Re: [Dev] Issue in disabling CRL, and OCSP Validators when configuring x509 authenticator
In [1], the configuration mentioned for disabling the validators will work only if the server is never started up. Because at very first server startup, it reads this file and creates a registry resource. So, if it is already created, later even if you modify the file, it won't get reflected. So, for turning off the validators, we need to browse the registry (of the particular tenant) from Mgt Console and set the required properties of the registry resource. So we need to include above info as well to docs. @Piraveena Paralogarajah , @Indunil Upeksha Rathnayake - Please confirm above. [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator#ConfiguringX509CertificateAuthenticator-DisablingCertificateValidation Thanks, TharinduE On Tue, Feb 12, 2019 at 3:37 PM Yvonne Wickramasinghe wrote: > Hi Piraveena and Indunil, > > As discussed, I added a new section called Disabling Certificate > Validation > <https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator#ConfiguringX509CertificateAuthenticator-DisablingCertificateValidation> > with > the steps required to disable CRL and OCSP validators. Please check and let > me know if you require any further changes. > > Regards, > > On Tue, Jan 29, 2019 at 10:08 AM Yvonne Wickramasinghe > wrote: > >> Hi Indunil, >> >> Scheduled a meeting for tomorrow (Jan 30, 2019) at 2:00 PM to discuss the >> requirements in detail. >> >> Regards, >> >> On Mon, Jan 28, 2019 at 9:57 AM Piraveena Paralogarajah < >> pirave...@wso2.com> wrote: >> >>> Hi Indunil, >>> >>> CRL & OCSP validators are enabled in certificate-validation.xml file in >>> IS 5.7.0 by default . So this triggers exceptions and X509 Authentication >>> fails. So by default CRL & OCSP validators should be disabled. This step is >>> not addressed in the documentation as well. >>> >>> To overcome this issue, now we need to >>> disable /_system/governance/repository/security/certificate/validator >>> registry. So Could you please confirm that whether is it necessary to to >>> disable the the CRL and OCSP validators in the registry in IS 5.7.0 >>> after server starts to make X509 Authentication to succeed? >>> >>> Thanks and Regards, >>> Piraveena >>> >>> *Piraveena Paralogarajah* >>> Software Engineer | WSO2 Inc. >>> *(m)* +94776099594 | *(e)* pirave...@wso2.com >>> >>> >>> >>> On Mon, Jan 28, 2019 at 9:42 AM Indunil Upeksha Rathnayake < >>> indu...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> @Piraveena Paralogarajah @Tharindu Edirisinghe >>>> : >>>> As per the CRL & OCSP implementation, all the certificate validator >>>> configurations in certificate-validation.xml file, will be added to tenant >>>> registry in /_system/governance/repository/security/certificate/validator >>>> on the initial server start up and tenant creation. There will be separate >>>> registry resources for each validator with properties as name, enable, >>>> priority etc. During the certification validation process, all the >>>> validator configs will be loaded from the registry and based on the >>>> enability and priority, corresponding validators will get invoked. >>>> >>>> @Yvonne Wickramasinghe : Seems all the necessary >>>> information in [1], has not been included into the WSO2 documentation. Can >>>> you please add all the information in there. >>>> >>>> @Yvonne Wickramasinghe @Sherene Mahanama >>>> @Nirdesha Munasinghe @WSO2 >>>> Documentation Group : This X509 Authenticator >>>> documentation is really not in good shape. The steps are not in order & not >>>> clear, we need to restructure the page. Can you guys please schedule a >>>> meeting to discuss on this matter. >>>> >>>> [1] >>>> https://docs.google.com/document/d/1_pJLEDMUn-lp_u3s6ebuHb0huArSFfydjMjjWRxmYIw/edit >>>> >>>> Thanks and Regards >>>> >>>> On Mon, Jan 28, 2019 at 8:21 AM Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Indunil, >>>>> >>>>> Could you please confirm that the the CRL and OCSP validators should >>>>> be turned on/off from the registry resource after an initial server >>>>> startup, instead of making changes in certificate-validation.
Re: [Dev] Getting "No name matching localhost found" error when running the integration test for Splunk connector
Hi Shevindi,
I believe you are using -k option when running the curl command, which
would avoid the certificate validation and hostname verification at client
(curl) side.
Since this is just a test, we can bypass hostname verification and
certificate validation and get it to working. For that, we need to override
the trust manager and the default hostname verifier and create the SSL
Context which will be used for the HTTPS communication. You can find some
sample code in [1].
[1]
https://github.com/wso2/carbon-identity-framework/blob/v5.12.153/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantMgtAdminServiceClient.java#L179
Best Regards,
Tharindu Edirisinghe
On Thu, Jan 31, 2019 at 1:32 PM Shevindi Rodrigo wrote:
> Hi All,
>
> I'm working on splunk connector for EI. To access splunk rest API over
> https, we have to import the self sign certificate. For that, I got the
> certificate server.pem file from the installation directory of splunk and
> import that certificate into the EI client-truststore using the keytool
> command [1]. When I try this splunk connector via management console, it
> working fine.
> But to write the integration test cases, I import the same certificate
> file into EI client-truststore and wso2carbon.jks as in [2] . In
> integration test case, when I try to invoke the splunk api using java
> client[4] as in [3], I'm getting the response as in [5] although the same
> apiEndpoint works fine with curl.
>
> Can anyone help me to solve this?
>
> [1] keytool -importcert -file server.pem -keystore client-truststore.jks
> -alias splunk
> [2]
> keytool -importcert -file server.pem -keystore client-truststore.jks
> -alias splunk
> keytool -importcert -file server.pem -keystore wso2carbon.jks -alias
> splunk2
>
> [3]
> String apiEndpoint = "https://; +
> connectorProperties.getProperty("hostname") + ":" +
> connectorProperties.getProperty("port") + "/servicesNS/" +
> connectorProperties.getProperty("appUserName") + "/" +
> connectorProperties.getProperty("appName") + "/saved/searches/" +
> connectorProperties.getProperty("searchName");
> RestResponse apiRestResponse =
> sendXmlRestRequest(apiEndpoint,"GET",apiRequestHeadersMap);
> Assert.assertEquals(searchName,getValueByExpression("//entry/title",
> apiRestResponse.getBody()));
>
> [4]
> https://github.com/wso2-extensions/esb-integration-base/blob/master/src/main/java/org/wso2/connector/integration/test/base/ConnectorIntegrationTestBase.java#L441
> <https://www.google.com/url?q=https://github.com/wso2-extensions/esb-integration-base/blob/master/src/main/java/org/wso2/connector/integration/test/base/ConnectorIntegrationTestBase.java%23L441=D=hangouts=1548916323291000=AFQjCNHyRrxk4i8gSaJ7A6gJOmMOLIoTKg>
>
> [5]
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *INFO [org.wso2.esb.integration.common.utils.ESBTestCaseUtils] - splunk
> Proxy undeployed in 0 millisFAILED: testCreateSavedSearchMandatory
> splunk {createSavedSearch} integration test with mandatory
> parameters.javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching localhost
> foundat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)at
> sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)at
> sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)at
> sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)at
> sun.security.ssl.Handshaker.process_record(Handshaker.java:914)at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:18
Re: [Dev] Issue in disabling CRL, and OCSP Validators when configuring x509 authenticator
Hi Indunil,
Could you please confirm that the the CRL and OCSP validators should be
turned on/off from the registry resource after an initial server startup,
instead of making changes in certificate-validation.xml file?
Thanks,
TharinduE
On Fri, Jan 18, 2019 at 3:45 PM Piraveena Paralogarajah
wrote:
> Hi,
>
> I'm working on configuring x509Certificate Authenticator using WSO2 IS
> version 5.8.0. I did all configurations as mentioned in the doc [1]
> <https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator>,
> and I got the error as given below.
>
> org.wso2.carbon.identity.x509Certificate.validation.CertificateValidationException:
> Validator: OCSPValidatorcouldn't validate the revocation status of
> certificate with serial num: 14756929408771586256
>
> at
> org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.isRevoked(RevocationValidationManagerImpl.java:123)
>
> at
> org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.verifyRevocationStatus(RevocationValidationManagerImpl.java:63)
>
> at
> org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.isCertificateRevoked(X509CertificateUtil.java:257)
>
> at
> org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.validateCertificate(X509CertificateUtil.java:155)
>
> 2019-01-17 11:49:05,175] INFO
> {org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl}
> - X509 Certificate validation with CRLValidator
>
> [2019-01-17 11:49:05,176] DEBUG
> {org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl}
> - Certificate validation is not successful.
