii-categories* since pii and
>>>>> categories are two words.
>>>>> 4. Change API /piicategory/{piiCategoryId} as /*pii-categories*
>>>>> /{piiCategoryId}
>>>>>
>>>>
>>>> +1. Modified the definition according to the suggestions. [1]
>>>>
>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>
>>>> Thanks
>>>> Isura.
>>>>
>>>>>
>>>>> Thanks
>>>>> Godwin
>>>>>
>>>>>
>>>>> On Wed, Jan 10, 2018 at 1:54 PM, Isura Karunaratne <is...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Malithi / all,
>>>>>>
>>>>>> The updated API definition can be found in [1].
>>>>>>
>>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>>
>>>>>> Thanks
>>>>>> Isura.
>>>>>>
>>>>>> On Tue, Jan 9, 2018 at 10:46 PM, Malithi Edirisinghe <
>>>>>> malit...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> Noted below under revoke API definition
>>>>>>> /consents/user/{piiPrincipalId}/
>>>>>>>
>>>>>>> piiprincipalID seems to be a field of the consent object. Shouldn't
>>>>>>> this be a defined over a filter from piiPrincipalId attribute.
>>>>>>>
>>>>>>> Same applies to below I think.
>>>>>>> /consents/service/{serviceId}/
>>>>>>>
>>>>>>> Moreover, add consents returns the consent receipt right. Or receipt
>>>>>>> is an embedded resource of the consent ? Is there a specific reason to
>>>>>>> specifically mention the receipt as a separate resource when retrieving
>>>>>>> and
>>>>>>> revoking
>>>>>>> /consents/receipt/{receiptId}
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Malithi
>>>>>>>
>>>>>>> On Tue, Jan 9, 2018 at 4:57 PM, Rushmin Fernando <rush...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> IMO we are exposing the interna
Re: [Dev] [IS][.NET] Unable to perform SAML SLO after receiving Logout Request from wso2 IS
On Thu, Jan 25, 2018 at 9:16 AM, Chiran Wijesekara <chir...@wso2.com> wrote:
> Hi,
>
> @Omindu, According to the current implementation of IS SAML SLO, it just
> requires a 200 OK response from the session participating SP's.
>
By implementation you mean, how we validate the Logout response at IS side
? In any case, the agent should send a logout proper request with status
code and a payload as advised in the specification and not just a 200 OK.
>
> However, as discussed offline (with Dulanja and Omindu), need to have some
> kind of polling mechanism to achieve single logout from the client side.
>
To be more clear, this is to remove the SP side user session once the back
channel logout request is received from the IDP.
>
> I'm currently Investigating on SignalR to achieve that $Subject
> requirement along with Javascript.
> Thanks
>
> On Wed, Jan 24, 2018 at 1:44 PM, Omindu Rathnaweera <omi...@wso2.com>
> wrote:
>
>> Hi Chiran,
>>
>> This is the backchannel logout request initiated by IS to SP2 you are
>> talking about, correct? If so once SP2 receives the logout request from IS,
>> it should respond back to with a successful SAML logout response after
>> removing SP2 side user session without doing a redirection. Please refer
>> [1] which has a detailed explanation on how SAML SLO works.
>>
>> [1] - http://xacmlinfo.org/2013/06/28/how-saml2-single-logout-works/
>>
>> Regards,
>> Omindu.
>>
>>
>> On Wed, Jan 24, 2018 at 10:29 AM, Chiran Wijesekara <chir...@wso2.com>
>> wrote:
>>
>>> Hi all,
>>> I have set up two service providers, suppose *SP1* and *SP2*. when *SP1*
>>> sends the logout request to IS SP2's following code block gets hit
>>> successfully( as expected).
>>>
>>> [image: Inline image 1]
>>>
>>> But the *Response.Redirect("Some/URL") *does not work there.
>>>
>>> Any guidance on this will be highly appreciated.
>>>
>>> Thanks!
>>>
>>> --
>>> *Chiran Wijesekara*
>>>
>>>
>>> *Software Engineering Intern | WSO2*Email: chir...@wso2.com
>>> Mobile: +94712990173web: www.wso2.com
>>>
>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Omindu Rathnaweera
>> Senior Software Engineer, WSO2 Inc.
>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>
>
>
>
> --
> *Chiran Wijesekara*
>
>
> *Software Engineering Intern | WSO2*Email: chir...@wso2.com
> Mobile: +94712990173web: www.wso2.com
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>
Regards,
Omindu.
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS][.NET] Unable to perform SAML SLO after receiving Logout Request from wso2 IS
Hi Chiran,
This is the backchannel logout request initiated by IS to SP2 you are
talking about, correct? If so once SP2 receives the logout request from IS,
it should respond back to with a successful SAML logout response after
removing SP2 side user session without doing a redirection. Please refer
[1] which has a detailed explanation on how SAML SLO works.
[1] - http://xacmlinfo.org/2013/06/28/how-saml2-single-logout-works/
Regards,
Omindu.
On Wed, Jan 24, 2018 at 10:29 AM, Chiran Wijesekara <chir...@wso2.com>
wrote:
> Hi all,
> I have set up two service providers, suppose *SP1* and *SP2*. when *SP1*
> sends the logout request to IS SP2's following code block gets hit
> successfully( as expected).
>
> [image: Inline image 1]
>
> But the *Response.Redirect("Some/URL") *does not work there.
>
> Any guidance on this will be highly appreciated.
>
> Thanks!
>
> --
> *Chiran Wijesekara*
>
>
> *Software Engineering Intern | WSO2*Email: chir...@wso2.com
> Mobile: +94712990173web: www.wso2.com
>
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] Personal information export API
Hi Maduranga,
On Tue, Jan 23, 2018 at 10:23 AM, Maduranga Siriwardena <madura...@wso2.com>
wrote:
> Hi all,
>
> Web app name we have come up for this endpoint is api#identity#user#v1.0
> and the path for the endpoint is /pi/users/{userId}. So the whole endpoint
> would be
>
>- for super tenant,
>
> /api/identity/user/v1.0/pi/users/{userId}
>
>
>- for tenant,
>
> /t/{tenant-domain}/api/identity/user/v1.0/pi/users/{userId}
>
> Our initial plan was to use the ID used in Pseudonyms for username feature
> [1]. But as the ID used by Pseudonyms for username feature is not available
> to outside, we cannot use it here. Next option available to us is the ID
> used in SCIM. But as it is not mandatory to have SCIM ID in system (when
> SCIM is disabled), we cannot use this option also.
>
> Because of above reasons, we are planing to use base 64 encoded fully
> qualified username as the userId in the above request.
>
Would like to know the rationale behind base64 encoding the username. Also
if it has to be b64 encoded for some reason then it should be base64 URL
encoded I believe.
>
> Do you have any suggestions?
>
> [1] [Architecture] GDPR - Pseudonyms For Username
>
> Thanks,
>
> On Mon, Jan 22, 2018 at 5:52 PM, Hasintha Indrajee <hasin...@wso2.com>
> wrote:
>
>> In a federated user scenario, we neither have user information nor email
>> address of the user in a case if the user is not JIT. Hence we won't be
>> able to share consents with user in an offline method. But still for
>> federated users we need to maintain consents which we give out to SPs. We
>> can process this offline and store somewhere (consent info ready for
>> download). The way we share will depend. eg - For the users who have emails
>> we can send them through an email (as a download link). If not we can share
>> those information through another medium (eg - user profile at a later
>> login)
>>
>> On Mon, Jan 22, 2018 at 5:40 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
>>
>>> Hi Hasintha,
>>> We do not need to export anything we do not keep in our databases.
>>> Could you please explain further if we need to do anything extra for
>>> Federated case.
>>>
>>> Cheers,
>>> Ruwan
>>>
>>> On Mon, Jan 22, 2018 at 5:33 PM, Hasintha Indrajee <hasin...@wso2.com>
>>> wrote:
>>>
>>>> Just a quick question. How are we going to cater consents for federated
>>>> user ? Having consent from 3rd party IDP to IS will not be enough AFAIU. If
>>>> we are sharing those information through an SP we need to maintain those
>>>> consents as well. WDYT ?
>>>>
>>>> In that case how can federated users download their consents ?
>>>>
>>>> On Mon, Jan 22, 2018 at 5:25 PM, Omindu Rathnaweera <omi...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Maduranga,
>>>>>
>>>>> In the consent API we do not have the option to get multiple receipts,
>>>>> the API only returns a list of receipt IDs for a given search criteria. If
>>>>> you need to include receipt data of all the consent entries, you will have
>>>>> to iterate through all the consent IDs and fetch the individual receipts.
>>>>> Keep in mind that this will likely to generate a payload of a considerable
>>>>> size.
>>>>>
>>>>> Regards,
>>>>> Omindu.
>>>>>
>>>>>
>>>>> On Mon, Jan 22, 2018 at 5:12 PM, Maduranga Siriwardena <
>>>>> madura...@wso2.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> We are creating a REST API to export user information for IS 5.5.0.
>>>>>>
>>>>>> Swagger at [1] is the initial design of the API.
>>>>>>
>>>>>> In the initial phase we are allowing the data to be exported only by
>>>>>> the owner of the profile.
>>>>>>
>>>>>> At the moment we are planing to export basic user profile information
>>>>>> and the consents user has given. Response JSON has 2 parts in it.
>>>>>>
>>>>>>- basic: this part will have the users profile information
>>>>>>(claims) in wso2 dialect
>>>>>>- consents: this part will have an array of consents user has
>>>>>>provided to the Identity Server. Though in the swagger it is
>>>>>> represented
>&
Re: [Dev] Personal information export API
Hi Maduranga,
In the consent API we do not have the option to get multiple receipts, the
API only returns a list of receipt IDs for a given search criteria. If you
need to include receipt data of all the consent entries, you will have to
iterate through all the consent IDs and fetch the individual receipts. Keep
in mind that this will likely to generate a payload of a considerable size.
Regards,
Omindu.
On Mon, Jan 22, 2018 at 5:12 PM, Maduranga Siriwardena <madura...@wso2.com>
wrote:
> Hi all,
>
> We are creating a REST API to export user information for IS 5.5.0.
>
> Swagger at [1] is the initial design of the API.
>
> In the initial phase we are allowing the data to be exported only by the
> owner of the profile.
>
> At the moment we are planing to export basic user profile information and
> the consents user has given. Response JSON has 2 parts in it.
>
>- basic: this part will have the users profile information (claims) in
>wso2 dialect
>- consents: this part will have an array of consents user has provided
>to the Identity Server. Though in the swagger it is represented with the ID
>of the consent receipt, the actual response will consist of the whole
>consent receipt. (Refer mail thread [2] @ architect...@wso2.org for
>more information)
>
> Below is a sample JSON response.
>
> {
> "basic": {
> "http://wso2.org/claims/userid": "92d6513e-f4ca-4438-b403-
> 98380695ed08",
> "http://wso2.org/claims/username": "maduranga",
> "http://wso2.org/claims/givenname": "Maduranga",
> "http://wso2.org/claims/lastname": "Siriwardena",
> "http://wso2.org/claims/emailaddress": "madura...@wso2.com",
> "http://wso2.org/claims/telephone": "+947
> <+94%2071%20111%20>"
> },
> "consents": [
> {
> "id": "bc53e7bd-013d-4020-b522-1915ada1f305"
> }
> ]
> }
>
> Do you have any suggestions for additional types of information to be
> included in the response?
>
> [1] https://app.swaggerhub.com/apis/Maduranga/
> PersonalInformationExport/1.0.0
> [2] Consent Management APIs for IS 5.5.0
>
> Thanks,
>
> --
> Maduranga Siriwardena
> Senior Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591 <+94%2071%20899%200591>
> Blog: *https://madurangasiriwardena.wordpress.com/
> <https://madurangasiriwardena.wordpress.com/>*
> <http://wso2.com/signature>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Where to find org.wso2.carbon.identity.core 5.7.5 source?
Yeah the drop down items are limited. You can browse all the tags at https://github.com/wso2/carbon-identity-framework/tags On Mon, Jan 22, 2018 at 4:46 PM, lakshman udayakantha <nylud...@gmail.com> wrote: > Thanks Omindu. Surprisingly it does not show on tag drop down list. > > Thanks, > Lakshman. > > > On Mon, Jan 22, 2018 at 4:41 PM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> To be precise, identity.core is at [2]. >> >> [2] - https://github.com/wso2/carbon-identity-framework/tree/v5.7. >> 5/components/identity-core/org.wso2.carbon.identity.core >> >> On Mon, Jan 22, 2018 at 4:39 PM, Omindu Rathnaweera <omi...@wso2.com> >> wrote: >> >>> Hi Lakshaman, >>> >>> You can find the source at [1]. >>> >>> [1] - https://github.com/wso2/carbon-identity-framework/tree/v5.7.5 >>> >>> On Mon, Jan 22, 2018 at 4:31 PM, lakshman udayakantha < >>> nylud...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> I have checked the $subject in [1] and [2]. But 5.7.5 version is not >>>> there. By googling also I could not found the source. >>>> >>>> [1] https://github.com/wso2/carbon-identity-framework/ >>>> [2] https://github.com/wso2-attic/carbon-identity >>>> >>>> Thanks, >>>> Lakshman. >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Omindu Rathnaweera >>> Senior Software Engineer, WSO2 Inc. >>> Mobile: +94 771 197 211 <+94%2077%20119%207211> >>> >> >> >> >> -- >> Omindu Rathnaweera >> Senior Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 <077%20119%207211> >> > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Where to find org.wso2.carbon.identity.core 5.7.5 source?
To be precise, identity.core is at [2]. [2] - https://github.com/wso2/carbon-identity-framework/tree/v5.7.5/components/identity-core/org.wso2.carbon.identity.core On Mon, Jan 22, 2018 at 4:39 PM, Omindu Rathnaweera <omi...@wso2.com> wrote: > Hi Lakshaman, > > You can find the source at [1]. > > [1] - https://github.com/wso2/carbon-identity-framework/tree/v5.7.5 > > On Mon, Jan 22, 2018 at 4:31 PM, lakshman udayakantha <nylud...@gmail.com> > wrote: > >> Hi, >> >> I have checked the $subject in [1] and [2]. But 5.7.5 version is not >> there. By googling also I could not found the source. >> >> [1] https://github.com/wso2/carbon-identity-framework/ >> [2] https://github.com/wso2-attic/carbon-identity >> >> Thanks, >> Lakshman. >> >> _______ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Where to find org.wso2.carbon.identity.core 5.7.5 source?
Hi Lakshaman, You can find the source at [1]. [1] - https://github.com/wso2/carbon-identity-framework/tree/v5.7.5 On Mon, Jan 22, 2018 at 4:31 PM, lakshman udayakantha <nylud...@gmail.com> wrote: > Hi, > > I have checked the $subject in [1] and [2]. But 5.7.5 version is not > there. By googling also I could not found the source. > > [1] https://github.com/wso2/carbon-identity-framework/ > [2] https://github.com/wso2-attic/carbon-identity > > Thanks, > Lakshman. > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Commenting out addressing module of axis2.xml for email OTP
Thanks for the explanation Shakila and Kanapriya. I wanted to try this out
before replying to the mail. As you both have explained, without commenting
out the addressing module we infact get an error during authentication
As per the code, [1] is the place where the error is generated. From what I
understood, this line is used to check whether the mailto transport is
configured, correct ? because the ConfigurationContext is not used in
another place after the check. Other than that, having the addressing
module does not have any effect on the email sending flow. I verified this
by removing the below code block at [1].
ConfigurationContext configurationContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem((String)
null, (String) null);
if
(configurationContext.getAxisConfiguration().getTransportsOut().containsKey(EmailOTPAuthenticatorConstants.TRANSPORT_MAILTO))
{
However, without this check, the user will be always redirected to the OTP
page even when the mailto transport is not configured. My question is, can
we do this check without creating a new 'ConfigurationContext' ? If that
can be done, having the addressing module uncommented will not have any
impact on the authenticator.
[1] -
https://github.com/wso2-extensions/identity-outbound-auth-email-otp/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.java#L1419-L1420
Thanks,
Omindu.
On Wed, Jan 17, 2018 at 9:09 AM, Shavindri Dissanayake <shavin...@wso2.com>
wrote:
> Hi Team,
>
> Verifying details: Do we need to change the explanation given in docs?If
> yes, what should the messaging be?
>
> Thanks & Regards
> Shavindri Dissanayake
> Senior Technical Writer
>
> WSO2 Inc.
> lean.enterprise.middleware
>
> On Mon, Jan 15, 2018 at 11:00 AM, Shakila Sasikaran <shak...@wso2.com>
> wrote:
>
>> Hi,
>>
>> As I remember when we create the axis configuration from the given
>> axis2.xml, we get an error. Because of the emptiness of this module. Please
>> note that this module is not defined in the axis2_default.xml.
>>
>> Thanks
>>
>> On Mon, Jan 15, 2018 at 10:43 AM, Omindu Rathnaweera <omi...@wso2.com>
>> wrote:
>>
>>> Hi Team,
>>>
>>> Is anyone aware of the reason why we have to do the following
>>> configuration for Email OTP [1] in axis2.xml (See instruction No.3 in
>>> 'Enabling email configuration on WSO2 IS' section) ?
>>>
>>> '*Comment out the property to avoid syntax
>>> errors*.'
>>>
>>> IMO saying '*to avoid syntax errors*' doesn't make much sense.
>>>
>>> [1] - https://docs.wso2.com/display/IS540/Configuring+Email+OTP
>>>
>>> Thanks,
>>> Omindu.
>>>
>>> --
>>> Omindu Rathnaweera
>>> Senior Software Engineer, WSO2 Inc.
>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>
>>
>>
>>
>> --
>> Shakila Sasikaran
>> Software Engineer
>> Mobile :+94 (0) 77 526 6848 <+94%2077%20526%206848>
>> shak...@wso2.com
>> WSO2, Inc.