>
> org.wso2.carbon.identity.x509Certificate.validation.CertificateValidationException:
> Validator: CRLValidatorcouldn't validate the revocation status of
> certificate with serial num: 14756929408771586256
>
> at
> org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.isRevoked(RevocationValidationManagerImpl.java:123)
>
> at
> org.wso2.carbon.identity.x509Certificate.validation.service.RevocationValidationManagerImpl.verifyRevocationStatus(RevocationValidationManagerImpl.java:63)
>
> at
> org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.isCertificateRevoked(X509CertificateUtil.java:257)
>
> at
> org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateUtil.validateCertificate(X509CertificateUtil.java:155)
>
>
> So I disabled CRLValidator, and OCSPValidator
> in certificate-validation.xml file in ${IS_HOME}/repository/conf/security/
> , but the changes were not getting updated. According to the
> implementation in RevocationValidationManagerImpl.java in
> identity-x509-revocation extension, the CRL and OCSP validators are read
> from the registry repository/security/certificate/validator. This makes
> quite confusion since we need to modify the certificate-validation.xml as
> well as the registry to disable CRLValidator, and OCSPValidator.
>
>
> The doc on Configuring x509Certificate Authenticator [1]
> <https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator>
> is not referring about the changes need to be done in configuration file and
> the registry to disable CRL and OCSP as well.
>
>
> [1]
> https://docs.wso2.com/display/ISCONNECTORS/Configuring+X509Certificate+Authenticator
>
> Regards,
> Piraveena
>
> *Piraveena Paralogarajah*
> Software Engineer | WSO2 Inc.
> *(m)* +94776099594 | *(e)* pirave...@wso2.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 Documentation Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to documentation+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>
--
Tharindu Edirisinghe
Associate Technical Lead | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Enterprise Integrator 6.4.0 RC1
;>>>> Property >>>>>>> Log >>>>>>> Filter >>>>>>> Out >>>>>>> In >>>>>>> Validate >>>>>>> Switch >>>>>>> >>>>>>> *Endpoints:* >>>>>>> Address Endpoints >>>>>>> LoadBalance Endpoints >>>>>>> Failover Endpoints >>>>>>> HTTP Endpoints >>>>>>> WSDL Endpoints >>>>>>> Indirect and Resolving Endpoints >>>>>>> Default Endpoints >>>>>>> Template Endpoints >>>>>>> Recipient List Endpoints >>>>>>> >>>>>>> *Inbound Endpoints:* >>>>>>> File inbound >>>>>>> JMS inbound >>>>>>> >>>>>>> [+] Stable - Go ahead and release >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> On Tue, Sep 18, 2018 at 10:04 PM, Dileesha Rajapakse < >>>>>>> dilee...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi everyone, >>>>>>>> >>>>>>>> I have tested the RC1 in the following scenarios. >>>>>>>> >>>>>>>>1. Tested the following EI Analytics features with embedded H2 >>>>>>>>and MySQL 5.7. >>>>>>>> 1. Overview Dashboard. >>>>>>>> 2. Proxy Services Dashboard. >>>>>>>> 3. API Dashboard. >>>>>>>> 4. Sequence Dashboard. >>>>>>>> 5. Endpoint Dashboard. >>>>>>>> 6. Inbound Endpoint Dashboard >>>>>>>> 7. Mediator Dashboard. >>>>>>>> 8. Message Dashboard. >>>>>>>>2. Tested the following in a two-node cluster. >>>>>>>> 1. Scheduling Tasks in different time intervals and counts. >>>>>>>> 2. Scheduling tasks with cron expressions. >>>>>>>>3. Tested the creation and deployment (as CApps) of the >>>>>>>>following with tooling. >>>>>>>> 1. Proxy service. >>>>>>>> 2. API. >>>>>>>> 3. Sequence. >>>>>>>> 4. REST API. >>>>>>>> 5. Inbound Endpoint. >>>>>>>> 6. Endpoint. >>>>>>>> >>>>>>>> No issues found. >>>>>>>> >>>>>>>> [+] Stable - Go ahead and release >>>>>>>> >>>>>>>> Regards. >>>>>>>> >>>>>>>> On Tue, Sep 18, 2018 at 2:03 PM Thishani Lucas >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> We are pleased to announce the first release candidate of WSO2 >>>>>>>>> Enterprise Integrator 6.4.0. >>>>>>>>> >>>>>>>>> *Known Issues: *https://github.com/wso2/product-ei/issues >>>>>>>>> >>>>>>>>> *Source and Binary Distribution Files: * >>>>>>>>> https://github.com/wso2/product-ei/releases/tag/v6.4.0-rc1 >>>>>>>>> >>>>>>>>> *The Tag to be Voted Upon: * >>>>>>>>> https://github.com/wso2/product-ei/tree/v6.4.0-rc1 >>>>>>>>> >>>>>>>>> Please vote as follows: >>>>>>>>> >>>>>>>>> [+] Stable - Go ahead and release >>>>>>>>> [-] Broken - Do not release (explain why) >>>>>>>>> >>>>>>>>> ~The WSO2 Integration Team~ >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Thishani Lucas* >>>>>>>>> *Software Engineer* >>>>>>>>> *WSO2 Lanka (Private) Limited**: http://wso2.com >>>>>>>>> <http://wso2.com/>* >>>>>>>>> *lean.enterprise.middle-ware* >>>>>>>>> >>>>>>>>> *Tel: +94 77 2556931 * >>>>>>>>> >>>>>>>>> *LinkedIn: https://www.linkedin.com/in/thishani-lucas/ >>>>>>>>> <https://www.linkedin.com/in/thishani-lucas/>* >>>>>>>>> >>>>>>>>> >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> ___ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Dileesha Rajapakse* >>>>>>>> Software Engineer | WSO2 Inc. >>>>>>>> Mobile: +94 772555933 >>>>>>>> http://www.dilee.me >>>>>>>> >>>>>>>> >>>>>>>> ___ >>>>>>>> Dev mailing list >>>>>>>> Dev@wso2.org >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Shakila Sasikaran >>>>>>> Software Engineer >>>>>>> Mobile :+94 (0) 77 526 6848 >>>>>>> shak...@wso2.com >>>>>>> WSO2, Inc. >>>>>>> lean . enterprise . middleware >>>>>>> http://www.wso2.com/ >>>>>>> ___ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>> >>>>>> ___ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Malaka. >>>>> -- >>>>> Malaka Gangananda - Software Engineer | WSO2 >>>>> Email : mala...@wso2.com >>>>> Mobile : +94713564340 >>>>> Web : http://wso2.com >>>>> <http://wso2.com/signature> >>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Best Regards, >>>> Danushka Madhuranga >>>> Software Engineering Intern >>>> Wso2 >>>> +94758314057 >>>> [image: Image result for wso2] >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> -- >>> Best Regards, >>> M.Nirothipan >>> Software Engineer | WSO2 <https://wso2.com/> >>> Mobile: 0094772172692 >>> Email: nirothi...@wso2.com >>> >>> ___ >>> Architecture mailing list >>> architect...@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Nandika Jayawardana >> WSO2 Inc ; http://wso2.com >> lean.enterprise.middleware >> ___ >> Architecture mailing list >> architect...@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > *Asanka Abeyweera *| Associate Technical Lead | WSO2 Inc. > <http://www.wso2.com/> > (M) 94-712228648 | (E) asank...@wso2.com | (T) a5anka > <http://www.twitter.com/a5anka> > <https://wso2.com/signature> > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Exception in Facebook Federated Authentication
I'm adding Mathuriga and Nadeeshani to this thread as similar issue is
reported in the non-federated flow as well.
On Mon, Apr 16, 2018 at 3:13 PM Omindu Rathnaweera wrote:
> On Mon, Apr 16, 2018 at 5:45 AM, Darshana Gunawardana
> wrote:
>
>> AFAIR, this seems to be an issue with handling email type usernames
>> without enabling email usernames..
>>
>> Anyhow we have discussed to fix this from the sso consent
>> implementation.. @Omindu: Do we have any git issue related to this?
>>
>
> During SSO, we perform all the consent API related invocations after
> starting a tenant flow and setting the authenticated username the carbon
> context. I guess we can set the username accordingly based on whether the
> email username is enabled or not when setting the user to the context.
>
> Created https://github.com/wso2/product-is/issues/3079 to track this.
>
>
>> Thanks,
>>
>> On Mon, Apr 16, 2018 at 9:01 AM, gayan gunawardana <
>> gmgunaward...@gmail.com> wrote:
>>
>>>
>>> Hi Tharindu,
>>> On Mon, Apr 16, 2018 at 8:39 AM, Tharindu Edirisinghe <
>>> tharin...@wso2.com> wrote:
>>>
>>>> Hi Gayan,
>>>>
>>>> It seems the error is coming form the consent management feature. If
>>>> you don't require this feature, you can simply turn it off from the
>>>> following property in identity.xml file.
>>>>
>>>>
>>>>
>>>> *false*
>>>>
>>>>
>>>>
>>>> Alternatively you can turn off the following listener from identity.xml
>>>> file too for getting rid of the issue.
>>>>
>>>> >>> type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
>>>> name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
>>>> orderId="110" *enable*="*false*" />
>>>>
>>>
>>>> I could reproduce the same behavior and by setting any of the above
>>>> configs, I could avoid the error and successfully authenticate the SP app
>>>> (travelocity) with FB IDP.
>>>>
>>> Thanks for the explanation. I have already disabled consent management
>>> to get it work. I suppose globally disabling consent management feature or
>>> disabling the listener would not be a good solution.
>>>
>>>>
>>>> @IAM Team - If we keep using the consent management feature, do we need
>>>> any additional configuration? May be claim configuration to map the
>>>> particular user claims which should require obtaining user consent?
>>>>
>>>
>>>> Thanks,
>>>> TharinduE
>>>>
>>>> On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <
>>>> gmgunaward...@gmail.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> I have configured travelocity.com sample application as SAML inbound
>>>>> and Facebook as federated authenticator for IS-5.5.0. After adding
>>>>> Facebook
>>>>> credentials, got below UI.
>>>>>
>>>>>
>>>>> After enabling debug logs found below exception. Is there any further
>>>>> configuration I have to do to get it work ?
>>>>>
>>>>> [2018-04-14 20:25:49,655] ERROR
>>>>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>>>>> Error
>>>>> occurred while accessing Java Security Manager Privilege Block
>>>>> [2018-04-14 20:25:49,658] ERROR
>>>>> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>>>>> - Error occurred while evaluating post authentication
>>>>> org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException:
>>>>> Error occurred while retrieving consent data of user:
>>>>> gmgunaward...@gmail.com for service provider: CafeLebens-Sample in
>>>>> tenant domain: carbon.super.
>>>>> at
>>>>> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
>>>>> at
>>>>> org.wso2.carbon.identity.application.authentication.fra
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.7.0 RC3
Evaluated the static code analysis and dynamic security analysis reports. All the flagged issues are found to be false positives. [+] Stable in terms of security - Go ahead and release Thanks, Tharindu Edirisinghe On Thu, Sep 13, 2018 at 10:48 PM Pamoda Wimalasiri wrote: > Hi all, > > I tested below scenarios with DB2 database. > >- Self-registration and account confirmation >- Self-registration consent purposes >- Just-In-Time Provisioning Consent Purposes >- SAML2 Artifact binding and authenticate > > No blocking issues found. > > [+] Stable - Go ahead and release > > Thanks, > Pamoda > > On Thu, Sep 13, 2018 at 10:39 PM Vihanga Liyanage > wrote: > >> Hi all, >> >> Tested below scenarios on IS 5.7.0-RC2 pack using the default H2 >> database and Postgres SQL database. >> >>- Started with *-Dsetup* property in Postgres and DB scripts executed >>without any issues. >>- Add service provider, configured SAML SSO, authenticate with *the >>dispatch *sample web app. >>- Enable SAML2 Artifact binding and authenticate. >>- Add SP certificate, enable signature validation in SAML2 artifact >>resolve request and authenticate. >>- Add new SP with Open ID OAuth/OpenID Connect Configuration and >>authenticate with *the playground *sample web app. Tested all OAuth >>grand types. >>- Add SP certificate, enable ID token encryption, authenticate and >>decrypt the encrypted ID token by providing the private key of the SP. >> >> No blocking issues found. >> >> [+] Stable - Go ahead and release >> >> Best regards, >> Vihanga. >> >> On Thu, Sep 13, 2018 at 10:14 PM Janak Amarasena wrote: >> >>> Hi all, >>> >>> Tested below scenarios with MySQL 5.7, >>> >>>- Self-Registration and Account Confirmation. >>>- Configure Just-In-Time Provisioning Consent Purposes. >>>- Add user, add roles, add permissions >>>- UMA 2.0 flow >>>- Obtain access token using password grant. >>>- Create, delete, update, list resources and read resource >>>description of a resource by invoking UMA resource registration endpoint. >>>- Entitlement policy creation using write policy in xml and >>>publishing. >>>- Obtain permission ticket by invoking UMA permission endpoint. >>>- Configure a service provider with OpenID Connect and obtain access >>>token using UMA grant. >>>- Invoke the OAuth Introspection Endpoint. >>>- Enable SAML2 Artifact binding and authenticate >>> >>> No blocking issues found. >>> >>> [+] Stable - Go ahead and release >>> >>> Best Regards, >>> Janak >>> >>> >>> On Thu, Sep 13, 2018 at 10:10 PM, Tharindu Bandara >>> wrote: >>> >>>> Hi all, >>>> >>>> I have tested the following scenarios on IS 5.7.0 RC3 pack using MySQL >>>> 5.7 database and did not encounter any issues. >>>> >>>>- Configuring a service provider for adaptive authentication. >>>>- Configuring Role-Based Adaptive Authentication. >>>>- Configuring User-Age-Based Adaptive Authentication. >>>>- Configuring IP-Based Adaptive Authentication. >>>>- Configuring New-Device-Based Adaptive Authentication. >>>>- Using WSO2 Stream Processor for Adaptive Authentication. >>>>- Configuring Risk-Based Adaptive Authentication. >>>>- Configuring login-based adaptive authentication. >>>> >>>> [+] Stable - Go ahead and release. >>>> >>>> On Thu, Sep 13, 2018 at 10:05 PM Winma Heenatigala >>>> wrote: >>>> >>>>> Hi, >>>>> I have tested the following with Oracle and no issues were found. >>>>> >>>>>- Configuring Just-In-Time Provisioning Consent Purposes >>>>>- Self-Registration and Account Confirmation >>>>>- Configuring SAML 2.0 Artifact Binding >>>>>- Add user, add roles, add permissions >>>>> >>>>> [+] Stable - Go ahead and release >>>>> >>>>> Thanks, >>>>> Winma >>>>> >>>>> >>>>> On Thu, Sep 13, 2018 at 9:03 PM, Minoli Perera >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Tested below scenarios on IS 5.7.0-RC3
Re: [Dev] Issue in carbon logs after changing carbon.kernel.version from 4.4.1 to 4.4.2
;>>>>>>> Thank You,
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Oct 30, 2015 at 9:15 AM, Kasun Gajasinghe <
>>>>>>>>>>>>> kas...@wso2.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Can you guys go through recent commits to
>>>>>>>>>>>>>> org.wso2.carbon.logging component and find out if any of those
>>>>>>>>>>>>>> caused this
>>>>>>>>>>>>>> issue?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Oct 29, 2015, at 9:23 PM, Jagath Sisirakumara Ariyarathne <
>>>>>>>>>>>>>> jaga...@wso2.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Carbon Team,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Any thought to figure out the issue is much appreciated.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, Oct 28, 2015 at 3:42 PM, Viraj Senevirathne <
>>>>>>>>>>>>>> vir...@wso2.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> We have upgraded the carbon version in ESB from 4.4.1 to
>>>>>>>>>>>>>>> 4.4.2. Then we have encountered following issue.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> *In carbon.kernel.version 4.4.1 and earlier carbon versions*
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> TID: [-1234] [] [2015-10-23 16:43:26,614] INFO
>>>>>>>>>>>>>>> {org.apache.synapse.mediators.builtin.LogMediator} - To:
>>>>>>>>>>>>>>> /services/sendReciveProxy.sendReciveProxyHttpSoap11Endpoint,
>>>>>>>>>>>>>>> WSAction:
>>>>>>>>>>>>>>> urn:getQuote, SOAPAction: urn:getQuote, MessageID:
>>>>>>>>>>>>>>> urn:uuid:333b6811-04aa-4c6a-94fb-3edc4d56065d, Direction:
>>>>>>>>>>>>>>> request,
>>>>>>>>>>>>>>> Envelope: >>>>>>>>>>>>>> encoding='utf-8'?>>>>>>>>>>>>>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/;
>>>>>>>>>>>>>>> xmlns:xsd="http://services.samples/xsd; xmlns:ser="
>>>>>>>>>>>>>>> http://services.samples;>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> IBM
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> {org.apache.synapse.mediators.builtin.LogMediator}
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> *Same log in carbon.kernel.version 4.4.2 *
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [2015-10-28 15:38:36,027] INFO - LogMediator To:
>>>>>>>>>>>>>>> /services/callOutOnly.callOutOnlyHttpSoap11Endpoint, WSAction:
>>>>>>>>>>>>>>> urn:mediate,
>>>>>>>>>>>>>>> SOAPAction: urn:mediate, MessageID:
>>>>>>>>>>>>>>> urn:uuid:61f4b04c-0906-4228-975e-1b8f1be7450d, Direction:
>>>>>>>>>>>>>>> request,
>>>>>>>>>>>>>>> Envelope: >>>>>>>>>>>>>> encoding='utf-8'?>>>>>>>>>>>>>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/;
>>>>>>>>>>>>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing;>_
>>>>>>>>>>>>>>> http://services.samples;>_
>>>>>>>>>>>>>>> _3.141593E0_
>>>>>>>>>>>>>>> 4_
>>>>>>>>>>>>>>> IBM_
>>>>>>>>>>>>>>> __
>>>>>>>>>>>>>>> (Sanitized)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> As you can see all the new lines are replaced with _ .