>> lean . enterprise . middleware
>> http://www.wso2.com/
>>
>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] User-core component in Kernel v4.4.11
Hi Harshan, Can you checkout the exact tag and check. In the UI it seems to be showing the v4.4.11 branch instead of the tag and the branch has C5 code for some reason. On Fri, Jan 19, 2018 at 8:12 AM Godwin Shrimal <god...@wso2.com> wrote: > Hi Harshan, > > Not only user-core component. I can't see any component in kernel tag > v4.4.11. > > > Thanks > Godwin > > On Fri, Jan 19, 2018 at 8:46 AM, Harshan Liyanage <hars...@wso2.com> > wrote: > >> Hi all, >> >> I'm unable to find the user-core component in kernel tag v4.4.11 [1]. But >> it is available under v4.4.12. >> >> [1]. >> https://github.com/wso2/carbon-kernel/tree/v4.4.11/core/org.wso2.carbon.user.core/pom.xml >> >> Thanks, >> >> Harshan Liyanage >> Mobile: *+94765672894* >> Email: hars...@wso2.com >> Blog : http://harshanliyanage.blogspot.com/ >> Medium : https://medium.com/@harshan.dll >> *WSO2, Inc. :** wso2.com <http://wso2.com/>* >> lean.enterprise.middleware. >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Using user association during the federated authentication scenario
Hi Prakhash, In the SPs 'Local & Outbound Authentication Configuration', have you enabled 'Assert identity using mapped local subject identifier' ? Regards, Omindu. On Thu, Jan 18, 2018 at 12:33 AM, Prakhash Sivakumar <prakh...@wso2.com> wrote: > > Hi all, > > I'm using the mobile connect as a federated authenticator with WSO2 > Identity Server. I'm trying to authenticate using a mobile number which is > corresponding to a user already in the user store. > > When I get authenticated through the federation, I get a subject > identifier with *random strings*(it won't change for a particular user) > > As per my use case, I want to send the username from the user store to the > application once I got authenticated instead of the subject identifier I > receive. > > As the subject identifier is known, I tried to use the user > association[1]. > > I logged in to the particular user account and added an *Associate > Federated User ID* by selecting the Account Type as *Federated, *and > for the User Name value I added the random string > > After doing this, I'm still seeing that the random string is being sent to > the application instead of the username > > I'm I missing anything here? > > [1] https://docs.wso2.com/display/IS530/Associating+User+Accounts > > Thanks, > Prakhash > -- > Prakhash Sivakumar > Software Engineer | WSO2 Inc > Platform Security Team > Mobile : +94771510080 <+94%2077%20151%200080> > Blog : https://medium.com/@PrakhashS > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Commenting out addressing module of axis2.xml for email OTP
Hi Team, Is anyone aware of the reason why we have to do the following configuration for Email OTP [1] in axis2.xml (See instruction No.3 in 'Enabling email configuration on WSO2 IS' section) ? '*Comment out the property to avoid syntax errors*.' IMO saying '*to avoid syntax errors*' doesn't make much sense. [1] - https://docs.wso2.com/display/IS540/Configuring+Email+OTP Thanks, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IDENTITY-6724 Tests and Documentation
Hi Isuranga, Can you also include an example on evaluating a XACML request with the new policy. Adding the requests and expected responses for authorized and unauthorized scenarios will make the doc complete. Thanks, Omindu. On Sun, Jan 7, 2018 at 7:25 PM, Darshana Gunawardana <darsh...@wso2.com> wrote: > Thanks Isuranga. > > @Ishara: Can we get this merge and included in the next weekly release? > > Regards, > > On Sat, Jan 6, 2018 at 12:22 PM, Isuranga Perera < > isurangamper...@gmail.com> wrote: > >> Hi, >> >> Please find unit tests [2] and documentation [3] related to JIRA [1] >> >> [1] https://wso2.org/jira/browse/IDENTITY-6724 >> [2] https://github.com/wso2/balana/pull/83 >> [3] https://docs.google.com/document/d/1s2OFakY6vkcEjyOctY_D >> TYa5GqAPVr7cHyq2uk2vlM4/edit?usp=sharing >> <https://docs.google.com/document/d/1s2OFakY6vkcEjyOctY_DTYa5GqAPVr7cHyq2uk2vlM4/edit?usp=sharing> >> >> >> Best Regards >> Isuranga Perera >> > > > > -- > Regards, > > > *Darshana Gunawardana*Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . > Middleware > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] How to check whether an OAuth application is already revoked or not
Hi Maneesha, You can use 'OAuthAdminService' to check the state of the oauth app. There's 'getOauthApplicationState' operation which returns the application state for a given consumer key. Regards, Omindu. On Thu, Jan 4, 2018 at 11:37 AM, Maneesha Wijesekara <manee...@wso2.com> wrote: > Hi All, > > I'm configuring playground as a Service Provider while trying Solution 01 > in [1]. I've configured 'OAuth/OpenID Connect Configuration' under 'Inbound > Authentication Configuration' with a proper value set. Once adding the > oAuth app, there's an option to revoke all tokens issued for this > application. > > I'm just curious on how to determine whether an oauth application is > already revoked or not. The only way I found to check this is by clicking > the 'revoke' button and it will give a popup of 'Application is already > revoked.', if it's already revoked. But IMO, that's not a convenient way to > check the application's status in terms of revoking. Is there any other way > to accomplish this ? > > [1] https://medium.facilelogin.com/thirty-solution-patterns- > with-the-wso2-identity-server-16f9fd0c0389 > > Thanks and Regards > Maneesha > > -- > Maneesha Wijesekara > Software Engineer - QA Team > WSO2 Inc. > > Email: manee...@wso2.com > Linkedin: http://linkedin.com/in/maneeshawijesekara > Mobile: +94712443119 > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Generate token with auth code grant - Using same code twice
rValve.invoke(Tena >>>>> ntLazyLoaderValve.java:57) >>>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>>> eValves(TomcatValveContainer.java:47) >>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>>> ositeValve.java:62) >>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>> lve.java:958) >>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>>> invoke(CarbonContextCreatorValve.java:57) >>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>> EngineValve.java:116) >>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>> apter.java:452) >>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>> tractHttp11Processor.java:1087) >>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>> .process(AbstractProtocol.java:637) >>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>> (NioEndpoint.java:1756) >>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>>> ioEndpoint.java:1715) >>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>> Executor.java:1142) >>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>> lExecutor.java:617) >>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>>> un(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:745) >>>>> >>>>> >>>>> Thanks & Regards >>>>> Danushka Fernando >>>>> Senior Software Engineer >>>>> WSO2 inc. http://wso2.com/ >>>>> Mobile : +94716332729 <+94%2071%20633%202729> >>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Maduranga Siriwardena >>>> Software Engineer >>>> WSO2 Inc; http://wso2.com/ >>>> >>>> Email: madura...@wso2.com >>>> Mobile: +94718990591 <+94%2071%20899%200591> >>>> Blog: *https://madurangasiriwardena.wordpress.com/ >>>> <https://madurangasiriwardena.wordpress.com/>* >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> Maduranga Siriwardena >>> Software Engineer >>> WSO2 Inc; http://wso2.com/ >>> >>> Email: madura...@wso2.com >>> Mobile: +94718990591 <+94%2071%20899%200591> >>> Blog: *https://madurangasiriwardena.wordpress.com/ >>> <https://madurangasiriwardena.wordpress.com/>* >>> <http://wso2.com/signature> >>> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Mahesh Chinthaka Vidanagama* | Senior Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 71 63 63 083 | Work: +94 112 145 345 > Email: mahe...@wso2.com | Web: www.wso2.com > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Error during the creation of a role-based access control using XACML
Hi Thomas, Can you try the instructions given in [1] and see whether the issue gets resolved. [1] - http://mail.wso2.org/mailarchive/dev/2017-November/074091.html Regards, Omindu On Thu, Dec 21, 2017 at 7:27 PM, Thomas LEGRAND < thomas.legr...@versusmind.eu> wrote: > Hello, > > I have a use case where I want to prevent the access to an API Manager > endpoint if the identified user does not have the role "secretAgent". To do > so, I would like to use the XACML like described in the document in [1]. > > But, I have an error message which appears when I "Finish" the following > XACML configuration from the Identity Server interface. Here is the > configuration I made (if the user is a member of secretAgent, allow. Else, > deny): > > [image: Images intégrées 1] > > Here is the configuration of the rule "AdminGrant" from the previous > screenshot: > > [image: Images intégrées 2] > > And here is the error message which appears: > > [image: Images intégrées 3] > > > Because I don't have any clue on what is wrongly generated, I don't know > which one of the field is missing. So, is there a way to know the XML the > identity server is generating or should I generate directly the XML file? > > I am using the wso2is-km-5.3.0. > > Regards, > > Thomas > > [1] https://docs.wso2.com/display/AM210/Enabling+Role-Based+ > Access+Control+Using+XACML > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring STS WebApp as the Service Provider through Admin Services
Hi Isuru,
[1] Has some information on setting up 'Passive STS Realm' config. The doc
missing information on setting the 'WReply URL'. You can use something like
below to configure passive STS in the *updateApplication* operation.
TestSP
passivests
passiveSTSWReply
{url}
[1] -
https://docs.wso2.com/display/IS530/Service+Provider+Configurations+used+with+APIs#ServiceProviderConfigurationsusedwithAPIs-ConfiguringWS-Federation(passive)
Regards,
Omindu
On Fri, Dec 22, 2017 at 2:58 PM, Isuru Uyanage <isur...@wso2.com> wrote:
> Hi All,
>
> My requirement is to create Passive STS Web App as the Service Provider[1]
> through Admin services. I tried searching for a relating admin service as
> in the doc[2]. I found following.
>
> *IdentitySTSAdminService
> - https://localhost:9443/services/IdentitySTSAdminService/
> <https://localhost:9443/services/IdentitySTSAdminService/>*
> *STSAdminService - https://localhost:9443/services/STSAdminService/
> <https://localhost:9443/services/STSAdminService/>*
>
> While configuring it as the Service Provider, it needs to provide Passive
> STS Realm and Passive STS WReply URL in Inbound Authentication
> Configuration. But through above two admin services, I could not find the
> related values.
>
> Could you kindly tell me what is the correct admin service that needs to
> be used in order to implement above scenario? Please correct me if I have
> missed anything in above steps.
>
>
> [1] - https://docs.wso2.com/display/IS540/Testing+Passive+STS
> [2] - https://docs.wso2.com/display/IS530/Calling+Admin+Services
>
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> <https://www.linkedin.com/in/isuru-uyanage/>*
>
>
>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Yammer Authenticator
Hi Isuru, What's the IS version you are trying this with ? I tried with a 5.4.0 and server started up just fine and could see the authenticator configs in IDP UI. Regards, Omindu. On Mon, Dec 18, 2017 at 10:58 AM, Isuru Uyanage <isur...@wso2.com> wrote: > Hi All, > > I'm trying to set up Yammer as the federated authenticator[1]. Once the > authenticator > .jar file is placed in /repository/components/dropins directory > and restarted the IS, the following error is printed. > > java.lang.NoClassDefFoundError: org/wso2/carbon/identity/authenticator/ > YammerOAuth2Authenticator > > at org.wso2.carbon.identity.authenticator.internal. > YammerAuthenticatorServiceComponent.activate( > YammerAuthenticatorServiceComponent.java:39) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.eclipse.equinox.internal.ds.model.ServiceComponent. > activate(ServiceComponent.java:260) > > at org.eclipse.equinox.internal.ds.model.ServiceComponentProp. > activate(ServiceComponentProp.java:146) > > at org.eclipse.equinox.internal.ds.model.ServiceComponentProp. > build(ServiceComponentProp.java:345) > > at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent( > InstanceProcess.java:620) > > at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents( > InstanceProcess.java:197) > > at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver. > java:473) > > at org.eclipse.equinox.internal.ds.Resolver.enableComponents( > Resolver.java:217) > > at org.eclipse.equinox.internal.ds.SCRManager.performWork( > SCRManager.java:816) > > at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob. > dispatch(SCRManager.java:783) > > at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) > > at java.lang.Thread.run(Thread.java:748) > > Caused by: java.lang.ClassNotFoundException: org.wso2.carbon.identity. > authenticator.YammerOAuth2Authenticator cannot be found by > org.wso2.carbon.identity.authenticator.yammer_1.0.0 > > at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal( > BundleLoader.java:455) > > at org.eclipse.osgi.internal.loader.BundleLoader.findClass( > BundleLoader.java:421) > > at org.eclipse.osgi.internal.loader.BundleLoader.findClass( > BundleLoader.java:412) > > at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass( > DefaultClassLoader.java:107) > > at java.lang.ClassLoader.loadClass(ClassLoader.java:357) > > > > > > [1] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Yammer+ > Authenticator > > > Any thoughts about this would be appreciated. > > > > > *Thanks and Best Regards,* > > *Isuru Uyanage* > *Software Engineer - QA | WSO2* > *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* > *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ > <https://www.linkedin.com/in/isuru-uyanage/>* > > > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [WSO2 IS] Clarification on Claim Configuration in Service Provider
Hi Dilshani, If you have marked a requested claim in SP claim configs as mandatory, IS will prompt this page if the claim is not available for the user in the user store and it's not specific to the SPA. In your case, for the authenticated user 'department' claim value is not available in the user store hence the prompt. Refer 'Information on mapping claims' section in [1] for a detailed explanation on mandatory claims. [1] - https://docs.wso2.com/display/IS530/Configuring+Claims+for+a+Service+Provider Regards, Omindu. On Wed, Dec 13, 2017 at 3:57 PM, Dilshani Subasinghe <dilsh...@wso2.com> wrote: > Hi All, > > I am working on scenario 17 (Single Page Application (SPA) proxy) [1]. > > In this scenario, I configure SP with OAuth 2.0 authorization code grant. > So I try out claims configurations in SP side. While testing that, noticed > different behaviors in IS while requesting mandatory claims as follows; > > > > > Above screenshot also showing that only requesting one claim (department), > while it configured two mandatory claims in SP. > > I need to clarify exact way of requesting claims. Is that going to handle > by IS or by web app? If it is going to handle by IS, it should show all > mandatory claims. We tried claim mapping in SP with Travelocity and it > works fine. > According to this scenario, I have to use Single Page Application [2]. > Hence bit confuse about the functionality (Whether this is a limitation of > SPA or issue in IS). > > Any help on this will be highly appreciated. > > [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the- > wso2-identity-server-16f9fd0c0389 > [2] https://github.com/facilelogin/aratuwa/tree/ > master/oauth2.0-apps/org.wso2.carbon.identity.oauth.spa > > Thanks. > > -- > > Dilshani Subasinghe > Software Engineer - QA *|* WSO2 > lean *|* enterprise *|* middleware > > Mobile : +94773375185 <+94%2077%20337%205185> > Blog: dilshani.me > > <https://wso2.com/signature> > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Login to Identity Server using Instagram credentials
ng parameters: access_token', uri='null', state='null',
>> scope='null', redirectUri='null', responseStatus=0, parameters={}}*
>>
>> * at
>> org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)*
>>
>> * at
>> org.apache.oltu.oauth2.common.utils.OAuthUtils.handleOAuthProblemException(OAuthUtils.java:167)*
>>
>> * at
>> org.apache.oltu.oauth2.common.utils.OAuthUtils.handleMissingParameters(OAuthUtils.java:185)*
>>
>> * at
>> org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateRequiredParameters(OAuthClientValidator.java:90)*
>>
>> * at
>> org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateParameters(OAuthClientValidator.java:53)*
>>
>> * at
>> org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validate(OAuthClientValidator.java:49)*
>>
>> * at
>> org.apache.oltu.oauth2.client.response.OAuthClientResponse.validate(OAuthClientResponse.java:64)*
>>
>> * at
>> org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:59)*
>>
>> * at
>> org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse.init(OAuthAccessTokenResponse.java:52)*
>>
>> * at
>> org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory.createCustomResponse(OAuthClientResponseFactory.java:60)*
>>
>> * at
>> org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:111)*
>>
>> * at
>> org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:65)*
>>
>> * at
>> org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:55)*
>>
>> * at
>> org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:71)*
>>
>> * at
>> org.wso2.carbon.identity.authenticator.instagram.InstagramAuthenticator.getOauthResponse(InstagramAuthenticator.java:252)*
>>
>>
>>
>>
>> Other than the configurations in the document[1], I have enabled
>> emailasusername in the carbon.xml.
>>
>> Any help to solve this issue is appreciated.