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> What could be the issue here?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thank you,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Viraj Senevirathne
>>>>>>>>>>>>>>> Software Engineer; WSO2, Inc.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Mobile : +94 71 958 0269
>>>>>>>>>>>>>>> Email : vir...@wso2.com
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Jagath Ariyarathne
>>>>>>>>>>>>>> Technical Lead
>>>>>>>>>>>>>> WSO2 Inc. http://wso2.com/
>>>>>>>>>>>>>> Email: jaga...@wso2.com
>>>>>>>>>>>>>> Mob : +94 77 386 7048
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Viraj Senevirathne
>>>>>>>>>>>>> Software Engineer; WSO2, Inc.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Mobile : +94 71 958 0269
>>>>>>>>>>>>> Email : vir...@wso2.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> ___
>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>> Dev@wso2.org
>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Sajith Ariyarathna
>>>>>>>>>>>> Software Engineer; WSO2, Inc.; http://wso2.com/
>>>>>>>>>>>> mobile: +94 77 6602284, +94 71 3951048
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Viraj Senevirathne
>>>>>>>>>>> Software Engineer; WSO2, Inc.
>>>>>>>>>>>
>>>>>>>>>>> Mobile : +94 71 958 0269
>>>>>>>>>>> Email : vir...@wso2.com
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> *Malithi Edirisinghe*
>>>>>>>>>> Senior Software Engineer
>>>>>>>>>> WSO2 Inc.
>>>>>>>>>>
>>>>>>>>>> Mobile : +94 (0) 718176807
>>>>>>>>>> malit...@wso2.com
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Sajith Ariyarathna
>>>>>>>>> Software Engineer; WSO2, Inc.; http://wso2.com/
>>>>>>>>> mobile: +94 77 6602284, +94 71 3951048
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Sajith Ariyarathna
>>>>>>>> Software Engineer; WSO2, Inc.; http://wso2.com/
>>>>>>>> mobile: +94 77 6602284, +94 71 3951048
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Malithi Edirisinghe*
>>>>>>> Senior Software Engineer
>>>>>>> WSO2 Inc.
>>>>>>>
>>>>>>> Mobile : +94 (0) 718176807
>>>>>>> malit...@wso2.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Sajith Ariyarathna
>>>>>> Software Engineer; WSO2, Inc.; http://wso2.com/
>>>>>> mobile: +94 77 6602284, +94 71 3951048
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Malithi Edirisinghe*
>>>>> Senior Software Engineer
>>>>> WSO2 Inc.
>>>>>
>>>>> Mobile : +94 (0) 718176807
>>>>> malit...@wso2.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Sajith Ariyarathna
>>>> Software Engineer; WSO2, Inc.; http://wso2.com/
>>>> mobile: +94 77 6602284, +94 71 3951048
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Jagath Ariyarathne
>>> Technical Lead
>>> WSO2 Inc. http://wso2.com/
>>> Email: jaga...@wso2.com
>>> Mob : +94 77 386 7048
>>>
>>>
>>
>>
>> --
>>
>> *Malithi Edirisinghe*
>> Senior Software Engineer
>> WSO2 Inc.
>>
>> Mobile : +94 (0) 718176807
>> malit...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Architect,*
> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
> *lean.enterprise.middleware.*
>
> email: ruw...@wso2.com
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
Tharindu Edirisinghe
Associate Technical Lead | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] IAM: Signature validation failed error
6:35:45,738] WARN
> {org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler}
> - Subject claim could not be found amongst service provider mapped
> unfiltered local claims
> [2018-08-02 06:35:45,739] WARN
> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
> - Subject claim could not be found. Defaulting to Name Identifier.
> [2018-08-02 06:35:49,612] ERROR
> {org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator} -
> SAML Response is not signed or response not available. Authentication
> process will be terminated.
> [2018-08-02 06:35:49,613] ERROR
> {org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator} -
> Authentication Request is rejected. Signature validation failed.
> [2018-08-02 06:35:49,615] WARN
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
> Administrator login attempt 'admin[-1234]' at [2018-08-02 06:35:49,615+0530]
> [2018-08-02 06:35:49,637] ERROR
> {org.wso2.carbon.identity.authenticator.saml2.sso.ui.authenticator.SAML2SSOUIAuthenticator}
> - Authentication failed.
>
>
>
>
>
>
> It seems like the certificate is not valid. Please find the certificate
> .jks file attached here with which available in the
> /repository/resources/sceurity.
>
> Anyone have an idea what would be the reason for the issue.
>
>
> *Thanks & Best Regards!*
>
> *Achini Jayasena*
> *Software Engineer - QA | WSO2*
>
> Email: achi...@wso2.com
> Mobile: +943 882 897
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
--
Tharindu Edirisinghe
Associate Technical Lead | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Obtaining user attributes via authentication context.
Hi Isuri, This is possible by writing a custom claim handler [1]. There, once the user is authenticated, the user claims are available in the claims map. Then you can find the particular claim and invoke the external service to gather the other claims and add those extra claims also to the same map. Then your client app will receive all the claims together. (note that the claim handler globally affects all service providers and if you need to apply the changes only to a particular service provider, then you may check the SP name before executing this logic). Let us know if you face any difficulty when implementing this, so we can assist you. [1] https://docs.wso2.com/display/IS540/Writing+a+Custom+Claim+Handler Thanks, Tharindu Ediririsinghe On Tue, Jul 10, 2018 at 7:45 AM Isurianuradha96 wrote: > Hi all, > > I have come up with a scenario in WSO2IS which is required to first user > needs to authenticate with primary usestore and get authenticated user's > attributes. From user attributes list, I need to get a specific attribute > which is pre-configured by the end user and then call > an external web-service to obtain external claims. Thereafter, this > external claim's values should be used in the response object to send to > the client application. > > I have been trying to achieve this task by configuring two authentication > steps in WSO2IS 5.4.0. As the first step, I used the basic local > authenticator to authenticate the user via primary usestore. As the next > step, I configured a custom federated authenticator which is implemented to > call the external web service. In the second step, I need to get the user's > attributes from the first step but I was not able to find a way to achieve > this. I have been looking into the AuthenticationContext object to find the > relevant attributes but I only found the subject identifier value of the > authenticated user. According to my requirement, either subject identifier > is needed to configure from the first step or searching through the > pre-configured attribute from the attribute list which is received from the > first step. My question is, is there any way to get the authenticated > user's attribute list from the custom federated authenticator via > AuthenticationContext object? > > If my above approach is not doable, please explain me to an alternative > method to achieve this. > > Thank you. > > -- > Kind Regards, > Isuri Anuradha. > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Subject Alternative Names in certificate
ks > Godwin > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Identity Server] Storing the calculated expiry timestamp along with the OAuth tokens
Currently in the IDN_OAUTH2_ACCESS_TOKEN table, we store the time of token
generation in TIME_CREATED column in human readable date time format.
Therefore at the time of token generation, we'll have to get the current
timestamp and store it in another column and also add the VALIDITY_PERIOD
to that and store in another column, which would be the expiry timestamp.
If we are doing above, the performance of the responses sent by the Token
Introspection endpoint can also be improved. It sends the iat and exp
values doing the calculation.
{"scope":"openid","active":true,"token_type":"Bearer","exp":1526916282,"iat":1526912682
...
This way there won't be a calculation in the Token Introspection responses,
where it can directly send the values stored in the data table.
On Mon, May 21, 2018 at 7:46 PM Rushmin Fernando <rush...@wso2.com> wrote:
> Hi Devs,
>
> Right now it is the validity period which is getting stored along with the
> tokens.
>
> So in order to expire a token, a calculation is needed during expiry tasks.
>
> When there a lot of tokens, this becomes a bottleneck since the database
> indexes are not applicable.
>
> But if the expiry timestamps are stored in the database, during the expiry
> tasks calculations are not needed and therefore the indexes are applicable.
> This should significantly improve the task execution time.
>
> --
> *Best Regards*
>
> *Rushmin Fernando*
> *Technical Lead*
>
> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>
> mobile : +94775615183
>
>
>
--
Tharindu Edirisinghe
Associate Technical Lead | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Is it possible to authenticate user using otp as first step.
Hi Shiva, Along with the custom authenticator, you can introduce your own JSP files for each step. That would be the best way for implementing the required feature, because then you can manage the authentication flow by configuring the steps via UI, easily. An alternative is using SCIM [1], however when comes to authentication, you may invoke the /scim/Me endpoint with user credentials, which is a workaround... there, the user needs to have the required permission for invoking the API. If the user is authenticated, it'll give 200OK and if the authentication fails, it'll give 401 error. If the user is authenticated, but not having the required permission to invoke the API, it'll give 500 error. [1] https://docs.wso2.com/display/IS550/SCIM+2.0+REST+APIs Regards, TharinduE On Thu, May 17, 2018 at 7:14 PM Shiva Kumar <shiv...@securelyshare.com> wrote: > Hi Tharindu Edirisinghe, > > Thank you for quick response currently I am using WSO2 IS 5.3.0 since I am > familiar with it but I will be using latest version later on. > > I am ready to write custom authenticator but one more problem I can use > login pages for both first and second steps, Is there any REST APIs exist > to authenticate users? > > Thanks, > > Shiva > > On Thursday 17 May 2018 06:29 PM, Tharindu Edirisinghe wrote: > > Hi Shiva, > > No, it's not possible to use TOTP authenticator as the 1st step. The > reason is, in the authenticator, it checks some user claims (like if TOTP > is enabled for the user) for the already authenticated user (see code [1]). > It assumes it is not the 1st step. > > However, if you need to use this as the 1st (or the only) step in the > authentication flow, then you can write your own custom authenticator to > achieve the requirement. If you require more information on this, let us > know the Identity Server version you are trying out, so we can point you to > the relevant references. > > [1] > https://github.com/wso2-extensions/identity-outbound-auth-totp/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/application/authenticator/totp/TOTPAuthenticator.java#L153 > > Regards, > Tharindu Edirisinghe > > On Thu, May 17, 2018 at 6:15 PM Shiva Kumar K R <shiv...@securelyshare.com> > wrote: > >> Hi All, >> I want to generate access token using otp authentication as first step. I >> have successfully configured totp authentication for second step of multi >> factor authentication. Is it possible to use it in first step by sending >> email in request parameter to totp endpoint. >> >> Thanks, >> Shiva >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > > Tharindu Edirisinghe > Associate Technical Lead | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 > > > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Is it possible to authenticate user using otp as first step.
Hi Shiva, No, it's not possible to use TOTP authenticator as the 1st step. The reason is, in the authenticator, it checks some user claims (like if TOTP is enabled for the user) for the already authenticated user (see code [1]). It assumes it is not the 1st step. However, if you need to use this as the 1st (or the only) step in the authentication flow, then you can write your own custom authenticator to achieve the requirement. If you require more information on this, let us know the Identity Server version you are trying out, so we can point you to the relevant references. [1] https://github.com/wso2-extensions/identity-outbound-auth-totp/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/application/authenticator/totp/TOTPAuthenticator.java#L153 Regards, Tharindu Edirisinghe On Thu, May 17, 2018 at 6:15 PM Shiva Kumar K R <shiv...@securelyshare.com> wrote: > Hi All, > I want to generate access token using otp authentication as first step. I > have successfully configured totp authentication for second step of multi > factor authentication. Is it possible to use it in first step by sending > email in request parameter to totp endpoint. > > Thanks, > Shiva > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Implementing a MongoDB based user store extension for WSO2 Product-IS
Hi Pranavan, Here I've added Asantha, who implemented the MongoDB support for IS 5.1.0 in the Google Summer of Code project. If you have any questions on the current implementation, you can get them clarified from him. For getting this to work on IS 5.5.0, you can clone https://github.com/wso2/carbon-kernel and checkout to v4.4.26 tag. Build the org.wso2.carbon.user.core component and add it as a patch to IS 5.5.0. Then you can remote debug the AbstractUserStoreManager [1] class to see if there are any incompatibilities. [1] https://github.com/wso2/carbon-kernel/blob/v4.4.26/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java Regards, Tharindu Edirisinghe On Wed, May 16, 2018 at 1:53 PM Pranavan Somaskandhan <pranav...@wso2.com> wrote: > Hi All, > > I have started working on $Subject. This extension will allow users to use > MongoDB as the user store for product IS, which is expected to increase the > scalability and performance. As per the initial observations, I found a > similar work, which is a GSoC project offered in the year 2016 [1]. It > consists of a user store implementation for WSO2 IS version 5.1.0 using > MongoDB. However, it only works with IS version 5.1.0 and not with any of > the latest versions. There have been few changes in the user store database > schema as well as in the "AbstractUserStoreManager" class while comparing > the latest IS version and 5.1.0. > > As the initial step, I thought of continuing the existing work and migrate > it to comply with the latest IS version. Once it has done, as the next > part, we can focus on making the project production ready including test > coverages and security checks based on the requirements. > > Any comments and suggestions would be appreciated. > > [1] https://github.com/asanthamax/mongodbuserstore > > Thanks, > -- > Pranavan Somaskandhan > Software Engineer > WSO2 > > Email: pranav...@wso2.com > Mobile: +94771270555 > Web: http://wso2.com > <http://wso2.com/signature> > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Exception in Facebook Federated Authentication
Hi Gayan,
It seems the error is coming form the consent management feature. If you
don't require this feature, you can simply turn it off from the following
property in identity.xml file.
*false*
Alternatively you can turn off the following listener from identity.xml
file too for getting rid of the issue.
I could reproduce the same behavior and by setting any of the above
configs, I could avoid the error and successfully authenticate the SP app
(travelocity) with FB IDP.
@IAM Team - If we keep using the consent management feature, do we need any
additional configuration? May be claim configuration to map the particular
user claims which should require obtaining user consent?
Thanks,
TharinduE
On Sat, Apr 14, 2018 at 9:28 PM, gayan gunawardana <gmgunaward...@gmail.com>
wrote:
> Hi All,
>
> I have configured travelocity.com sample application as SAML inbound and
> Facebook as federated authenticator for IS-5.5.0. After adding Facebook
> credentials, got below UI.
>
>
> After enabling debug logs found below exception. Is there any further
> configuration I have to do to get it work ?
>
> [2018-04-14 20:25:49,655] ERROR
> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager}
> - Error occurred while accessing Java Security Manager Privilege Block
> [2018-04-14 20:25:49,658] ERROR {org.wso2.carbon.identity.
> application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
> - Error occurred while evaluating post authentication
> org.wso2.carbon.identity.application.authentication.framework.exception.
> PostAuthenticationFailedException: Error occurred while retrieving
> consent data of user: gmgunaward...@gmail.com for service provider:
> CafeLebens-Sample in tenant domain: carbon.super.
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.
> handlePreConsent(ConsentMgtPostAuthnHandler.java:201)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler.handle(
> ConsentMgtPostAuthnHandler.java:106)
> at org.wso2.carbon.identity.application.authentication.
> framework.services.PostAuthenticationMgtService.executePostAuthnHandler(
> PostAuthenticationMgtService.java:109)
> at org.wso2.carbon.identity.application.authentication.
> framework.services.PostAuthenticationMgtService.handlePostAuthentication(
> PostAuthenticationMgtService.java:78)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultAuthenticationRequestHandler.
> handlePostAuthentication(DefaultAuthenticationRequestHandler.java:165)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(
> DefaultAuthenticationRequestHandler.java:134)
> at org.wso2.carbon.identity.application.authentication.
> framework.handler.request.impl.DefaultRequestCoordinator.handle(
> DefaultRequestCoordinator.java:157)
> at org.wso2.carbon.identity.application.authentication.
> framework.servlet.CommonAuthenticationServlet.doPost(
> CommonAuthenticationServlet.java:53)
> at org.wso2.carbon.identity.application.authentication.