>>
>>
>>
>> [1] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+
>> Instagram+Authenticator
>>
>>
>>
>>
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> <https://www.linkedin.com/in/isuru-uyanage/>*
>>
>>
>>
>>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Minimum permission required to view a Service provider application in management console
There's a limitation managing applications in a fine grained manner from the management console. As per [1] you'll have to give /permission/admin/manage/identity/applicationmgt permission in order to view the menu option in the console, meaning giving only application read permission for a role will not be enough to list/view the applications in management console. However, this limitation is not there for the soap services. AFAIK this is something we are planning to address in one of the upcoming releases. [1] - https://github.com/wso2/carbon-identity-framework/blob/v5.7.5/components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/META-INF/component.xml#L30 On Wed, Dec 6, 2017 at 5:54 PM, Nilasini Thirunavukkarasu <nilas...@wso2.com > wrote: > Hi, > > I wanted to know the minimum permission required in order to view a > service provider application? > > The scenario I tried is > > 1) Create a service provider travelocity using user1. (It creates an > application specific role Application/travelocity) > 2) Create another user from user1 let's say the created user is user2. > 3) Assigned login permission, Application Management->view permission > to Application/travelocity role and assigned Application/travelocity role > to user2. > 4) Logged in as user 2 but couldn't able to view the Service provider > travelocity. > 5) If I assign Application Management permission to > Application/travelocity role only I could able to view the service provider > travelocity. > > So is there any way that we can allow to only view the service provider > but not allow to edit the service provider? If I use point (5) then there > is no way for this option. > > > Any help on this would be highly appreciated. > > Thanks, > Nila. > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Issue with XACML policy in wso2is-km-5.3..0
MustBePresent="true"/> > > > > > > > > http://www.w3.org/ > 2001/XMLSchema#string">admin > http://wso2.org/claims/role; > Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" > DataType="http://www.w3.org/2001/XMLSchema#string; MustBePresent="true"/> > > > > > > > > > http://www.w3.org/ > 2001/XMLSchema#string">read >AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" > Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" > DataType="http://www.w3.org/2001/XMLSchema#string; MustBePresent="true"/> > > > > > > > > http://www.w3.org/ > 2001/XMLSchema#string">admin > http://www.w3.org/ > 2001/XMLSchema#string" MustBePresent="true"/> > > > > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Fwd: Error while Building Identity Server from Source
Hi Sandun, Please have a look at [1]. It might help [1] - https://www.mail-archive.com/dev@wso2.org/msg57254.html Regards, Omindu. On Mon, Oct 9, 2017 at 11:06 PM, Sandun Perera <sandunpper...@gmail.com> wrote: > > -- Forwarded message -- > From: Sandun Perera <sandunpper...@gmail.com> > Date: Mon, Oct 9, 2017 at 10:01 PM > Subject: [Dev] Error while Building Identity Server from Source > To: dev@wso2.org > > > Hi > > I got following maven error while trying to build Identity Server from > Source. > > *[ERROR] Failed to execute goal > org.wso2.maven:carbon-p2-plugin:1.5.4:p2-profile-gen > (3-p2-profile-generation) on project identity-profile-gen: P2 publisher > return code was 13 -> [Help 1]* > *org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.wso2.maven:carbon-p2-plugin:1.5.4:p2-profile-gen > (3-p2-profile-generation) on project identity-profile-gen: P2 publisher > return code was 13* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.MojoExecutor.execute(MojoExecutor.java:212)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.MojoExecutor.execute(MojoExecutor.java:153)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.MojoExecutor.execute(MojoExecutor.java:145)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.LifecycleStarter.execute(LifecycleStarter.java:128)* > *at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)* > *at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)* > *at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)* > *at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)* > *at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)* > *at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)* > *at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)* > *at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)* > *at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)* > *at java.lang.reflect.Method.invoke(Method.java:498)* > *at > org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)* > *at > org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)* > *at > org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)* > *at > org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)* > *Caused by: org.apache.maven.plugin.MojoExecutionException: P2 publisher > return code was 13* > *at > org.wso2.maven.p2.ProfileGenMojo.execute(ProfileGenMojo.java:180)* > *at > org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)* > *at org.apache.maven.lifecycle.int > <http://org.apache.maven.lifecycle.int>ernal.MojoExecutor.execute(MojoExecutor.java:207)* > *... 20 more* > *Caused by: org.apache.maven.plugin.MojoFailureException: P2 publisher > return code was 13* > *at > org.wso2.maven.p2.ProfileGenMojo.installFeatures(ProfileGenMojo.java:222)* > *at > org.wso2.maven.p2.ProfileGenMojo.execute(ProfileGenMojo.java:170)* > *... 22 more* > *[ERROR] * > *[ERROR] Re-run Maven using the -X switch to enable full debug logging.* > *[ERROR] * > *[ERROR] For more information about the errors and possible solutions, > please read the following articles:* > *[ERROR] [Help 1] > http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException > <http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException>* > *[ERROR] * > > > > Appreciate any help. > > > Thank You > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Datasource support in secondary user stores
And one more thing, shall we also change the default values for maxIdle and
maxActive to avoid getting the following WARN ?
*WARN {org.apache.tomcat.jdbc.pool.ConnectionPool} - maxIdle is larger
than maxActive, setting maxIdle to: 40*
On Thu, Sep 14, 2017 at 10:33 PM, Omindu Rathnaweera <omi...@wso2.com>
wrote:
> Following are the pooling properties we support for JDBC user stores ATM
> as per [1].
>
> maxActive
> minIdle
> maxIdle
> maxWait
> testWhileIdle
> timeBetweenEvictionRunsMillis
> minEvictableIdleTimeMillis
> validationQuery
>
> +1 for adding the rest of the properties. We can use [2] as a reference
> for the rest of the properties. Having these will be valuable when tuning
> and troubleshooting the secondary JDBC user stores.
>
> [1] - https://github.com/wso2/carbon-kernel/blob/v4.4.17/
> core/org.wso2.carbon.user.core/src/main/java/org/wso2/
> carbon/user/core/util/DatabaseUtil.java#L89
>
> [2] - https://github.com/wso2/carbon-kernel/blob/v4.4.17/
> core/org.wso2.carbon.ndatasource.rdbms/src/main/java/org/wso2/carbon/
> ndatasource/rdbms/utils/RDBMSDataSourceUtils.java#L179
>
> Regards,
> Omindu.
>
> On Tue, Sep 12, 2017 at 10:54 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> [looping dev]
>>
>> On Tue, Sep 12, 2017 at 10:51 PM, Darshana Gunawardana <darsh...@wso2.com
>> > wrote:
>>
>>> Hi Harsha,
>>>
>>> Using datasources for secondary userstores not works in the tenant.
>>>
>>> * In order to load the realm its need datasources be loaded
>>> * In order to load datasources its need realm be loaded
>>>
>>> So we have to go forward with reading needed db tuning parameters as
>>> properties of the userstore config.
>>>
>>> Thanks,
>>>
>>> On Tue, Sep 12, 2017 at 10:38 PM, Harsha Thirimanna <hars...@wso2.com>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> Currently we are not supporting $subject and don't we need to address
>>>> this because we can't tune up the database config within secondary user
>>>> store config now.
>>>> At least we have to improve that part in secondary user stores now. But
>>>> it is not the right solution.
>>>>
>>>> WDYT ?
>>>>
>>>> https://wso2.org/jira/browse/IDENTITY-6419
>>>>
>>>>
>>>> *Harsha Thirimanna*
>>>> *Associate Tech Lead | WSO2*
>>>>
>>>> Email: hars...@wso2.com
>>>> Mob: +94715186770 <+94%2071%20518%206770>
>>>> Blog: http://harshathirimanna.blogspot.com/
>>>> Twitter: http://twitter.com/harshathirimann
>>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha
>>>> rsha-thirimanna/10/ab8/122
>>>> <http://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>> Middleware
>>>
>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>
>
>
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Datasource support in secondary user stores
Following are the pooling properties we support for JDBC user stores ATM as per [1]. maxActive minIdle maxIdle maxWait testWhileIdle timeBetweenEvictionRunsMillis minEvictableIdleTimeMillis validationQuery +1 for adding the rest of the properties. We can use [2] as a reference for the rest of the properties. Having these will be valuable when tuning and troubleshooting the secondary JDBC user stores. [1] - https://github.com/wso2/carbon-kernel/blob/v4.4.17/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/util/DatabaseUtil.java#L89 [2] - https://github.com/wso2/carbon-kernel/blob/v4.4.17/core/org.wso2.carbon.ndatasource.rdbms/src/main/java/org/wso2/carbon/ndatasource/rdbms/utils/RDBMSDataSourceUtils.java#L179 Regards, Omindu. On Tue, Sep 12, 2017 at 10:54 PM, Darshana Gunawardana <darsh...@wso2.com> wrote: > [looping dev] > > On Tue, Sep 12, 2017 at 10:51 PM, Darshana Gunawardana <darsh...@wso2.com> > wrote: > >> Hi Harsha, >> >> Using datasources for secondary userstores not works in the tenant. >> >> * In order to load the realm its need datasources be loaded >> * In order to load datasources its need realm be loaded >> >> So we have to go forward with reading needed db tuning parameters as >> properties of the userstore config. >> >> Thanks, >> >> On Tue, Sep 12, 2017 at 10:38 PM, Harsha Thirimanna <hars...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> Currently we are not supporting $subject and don't we need to address >>> this because we can't tune up the database config within secondary user >>> store config now. >>> At least we have to improve that part in secondary user stores now. But >>> it is not the right solution. >>> >>> WDYT ? >>> >>> https://wso2.org/jira/browse/IDENTITY-6419 >>> >>> >>> *Harsha Thirimanna* >>> *Associate Tech Lead | WSO2* >>> >>> Email: hars...@wso2.com >>> Mob: +94715186770 <+94%2071%20518%206770> >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Technical Lead >> WSO2 Inc.; http://wso2.com >> >> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >> Middleware >> > > > > -- > Regards, > > > *Darshana Gunawardana*Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . > Middleware > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Shall We Link Corresponding IS Documentation as Context Sensitive Help Pages in IS Management Console?
One other option would be to export an html from the doc page and include it in the product. On Thu, Aug 31, 2017 at 10:35 AM, Johann Nallathamby <joh...@wso2.com> wrote: > Only problem I see is if Internet access is not available from the > client's machine which can access the carbon console, which could be the > case sometimes. > > On Thu, Aug 31, 2017 at 10:22 AM, Thilina Madumal <thilina...@wso2.com> > wrote: > >> Hi Devs, >> >> Currently, in IS Management Console, the context sensitive help pages are >> outdated. See [1]. >> Even though the content is up to date, the content is not informative >> enough IMO. >> >> If we are to update the help-pages, we need to make them up to date and >> informative enough. >> The concern is if we are to do so; >> >>1. The effort is significantly high >>2. Also, it is kind of writing another set of documentation >> >> We already have a nice set of documentation for the Product IS. >> Therefore shall we link the already available IS documentation to Help >> Pages of IS Management Console? WDYT? >> >> [1] https://wso2.org/jira/browse/IDENTITY-446 >> >> Thanks & Regards, >> Thilina. >> >> -- >> *Thilina Madumal* >> *Software Engineer | **WSO2* >> Email: thilina...@wso2.com >> Mobile: *+ <+94%2077%20767%201807>94 774553167* >> Web: <http://goog_716986954>http://wso2.com >> >> <http://wso2.com/signature> >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+9476950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding the OIDC openid scope in WSO2 IS
I had a quick chat with the Johann as well. So for the sake of backward compatibility we will not change this in the product and run the tests by altering the registry entry. @Fara: Am I correct to assume that oidc-scope-config.xml gets only affected during the first startup ? In any case we need to document about both configs if we haven't already. On Sat, Aug 12, 2017 at 10:10 AM, Ashen Weerathunga <as...@wso2.com> wrote: > > > On Fri, Aug 11, 2017 at 10:13 AM, Farasath Ahamed <farasa...@wso2.com> > wrote: > >> >> >> On Friday, August 11, 2017, Omindu Rathnaweera <omi...@wso2.com> wrote: >> >>> >>> >>> On Thu, Aug 10, 2017 at 5:15 PM, Hasini Witharana <hasi...@wso2.com> >>> wrote: >>> >>>> Hi, >>>> >>>> Currently I am working on making WSO2 IS OpenID Connect certified. I >>>> ran a test on requesting essential claims from OP, when the scope is >>>> openid. It gave an error saying unexpected claims returned. >>>> >>> >>> This is not an error, but a warning correct ? >>> >>> >>>> Then I inquired about this issue through the mailing list of OIDC >>>> specifications [1]. I got some information from that as openid scope >>>> should only return subject and issuer. >>>> >>>> IS 5.4.0 is supporting many claims for scope openid. They are : >>>> sub,email,email_verified,name, >>>> family_name,given_name,middle_name,nickname, >>>> preferred_username,profile,pic >>>> ture,website,gender,birthdate,zoneinfo,locale, >>>> phone_number,phone_number_veri >>>> fied,address,street,updated_at >>>> >>>> I couldn't find In the OIDC specification where it mention that, openid >>>> scope should only return subject and issuer. >>>> >>> >>> AFAIK, the spec has not specifically mentioned about what we should >>> return for the openid scope and it only mentions about the what should be >>> returned for the default 4 scopes. However it is understandable that the >>> test client expects a minimum set of claims when having only the openid >>> scope. If an RP needs additional claims, it should request them with >>> specifying additional scopes and/or essential claims. So I think the >>> correct behavior would be to return only a minimal set of claims for the >>> openid scope. >>> >> >> Since the spec hasn't specifed this minimal set of claims one can argue >> that it is something specific to an RP. This is how our current >> implementation works as well. Although we could define a set of claim bound >> to the 'openid' scope, the service provider could control what it needs >> from the claims bound to openid scope by using requested claims >> configuration. >> >> Changing 'openid' scope to return issuer and sub claims only will be a >> breaking change for many existing providers who rely on the additional >> claims (some of them could be mandatory in PoV of the RP) >> >> IMO, if the spec doesn't mandate what should be returned for openid scope >> then we can keep our existing implementation as it is. >> > > +1 to keep existing claims if it's not a spec violation. Seems like we > have defined all the standerd claims mentioned in the spec [1] under our > openid scope implemenation. So if someone need to remove some of claims > they can remove it from the oidc configurations in the registry. > > [1] http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims > > >> >>> >>>> Can you please help me on this issue? >>>> >>>> Thank you. >>>> >>>> >>>> [1] - http://lists.openid.net/pipermail/openid-specs/2017-August/s >>>> ubject.html >>>> >>>> -- >>>> >>>> *Hasini Witharana* >>>> Software Engineering Intern | WSO2 >>>> >>>> >>>> *Email : hasi...@wso2.com* >>>> >>>> *Mobile : +94713850143 <+94%2071%20385%200143>[image: >>>> http://wso2.com/signature] <http://wso2.com/signature>* >>>> >>> >>> >>> Regards, >>> Omindu. >>> >>> -- >>> Omindu Rathnaweera >>> Senior Software Engineer, WSO2 Inc. >>> Mobile: +94 771 197 211 <+94%2077%20119%207211> >>> >> >> >> -- >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Ashen Weerathunga* > Software Engineer > WSO2 Inc.: http://wso2.com > lean.enterprise.middleware > > Email: as...@wso2.com > Mobile: +94716042995 <94716042995> > LinkedIn: *http://lk.linkedin.com/in/ashenweerathunga > <http://lk.linkedin.com/in/ashenweerathunga>* > <http://wso2.com/signature> > Thanks, Omindu -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 <+94%2077%20119%207211> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding the OIDC openid scope in WSO2 IS
On Thu, Aug 10, 2017 at 5:15 PM, Hasini Witharana <hasi...@wso2.com> wrote: > Hi, > > Currently I am working on making WSO2 IS OpenID Connect certified. I ran a > test on requesting essential claims from OP, when the scope is openid. It > gave an error saying unexpected claims returned. > This is not an error, but a warning correct ? > Then I inquired about this issue through the mailing list of OIDC > specifications [1]. I got some information from that as openid scope > should only return subject and issuer. > > IS 5.4.0 is supporting many claims for scope openid. They are : > sub,email,email_verified,name,family_name,given_name,middle_ > name,nickname, > > preferred_username,profile,picture,website,gender,birthdate,zoneinfo,locale, > > phone_number,phone_number_verified,address,street,updated_at > > I couldn't find In the OIDC specification where it mention that, openid > scope should only return subject and issuer. > AFAIK, the spec has not specifically mentioned about what we should return for the openid scope and it only mentions about the what should be returned for the default 4 scopes. However it is understandable that the test client expects a minimum set of claims when having only the openid scope. If an RP needs additional claims, it should request them with specifying additional scopes and/or essential claims. So I think the correct behavior would be to return only a minimal set of claims for the openid scope. > Can you please help me on this issue? > > Thank you. > > > [1] - http://lists.openid.net/pipermail/openid-specs/2017- > August/subject.html > > -- > > *Hasini Witharana* > Software Engineering Intern | WSO2 > > > *Email : hasi...@wso2.com <hasi...@wso2.com>* > > *Mobile : +94713850143 <+94%2071%20385%200143>[image: > http://wso2.com/signature] <http://wso2.com/signature>* > Regards, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite
Hi VIndula, You can use https://github.com/wso2-incubator/scim2-compliance-test-suite for your development. Please send a PR with the current code. Regards, Omindu. On Mon, Jun 26, 2017 at 11:52 PM, Omindu Rathnaweera <omi...@wso2.com> wrote: > Scheduled the meeting on 28th Wednesday at 3.00 pm. Hope you've got the > request. > > > On Mon, Jun 26, 2017 at 11:17 PM, Vindula Jayawardana < > vindula...@cse.mrt.ac.lk> wrote: > >> Hi, >> >> Yes I can do a demo on the current implementation. How about the June >> 28th Wednesday at 3.00 pm ? >> >> Please find the following details to test the /ServiceProviderConfig >> endpoint. >> >> 1. Start the IS instance locally. >> 2. Deploy the scimproxycompliance.war >> 3. On the UI, select Compliance Test 2.0 tab >> 4. Enter the IS SCIM base url as : https://localhost:9443 >> >> I have tested with mocked IS 5.3.0 instance with SCIM 2.0 support. >> >> Thank you. >> >> *Vindula Jayawardana* >> Computer Science and Engineering Dept. >> University of Moratuwa >> mobile : +713462554 >> Email : vindul...@gmail.com >> >> <https://www.facebook.com/vindula.jayawardana> >> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >> <https://twitter.com/vindulajay> >> >> *“Respect is how to treat everyone, not just those you want to impress. "* >> >> >> *-Richard Branson-* >> >> >> >> On 26 June 2017 at 10:42, Omindu Rathnaweera <omi...@wso2.com> wrote: >> >>> Hi Vindula, >>> >>> Would it possible for you to arrange the demo within the evaluation time >>> period (26th - 30th)? Also please share the instructions to try out the ' >>> ServiceProviderConfig' test. >>> >>> Thanks, >>> Omindu. >>> >>> On Tue, Jun 20, 2017 at 5:12 PM, Vindula Jayawardana < >>> vindula...@cse.mrt.ac.lk> wrote: >>> >>>> Hi, >>>> >>>> I was able to implement /ServiceProviderConfig endpoint compliance test >>>> as an end to end test [1]. >>>> >>>> As discussed I used feign JAX-RS client. I did not directly use Charon >>>> core objects [1][2] in REST client due to json encoding and decoding >>>> problem as mentioned by Gayan in the previous mail. Hence I implemented >>>> separate object object models for this purpose. >>>> >>>> I am hoping to arrange a demo of the currently implemented test and >>>> also it will be better if I can get your opinions on verifying the >>>> architecture of the current implementation. Shall we have a quick demo >>>> session on Thursday (22nd) ? >>>> >>>> [1] https://github.com/Vindulamj/SCIM-2.0-Complience-Test-Suite >>>> [2] https://github.com/wso2/charon/blob/master/modules/charo >>>> n-core/src/main/java/org/wso2/charon3/core/objects/User.java >>>> [3] https://github.com/wso2/charon/blob/master/modules/charo >>>> n-core/src/main/java/org/wso2/charon3/core/objects/Group.java >>>> >>>> Thank you. >>>> >>>> *Vindula Jayawardana* >>>> Computer Science and Engineering Dept. >>>> University of Moratuwa >>>> mobile : +713462554 >>>> Email : vindul...@gmail.com >>>> >>>> <https://www.facebook.com/vindula.jayawardana> >>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>>> <https://twitter.com/vindulajay> >>>> >>>> *“Respect is how to treat everyone, not just those you want to impress. >>>> "* >>>> >>>> >>>> *-Richard Branson-* >>>> >>>> >>>> >>>> On 11 June 2017 at 19:02, Gayan Gunawardana <ga...@wso2.com> wrote: >>>> >>>>> Hi Vindula, >>>>> >>>>> On Mon, Jun 5, 2017 at 4:14 PM, Vindula Jayawardana < >>>>> vindula...@cse.mrt.ac.lk> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Kindly find the weekly update below. >>>>>> >>>>>> Within the week time span, I have been working on the webapp >>>>>> component proposed in the system architecture. In parallel, I also looked >>>>>> in to implementing sc
Re: [Dev] [GSoC][SCIM] SCIM 2.0 Test Dependencies
Vindula Jayawardana* >>>> Computer Science and Engineering Dept. >>>> University of Moratuwa >>>> mobile : +713462554 >>>> Email : vindul...@gmail.com >>>> >>>> <https://www.facebook.com/vindula.jayawardana> >>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>>> <https://twitter.com/vindulajay> >>>> >>>> *“Respect is how to treat everyone, not just those you want to impress. >>>> "* >>>> >>>> >>>> *-Richard Branson-* >>>> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Senior Technical Lead - WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+9476950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite
Scheduled the meeting on 28th Wednesday at 3.00 pm. Hope you've got the request. On Mon, Jun 26, 2017 at 11:17 PM, Vindula Jayawardana < vindula...@cse.mrt.ac.lk> wrote: > Hi, > > Yes I can do a demo on the current implementation. How about the June > 28th Wednesday at 3.00 pm ? > > Please find the following details to test the /ServiceProviderConfig > endpoint. > > 1. Start the IS instance locally. > 2. Deploy the scimproxycompliance.war > 3. On the UI, select Compliance Test 2.0 tab > 4. Enter the IS SCIM base url as : https://localhost:9443 > > I have tested with mocked IS 5.3.0 instance with SCIM 2.0 support. > > Thank you. > > *Vindula Jayawardana* > Computer Science and Engineering Dept. > University of Moratuwa > mobile : +713462554 > Email : vindul...@gmail.com > > <https://www.facebook.com/vindula.jayawardana> > <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> > <https://plus.google.com/u/0/+VindulaJayawardana/posts> > <https://twitter.com/vindulajay> > > *“Respect is how to treat everyone, not just those you want to impress. "* > > > *-Richard Branson-* > > > > On 26 June 2017 at 10:42, Omindu Rathnaweera <omi...@wso2.com> wrote: > >> Hi Vindula, >> >> Would it possible for you to arrange the demo within the evaluation time >> period (26th - 30th)? Also please share the instructions to try out the ' >> ServiceProviderConfig' test. >> >> Thanks, >> Omindu. >> >> On Tue, Jun 20, 2017 at 5:12 PM, Vindula Jayawardana < >> vindula...@cse.mrt.ac.lk> wrote: >> >>> Hi, >>> >>> I was able to implement /ServiceProviderConfig endpoint compliance test >>> as an end to end test [1]. >>> >>> As discussed I used feign JAX-RS client. I did not directly use Charon >>> core objects [1][2] in REST client due to json encoding and decoding >>> problem as mentioned by Gayan in the previous mail. Hence I implemented >>> separate object object models for this purpose. >>> >>> I am hoping to arrange a demo of the currently implemented test and also >>> it will be better if I can get your opinions on verifying the >>> architecture of the current implementation. Shall we have a quick demo >>> session on Thursday (22nd) ? >>> >>> [1] https://github.com/Vindulamj/SCIM-2.0-Complience-Test-Suite >>> [2] https://github.com/wso2/charon/blob/master/modules/charo >>> n-core/src/main/java/org/wso2/charon3/core/objects/User.java >>> [3] https://github.com/wso2/charon/blob/master/modules/charo >>> n-core/src/main/java/org/wso2/charon3/core/objects/Group.java >>> >>> Thank you. >>> >>> *Vindula Jayawardana* >>> Computer Science and Engineering Dept. >>> University of Moratuwa >>> mobile : +713462554 >>> Email : vindul...@gmail.com >>> >>> <https://www.facebook.com/vindula.jayawardana> >>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>> <https://twitter.com/vindulajay> >>> >>> *“Respect is how to treat everyone, not just those you want to impress. >>> "* >>> >>> >>> *-Richard Branson-* >>> >>> >>> >>> On 11 June 2017 at 19:02, Gayan Gunawardana <ga...@wso2.com> wrote: >>> >>>> Hi Vindula, >>>> >>>> On Mon, Jun 5, 2017 at 4:14 PM, Vindula Jayawardana < >>>> vindula...@cse.mrt.ac.lk> wrote: >>>> >>>>> Hi, >>>>> >>>>> Kindly find the weekly update below. >>>>> >>>>> Within the week time span, I have been working on the webapp component >>>>> proposed in the system architecture. In parallel, I also looked in to >>>>> implementing scimcore component as well. In implementing the scimcore >>>>> component, as we discussed in the previous mails, I used the Charon code >>>>> (which relates to scheme specifications only) as a base code. >>>>> >>>> You suppose to use feign JAX-RS client right ? Can you directly use >>>> charon core objects [1][2] in REST client or did you implement your own >>>> object model ? I guess you may find json encoding and decoding problem with >>>> charon core standard objects. >>>> >>>> [1] https://github.com/wso2/charon/blob/master/modules/charon-co >>>> re/src/main/java/org/wso2/charon3
Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite
nding more on the current SCIM 1.1 test >>>>> suite. Hence I further analyzed it and identified the following >>>>> possibilities. >>>>> >>>> +1 >>>> >>>>> >>>>> 1. Apart from the specification specific implementation aspects, a >>>>> significant amount of code reuse can be done from the current code base. >>>>> However as per the SCIM mailing list [1] some concerns were raised >>>>> regarding the current structure of the implementation. >>>>> 2. For the proposed scim core component, we can make use of the Charon >>>>> [2] code base as a start. >>>>> >>>>> As Identity Server currently supports SCIM 2.0 in the C5 architecture >>>>> only, I have added a PR [3] and a jira [4] to make it available for C4 >>>>> architecture as well. Greatly appreciate if you can review it and merge. >>>>> >>>> We will review [3],[4] btw can you continue the work with IS 6.0.0 in >>>> C5 ? I guess for compliance test it won't make much difference. >>>> >>>>> >>>>> I am currently working in the webapp of the component architecture >>>>> proposed and hoping to start implementing the scimcore component in the >>>>> coming week. Apart from that, will look into mocking the /Schemas endpoint >>>>> in the SCIM 1.1 implementation of Identity Server to get a better >>>>> understanding on how the SCIM 1.1 test suite works with IS. >>>>> >>>> Great progress Vindula keep it up. >>>> >>>>> >>>>> [1] - https://mailarchive.ietf.org/arch/msg/scim/JYFpusDrtQ94hnghv >>>>> EPjczU4laE >>>>> [2] - https://github.com/wso2/charon >>>>> [3] - https://github.com/wso2-extensions/identity-inbound-provis >>>>> ioning-scim2/pull/16 >>>>> [4] - https://wso2.org/jira/projects/IDENTITY/issues/IDENTITY-5942 >>>>> >>>>> Thank you >>>>> >>>>> *Vindula Jayawardana* >>>>> Computer Science and Engineering Dept. >>>>> University of Moratuwa >>>>> mobile : +713462554 >>>>> Email : vindul...@gmail.com >>>>> >>>>> <https://www.facebook.com/vindula.jayawardana> >>>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>>>> <https://twitter.com/vindulajay> >>>>> >>>>> *“Respect is how to treat everyone, not just those you want to >>>>> impress. "* >>>>> >>>>> >>>>> *-Richard Branson-* >>>>> >>>>> >>>>> >>>>> On 2 April 2017 at 18:29, Vindula Jayawardana < >>>>> vindula...@cse.mrt.ac.lk> wrote: >>>>> >>>>>> Hi Omindu, >>>>>> >>>>>> Thank you for the prompt feedback on the draft proposal. I >>>>>> incorporated the suggestions you made on the proposal. >>>>>> >>>>>> As also mentioned in the proposal, I made the configuration options >>>>>> more flexible by giving the manual configuration feasibility to the >>>>>> tester >>>>>> as an optional feature apart from what is mandatory in the project. I >>>>>> hope >>>>>> that would give us the required flexibility in the SCIM 2.0 compliance >>>>>> test >>>>>> suite in terms of configuration options. >>>>>> >>>>>> Thank you, >>>>>> >>>>>> *Vindula Jayawardana* >>>>>> Computer Science and Engineering Dept. >>>>>> University of Moratuwa >>>>>> mobile : +713462554 >>>>>> Email : vindul...@gmail.com >>>>>> >>>>>> <https://www.facebook.com/vindula.jayawardana> >>>>>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>>>>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>>>>> <https://twitter.com/vindulajay> >>>>>> >>>>>> *“Respect is how to treat everyone, not just those you want to >>>>>> impress. "* >>>>>> >>>>>> >>>>>> *-Richard Branson-*
Re: [Dev] Regarding SCIM Extension
Hi Supun,
Can you have a look at the blog post [1]. The post has explained
configuring the scim extension in detail.
[1] - https://medium.com/@Dilshani/scim-extension-in-wso2-is-d30e8b0e8bc6
Thanks,
Omindu.
On Mon, Jun 5, 2017 at 3:46 PM, Supun Madushanka <supun...@cse.mrt.ac.lk>
wrote:
>
>
> Hi All,
>
> I am working with WSO2 IS (5.3.0) for one of my projects. I can
> successfully register a user using SCIM. But there are some attributes that
> I need which are not provided by SCIM by default. After a bit of search I
> found SCIM extension feature provided .So I configured IS according to
> following instructions.
>
> https://docs.wso2.com/display/IS530/Extensible+SCIM+User+Sch
> emas+With+WSO2+Identity+Server.
>
> When I send the registration request with a custom attribute (in this case
> "organization" ), in the immediate response I can find that attribute.
>
> request:
>
> curl -v -k --user admin:admin --data
> '{"schemas":[],"userName":"SureshAtt","password":"Wso2@123","wso2Extension":{"organization":"WSO2Org"}}'
> --header "Content-Type:application/json"
> https://localhost:9446/wso2/scim/Users
>
> response:
> {"wso2Extension":{"organization":"WSO2Org"},"meta":{"created":"2017-06-05T05:39:17","location":"https://localhost:9443/wso2/scim/Users/0a034368-abe5-4e36-a20f-21e37eb9935a","lastModified":"2017-06-05T05:39:17"},"schemas":["urn:scim:schemas:core:1.0","urn:scim:schemas:extension:wso2:1.0"],"id":"0a034368-abe5-4e36-a20f-21e37eb9935a","userName":"SureshAtt"}
>
>
>
> But when I try to get the user details by user Id using a separate
> request, I do not get the custom attribute in the response.
>
> request:
> curl -v -k --user admin:admin
> https://localhost:9446/wso2/scim/Users/0a034368-abe5-4e36-a20f-21e37eb9935a
>
> response:
> {"meta":{"created":"2017-06-05T05:39:17","location":"https://localhost:9443/wso2/scim/Users/0a034368-abe5-4e36-a20f-21e37eb9935a","lastModified":"2017-06-05T05:39:17"},"schemas":["urn:scim:schemas:core:1.0"],"id":"0a034368-abe5-4e36-a20f-21e37eb9935a","userName":"SureshAtt"}
>
>
> What could be the possible cause ? please be kind enough to assist.
>
> Thank
> --
> Best Regards,
> *Supun Madushanka*
> [Undergraduate]
> University of Moratuwa. http://www.mrt.ac.lk
> Department of Computer Science and Engineering. http://cse.mrt.ac.lk
> Mobile: +94 71 1135012 <%2B94%280%29%20711135012>
> E-mail: supun...@cse.mrt.ac.lk
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] API 2.1.0 + Identity Server 5.3.0
ent to login. > > > > I also created a test user in the IS primary store and assigned > “Internal/subscriber” role and that worked fine. > > > > > > Any help or pointers is appreciated. > > > > Thanks, > > Javier Vazquez > > > > > > > > If you wish to unsubscribe from receiving commercial electronic messages > from TD Bank Group, please click here <http://www.td.com/tdoptout> or go > to the following web address: www.td.com/tdoptout > Si vous souhaitez vous désabonner des messages électroniques de nature > commerciale envoyés par Groupe Banque TD veuillez cliquer ici > <http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab > > > NOTICE: Confidential message which may be privileged. Unauthorized > use/disclosure prohibited. If received in error, please go to > www.td.com/legal for instructions. > AVIS : Message confidentiel dont le contenu peut être privilégié. > Utilisation/divulgation interdites sans permission. Si reçu par erreur, > prière d'aller au www.td.com/francais/avis_juridique pour des > instructions. > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > > *Isura Dilhara Karunaratne* > > Senior Software Engineer | WSO2 > > Email: is...@wso2.com > > Mob : +94 772 254 810 <+94%2077%20225%204810> > > Blog : http://isurad.blogspot.com/ > > > > > > > > > > > > -- > > *Isura Dilhara Karunaratne* > > Senior Software Engineer | WSO2 > > Email: is...@wso2.com > > Mob : +94 772 254 810 <+94%2077%20225%204810> > > Blog : http://isurad.blogspot.com/ > > > > > > > > > > > > -- > > *Isura Dilhara Karunaratne* > > Senior Software Engineer | WSO2 > > Email: is...@wso2.com > > Mob : +94 772 254 810 <+94%2077%20225%204810> > > Blog : http://isurad.blogspot.com/ > > > > > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] WSO2IS - PAP/PDP API
Hi Welkson, These XACML admin services we have are SOAP services and you can invoke them using python. There are 2 SOAP services you'll have to use. For policy administration i.e creating, publishing policies EntitlementPolicyAdminService should be used and for evaluating XACML requests, EntitlementService should be used. For evaluating XACML requests, in addition to the EntitlementService, there is a REST API. You can find more info on this at [1]. Also [2] has a sample on how to invoke the EntitlementService, using the SOAP API. Hope this helps [1] - https://docs.wso2.com/display/IS530/Entitlement+with+REST+APIs [2] - http://blog.manujith.me/2016/03/wso2-identity-server-understanding.html Regards, Omindu. On Thu, Jun 1, 2017 at 6:00 AM, Welkson Renny de Medeiros <welk...@gmail.com > wrote: > Hello, > > Its possible manipulate (create, publish pap->pdp, disable/enable, etc.) > XACML policy using API? > > More details: > https://stackoverflow.com/questions/44271169/wso2- > policy-management-xacml-using-api > > Thanks in advance. > > -- > Welkson > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Error while running sample STS client
Hi Mukesh, Can you try adding the fix provided in [1] and see whether it solves the issue ? Keep the "renew" property set to 'false' in 'client.properties' file. [1] - https://github.com/wso2/product-is/pull/1231/files Regards, Omindu. On Tue, May 2, 2017 at 12:23 AM, Mukesh Yadav <mak@gmail.com> wrote: > If you need any other info please let me know, > > The client code, > https://github.com/muke5hy/Axis2Client-wso2IS > > > > On Sat, Apr 29, 2017 at 9:00 PM, Kasun Bandara <kbandara...@gmail.com> > wrote: > >> [+] Looping in the Identity server team. >> >> Kasun Gayan Bandara >> PhD Research Student >> Machine Learning Group >> >> Faculty of Information Technology, Clayton >> Monash University >> 25 Exhibition Walk, Clayton Campus >> Wellington Road >> Clayton VIC 3800 >> Australia. >> >> E: herath.band...@monash.edu >> M (+61) 43 491 6476 >> >> <https://www.linkedin.com/in/bandarakasun> >> >> >> >> On Sat, Apr 29, 2017 at 11:21 PM, Mukesh Yadav <mak@gmail.com> wrote: >> >>> Hi, >>> >>> I'm using WSO2 IS version 5.3.0 and AS 5.3.0 >>> Yes, I did follow all the steps in that blog. >>> >>> Did any tried running STS client for version 5.3.0 or IS and AS. >>> >>> >>> >>> On Sat, Apr 29, 2017 at 9:14 AM, Kasun Bandara <kbandara...@gmail.com> >>> wrote: >>> >>>> Hi Mukesh, >>>> >>>> Can you please specify the respective versions of WSO2 IS and WSO2 AS >>>> that you are using? I assume you are testing the WS-Trust STS (Active STS) >>>> protocol to secure a service deployed on the application server. If so, >>>> can you please recheck whether you gave followed steps as in [1]. >>>> >>>> Regards, >>>> Kasun >>>> >>>> [1] http://www.vitharana.org/2015/01/how-ws-trust-sts-works- >>>> in-wso2-identity.html >>>> >>>> Kasun Gayan Bandara >>>> PhD Research Student >>>> Machine Learning Group >>>> >>>> Faculty of Information Technology, Clayton >>>> Monash University >>>> 25 Exhibition Walk, Clayton Campus >>>> Wellington Road >>>> Clayton VIC 3800 >>>> Australia. >>>> >>>> E: herath.band...@monash.edu >>>> M (+61) 43 491 6476 >>>> >>>> <https://www.linkedin.com/in/bandarakasun> >>>> >>>> >>>> >>>> On Fri, Apr 28, 2017 at 6:15 PM, Mukesh Yadav <mak@gmail.com> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I have created WSO2-IS server and WSO2-AS server for as per the >>>>> documentation, And checkout sample code. But when I run sample code I get >>>>> the following error. >>>>> >>>>> I do get "Response SAML 2.0 Token is valid" but After that, I get the >>>>> error. >>>>> >>>>> org.apache.axis2.AxisFault: Missing wsse:Security header in request at >>>>> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndTh >>>>> rowAxisFault(RampartReceiver.java:195) >>>>> >>>>> at org.apache.rampart.handler.RampartReceiver.invoke(RampartRec >>>>> eiver.java:100) >>>>> >>>>> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) >>>>> >>>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:313) >>>>> >>>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) >>>>> >>>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) >>>>> >>>>> at org.apache.axis2.description.OutInAxisOperationClient.handle >>>>> Response(OutInAxisOperation.java:359) >>>>> >>>>> at org.apache.axis2.description.OutInAxisOperationClient.send(O >>>>> utInAxisOperation.java:445) >>>>> >>>>> at org.apache.axis2.description.OutInAxisOperationClient.executeImpl( >>>>> OutInAxisOperation.java:225) >>>>> >>>>> at org.apache.axis2.client.OperationClient.execute(OperationCli >>>>> ent.java:149) >>>>> >>>>> at org.apache.axis2.client.ServiceClient.sendReceive(ServiceCli >>>>> ent.java:554) >>>>> >>>>> at org.apache.axis2.client.ServiceClient.sendReceive(ServiceCli >>>>> ent.java:530) >>>>> >>>>> at org.wso2.carbon.identity.samples.sts.Client.run(Client.java:235) >>>>> >>>>> at org.wso2.carbon.identity.samples.sts.Client.main(Client.java:94) >>>>> >>>>> Caused by: org.apache.rampart.RampartException: Missing wsse:Security >>>>> header in request >>>>> >>>>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:146) >>>>> >>>>> at org.apache.rampart.handler.RampartReceiver.invoke(RampartRec >>>>> eiver.java:93) >>>>> >>>>> ... 12 more >>>>> -- >>>>> Regards >>>>> Mukesh Yadav >>>>> mukeshyadav.com >>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>> >>> >>> -- >>> Regards >>> Mukesh Yadav >>> mukeshyadav.com >>> >> >> > > > -- > Regards > Mukesh Yadav > mukeshyadav.com > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Issue with STS between WSO2 IS and ESB
4nbnMFeX > >> rRBhhrrPjn2p+A > >> NHUTjwjfTP+JKIZWE7I= > >> > >> > >> > >> MIICNTCCAZ6gAwIBAgIES343gjANBg > >> kqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE > >> CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIx > >> EjAQBgNVBAMMCWxv > >> Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJ > >> BgNVBAYTAlVTMQsw > >> CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwE > >> V1NPMjESMBAGA1UE > >> AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/ > >> oV1vWc8/TkQSiAvTou > >> sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb > >> +48FjbBe0hseUdN5 > >> HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+ > >> QktMfXnRS4HrKGJTzxaCcU7OQID > >> AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wP > >> R7cr1LAdq+IrR44i > >> QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQT > >> Y1jMrPprjOrmyK5sjJR > >> O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/ > >> Wq8uHSCo= > >> > >> > >> > >> > >> admin > >> >> /> > >> > >> >> NotOnOrAfter="2017-04-27T18:24:37.908Z" /> > >> > >> > >> urn:oasis:names:tc:SAML:2.0: > >> ac:classes:Password > >> > >> > >> > >> > >> > >> Any idea? > >> > > > >> > > > >> > >> > >> > >> ___ > >> Dev mailing list > >> Dev@wso2.org > >> http://wso2.org/cgi-bin/mailman/listinfo/dev > >> > >> > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Token validation stub user permissions
Hi Hanen, For validate action, the required permission is "/permission/admin/manage/identity/applicationmgt/view" [1]. [image: Inline image 1] [1] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth/src/main/resources/META-INF/services.xml#L98 Regards, Omindu. On Fri, Apr 28, 2017 at 3:10 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote: > Hello, > > Could you please tell me what are the minimum permissions required for a > user to invoke token validation stub. > > curl --user admin:admin --header "Content-Type: text/xml" --header > "SOAPAction: validate" -k -d @soap.xml https://localhost:9443/services/ > OAuth2TokenValidationService/ > > I don't want to use the super admin, what should a normal user have as > permissions to be able to do such validation. > > > Regards, > Hanen > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0
.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >> er(CaptchaFilter.java:76) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:120) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >> r(CharacterSetFilter.java:61) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:120) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >> dWrapperValve.java:218) >> at org.apache.catalina.core.StandardContextValve.invoke(Standar >> dContextValve.java:122) >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >> uthenticatorBase.java:505) >> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >> stValve.java:169) >> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >> rtValve.java:103) >> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >> RewriteValve.invoke(TenantContextRewriteValve.java:72) >> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >> ke(AuthorizationValve.java:91) >> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >> ke(AuthenticationValve.java:60) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >> ocation(CompositeValve.java:99) >> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >> (CarbonTomcatValve.java:47) >> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >> ntLazyLoaderValve.java:57) >> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >> eValves(TomcatValveContainer.java:47) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >> ositeValve.java:62) >> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >> lve.java:958) >> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >> invoke(CarbonContextCreatorValve.java:57) >> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >> EngineValve.java:116) >> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >> apter.java:452) >> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >> tractHttp11Processor.java:1087) >> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >> .process(AbstractProtocol.java:637) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >> (NioEndpoint.java:1756) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >> ioEndpoint.java:1715) >> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >> Executor.java:1142) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >> lExecutor.java:617) >> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >> un(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> >> >> [2] https://github.com/wso2-extensions/identity-inbound-auth >> -saml/blob/183307fac8ae4e4fba139e2449961996c9e1ddf7/componen >> ts/org.wso2.carbon.identity.sso.saml/src/main/java/org/ >> wso2/carbon/identity/sso/saml/builders/assertion/ExtendedDef >> aultAssertionBuilder.java#L85-L85 >> >> >> >> Thanks, >> Farasath. >> >> >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+9476950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Create patch for IS
5.2.2-SNAPSHOT is the master branch. You have to checkout v5.2.1 tag (ex: git checkout tags/v5.2.1) and build it. On Tue, Apr 4, 2017 at 7:38 PM, Illia Alifanov <illia.alifa...@eleks.com> wrote: > I did next steps: > > 1. cloned https://github.com/wso2-extensions/identity-inbound- > auth-sts/tree/v5.2.1 > > 2. ran “mvn clean install” in the directory > “D:\java\identity-inbound-auth-sts\components\org.wso2. > carbon.identity.sts.passive.ui” > > > > I received org.wso2.carbon.identity.sts.passive.ui-5.2.2-SNAPSHOT.jar in > the “target” directory. > > It isn’t org.wso2.carbon.identity.sts.passive.ui-5.2.1.jar as I expected. > > > > Should I copy this file to > > > > -repository > > -components > > -patches > > -*patch0999* > > > > Or it is wrong file name and I should make changes in pom.xml? > > > > > > *From:* Omindu Rathnaweera [mailto:omi...@wso2.com] > *Sent:* Tuesday, April 4, 2017 3:44 PM > *To:* Godwin Shrimal <god...@wso2.com> > *Cc:* Illia Alifanov <illia.alifa...@eleks.com>; dev@wso2.org > *Subject:* Re: [Dev] Create patch for IS > > > > IS 5.3.0 uses version 5.2.1 of org.wso2.carbon.identity.sts.passive.ui > component. Checkout v5.2.1 tag from [1], build the component after making > your changes and apply the patch as instructed above. > > > > [1] - https://github.com/wso2-extensions/identity-inbound- > auth-sts/tree/v5.2.1/components/org.wso2.carbon.identity.sts.passive.ui > > > > Regards, > > Omindu. > > > > On Tue, Apr 4, 2017 at 5:56 PM, Godwin Shrimal <god...@wso2.com> wrote: > > Hi Illia, > > You can find all the feature related carbon components inside the > /repository/components/plugins directory, If you want to > patch existing component, you need to do what ever the changes, build it > and put into /repository/components/patches with patch > number (with format *patch*) and restart the server. > > Ex. > > -repository > > -components > > -patches > > -*patch0999* > -org.wso2.carbon.identity.sts. > passive.ui-5.1.0.jar > > If patch is applying correctly you can see a log in > /repository/logs/patches.log > > > > Thanks > > Godwin > > > > On Tue, Apr 4, 2017 at 4:30 PM, Illia Alifanov <illia.alifa...@eleks.com> > wrote: > > Dear, WSO2 team, > > > > And I need help to understand how to make and build plugins for Identity > server (5.3.0). > > I tried to make patch for this org.wso2.carbon.identity.sts.passive.ui. > > > > It will be convenient to have guide for making plugins for WSO2 products. > > > > I’ll appreciate your help. > > > > Regards, > > Illia. > > > > > -- > > > This e-mail may contain privileged and confidential information. If you > are not the intended recipient, be aware that any use, disclosure, copying > or distribution of this e-mail or any attachments is prohibited. If you > have received this e-mail in error, please notify us immediately by > returning it to the sender and delete this copy from your system. Thank you. > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > -- > > *Godwin Amila Shrimal* > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165 <+94%2077%20226%204165>* > > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > > Omindu Rathnaweera > > Senior Software Engineer, WSO2 Inc. > > Mobile: +94 771 197 211 <+94%2077%20119%207211> > > -- > > This e-mail may contain privileged and confidential information. If you > are not the intended recipient, be aware that any use, disclosure, copying > or distribution of this e-mail or any attachments is prohibited. If you > have received this e-mail in error, please notify us immediately by > returning it to the sender and delete this copy from your system. Thank you. > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Create patch for IS
IS 5.3.0 uses version 5.2.1 of org.wso2.carbon.identity.sts.passive.ui component. Checkout v5.2.1 tag from [1], build the component after making your changes and apply the patch as instructed above. [1] - https://github.com/wso2-extensions/identity-inbound-auth-sts/tree/v5.2.1/components/org.wso2.carbon.identity.sts.passive.ui Regards, Omindu. On Tue, Apr 4, 2017 at 5:56 PM, Godwin Shrimal <god...@wso2.com> wrote: > Hi Illia, > > You can find all the feature related carbon components inside the > /repository/components/plugins directory, If you want to > patch existing component, you need to do what ever the changes, build it > and put into /repository/components/patches with patch > number (with format *patch*) and restart the server. > Ex. > -repository > -components > -patches > -*patch0999* > -org.wso2.carbon.identity.sts. > passive.ui-5.1.0.jar > > If patch is applying correctly you can see a log in > /repository/logs/patches.log > > Thanks > Godwin > > > On Tue, Apr 4, 2017 at 4:30 PM, Illia Alifanov <illia.alifa...@eleks.com> > wrote: > >> Dear, WSO2 team, >> >> >> >> And I need help to understand how to make and build plugins for Identity >> server (5.3.0). >> >> I tried to make patch for this org.wso2.carbon.identity.sts.passive.ui. >> >> >> >> It will be convenient to have guide for making plugins for WSO2 products. >> >> >> >> I’ll appreciate your help. >> >> >> >> Regards, >> >> Illia. >> >> >> >> -- >> >> This e-mail may contain privileged and confidential information. If you >> are not the intended recipient, be aware that any use, disclosure, copying >> or distribution of this e-mail or any attachments is prohibited. If you >> have received this e-mail in error, please notify us immediately by >> returning it to the sender and delete this copy from your system. Thank you. >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Godwin Amila Shrimal* > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IS: createApplication in IdentityApplicationManagementService doesn't return application ID
The steps you have mentioned is the correct way. Regards, Omindu. On Tue, Apr 4, 2017 at 12:04 PM, Illia Alifanov <illia.alifa...@eleks.com> wrote: > Thank you for your help. Request works now. > > > > I’d want return to the first question about creating service provider (SP) > via admin services. > > Is it a good approach or we haven’t another: > > 1. Create service provider with Name and Description. > > 2. Get SP by Name and receive its ID. > > 3. Update SP (setup all settings). > > > > > > > > *From:* Omindu Rathnaweera [mailto:omi...@wso2.com] > *Sent:* Monday, April 3, 2017 9:14 PM > > *To:* Illia Alifanov <illia.alifa...@eleks.com> > *Cc:* dev@wso2.org > *Subject:* Re: [Dev] IS: createApplication in > IdentityApplicationManagementService doesn't return application ID > > > > Can you try commenting out the following section from the 1 example > request ? > > > > requestPathAuthenticatorConfigs> > > > > On Mon, Apr 3, 2017 at 4:12 PM, Illia Alifanov <illia.alifa...@eleks.com> > wrote: > > I can update app through UI. > > > > This is request for example. > > > > http://schemas.xmlsoap.org/soap/envelope/; > xmlns:xsd="http://org.apache.axis2/xsd; xmlns:xsd1="http://model. > common.application.identity.carbon.wso2.org/xsd"> > > > > > > > > > > > > > > 108 > > GServiceProvider > > > >false< > /xsd1:localClaimDialect> > > >false > > > >true requested> > > > > > 0 > > > http://wso2.org/claims/userid > > > > > > > > > 0 > > > http://schemas.microsoft.com/ws/2008/06/ > identity/claims/userdata > > > > > > > > > > true > > > > > 0 > > > http://wso2.org/claims/role > > > > > > > > > 0 > > > http://schemas.microsoft.com/ws/2008/06/ > identity/claims/role > > > > > > > > >http://schemas.microsoft.com/ws/2008/ > 06/identity/claims/role > > > > > > description > > true > > > > > > > > inboundAuthenticationRequestConfigs> > > > > > > GServiceProvider > > > samlsso > > > standardAPP > > inboundAuthenticationRequestConfigs> > > > > > > > > > > > > > >false provisioningEnabled> > >PRIMARY provisioningUserStore> > > > > > > Config> > > alwaysSendBackAuthenticatedListOfIdPs>false alwaysSendBackAuthenticatedListOfIdPs> > > > default > > Config> > > > > > > > >carbon.super > >admin > >PRIMARY > > > > > > > > > > > > > > > > > > > > > > > > > > > > But I have the same result for any update app request. > > I tried to send just this simple one and have the same error > > > > > > http://schemas.xmlsoap.org/soap/envelope/; > xmlns:xsd="http://org.apache.axis2/xsd; xmlns:xsd1="http://model. > common.application.identity.carbon.wso2.org/xsd"> > > > > > > > > > > > > > > 108 > > GServiceProvider > > > > description > > true > > > > > > > > > > >
Re: [Dev] IS: createApplication in IdentityApplicationManagementService doesn't return application ID
Can you try commenting out the following section from the 1 example request ? On Mon, Apr 3, 2017 at 4:12 PM, Illia Alifanov <illia.alifa...@eleks.com> wrote: > I can update app through UI. > > > > This is request for example. > > > > http://schemas.xmlsoap.org/soap/envelope/; > xmlns:xsd="http://org.apache.axis2/xsd; xmlns:xsd1="http://model. > common.application.identity.carbon.wso2.org/xsd"> > > > > > > > > > > > > > > 108 > > GServiceProvider > > > >false< > /xsd1:localClaimDialect> > > >false > > > >true requested> > > > > > 0 > > > http://wso2.org/claims/userid > > > > > > > > > 0 > > > http://schemas.microsoft.com/ws/2008/06/ > identity/claims/userdata > > > > > > > > > > true > > > > > 0 > > > http://wso2.org/claims/role > > > > > > > > > 0 > > > http://schemas.microsoft.com/ws/2008/06/ > identity/claims/role > > > > > > > > >http://schemas.microsoft.com/ws/2008/ > 06/identity/claims/role > > > > > > description > > true > > > > > > > > inboundAuthenticationRequestConfigs> > > > > > > GServiceProvider > > > samlsso > > > standardAPP > > inboundAuthenticationRequestConfigs> > > > > > > > > > > > > > >false provisioningEnabled> > >PRIMARY provisioningUserStore> > > > > > > Config> > > alwaysSendBackAuthenticatedListOfIdPs>false alwaysSendBackAuthenticatedListOfIdPs> > > > default > > Config> > > > > > > > >carbon.super > >admin > >PRIMARY > > > > > > > > > > > > > > > > > > > > > > > > > > > > But I have the same result for any update app request. > > I tried to send just this simple one and have the same error > > > > > > http://schemas.xmlsoap.org/soap/envelope/; > xmlns:xsd="http://org.apache.axis2/xsd; xmlns:xsd1="http://model. > common.application.identity.carbon.wso2.org/xsd"> > > > > > > > > > > > > > > 108 > > GServiceProvider > > > > description > > true > > > > > > > > > > > > > > > > *From:* Omindu Rathnaweera [mailto:omi...@wso2.com] > *Sent:* Monday, April 3, 2017 1:35 PM > > *To:* Illia Alifanov <illia.alifa...@eleks.com> > *Cc:* dev@wso2.org > *Subject:* Re: [Dev] IS: createApplication in > IdentityApplicationManagementService doesn't return application ID > > > > Can you share the update request you are using ? Also, if possible, can > you please try to update the created service provider through the > management console UI. If the app can be updated through the UI, it usually > means that there's an error in the update request. > > > > Regards, > > Omindu. > > > > On Mon, Apr 3, 2017 at 3:41 PM, Illia Alifanov <illia.alifa...@eleks.com> > wrote: > > I try to use admin services to create service providers, users and roles. > > I haven’t problems with creating users and roles but I have one with > creating service provider. > > >
Re: [Dev] IS: createApplication in IdentityApplicationManagementService doesn't return application ID
.
> application.mgt.dao.impl.ApplicationDAOImpl} - Updating inbound
> authentication request configuration of the application 108inbound auth
> key: GServiceProvider inbound auth type: samlsso
>
> TID: [-1234] [] [2017-04-03 13:10:07,957] DEBUG {org.wso2.carbon.identity.
> application.mgt.dao.impl.ApplicationDAOImpl} - Deleting Steps of
> Application 108
>
> TID: [-1234] [] [2017-04-03 13:10:07,957] DEBUG {org.wso2.carbon.identity.
> application.mgt.dao.impl.ApplicationDAOImpl} - Deleting request path
> authenticators 108
>
> TID: [-1] [] [2017-04-03 13:10:36,544] WARN
> {java.util.prefs.FileSystemPreferences}
> - Could not lock System prefs. Unix error code 0.
>
> TID: [-1] [] [2017-04-03 13:10:36,544] WARN
> {java.util.prefs.FileSystemPreferences}
> - Couldn't flush system prefs: java.util.prefs.BackingStoreException:
> Couldn't get file lock.