> framework.servlet.CommonAuthenticationServlet.doGet(
> CommonAuthenticationServlet.java:43)
>
> Thanks,
> Gayan
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Fixing "Error connecting to the tryit ajax proxy"
Hi Hafidi, We are glad that you found WSO2 Integrator useful for your university project. We can help you to fix the issues that you have faced. When you are using the try-it tool, if there is no authentication session in the browser for the management console (user is not logged into mgt console), then when you try to invoke the service, it would give an error like below. [2018-04-10 15:23:16,301] [EI-Core] INFO - AuthenticationAdmin 'admin@carbon.super [-1234]' logged out at [2018-04-10 15:23:16,0301] [2018-04-10 15:23:28,678] [EI-Core] WARN - JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:, ip:x.x.x.x, method:POST, uri:*/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp*, error:request token does not match session token) In your case, the URL that it has failed might be different. In order to fix that, you can modify the *EI_HOME/conf/security/Owasp.CsrfGuard.Carbon.properties* file and at the end of the file, put the line blow. org.owasp.csrfguard.unprotected.*TryIt*=%servletContext%/ *carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp* In above config, you can change the highlighted text as you wish. Basically you can put the failed URL in above and then restart the server. It should not give the error again. An alternative is, you can get the WSDL URL of your service and invoke it from a tool like SoapUI and it should work. If you need any help, feel free to get back. Also if you can send us the error log printed, then it will be helpful for providing you the solution. Best Regards, Tharindu Edirisinghe -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Cannot Download Swagger Definition of published API in wso2am-2.1.0-update12
) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: org.mozilla.javascript.EcmaError: TypeError: Cannot find function getSwagger20DefinitionFilePath in object org.wso2.carbon.apimgt.impl.utils.APIUtil@4a227066. (/publisher/site/blocks/api-doc/ajax/get.jag#78) at org.mozilla.javascript.ScriptRuntime.constructError(ScriptRuntime.java:3687) at org.mozilla.javascript.ScriptRuntime.constructError(ScriptRuntime.java:3665) at org.mozilla.javascript.ScriptRuntime.typeError(ScriptRuntime.java:3693) at org.mozilla.javascript.ScriptRuntime.typeError2(ScriptRuntime.java:3712) at org.mozilla.javascript.ScriptRuntime.notFunctionError(ScriptRuntime.java:3783) at org.mozilla.javascript.ScriptRuntime.getPropFunctionAndThisHelper(ScriptRuntime.java:2269) at org.mozilla.javascript.ScriptRuntime.getPropFunctionAndThis(ScriptRuntime.java:2251) at org.jaggeryjs.rhino.publisher.site.blocks.api_doc.ajax.c0._c_anonymous_1(/publisher/site/blocks/api-doc/ajax/get.jag:78) at org.jaggeryjs.rhino.publisher.site.blocks.api_doc.ajax.c0.call(/publisher/site/blocks/api-doc/ajax/get.jag) at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) at org.jaggeryjs.rhino.publisher.site.blocks.api_doc.ajax.c0._c_script_0(/publisher/site/blocks/api-doc/ajax/get.jag:10) at org.jaggeryjs.rhino.publisher.site.blocks.api_doc.ajax.c0.call(/publisher/site/blocks/api-doc/ajax/get.jag) at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) at org.jaggeryjs.rhino.publisher.site.blocks.api_doc.ajax.c0.call(/publisher/site/blocks/api-doc/ajax/get.jag) at org.jaggeryjs.rhino.publisher.site.blocks.api_doc.ajax.c0.exec(/publisher/site/blocks/api-doc/ajax/get.jag) at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) ... 48 more Thanks, TharinduE -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] User with an authenticated session is not prompted for login after SP configuration change
Hi Sathya, >From security perspective, this requirement is totally valid. Assume a scenario where we currently have single step authentication but at a point we enforce two factor authentication. At that time, adding the step 2 to the SP won't get affected to the users already have active sessions. It'll affect those users only after their current session terminates. Now, let's say we patch this to kill existing active sessions of users at the time we modify the authentication scheme of a SP. If the users are not idle at that time, it would cause problems as their sessions are forcefully terminated (data loss, etc.). Also in SSO scenarios, there could be one active user session in IS side for the user but user would be using multiple apps. So considering above, I believe we have to accept the current behavior. However, we can look into a session management feature separately where we can provide a facility for admins something like viewing the active sessions in mgt console or a dashboard and terminating them as per requirements. Thanks, TharinduE On Fri, Jan 19, 2018 at 1:18 PM, Sathya Bandara <sat...@wso2.com> wrote: > Hi all, > > When there is an already authenticated session for an application user > with Identity Server, there is no necessity to prompt for another login to > the IS if the user logs into the application from another tab in the same > browser. > However we can change the service providers authentication scheme > (authentication steps and authenticators in each step) while the user has > this session. > In this case, if the user tries to log into the application he is not > prompted for re-authentication. This is the default behavior of IS. > Shouldn't we prompt the user to authenticate if the service provider's > authentication scheme is modified or is this an intended behavior? > > Appreciate your thoughts on this. > > Thanks, > Sathya > -- > Sathya Bandara > Software Engineer > WSO2 Inc. http://wso2.com > Mobile: (+94) 715 360 421 <+94%2071%20411%205032> > > <+94%2071%20411%205032> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] API Manager with Identity Server as Key Manager - IS secondary user store to connect to APIM Store
Hi Thomas,
Try a request similar to following and see if it works. You need to change
the values highlighted.
curl -k -X POST -H "Authorization: Basic **" --data
"grant_type=password=openid=*WSO2.COM/tharindu
<http://WSO2.COM/tharindu>*=*tharindu*" https://apim:8243/token
Thanks,
TharinduE
On Wed, Jan 17, 2018 at 8:41 AM, Thomas LEGRAND <
thomas.legr...@versusmind.eu> wrote:
> Hello,
>
> I configured the Identity Server (IS) to be the Key Manager of the API
> Manager (APIM). In the IS, I configured a secondary user store where I will
> have my users of my applications. But, I think I missed something because
> when I want to generate a OAuth token for a user stored in this secondary
> user store, I have an error:
>
> My request:
>
> curl -k -d "grant_type=password=="
> -H "Authorization: Basic "
> https://apim:8243/token
>
> The response:
>
> {"error_description":"Authentication failed for @carbon.super","
> error":"invalid_grant"}.
>
> In the application in the store of the APIM, "Password" is ticked so the
> grant_type is right.
> And I tried with the following pattern for the :
> -
> - /
> - \
>
> Can you help me? How can I ensure that the APIM uses all of the user
> stores from the IS.
>
> Regards,
>
> Thomas
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Implemeting SAML SSO Agent in .NET
Hi Chiran, If the repo size gets increased significantly due to the dependent DLLs, you can just add a readme to the repo pointing to all the dependencies and download links. This way those who want to test this out can download the dependencies manually, if those are missing in the environment. Thanks, TharinduE On Thu, Jan 11, 2018 at 10:32 PM, Chiran Wijesekara <chir...@wso2.com> wrote: > Hi Tharindu, > Thanks for the feedback. However, the reason was I omitted .dlls using > .gitinore to keep the repo from getting too large in size.If it is better > to have those .dlls in the repo, then I will add those to the next commit. > Thanks > > On Fri, Jan 12, 2018 at 2:30 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Chiran, >> >> It seems you hare using some external DLLs in the project *(see >> references.png)*, which are not packaged to the project. So when someone >> runs the solution, these DLLs might not be present in that environment and >> should be imported manually. >> >> So, IMO it's better to use "Copy Local" option *(see >> local_references.png)* for such references, so that the DLLs would be >> included in the project itself. >> >> This way, anybody would be able to simply run the project in Visual >> Studio and get it to working. >> >> Thanks, >> TharinduE >> >> On Thu, Jan 11, 2018 at 7:36 AM, Chiran Wijesekara <chir...@wso2.com> >> wrote: >> >>> Hi all, >>> >>> I am in the process of developing the $subject. This agent should be >>> pluggable to any ASP.NET web application. Repo is available at [1] it >>> has the sample and also the agent. Currently, I have developed it with >>> Http module(resides inside agent) and a listener(resides inside agent) >>> class. Furthermore, I am calling SSOAgentAppListener class from Global.asax >>> in the ASP.NET web application. >>> >>> However, I am also thinking about removing the SSOAgentAppListener class >>> by having SSO properties in an XML block inside web.config and wiring >>> it. Would be glad to have any recommendations on this. >>> >>> [1] https://github.com/chirankavinda123/saml-sso-agent-DOT-NET >>> >>> Thank you. >>> >>> -- >>> *Chiran Wijesekara* >>> >>> >>> *Software Engineering Intern | WSO2*Email: chir...@wso2.com >>> Mobile: +94712990173web: www.wso2.com >>> >>> [image: https://wso2.com/signature] <https://wso2.com/signature> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > > > -- > *Chiran Wijesekara* > > > *Software Engineering Intern | WSO2*Email: chir...@wso2.com > Mobile: +94712990173web: www.wso2.com > > [image: https://wso2.com/signature] <https://wso2.com/signature> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Insulating Privacy in User Operations