>
>
>
>
>
> *From:* Omindu Rathnaweera [mailto:omi...@wso2.com]
> *Sent:* Monday, April 3, 2017 12:57 PM
> *To:* Illia Alifanov <illia.alifa...@eleks.com>
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] IS: createApplication in
> IdentityApplicationManagementService doesn't return application ID
>
>
>
> Hi Illia,
>
>
>
> Seems that the return type was changed to void while fixing an issue ([1],
> [2]) and the doc comment was not updated accordingly. Can we know your
> exact requirement so we can provide an alternative to this?
>
>
>
> [1] - https://github.com/wso2/carbon-identity/pull/976
>
> [2] - https://wso2.org/jira/browse/IDENTITY-2558
>
>
>
> Regards,
>
> Omindu.
>
>
>
>
>
> On Mon, Apr 3, 2017 at 3:15 PM, Illia Alifanov <illia.alifa...@eleks.com>
> wrote:
>
> Dear, WSO2 dev team,
>
>
>
> You have a bit confused situation in carbon-identity source code with
> creatApplication method.
>
>
>
> https://github.com/wso2/carbon-identity/blob/master/
> components/application-mgt/org.wso2.carbon.identity.
> application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/
> ApplicationManagementAdminService.java
>
>
>
> We can see in comments @return application id
>
> But *void* in the method signature.
>
>
>
> /**
>
> * Creates a service provider with basic information.First we need to
> create
>
> * a role with the
>
> * application name. Only the users in this role will be able to
> edit/update
>
> * the application.The
>
> * user will assigned to the created role.Internal roles used.
>
> *
>
> * @param serviceProvider Service provider
>
> ** *@return application id
>
> * @throws org.wso2.carbon.identity.application.common.
> IdentityApplicationManagementException
>
> */
>
> public *void* createApplication(ServiceProvider serviceProvider)
>
> throws IdentityApplicationManagementException {
>
> applicationMgtService = ApplicationManagementService.g
> etInstance();
>
> applicationMgtService.createApplication(serviceProvider,
> getTenantDomain(), getUsername());
>
> }
>
>
>
>
>
>
>
> Regards,
>
> Illia.
>
>
>
>
> --
>
>
> This e-mail may contain privileged and confidential information. If you
> are not the intended recipient, be aware that any use, disclosure, copying
> or distribution of this e-mail or any attachments is prohibited. If you
> have received this e-mail in error, please notify us immediately by
> returning it to the sender and delete this copy from your system. Thank you.
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
>
> --
>
> Omindu Rathnaweera
>
> Senior Software Engineer, WSO2 Inc.
>
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>
> --
>
> This e-mail may contain privileged and confidential information. If you
> are not the intended recipient, be aware that any use, disclosure, copying
> or distribution of this e-mail or any attachments is prohibited. If you
> have received this e-mail in error, please notify us immediately by
> returning it to the sender and delete this copy from your system. Thank you.
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IS: createApplication in IdentityApplicationManagementService doesn't return application ID
Hi Illia,
Seems that the return type was changed to void while fixing an issue ([1],
[2]) and the doc comment was not updated accordingly. Can we know your
exact requirement so we can provide an alternative to this?
[1] - https://github.com/wso2/carbon-identity/pull/976
[2] - https://wso2.org/jira/browse/IDENTITY-2558
Regards,
Omindu.
On Mon, Apr 3, 2017 at 3:15 PM, Illia Alifanov <illia.alifa...@eleks.com>
wrote:
> Dear, WSO2 dev team,
>
>
>
> You have a bit confused situation in carbon-identity source code with
> creatApplication method.
>
>
>
> https://github.com/wso2/carbon-identity/blob/master/
> components/application-mgt/org.wso2.carbon.identity.
> application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/
> ApplicationManagementAdminService.java
>
>
>
> We can see in comments @return application id
>
> But *void* in the method signature.
>
>
>
> /**
>
> * Creates a service provider with basic information.First we need to
> create
>
> * a role with the
>
> * application name. Only the users in this role will be able to
> edit/update
>
> * the application.The
>
> * user will assigned to the created role.Internal roles used.
>
> *
>
> * @param serviceProvider Service provider
>
> ** *@return application id
>
> * @throws org.wso2.carbon.identity.application.common.
> IdentityApplicationManagementException
>
> */
>
> public *void* createApplication(ServiceProvider serviceProvider)
>
> throws IdentityApplicationManagementException {
>
> applicationMgtService = ApplicationManagementService.g
> etInstance();
>
> applicationMgtService.createApplication(serviceProvider,
> getTenantDomain(), getUsername());
>
> }
>
>
>
>
>
>
>
> Regards,
>
> Illia.
>
>
>
> --
>
> This e-mail may contain privileged and confidential information. If you
> are not the intended recipient, be aware that any use, disclosure, copying
> or distribution of this e-mail or any attachments is prohibited. If you
> have received this e-mail in error, please notify us immediately by
> returning it to the sender and delete this copy from your system. Thank you.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite
Will have a look Vindula. Thanks for putting an effort on running the 1.1 test. The intention behind it was to get a general idea on what to include in the 2.0 test suite and the areas to be improved. What you have obtained should be enough to understand the nature of the tests and basics information to be captured. I agree on the fact that the configuration options should be more flexible. Let's capture this in the project proposal if you haven't already. Regards, Omindu. On Sun, Apr 2, 2017 at 1:26 PM, Vindula Jayawardana < vindula...@cse.mrt.ac.lk> wrote: > Hi, > > I shared my draft proposal in GSoC dashboard and I kindly request your > feedback in improving the proposal. > > Thank you, > > *Vindula Jayawardana* > Computer Science and Engineering Dept. > University of Moratuwa > mobile : +713462554 > Email : vindul...@gmail.com > > <https://www.facebook.com/vindula.jayawardana> > <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> > <https://plus.google.com/u/0/+VindulaJayawardana/posts> > <https://twitter.com/vindulajay> > > *“Respect is how to treat everyone, not just those you want to impress. "* > > > *-Richard Branson-* > > > > On 30 March 2017 at 23:13, Vindula Jayawardana <vindula...@cse.mrt.ac.lk> > wrote: > >> Hi, >> >> As mentioned above, I looked at the SCIM 1.1 compliance test suite [1]. >> Due to the reason that the SCIM 1.1 test suite requires an internet facing >> SCIM 1.1 server to run the tests against, I setup-ed an Identity Server >> instance in AWS [2]. However when the test are run, it fails due to >> /ServiceProviderConfigs and /Schemas endpoints. As WSO2 SCIM 1.1 support >> [3] is not covering the mentioned two endpoints, tests are failing when >> run. >> >> However in order to get an idea on how the result representation had been >> done in SCIM 1.1 compliance test suit, I mocked the /ServiceProviderConfigs >> endpoint [4] and was able to get the following output. >> >> >> >> >> Due to the complexity of mocking the /Schemas endpoint and also as the >> test on one endpoint ( /ServiceProviderConfigs) could give the nature of >> the result representation as seen above, I did not try to mock /Schemas >> endpoint and run the test suit again. However I tried by mocking the >> endpoint with 501 NOT IMPLEMENTED [5] as the output, but that was not >> accepted by the test suit as a valid return object. >> >> However, in my opinion, the SCIM test suit should be flexible in nature >> to skip any test which was given the input from the SCIM server as 501 NOT >> IMPLEMENTED [5]. I encourage such kind of implementation to be adopted in >> the proposed SCIM 2.0 compliance test suit as in that way the test suit >> acknowledges the SP's inability to provide those endpoints while making >> sure such kind of inability does not compromise the ability to run the test >> suit on other endpoints. >> >> [1] - http://www.simplecloud.info/#complianceTest >> [2] - https://aws.amazon.com/ >> [3] - https://github.com/wso2/charon/tree/release-2.0.7 >> [4] - https://github.com/Vindulamj/mocked-identity-inbound- >> provisioning-scim/tree/master/identity-inbound-provisioning-scim-master >> [5] - http://www.simplecloud.info/specs/draft-scim-api-01.html#anchor6 >> >> *Vindula Jayawardana* >> Computer Science and Engineering Dept. >> University of Moratuwa >> mobile : +713462554 >> Email : vindul...@gmail.com >> >> <https://www.facebook.com/vindula.jayawardana> >> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >> <https://twitter.com/vindulajay> >> >> *“Respect is how to treat everyone, not just those you want to impress. "* >> >> >> *-Richard Branson-* >> >> >> >> On 10 March 2017 at 16:42, Vindula Jayawardana <vindula...@cse.mrt.ac.lk> >> wrote: >> >>> Hi, >>> >>> Thank you very much for the prompt replies. I will look into the points >>> you have mentioned and will keep you updated here. >>> >>> Thank you. >>> >>> *Vindula Jayawardana* >>> Computer Science and Engineering Dept. >>> University of Moratuwa >>> mobile : +713462554 >>> Email : vindul...@gmail.com >>> >>> <https://www.facebook.com/vindula.jayawardana> >>> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >>> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >>> <
Re: [Dev] API Calls fail while UserStoreConfigurationDeployer is running
@KasunG The deployers can run during tenant loading, correct? Say the tenant got unloaded after the idle time, the next request to that tenant's resource will re deploy the tenant's user stores, services etc. In that case, will changing deployment update interval be effective ? Regards, Omindu On Tue, Mar 28, 2017 at 4:06 PM, KasunG Gajasinghe <kas...@wso2.com> wrote: > > You can reduce the deployment update interval via carbon.xml. By default, > it is 15mins. Search for DeploymentUpdateInterval. You can increase this. > > That being said, the deployers won't be called unless you modify > userstore. > > On Mon, Mar 27, 2017 at 2:32 PM, <re...@gmx-topmail.de> wrote: > >> Hi, >> i have a problem with my WSO2-am. The UserStoreConfigurationDeployer is >> running up to 20 times per day. During that time alle request to the api >> return a 500 http error. The backend is not called. >> I created a question on stackoverflow ( http://stackoverflow.com/que >> stions/42859483/the-service-cannot-be-found-for-the- >> endpoint-reference-while-user-store-configur ) but no answers so far. >> Can someone have a look at this or at least can confirm that it will not >> happen under 2.1? >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813 > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Swagger data type to represent passwords
Hi Devs, Is there a data type in swagger (and supported by msf4j) which we can use to represent sensitive data such as password ? Using strings are not an option because when a microservice is generated from the generator, the password will be represented as a string in the service side which in return will be a security issue. I have tried to represent the password as a byte array as below and generated the msf4j service. The generated code represents the password as List<byte[]> but got an error: 'Error in executing request: POST'. password: type: array items: type: string format: byte As per the discussion in [1] it was suggested to use '@Context Request' as the API parameter and process the request as a byte buffer. In that case, is it possible to represent the 'Request' as a parameter in the swagger definition ? Appreciate your thoughts on this. [1] - [Dev] Use char array as micro service parameter Thanks, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSoC 2017 - Proposal 20: [IS] OAuth 2.0 Dynamic Client Registration Management Protocol Support
flow, I faced an issue and >>>>>> raised it in the Dev mail [3] and have got the answer now. >>>>>> >>>>>> >>>>>> My GitHub profile can be found at [4]. >>>>>> >>>>>> >>>>>> Therefore I believe I can learn the required concepts/technologies >>>>>> and implement this project for GSoC 2017. >>>>>> >>>>>> >>>>>> I appreciate if you can guide me on proceeding further with the >>>>>> project. >>>>>> >>>>>> >>>>>> [1] https://wso2.org/jira/browse/IDENTITY-5241 >>>>>> >>>>>> [2] http://dinukshaish.blogspot.com/2017/02/getting-started-with >>>>>> -oauth-20-using.html >>>>>> >>>>>> [3] [Dev] Mandatory Claims in OAuth 2.0 with Identity Server 5.3.0 >>>>>> >>>>>> [4] https://github.com/dinuish94 >>>>>> >>>>>> >>>>>> Best Regards, >>>>>> >>>>>> Dinuksha >>>>>> >>>>>> ___ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Associate Technical Lead >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 <+94%2071%20799%206791> >>>>> >>>>> >>>>> >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 <+94%2071%20799%206791> >>> >>> >>> >> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Source code of some modules
Hi Hanen, The oauth component can be found at [1] and the authentication endpoint can be found at [2]. [1] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/tree/v5.3.4/components/org.wso2.carbon.identity.oauth [2] - https://github.com/wso2/carbon-identity-framework/tree/v5.7.5/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint Regards, Omindu. On Thu, Mar 16, 2017 at 9:22 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote: > Hi guys, > > Could you please tell me where can I find the latest source code of > org.wso2.carbon.identity.oauth (version 5.3.4) > > and the source code of the web application authenticationendpoint (shipped > with WSO2 IS 5.3.0) > > > Regards, > Hanen > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] GSoC 2017 - WS-Trust Implementation for IS 6.0.0 using Apache CXF Library
+ [Johann, KasunG, DanushkaF] On Mon, Mar 13, 2017 at 1:22 PM, Isuranga Perera <isurangamper...@gmail.com> wrote: > Hi All, > > Can you explain the scope of this project? > > Regards > > > [image: photo] > Isuranga Perera > at University of Colombo School of Computing > P +382244492 <+382244492> M +94712986952 <+94712986952> E > isurangamper...@gmail.com > <isurangamper...@gmail.com> W https://isurangaperera.wordpress.com/ > <https://isurangaperera.wordpress.com/> > > <http://www.facebook.com/don.isuranga.perera> > <http://www.linkedin.com/in/isuranga-perera-aa16a810b> > <http://github.com/IsurangaPerera> > <http://stackoverflow.com/users/6909517/isuranga-perera> > Get a signature like this: Click here! > <http://ws-promos.appspot.com/r?rdata=eyJydXJsIjogImh0dHA6Ly93d3cud2lzZXN0YW1wLmNvbS9lbWFpbC1pbnN0YWxsP3dzX25jaWQ9NjcyMjk0MDA4JnV0bV9zb3VyY2U9ZXh0ZW5zaW9uJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXByb21vXzU3MzI1Njg1NDg3Njk3OTIiLCAiZSI6ICI1NzMyNTY4NTQ4NzY5NzkyIn0==793217394439406> > > On Sat, Mar 11, 2017 at 3:58 PM, Isuranga Perera < > isurangamper...@gmail.com> wrote: > >> Hi All >> >> I am Isuranga Perera a Computer Science undergraduate at University of >> Colombo School of Computing. I am looking forward to participating GSoC >> 2017. >> >> I am really interested in the project "WS-Trust Implementation for IS >> 6.0.0 using Apache CXF Library". I have already gone through the IS >> documentation and I'm familiar with Apache CXF and WS-Trust. >> >> Thank You >> >> [image: photo] >> Isuranga Perera >> at University of Colombo School of Computing >> P +382244492 <+382244492> M +94712986952 <+94712986952> E >> isurangamper...@gmail.com >> <isurangamper...@gmail.com> W https://isurangaperera.wordpress.com/ >> <https://isurangaperera.wordpress.com/> >> >> <http://www.facebook.com/don.isuranga.perera> >> <http://www.linkedin.com/in/isuranga-perera-aa16a810b> >> <http://github.com/IsurangaPerera> >> <http://stackoverflow.com/users/6909517/isuranga-perera> >> Get a signature like this: Click here! >> <http://ws-promos.appspot.com/r?rdata=eyJydXJsIjogImh0dHA6Ly93d3cud2lzZXN0YW1wLmNvbS9lbWFpbC1pbnN0YWxsP3dzX25jaWQ9NjcyMjk0MDA4JnV0bV9zb3VyY2U9ZXh0ZW5zaW9uJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPXByb21vXzU3MzI1Njg1NDg3Njk3OTIiLCAiZSI6ICI1NzMyNTY4NTQ4NzY5NzkyIn0==168386915454508> >> > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Checkstyle rule "checkFirstSentence" check only happens on windows build
Changing this will break the builds on parent v5 right? Don't we need to have versioning for code-quality-tools ? On Sat, Mar 11, 2017 at 10:00 PM, KasunG Gajasinghe <kas...@wso2.com> wrote: > > Nice. Let's send a PR to https://github.com/wso2/code-quality-tools > > On Sat, Mar 11, 2017 at 2:45 PM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> Hi guys, >> >> Finally found some time to have a look at this. We can use the below >> module [1] to enforce the check on the first sentence. I tested this on OSX >> and it's working. >> >> >> >> [1] - http://checkstyle.sourceforge.net/config_javadoc.html# >> SummaryJavadoc >> >> Regards, >> Omindu. >> >> On Mon, Mar 6, 2017 at 3:29 PM, KasunG Gajasinghe <kas...@wso2.com> >> wrote: >> >>> >>> >>> On Mon, Mar 6, 2017 at 3:22 PM, Omindu Rathnaweera <omi...@wso2.com> >>> wrote: >>> >>>> Hi Devs, >>>> >>>> Noticed that the builds (with wso2 parent v5) done on windows fails >>>> with the error "First sentence should end with a period.". Seems like >>>> this check can be configured with *checkFirstSentence* rule [1]. Is it >>>> possible to enforce this rule for all environments ? >>>> >>> >>> +1 Omindu. This has been an issue for a long time. Can you add this rule >>> to [2] and see whether we can enforce this rule in Linux/Unix environments >>> as well? >>> >>> [2] https://raw.githubusercontent.com/wso2/code-quality-tool >>> s/master/checkstyle/checkstyle.xml >>> >>> >>>> >>>> [1] - http://checkstyle.sourceforge.net/config_javadoc.html#Java >>>> docStyle >>>> >>>> Regards, >>>> Omindu. >>>> >>>> -- >>>> Omindu Rathnaweera >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94 771 197 211 <077%20119%207211> >>>> >>> >>> >>> >>> -- >>> >>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>> email: kasung AT spamfree wso2.com >>> linked-in: http://lk.linkedin.com/in/gajasinghe >>> blog: http://kasunbg.org >>> phone: +1 650-745-4499 <+1%20650-745-4499>, 77 678 0813 >>> >>> >> >> >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 <077%20119%207211> >> > > > > -- > > *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813 > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Checkstyle rule "checkFirstSentence" check only happens on windows build
Hi guys, Finally found some time to have a look at this. We can use the below module [1] to enforce the check on the first sentence. I tested this on OSX and it's working. [1] - http://checkstyle.sourceforge.net/config_javadoc.html#SummaryJavadoc Regards, Omindu. On Mon, Mar 6, 2017 at 3:29 PM, KasunG Gajasinghe <kas...@wso2.com> wrote: > > > On Mon, Mar 6, 2017 at 3:22 PM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> Hi Devs, >> >> Noticed that the builds (with wso2 parent v5) done on windows fails with >> the error "First sentence should end with a period.". Seems like this >> check can be configured with *checkFirstSentence* rule [1]. Is it >> possible to enforce this rule for all environments ? >> > > +1 Omindu. This has been an issue for a long time. Can you add this rule > to [2] and see whether we can enforce this rule in Linux/Unix environments > as well? > > [2] https://raw.githubusercontent.com/wso2/code-quality- > tools/master/checkstyle/checkstyle.xml > > >> >> [1] - http://checkstyle.sourceforge.net/config_javadoc.html#JavadocStyle >> >> Regards, >> Omindu. >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 <077%20119%207211> >> > > > > -- > > *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > phone: +1 650-745-4499 <+1%20650-745-4499>, 77 678 0813 > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [GSoC 2017][IS] SCIM 2.0 Compliance Test Suite
Hi Vindula, If we can run the existing 1.1 test on IS and see the generated output, that will be a good point to start. However we'll need to host an IS instance publicly to run the tests on it. Regards, Omindu. On Thu, Mar 9, 2017 at 8:52 PM, Gayan Gunawardana <ga...@wso2.com> wrote: > Hi Vindula, > > Thanks for your interest in this project. > Since you have good knowledge about SCIM 2.0 specifications, could you > please look at SCIM 1.1 compliance test and source code [1]. SCIM 2.0 > compliance test doesn't need to be same as SCIM 1.1 just get an idea from > SCIM 1.1 compliance test. Further you can extract test scenarios from [2] > as well. > > [1]https://github.com/erdtman/simplecloud.info > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Ferdtman%2Fsimplecloud.info=D=1=AFQjCNGycfiBxzWbdCVjpGlABAw9OXxGaQ> > [2]https://github.com/wso2-extensions/identity-inbound- > provisioning-scim2/tree/master/tests > > Thanks, > Gayan > > On Thu, Mar 9, 2017 at 7:51 PM, Vindula Jayawardana < > vindula...@cse.mrt.ac.lk> wrote: > >> Hi, >> >> I am Vindula Jayawardana, a final year undergraduate of Computer Science >> and Engineering Department of University of Moratuwa. I am interested in >> applying for the "Proposal 21: [IS] SCIM 2.0 compliance test suite" >> which you have offered for the GSoC project idea pool. >> >> I have a good understanding on SCIM core and protocol specifications for >> both SCIM 1.1 and SCIM 2.0. Based on my knowledge I have written few blog >> posts specifically catering on SCIM [1] and the use cases of SCIM [2]. Also >> I have tried SCIM 1.1 and 2.0 APIs of wso2 IS. I went though the references >> provided and would like to know more on the scope of the coverage report >> and detailed analysis view need to be generated as a deliverable. Could you >> kindly guide me on the said matter. >> >> [1] - https://medium.com/@vindulajayawardana/scim-make-it-fast- >> cheap-and-easy-b2bd56492c15#.ec1kncbde >> [2] - https://medium.com/@vindulajayawardana/5-things-that-will- >> not-be-a-nightmare-anymore-if-you-support-scim-9353d73836a7#.ihcm9aqub >> >> Thank you, >> >> *Vindula Jayawardana* >> Computer Science and Engineering Dept. >> University of Moratuwa >> mobile : +713462554 >> Email : vindul...@gmail.com >> >> <https://www.facebook.com/vindula.jayawardana> >> <http://lk.linkedin.com/pub/vindula-jayawardana/a7/315/53b> >> <https://plus.google.com/u/0/+VindulaJayawardana/posts> >> <https://twitter.com/vindulajay> >> >> *“Respect is how to treat everyone, not just those you want to impress. "* >> >> >> *-Richard Branson-* >> >> >> > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: ga...@wso2.com > Mobile: +94 (71) 8020933 > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Checkstyle rule "checkFirstSentence" check only happens on windows build
Hi Devs, Noticed that the builds (with wso2 parent v5) done on windows fails with the error "First sentence should end with a period.". Seems like this check can be configured with *checkFirstSentence* rule [1]. Is it possible to enforce this rule for all environments ? [1] - http://checkstyle.sourceforge.net/config_javadoc.html#JavadocStyle Regards, Omindu. -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS 6.0.0] Making native claim dialect configurable
One of the advantages would be that we can avoid the overhead of claim transformation. Regards, Omindu. On Thu, Feb 23, 2017 at 1:53 PM, Omindu Rathnaweera <omi...@wso2.com> wrote: > Do we need to make the native claim dialect configurable ? AFAIK it is not > configurable and we are using a hardcoded constant for the dialect URI ( > http://wso2.org/claims). > > > Regards, > Omindu > > -- > Omindu Rathnaweera > Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IS 6.0.0] Making native claim dialect configurable
Do we need to make the native claim dialect configurable ? AFAIK it is not configurable and we are using a hardcoded constant for the dialect URI ( http://wso2.org/claims). Regards, Omindu -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSoC 2017 - Proposal 20: [IS] OAuth 2.0 Dynamic Client Registration Management Protocol Support
Adding project mentors. On Mon, Feb 20, 2017 at 4:45 PM, Dinuksha Ishwari < dinuksha.ishw...@gmail.com> wrote: > Hi All, > > > I am Dinuksha Kanda Samanage, a 3rd year undergraduate from Sri Lanka > Institute of Information Technology, following the Software Engineering > specialization. > > > This is to convey my interest in implementing the OAuth 2.0 Dynamic > Client Registration Management Protocol Support for Identity Server > (Proposal 20) in GSoC 2017. > > > I am well versed in Java and also familiar with Maven and Git. I have been > involved in implementing an OAuth 2.0 and OpenID Connect related project > for almost 7 months during my internship. > > > I have already started to get familiar with WSO2 codebase and fixed the > JIRA [1] where the pull request is already merged to the WSO2 codebase. I > will continue fixing more open JIRA tickets on Identity Server. (If you can > suggest some, that would be great too) > > > In order to get ready for this project, I already setup OAuth 2.0 > Playground2 sample with Identity Server 5.3.0 and wrote the blog post [2] > for sharing my experience. When running this flow, I faced an issue and > raised it in the Dev mail [3] and have got the answer now. > > > My GitHub profile can be found at [4]. > > > Therefore I believe I can learn the required concepts/technologies and > implement this project for GSoC 2017. > > > I appreciate if you can guide me on proceeding further with the project. > > > [1] https://wso2.org/jira/browse/IDENTITY-5241 > > [2] http://dinukshaish.blogspot.com/2017/02/getting-started- > with-oauth-20-using.html > > [3] [Dev] Mandatory Claims in OAuth 2.0 with Identity Server 5.3.0 > > [4] https://github.com/dinuish94 > > > Best Regards, > > Dinuksha > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [WSO2 IS] Form based SSO SAML2 authentication
Hi Hanen, You can use request path authentication for your requirement. After configuring the SAML SSO inbound authentication, you'll have to configure basic auth request path authenticator as mentioned in [1] (You'll only have to configure 'Request Path Authentication Configuration' as mentioned in point 6). Once the configurations are done, the user credentials can be sent as a request parameter along with the SAML request. The request parameter should be in the format of sectoken=Base64encoded(username:password) ex: sectoken=YWRtaW46YWRtaW4= [1] - https://docs.wso2.com/display/IS530/Try+Request+Path+Authentication Regards, Omindu. On Tue, Feb 7, 2017 at 4:24 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote: > Hi guys, > > Is it possible to authenticate users through a different approach from the > form-based one, means can we escape the login page offered by WSO2 IS and > pass the login/password from another web application directly to the IdP? > > > Regards, > Hanen > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Automation Testing Plan for SCIM Provider
+1 for moving to 5.2.0 based OSGi testing. As per Chanka, it won't require a lot of effort to migrate the existing OSGi tests to 5.2.0. Also in the developer perspective, it will be much easier to write the tests since we don't have to include each required dependency as PAX configuration options. Regards, Omindu. On Thu, Feb 2, 2017 at 4:44 PM, KasunG Gajasinghe <kas...@wso2.com> wrote: > Hi Gayan, > > In Kernel 5.2.0, starting the servers by providing the distribution pack > is coming. But this support is not sufficient in 5.1.0 that we are using. > Until, then we can write our typical way of starting the servers via > pax-exam for testing. > > Please note that even though we are exposing MSF4J, MSF4J services in IS > are registered and discovered via OSGi. This is in contrast to pure java > mode based tests in MSF4J. So, writing tests for a server started via > Pax-exam is not an issue IMO. > > > On Thu, Jan 26, 2017 at 11:01 PM, Gayan Gunawardana <ga...@wso2.com> > wrote: > >> Hi All, >> >> We are in the process of writing test cases for repository [1]. This is >> bit different than other repositories where we have OSGI tests. For SCIM we >> have to test micro services exposed by SCIM provider component[2]. We are >> planning to go with same approach as in ms4j test cases [3]. >> >> According to off-line discussion had with DharshanaW, service runtime can >> be generated by running[4] as a server which includes carbon-kernel+SCIM >> feature+dependent features for SCIM feature. >> >> Appreciate your feedback and suggestions if you have any concerns >> regarding above approach. >> >> [1] https://github.com/wso2-extensions/identity-inbound-provisio >> ning-scim2 >> [2] https://github.com/wso2-extensions/identity-inbound-provisio >> ning-scim2/tree/master/components/org.wso2.carbon.identity. >> inbound.provisioning.scim2.provider >> [3] https://github.com/wso2/msf4j/tree/master/core/src/test >> [4] https://github.com/wso2-extensions/identity-inbound-provisio >> ning-scim2/tree/master/tests/distribution >> >> Thanks, >> Gayan >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: ga...@wso2.com >> Mobile: +94 (71) 8020933 >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813 > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 <+94%2077%20119%207211> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] access identity server sso page through haproxy / nginx load balancer
Hi Akila, [1] might help. Make sure you have configured the carbon.xml and catalina-server.xml as mentioned in the blog. [1] - http://isurad.blogspot.com/2016/02/wso2-identity-server-510-behind_18.html Regards, Omindu. On Mon, Jan 23, 2017 at 5:53 PM, Akila Nimantha [IT/EKO/LOITS] < aki...@lolctech.com> wrote: > Hi all, > > > > I am trying to access wso2 identity servers single sign on functionality > through haproxy / nginx load balancer. > > When I try to login to the application through the load balancer, identity > server still gives me its direct sso url(with identity servers real ip and > port) other than through the load balancer. > > Seems this URL redirection triggered from the identity server. > > Both application and the identity server fronted through the load balancer > using different ports. > > Application configured to call IDS sso through the load balancer and also > identity servers “Assertion Consumer URL” as load balancer fronted > application URL. > > > > Is there any specific change/ configuration to redirect SSO page through > specific IP(load balancer) ?? > > Or > > Am I asking a stupid question?? J J > > > > Regards, > > Akila Rathnayake > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Exception when creating a tenant with TenantMgtAdminService
sFilter.doFilter(
> WsFilter.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.
> doFilter(CharacterSetFilter.java:61)
> at org.apache.catalina.core.ApplicationFilterChain.
> internalDoFilter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:220)
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:122)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:504)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:170)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:103)
> at org.wso2.carbon.statistics.webapp.RequestIntercepterValve.
> invoke(RequestIntercepterValve.java:47)
> at org.wso2.carbon.bam.webapp.stat.publisher.
> WebAppStatisticPublisherValve.invoke(WebAppStatisticPublisherValve.
> java:104)
> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.
> continueInvocation(CompositeValve.java:99)
> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.
> invoke(CarbonTomcatValve.java:47)
> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(
> TenantLazyLoaderValve.java:57)
> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.
> invokeValves(TomcatValveContainer.java:47)
> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(
> CompositeValve.java:62)
> at org.wso2.carbon.tomcat.ext.valves.
> CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValv
> e.java:159)
> at org.apache.catalina.valves.AccessLogValve.invoke(
> AccessLogValve.java:950)
> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.
> invoke(CarbonContextCreatorValve.java:57)
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:421)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1074)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:611)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> doRun(NioEndpoint.java:1739)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> run(NioEndpoint.java:1698)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:615)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.wso2.carbon.user.core.UserStoreException: Error occurred
> while adding user property for user : m...@sina.com & property name : sn &
> value : null
> at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.
> addProperty(JDBCUserStoreManager.java:2273)
> at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.
> doSetUserClaimValues(JDBCUserStoreManager.java:1972)
> ... 55 more
> Caused by: org.wso2.carbon.user.core.UserStoreException: Invalid data
> provided
> at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.
> updateStringValuesToDatabase(JDBCUserStoreManager.java:2194)
> at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.
> addProperty(JDBCUserStoreManager.java:2261)
> ... 56 more
> TID: [-1234] [] [2016-09-22 19:44:09,545] WARN
> {org.das.server.users.TenantServiceImpl}
> - addTenant failed with Error: TenantMgtAdminServiceExceptionException,
> Cause: null {org.das.server.users.TenantServiceImpl}
>
> Please help to advice
> Thanks, Wenxing
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Omindu Rathnaweera
Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Reverting a patch when the original jar is not in patch0000 directory
Hi Nira, Created the JIRA [1] as requested. [1] - https://wso2.org/jira/browse/CARBON-16047 Regards, Omindu. On Thu, Sep 8, 2016 at 12:01 PM, Niranjan Karunanandham <niran...@wso2.com> wrote: > Hi Omindu, > > As per the offline discussion we had yesterday, it looks like after the > initial backup of the jars into patch, it does not backup the new jars > which are installed via features. In-order to revert the jar, you would > need to download the jar (from the feature) and copy it to the plugins > directory. Please create a JIRA for this in Kernal. > > Regards, > Nira > > On Thu, Sep 8, 2016 at 11:16 AM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> Yeah. SP1 was there. >> >> On Thu, Sep 8, 2016 at 8:19 AM, Harsha Thirimanna <hars...@wso2.com> >> wrote: >> >>> Did you apply any patches before you install the feature ? As you said, >>> it may be a bug. >>> >>> On Sep 8, 2016 12:23 AM, "Omindu Rathnaweera" <omi...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> Noticed that we cannot revert a patch if the particular jar is not in >>>> the patch directory. Assume that we install a feature to a product >>>> which already has the patch directory created. Then, we patch one of >>>> the jars in that new feature, and later on we remove that patch from the >>>> patches directory. The plugins directory will still have the patched jar >>>> even if the patch is removed. I assume this is because the new jars related >>>> to the feature is not getting copied to patch during feature >>>> installation. >>>> >>>> In my case I installed the FB authenticator to IS 5.0.0 + SP1 applied >>>> and patched the authenticator. To revert the patch I had to copy the old >>>> jar to the plugins directory. Even reinstalling the feature didn't restore >>>> the jar. >>>> >>>> Not sure if it's a buggy behavior, if not is there an alternative way >>>> to revert it ? >>>> >>>> Thanks, >>>> Omindu. >>>> >>>> -- >>>> Omindu Rathnaweera >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94 771 197 211 >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >> >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 >> > > > > -- > > > *Niranjan Karunanandham* > Associate Technical Lead - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Reverting a patch when the original jar is not in patch0000 directory
Yeah. SP1 was there. On Thu, Sep 8, 2016 at 8:19 AM, Harsha Thirimanna <hars...@wso2.com> wrote: > Did you apply any patches before you install the feature ? As you said, it > may be a bug. > > On Sep 8, 2016 12:23 AM, "Omindu Rathnaweera" <omi...@wso2.com> wrote: > >> Hi, >> >> Noticed that we cannot revert a patch if the particular jar is not in the >> patch directory. Assume that we install a feature to a product which >> already has the patch directory created. Then, we patch one of the jars >> in that new feature, and later on we remove that patch from the patches >> directory. The plugins directory will still have the patched jar even if >> the patch is removed. I assume this is because the new jars related to the >> feature is not getting copied to patch during feature installation. >> >> In my case I installed the FB authenticator to IS 5.0.0 + SP1 applied and >> patched the authenticator. To revert the patch I had to copy the old jar to >> the plugins directory. Even reinstalling the feature didn't restore the >> jar. >> >> Not sure if it's a buggy behavior, if not is there an alternative way to >> revert it ? >> >> Thanks, >> Omindu. >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Reverting a patch when the original jar is not in patch0000 directory
Hi, Noticed that we cannot revert a patch if the particular jar is not in the patch directory. Assume that we install a feature to a product which already has the patch directory created. Then, we patch one of the jars in that new feature, and later on we remove that patch from the patches directory. The plugins directory will still have the patched jar even if the patch is removed. I assume this is because the new jars related to the feature is not getting copied to patch during feature installation. In my case I installed the FB authenticator to IS 5.0.0 + SP1 applied and patched the authenticator. To revert the patch I had to copy the old jar to the plugins directory. Even reinstalling the feature didn't restore the jar. Not sure if it's a buggy behavior, if not is there an alternative way to revert it ? Thanks, Omindu. -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)
available for now at [3] >>>>> >>>> Additionally would be good to have the design details at github it self >>> as well or linked to your blog at http://manzzup.blogspot.com/20 >>> 16/08/gsoc-2016-rest-implementation-for-wso2.html. >>> >>>> >>>>> Hoping to work on user documentation and integration tests and submit >>>>> a new PR within next week >>>>> Any ideas for improvements / ideas / changes to be done prior to the >>>>> PR? >>>>> >>>>> Thank You >>>>> Manujith >>>>> >>>>> >>>>> >>>>> On Wed, Jul 13, 2016 at 2:49 PM, Manujith Pallewatte < >>>>> manujith...@gmail.com> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> With the previous suggestions i'm currently working on having Swagger >>>>>> integrated to the service. According to the Apache CXF documentation [1] >>>>>> Swagger can be implemented easily by using its Swagger2Feature library. >>>>>> But >>>>>> their documentation provides no integration details. >>>>>> >>>>>> So i integrated the library using some other docs [2], which now >>>>>> shows no errors in integration, but when I try to access the api-docs >>>>>> usrl >>>>>> (ex: https://localhost:9443/wso2-entitlement/api-docs) it simply >>>>>> shows >>>>>> >>>>>> *"No service was found." * in the browser and gives [3] in the >>>>>> console as a warning. >>>>>> Please let me know if there's any solutions or any idea why this >>>>>> might be occurring. >>>>>> >>>>>> Thank You >>>>>> Manujith >>>>>> >>>>>> [1] https://cwiki.apache.org/confluence/pages/viewpage.actio >>>>>> n?pageId=61318164 >>>>>> [2] http://stackoverflow.com/questions/36035393/how-to-integ >>>>>> rate-swagger-tool-with-apache-cxf-rest-web-service-using-cxfnonsprin >>>>>> [3] >>>>>> [http-nio-9443-exec-31] WARN >>>>>> org.apache.cxf.transport.servlet.ServletController >>>>>> - Can't find the the request forhttps://localhost:9443/wso2 >>>>>> -entitlement/entitlement/api-docs's >>>>>> <https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Fwso2-entitlement%2Fentitlement%2Fapi-docs%27s=D=1=AFQjCNF1VqSODX6CxpcxwdMMPvQb_6OE9Q> >>>>>> Observer >>>>>> >>>>>> On Wed, Jul 6, 2016 at 6:24 PM, Manujith Pallewatte < >>>>>> manujith...@gmail.com> wrote: >>>>>> >>>>>>> Hi Pushpalanka, >>>>>>> >>>>>>> Thank you for the comments, I'm currently looking into Swagger >>>>>>> Since it's already used in WSO2 API Manager, can i know if it's >>>>>>> built on CXF as well? In that case I can use existing swagger libraries >>>>>>> than introducing new ones. I found Swagger2Feature [1] library as in the >>>>>>> Apache CXF documentation. >>>>>>> >>>>>>> Hi Prabath, >>>>>>> Sorry i'm not familiar with those mentioned, can you clarify a bit >>>>>>> more, I would like to help in making any improvements >>>>>>> >>>>>>> Thank You >>>>>>> Manujith >>>>>>> >>>>>>> [1] http://cxf.apache.org/docs/swagger2feature.html >>>>>>> >>>>>>> On Tue, Jul 5, 2016 at 8:42 PM, Prabath Siriwardana < >>>>>>> prab...@wso2.com> wrote: >>>>>>> >>>>>>>> When we are implementing the REST profile XACML - can we implement >>>>>>>> it as a microservice on MSF4J? It needs to be an independent deployable >>>>>>>> unit - which should function with a set of policies loaded from the >>>>>>>> filesystem... Can we do this..? >>>>>>>> >>>>>>>> Thanks & regards, >>>>>>>> -Prbath >>>>>>>> >>>>>>>> On Mon, Jul 4, 2016 at 11:44 PM, Pushpalanka Jayawardhana < >>>>>>>> la...@wso2.com> wrote: >>>&
Re: [Dev] [MB][C5] How to write unit tests to mock the user core?
+1 for using mockito. @Jayanga, Malithi: I guess this is something we can use in CAAS and the connectors, as we don't have unit test for the moment. Regards, Omindu. On Mon, Aug 15, 2016 at 8:00 PM, Manuranga Perera <m...@wso2.com> wrote: > In UUF tests we are using mockito, its very convenient, please give it a > try. > > On Mon, Aug 15, 2016 at 3:42 PM, Ramith Jayasinghe <ram...@wso2.com> > wrote: > >> please disregard above noise! >> >> On Mon, Aug 15, 2016 at 3:36 PM, Ramith Jayasinghe <ram...@wso2.com> >> wrote: >> >>> this needs to be a public email isn't it? >>> >>> On Mon, Aug 15, 2016 at 2:10 PM, Sajini De Silva <saj...@wso2.com> >>> wrote: >>> >>>> Hi, >>>> >>>> I have finished the first stage of MB authorization model for C5. Now I >>>> need to test the model by writing some test cases. Now user core is outside >>>> of MB how do we mock the user core in test cases. Is there any samples for >>>> this? >>>> >>>> Thanks, >>>> >>>> -- >>>> Sajini De SIlva >>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com , >>>> Email: saj...@wso2.com >>>> Blog: http://sajinid.blogspot.com/ >>>> Git hub profile: https://github.com/sajinidesilva >>>> >>>> Phone: +94 712797729 >>>> >>>> >>> >>> >>> -- >>> Ramith Jayasinghe >>> Technical Lead >>> WSO2 Inc., http://wso2.com >>> lean.enterprise.middleware >>> >>> E: ram...@wso2.com >>> P: +94 772534930 >>> >> >> >> >> -- >> Ramith Jayasinghe >> Technical Lead >> WSO2 Inc., http://wso2.com >> lean.enterprise.middleware >> >> E: ram...@wso2.com >> P: +94 772534930 >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : m...@wso2.com > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [WSO2 IS] Travelocity.com doesnt get deployed on Tomcat 8.0.x
Hi Nadeesha, I don't think we have tested travelocity with tomcat 8. Created [1] to track this issue. [1] - https://wso2.org/jira/browse/IDENTITY-4800 Regards, Omindu. On Tue, Jul 12, 2016 at 10:39 AM, Nadeesha Gamage <nadee...@wso2.com> wrote: > Hi Devs, > I have checked-out the travelocity.com sample from the following link > [1], build and deployed it on Tomcat 8.0.x and I get the following error. > > 12-Jul-2016 10:32:26.557 INFO [localhost-startStop-3] > org.apache.catalina.startup.HostConfig.deployWAR Deploying web application > archive D:\Software > Installed\apache-tomcat-8.0.9\webapps\travelocity.com.war > 12-Jul-2016 10:32:28.666 INFO [localhost-startStop-3] > org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned > for TLDs yet contained no TLDs. Enable debug logging for this logger for a > complete list of JARs that were scanned but no TLDs were found in them. > Skipping unneeded JARs during scanning can improve startup time and JSP > compilation time. > 12-Jul-2016 10:32:28.669 SEVERE [localhost-startStop-3] > org.apache.catalina.core.StandardContext.startInternal Error listenerStart > 12-Jul-2016 10:32:28.669 SEVERE [localhost-startStop-3] > org.apache.catalina.core.StandardContext.startInternal Context [/ > travelocity.com] startup failed due to previous errors > > > [1] https://docs.wso2.com/display/IS510/Downloading+a+Sample > > > Can someone please look into this. > > Thank you, > -- > Nadeesha Gamage > Associate Technical Lead - Solutions Engineering > T : +94 77 394 5706 > B : https://nadeesha678.wordpress.com/ > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [ES]Error when Importing Users in Bulk through management console
rapperValve.invoke(StandardWrapperValve.java:220)
>>>> at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>>>> at
>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
>>>> at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
>>>> at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>>>> at
>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
>>>> at
>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>>>> at
>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
>>>> at
>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>>>> at
>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
>>>> at
>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
>>>> at
>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
>>>> at
>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
>>>> at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>>>> at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
>>>> at
>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
>>>> at
>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
>>>> at
>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
>>>> at
>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>> at
>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>> at java.lang.Thread.run(Thread.java:745)
>>>> [2016-07-05 10:45:47,752] ERROR
>>>> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener} - Temporary
>>>> password property is disabled
>>>
>>>
>>>
>>> How can I bulk upload set of users and create multiple users at once? Any
>>> help on this is highly appreciated.
>>> [1] : https://docs.wso2.com/display/ESB300/Importing+Users+in+Bulk
>>> [2] : https://docs.wso2.com/display/Governance460/Bulk+Import+of+Users
>>> [3] :
>>> [image: Inline image 1]
>>>
>>> Thanks,
>>> --
>>> *Kasun Thennakoon*
>>> Software Engineer
>>> WSO2, Inc.
>>> Mobile:+94 711661919
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> *Dilini GunatilakeSoftware Engineer - QA Team*
>> Mobile : +94 (0) 771 162518
>> dili...@wso2.com
>>
>
>
>
> --
> *Kasun Thennakoon*
> Software Engineer
> WSO2, Inc.
> Mobile:+94 711661919
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Omindu Rathnaweera
Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] Carbon Security Login Module - JWT 1.0.0 M1 Released
Hi Rushmin, You can refer the 'Authentication' section in carbon security readme [1]. I will update the readme of the JWT login module with the instructions. [1] - https://github.com/wso2/carbon-security/blob/master/README.md#authentication Regards, Omindu. On Thu, Jun 30, 2016 at 4:23 PM, Rushmin Fernando <rush...@wso2.com> wrote: > Omindu, is there some kind or documentation or a blog regarding the usage > of this login module ? > > On Tue, Jun 14, 2016 at 6:12 PM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> *Carbon Security Login Module - JWT 1.0.0 M1 Released* >> >> We are pleased to announce the 1st milestone release of Carbon Security >> Login Module - JWT 1.0.0. >> >> This provides a JAAS based JWT login module for WSO2 Carbon Security CAAS. >> >> *Included features/bug fixes* >> >> https://wso2.org/jira/issues/?filter=13100 >> >> *Installing as a Carbon Feature* >> >> You may install carbon-security-login-module-jwt feature to your product >> with. >> >> >> org.wso2.carbon.security.caas.module >> >> org.wso2.carbon.security.caas.module.jwt.feature >> 1.0.0-m1 >> zip >> >> >> Best Regards, >> Identity Server Team. >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 >> >> ___ >> Architecture mailing list >> architect...@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94772891266 > > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Need a org.wso2.carbon.identity.saml.common bundle
+1 for having a common bundle. Also if we are to bootstrap opensaml in the bundle's activator, better to do it in a manner so that the server startup time will not get affected. Regards, Omindu. On Sat, Jun 25, 2016 at 12:00 AM, Malithi Edirisinghe <malit...@wso2.com> wrote: > +1 > > We are also packing opensaml bundle with several features. I think it's > better if we can pack only from a common feature. > > Thanks, > Malithi. > > On Fri, Jun 24, 2016 at 11:16 PM, Farasath Ahamed <farasa...@wso2.com> > wrote: > >> +1. >> >> Currently, we are bootstrapping the OpenSAML library once in each of the >> above-mentioned components once. Bootstrapping OpenSAML is a heavy >> operation and it is only required to be done once within a JVM. We can >> avoid bootstrapping more than once if we could do it within the activator >> of this proposed SAML common bundle. >> >> Thanks. >> >> Farasath Ahamed >> Software Engineer, >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> >> Email: farasa...@wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> >> On Fri, Jun 24, 2016 at 10:56 PM, Johann Nallathamby <joh...@wso2.com> >> wrote: >> >>> We have many bundles using SAML2. Inbound and outbound SAML2 SSO >>> authenticators, Carbon authenticators, SAML2 grant type in OAuth2, SAML2 >>> STS, Passive STS, entitlement, etc. Following items are seen duplicated in >>> these components. >>> >>> 1. Utility methods >>> 2. Constants >>> 3. Bootstrapping the OpenSAML library >>> >>> If we introduce a org.wso2.carbon.identity.saml.common bundle we can >>> have all these stuff in this single component and avoid all the problems. >>> This bundle can be a dependency to all the necessary components and packed >>> in all relevant features. >>> >>> Created JIRA: https://wso2.org/jira/browse/IDENTITY-4729 >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+9476950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > malit...@wso2.com > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] RESTful Fine Grained Authorization-as-a-Service (AZaaS)
sent, but I >>>>>>> left *target *directory intact so that i can share the war file >>>>>>> through the repo. >>>>>>> >>>>>>> Also for the PR, to which repo should I send the PR for? Or shall I >>>>>>> wait for further testing of the code so that we can minimize any bugs? >>>>>>> >>>>>> If code refactoring, formatting, cleanup are done, you have run >>>>>> Findbug plugin(This is a plugin that can integrate to IDE. If you already >>>>>> haven't try it.) and fixed any issues reported against code and >>>>>> functionality is working, we are OK to review the code. You can further >>>>>> test the code and fix the bugs while integrating any review comments we >>>>>> put >>>>>> on the PR. >>>>>> >>>>>> "Please share the code progress via Github, once you are satisfied >>>>>> with refactoring. >>>>>> Please fork [1] to your private repo, and at location [2], you may >>>>>> have a new component named >>>>>> 'org.wso2.carbon.identity.entitlement.endpoint' >>>>>> where the implementation can reside. >>>>>> >>>>>> [1] - https://github.com/wso2/carbon-identity-framework >>>>>> [2] - >>>>>> https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement >>>>>> " >>>>>> >>>>>>> >>>>>>> [1] https://github.com/ManZzup/identity-entitlement-endpoint >>>>>>> >>>>>>> Thank You, >>>>>>> Best Regards >>>>>>> Manujith >>>>>>> >>>>>>> On Tue, Jun 7, 2016 at 10:30 AM, Omindu Rathnaweera <omi...@wso2.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Adding a .gitignore to the repo will be the easiest way to keep the >>>>>>>> unwanted files away from the repo. See [1]. >>>>>>>> >>>>>>>> [1] - >>>>>>>> https://github.com/wso2/carbon-identity-framework/blob/master/.gitignore >>>>>>>> >>>>>>>> Regards, >>>>>>>> Omindu >>>>>>>> >>>>>>>> On Tue, Jun 7, 2016 at 10:26 AM, Pushpalanka Jayawardhana < >>>>>>>> la...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi Manujith, >>>>>>>>> >>>>>>>>> The IDE specific files(.iml) or code can be removed from the >>>>>>>>> repository. >>>>>>>>> Once the code refactoring is done and code is cleaned please feel >>>>>>>>> free to send the PR. Then we can easily comment on the code. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Pushpalanka >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Jun 7, 2016 at 10:12 AM, Omindu Rathnaweera < >>>>>>>>> omi...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> Hi Manujith, >>>>>>>>>> >>>>>>>>>> Better if you can clean up the unnecessary code and do some code >>>>>>>>>> refactoring. We can do another round of testing once you fix the >>>>>>>>>> issues I >>>>>>>>>> have mention. You can use the attached Idea Code Formatting Template >>>>>>>>>> [1]. >>>>>>>>>> >>>>>>>>>> To apply the template, follow the steps below. >>>>>>>>>> >>>>>>>>>> 1. In IDEA settings, goto Editor -> Code Style. >>>>>>>>>> 2. Click 'Manage' then 'Save As...' an existing scheme with the >>>>>>>>>> name 'wso2-codestyle' and Close the IDE. >>>>>>>>>> 3. Goto ~/.IntelliJIdea16/config/codestyles directory and replace >>>>>>>>>> the 'wso2-codestyle.xml' file with the attached one. >>>>>>>>>> >>>>>>>>>> [1] - >>>>>>>>>> https://drive
Re: [Dev] [Architecture] Force Password Reset and Password History validation
Hi, > All the passwords which are supposed to store in this table are old >> passwords (expired). >> >> - I think we don't need to use the same password hashing algorithm (with >> or without salted value) which is defined user-mgt.xml for password history >> validation. >> > > IMO using the same hashing algo is cleaner. Isn't the current password > also stored in this table? If stored, it's mandatory to use salting. > I believe we should use either the hashing algorithm specified in the user-mgt.xml or provide a separate config to specify a hashing algo for password history. Consider the following scenario. Let's say we have specified the hashing algo in user-mgt.xml as SHA-512 and we use SHA-256 (hard coded) to store old passwords. Given that the user has the option to maintain the old password during a periodic password reset, then the old password will be the same as the existing password if the user decides to stick with the old password. Now, in the history table the current password will be stored in a much weaker hash. This doesn't seems right, does it ? Also using the hashing algorithm specified in the user-mgt.xml or a different config means that we'll have to store the hashing algo in the history table. Regards, Omindu. > > >> - admin users can change other user's passwords without giving their old >> passwords. In that case, how can we find the old password hash value to >> store for password history validation? >> >> >> Your comments and suggestions are highly appreciated. >> >> Thanks >> Isura. >> >> >> Isura Dilhara Karunaratne >> Senior Software Engineer >> >> Mob +94 772 254 810 >> >> > > > -- > Thanks & Regards, > Dulanja Liyanage > Lead, Platform Security Team > WSO2 Inc. > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [APIM] Eliminate multiple login attempts and block users - APIM 1.7
Hi Yasith, AFAIK this is not available in APIM OOB. However, you can try installing the Identity Management features to APIM. - In APIM management console go to Home > Configure > Features and add a feature repository as mentioned in [1]. You can give [2] as the URL. - Once it's done, click on 'Find features'. - From the available features lists, expand 'Identity Server 5.0.0', select 'Identity Management' and 'Install'. - Restart the server. - You can configure account locking as you have done in IS. Hope this helps. [1] - https://docs.wso2.com/display/Carbon420/Managing+the+Feature+Repository [2] - http://product-dist.wso2.com/p2/carbon/releases/turing/ Regards, Omindu. On Wed, Jun 15, 2016 at 5:48 PM, Yasith Lokuge <yas...@wso2telco.com> wrote: > Hi, > > I need to block the users after multiple login attempts. I was able do it > in IS but I couldn't find the identity-mgt.properties file in APIM 1.7 > Please let me know the steps I should follow in order achieve that task. > > Regards > -- > Yasith Lokuge > > Software Engineer > M: +94 7713 53682 | E: yas...@wso2telco.com > W: www.yasith.me > > WSO2.Telco Inc. > Level 4, > 20, Palm Grove, Colombo 03 > Sri Lanka. > www.wso2telco.com > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Carbon Security Login Module - JWT 1.0.0 M1 Released
*Carbon Security Login Module - JWT 1.0.0 M1 Released* We are pleased to announce the 1st milestone release of Carbon Security Login Module - JWT 1.0.0. This provides a JAAS based JWT login module for WSO2 Carbon Security CAAS. *Included features/bug fixes* https://wso2.org/jira/issues/?filter=13100 *Installing as a Carbon Feature* You may install carbon-security-login-module-jwt feature to your product with. org.wso2.carbon.security.caas.module org.wso2.carbon.security.caas.module.jwt.feature 1.0.0-m1 zip Best Regards, Identity Server Team. -- Omindu Rathnaweera Software Engineer, WSO2 Inc. Mobile: +94 771 197 211 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