Hi Jayanga, Currently for identity claims, the claim URIs start with *http://wso2.org/claims/identity/ <http://wso2.org/claims/identity/>*X which is used to identify the identity related claims separately. How about we follow similar approach here for isolating the sensitive attributes? This way we can define new claims as well easily which should belong to the same group of sensitive attributes. Thanks, TharinduE On Thu, Jan 11, 2018 at 3:34 PM, Awanthika Senarath < awanthikarasanjaleesenar...@gmail.com> wrote: > Hello Jayanga, > > This looks interesting and timely, however, two questions. How do you plan > to identify the "privacy concerned attributes" for a particular person? > From your email, it appears as the identification of the "privacy concerned > attributes" is straightforward or you are having a predefined list of > attributes that you believe to be privacy concerned. > > The other question is what are the "places where pseudonyms can't be used > "? > > Regards > Awanthika Senarath > PhD Research Student > Australian Centre for Cyber Security > Australian Defence Force Academy > The University of New South Wales (UNSW Canberra) > > > On Thu, Jan 11, 2018 at 5:21 AM, Jayanga Kaushalya <jayan...@wso2.com> > wrote: > >> Hi all, >> >> To cater the requirements related to [1], we are planing to implement a >> set of utility classes to mange privacy of privacy concerned objects (Eg: >> User). >> >> All the objects that are with privacy concerned attributes will be >> wrapped inside a privacy insulator object. Duty of the privacy insulator is >> to prevent the misuse of privacy related attributes. It will hide the >> attributes that are related to object's privacy and provide a hash or id as >> a pseudonym to represent the attribute instead of the real value. >> Furthermore, classes can be marked as confidential as well. All >> confidential classes should provide the pseudonym to represent there >> privacy concerned attribute. So whenever using a confidential object, >> pseudonym will be used instead of the underlying real value. >> >> There will be separate ID manager to map the related ID with the >> underlying actual value. So wherever the actual value should be needed, >> (Eg: Display the users username in a UI) ID manager can retrieve it and >> used. But this should be used only in places where pseudonym can't be used. >> >> Please provide your thoughts. >> >> [1] [Architecture] GDPR - Pseudonyms For Username >> >> *Jayanga Kaushalya* >> Senior Software Engineer >> Mobile: +94777860160 <+94%2077%20786%200160> >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Confidential Applications in OAuth2 Flow
What would be the default values of client authentication? We need to look into IS-KM scenario as well where the SP is generated upon key generation. Also, would there be options to support this with dynamic client registration as well ? Regards, TharinduE On Fri, Jan 5, 2018 at 9:53 AM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Hasintha, > > On Thu, Jan 4, 2018 at 2:10 PM, Hasintha Indrajee <hasin...@wso2.com> > wrote: > >> A confidential application in OAuth2 flow is an application which >> requires client authentication before retrieving an access token. >> >> According to current implementation we can define confidential >> applications just per grant type. ie we can define all applications which >> use authorization code grant should be confidential. We do not have the >> flexibility to decide whether a specific application should be confidential >> or not. >> >> As a solution we can bring this config to UI and have a per application >> configuration in UI. If we bring this option to UI level / per application, >> we can define confidentiality of an application, but in contrast we will >> miss the ability to define whether a specific type of grant should be >> confidential or not for a specific application. >> >> In order to cater both application and grant type level confidentiality >> we may need to have configurations per grant type. WDYT ? >> > > IMO, It is enough to have the configuration in SP level. > > We can cater the grant type wise confidentiality by creating Service > Providers per grant type. > > Thanks > Isura. > > >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <+94%2077%20189%202453> >> >> > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IAM] User store does not behave as expected when it is created through admin services with only mandatory parameters
>>>>>> >>>>>>url >>>>>> >>>>>> jdbc:mysql://localhost:3306/is520user >>>>>> >>>>>> >>>>>>userName >>>>>>wso2carbonxxx >>>>>> >>>>>> >>>>>>password >>>>>>wso2carbonxxx >>>>>> >>>>>> >>>>>>driverName >>>>>>com.mysql.jdbc.Driver >>>>>> >>>>>> >>>>>>CountRetrieverClass >>>>>> >>>>>> org.wso2.carbon.identity.user.store.count.jdbc.JDBCUserStoreCountRetriever >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> This may be because I haven't configured the optional parameters such >>>>>> as username/password regex etc. in the request. But, IMO the request >>>>>> should >>>>>> work successfully with only mandatory parameters. >>>>>> >>>>>> If I do the same via management console, the additional parameters >>>>>> will be populated in the UI and saved in the xml when we save the >>>>>> configuration. >>>>>> >>>>>> If a developer needs to create a user store via admin services, how >>>>>> can the developer achieve this? If the developer needs to configure >>>>>> optional parameters, there are around 100 parameters. What are the must >>>>>> have additional parameters the user needs to configure or what is the >>>>>> best >>>>>> way to handle this? >>>>>> >>>>>> Thanks, >>>>>> Dilini >>>>>> >>>>>> -- >>>>>> >>>>>> *Dilini GunatilakeSoftware Engineer - QA Team* >>>>>> Mobile : +94771162518 <+94%2077%20116%202518> >>>>>> dili...@wso2.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Godwin Amila Shrimal* >>>>> Associate Technical Lead >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: *+94772264165* >>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>>> twitter: https://twitter.com/godwinamila >>>>> <http://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Dilini GunatilakeSoftware Engineer - QA Team* >>>> Mobile : +94771162518 <+94%2077%20116%202518> >>>> dili...@wso2.com >>>> >>>> >>>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> >> *Dilini GunatilakeSoftware Engineer - QA Team* >> Mobile : +94771162518 <+94%2077%20116%202518> >> dili...@wso2.com >> >> >> > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Clarification on Federated Authenticators - Client IDs and Client Secrets
OAuth spec's section [1] doesn't mention the rules on how to generate the client ID and secret values. What it says is the values should be URL encoded. In that case, if it has spaces, those would be converted to %20 and replaced the spaces, which should be OK. So, IMO it's totally up to the developers of the OAuth authorization servers to decide the format of the client ID and secret. May be that's why different OAuth providers support/doesn't support the spaces. [1] https://tools.ietf.org/html/rfc6749#section-2.3.1 On Wed, Dec 20, 2017 at 11:49 AM, Godwin Shrimal <god...@wso2.com> wrote: > Hi Isuru, > > AFAIK we don't want to allow spaces for ClientID and Secret since OAuth > ClientID and Secret cannot have spaces. @Fara: Please confirm. > > Thanks > Godwin > > > On Wed, Dec 20, 2017 at 8:29 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi All, >> >> When configuring external IDPs through connectors, we have client secret >> and client ID. Some connectors like Facebook, Pinterest allows space >> character in the client ID and service provider login is successful. >> >> Basecamp, Google, LinkedIn, MailChimp and etc connectors do not allow >> spaces in the Client ID nor did in the Client Secret. >> >> Amazon does not allow spaces in the Client ID but it allows spaces in the >> Client Secret. >> >> I want to clarify how it really should be. Shouldn't any of connectors >> allow the space in the Client ID and Client secret? >> >> Any feedback would be appreciated. >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration
@Shanika, The sample request I had given previously was for id_token. For authorization code, the request is below which worked for me when invoking manually. https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02OA--_type=code_uri=https%3A%2F%2Fis.wso2.com=openid=YihsFwGKgt3KJUh6tPs2 Thanks, TharinduE On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > +Dimuthu as it seems there's a bug in Yahoo federated authenticator. > > On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Shanika, >> >> I manually invoked the authorize endpoint of Yahoo and following request >> worked for me. >> >> https://api.login.yahoo.com/oauth2/request_auth?client_id=dj >> 0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJn >> M9Y29uc3VtZXJzZWNyZXQmeD02OA--_type=id_token >> ct_uri=https%3A%2F%2Fis.wso2.com=openid=YihsFwGKgt3KJUh6tPs2 >> >> As per my observations, Yahoo is validating the redirect_uri value and if >> we define the callback domain as "is.wso2.com", then the redirect_uri >> value must be either "http://is.wso2.com; or "https://is.wso2.com;, but >> nothing else. >> >> When saving the callback domain as localhost, it didn't allow me, so I >> used is.wso2.com as above. >> >> When comes to the Yahoo connector, in the authorize request, the *scope* >> parameter is not being sent. That should be a bug. Also, we need to send >> *nonce* parameter too, which is required as per [1]. Without nonce, even >> the above request I've given won't work. >> >> It seems we have to check more on the validations done on redirect_uri / >> callback domain parameter from yahoo end. Because, in the yahoo app UI, >> callback domain is listed as an optional parameter. However, if we create >> an app without giving the callback domain value, that also doesn't work. >> >> [1] https://developer.yahoo.com/oauth2/guide/openid_connect/gett >> ing_started.html#getting-started-auth-code >> >> Thanks, >> TharinduE >> >> On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe < >> shani...@wso2.com> wrote: >> >>> Hi TharinduE, >>> >>> In Yahoo side configuration I didnt observe a place to give the callback >>> URL( https://localhost:9443/commonauth). It asks only for a callback >>> Domain where we can input localhost or another domain. [1] >>> >>> [1]. claimapp-yahoo.png >>> >>> >>> Thanks, >>> >>> Shanika >>> >>> >>> >>> >>> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> Hi Shanika, >>>> >>>> Can you show the Yahoo side configuration too. It seems Identity Server >>>> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo >>>> side's config, we can't identify what causes the problem here. >>>> >>>> Thanks, >>>> TharinduE >>>> >>>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >>>> shani...@wso2.com> wrote: >>>> >>>>> I am working with configuring Yahoo as a IDP using Federated >>>>> authenticator Yahoo Configuration. Steps that I followed are as below. >>>>> >>>>> Run Standalone IS 5.4.0 GA pack >>>>> Configure Travelocity as a Service Provider using SAML SSO >>>>> Configure a Yahoo app as in [1] and take the client ID and the client >>>>> secret [2] [3] >>>>> Input them under federated authenticator > yahoo configuration >>>>> Configure yahoo IDP as a Federated authenticator for Service provider >>>>> Access http://localhost:8080/travelocity.com >>>>> Click on SAML redirect Binding >>>>> Provide Yahoo login details >>>>> Error message will be shown as in [4] >>>>> >>>>> Appreciate any clarification related to this issue >>>>> >>>>> >>>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>>>> >>>>> [2]. yahoo-config1.png >>>>> >>>>> [3]. yahoo-config2.png >>>>> >>>>> [4]. yahoo.png >>>>> >>>>> Thank You, >>>>> Shanika. >>>>> >>>>> >>>>> >>>>>
Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration
+Dimuthu as it seems there's a bug in Yahoo federated authenticator. On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > Hi Shanika, > > I manually invoked the authorize endpoint of Yahoo and following request > worked for me. > > https://api.login.yahoo.com/oauth2/request_auth?client_id= > dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0t > JnM9Y29uc3VtZXJzZWNyZXQmeD02OA--_type=id_token& > redirect_uri=https%3A%2F%2Fis.wso2.com=openid= > YihsFwGKgt3KJUh6tPs2 > > As per my observations, Yahoo is validating the redirect_uri value and if > we define the callback domain as "is.wso2.com", then the redirect_uri > value must be either "http://is.wso2.com; or "https://is.wso2.com;, but > nothing else. > > When saving the callback domain as localhost, it didn't allow me, so I > used is.wso2.com as above. > > When comes to the Yahoo connector, in the authorize request, the *scope* > parameter is not being sent. That should be a bug. Also, we need to send > *nonce* parameter too, which is required as per [1]. Without nonce, even > the above request I've given won't work. > > It seems we have to check more on the validations done on redirect_uri / > callback domain parameter from yahoo end. Because, in the yahoo app UI, > callback domain is listed as an optional parameter. However, if we create > an app without giving the callback domain value, that also doesn't work. > > [1] https://developer.yahoo.com/oauth2/guide/openid_connect/ > getting_started.html#getting-started-auth-code > > Thanks, > TharinduE > > On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <shani...@wso2.com > > wrote: > >> Hi TharinduE, >> >> In Yahoo side configuration I didnt observe a place to give the callback >> URL( https://localhost:9443/commonauth). It asks only for a callback >> Domain where we can input localhost or another domain. [1] >> >> [1]. claimapp-yahoo.png >> >> >> Thanks, >> >> Shanika >> >> >> >> >> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Shanika, >>> >>> Can you show the Yahoo side configuration too. It seems Identity Server >>> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo >>> side's config, we can't identify what causes the problem here. >>> >>> Thanks, >>> TharinduE >>> >>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >>> shani...@wso2.com> wrote: >>> >>>> I am working with configuring Yahoo as a IDP using Federated >>>> authenticator Yahoo Configuration. Steps that I followed are as below. >>>> >>>> Run Standalone IS 5.4.0 GA pack >>>> Configure Travelocity as a Service Provider using SAML SSO >>>> Configure a Yahoo app as in [1] and take the client ID and the client >>>> secret [2] [3] >>>> Input them under federated authenticator > yahoo configuration >>>> Configure yahoo IDP as a Federated authenticator for Service provider >>>> Access http://localhost:8080/travelocity.com >>>> Click on SAML redirect Binding >>>> Provide Yahoo login details >>>> Error message will be shown as in [4] >>>> >>>> Appreciate any clarification related to this issue >>>> >>>> >>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>>> >>>> [2]. yahoo-config1.png >>>> >>>> [3]. yahoo-config2.png >>>> >>>> [4]. yahoo.png >>>> >>>> Thank You, >>>> Shanika. >>>> >>>> >>>> >>>> >>>> -- >>>> *Shanika Wickramasinghe* >>>> Software Engineer - QA Team >>>> >>>> Email: shani...@wso2.com >>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>> Web : http://wso2.com >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : http://tharindue.blogspot.com >>> mobile : +94 775181586 <+94%2077%20518%201586> >>> >> >> >> >> -- >> *Shanika Wickramasinghe* >> Software Engineer - QA Team >> >> Email: shani...@wso2.com >> Mobile : +94713503563 <+94%2071%20350%203563> >> Web : http://wso2.com >> >> <http://wso2.com/signature> >> > > > > -- > > Tharindu Edirisinghe > Senior Software Engineer | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 <+94%2077%20518%201586> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration
Hi Shanika, I manually invoked the authorize endpoint of Yahoo and following request worked for me. https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02OA--_type=id_token_uri=https%3A%2F%2Fis.wso2.com=openid=YihsFwGKgt3KJUh6tPs2 As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com; or "https://is.wso2.com;, but nothing else. When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above. When comes to the Yahoo connector, in the authorize request, the *scope* parameter is not being sent. That should be a bug. Also, we need to send *nonce* parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work. It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work. [1] https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html#getting-started-auth-code Thanks, TharinduE On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <shani...@wso2.com> wrote: > Hi TharinduE, > > In Yahoo side configuration I didnt observe a place to give the callback > URL( https://localhost:9443/commonauth). It asks only for a callback > Domain where we can input localhost or another domain. [1] > > [1]. claimapp-yahoo.png > > > Thanks, > > Shanika > > > > > On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Shanika, >> >> Can you show the Yahoo side configuration too. It seems Identity Server >> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo >> side's config, we can't identify what causes the problem here. >> >> Thanks, >> TharinduE >> >> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >> shani...@wso2.com> wrote: >> >>> I am working with configuring Yahoo as a IDP using Federated >>> authenticator Yahoo Configuration. Steps that I followed are as below. >>> >>> Run Standalone IS 5.4.0 GA pack >>> Configure Travelocity as a Service Provider using SAML SSO >>> Configure a Yahoo app as in [1] and take the client ID and the client >>> secret [2] [3] >>> Input them under federated authenticator > yahoo configuration >>> Configure yahoo IDP as a Federated authenticator for Service provider >>> Access http://localhost:8080/travelocity.com >>> Click on SAML redirect Binding >>> Provide Yahoo login details >>> Error message will be shown as in [4] >>> >>> Appreciate any clarification related to this issue >>> >>> >>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>> >>> [2]. yahoo-config1.png >>> >>> [3]. yahoo-config2.png >>> >>> [4]. yahoo.png >>> >>> Thank You, >>> Shanika. >>> >>> >>> >>> >>> -- >>> *Shanika Wickramasinghe* >>> Software Engineer - QA Team >>> >>> Email: shani...@wso2.com >>> Mobile : +94713503563 <+94%2071%20350%203563> >>> Web : http://wso2.com >>> >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > > > -- > *Shanika Wickramasinghe* > Software Engineer - QA Team > > Email: shani...@wso2.com > Mobile : +94713503563 <+94%2071%20350%203563> > Web : http://wso2.com > > <http://wso2.com/signature> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration
Hi Shanika, Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here. Thanks, TharinduE On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <shani...@wso2.com> wrote: > I am working with configuring Yahoo as a IDP using Federated authenticator > Yahoo Configuration. Steps that I followed are as below. > > Run Standalone IS 5.4.0 GA pack > Configure Travelocity as a Service Provider using SAML SSO > Configure a Yahoo app as in [1] and take the client ID and the client > secret [2] [3] > Input them under federated authenticator > yahoo configuration > Configure yahoo IDP as a Federated authenticator for Service provider > Access http://localhost:8080/travelocity.com > Click on SAML redirect Binding > Provide Yahoo login details > Error message will be shown as in [4] > > Appreciate any clarification related to this issue > > > [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo > > [2]. yahoo-config1.png > > [3]. yahoo-config2.png > > [4]. yahoo.png > > Thank You, > Shanika. > > > > > -- > *Shanika Wickramasinghe* > Software Engineer - QA Team > > Email: shani...@wso2.com > Mobile : +94713503563 <+94%2071%20350%203563> > Web : http://wso2.com > > <http://wso2.com/signature> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [APPM] AssertionConsumerServiceUrl Always set to server local IP
Hi Lahiru, Can you modify the wso2appm-1.2.0/repository/conf/identity/application-authentication.xml file and add SSOUrl parameter [1] under SAMLSSOAuthenticator configuration. There you can add the URL you need to be included as the SAML authentication request's ACS URL. The particular code that builds the request is in [2]. [1] https://github.com/wso2-attic/carbon-identity/blob/master/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java#L107 [2] https://github.com/wso2-attic/carbon-identity/blob/master/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java#L80 Thanks, Tharindu Edirisinghe On Wed, Nov 29, 2017 at 4:33 AM, Lahiru J Ekanayake < ekanayakelah...@gmail.com> wrote: > Hi, > > I'm using App Manager 1.2.0 in my AWS instance and IS 5.3.0 as external > identity provider in another AWS instance. In order to competible IS 5.3.0 > with App Manager 1.2.0 , I have copied bellow jar files to App Manager > dropins folder. *The setup is working fine in my local environment* but > there is an issue when I'm using the same setup* in AWS.* > > 1. org.wso2.carbon.identity.sso.saml.stub_5.3.0.jar > 2. org.wso2.carbon.identity.application.mgt.stub_5.7.5.jar > > *Steps to reproduce the issue.* > >1. Create a app uisng app manager publisher. >2. Publish the app into the store. >3. Log into the store and try to lunch the app. >4. I'm getting an error saying invalid assertion consumer URL. > > I have used saml tracer and checked the saml request. As in the saml > request *AssertionConsumerServiceUrl takes the server local IP (image > attached - acs.png)*. I tried to change that IP by configuring carbon.xml > and app-manager.xml . But i couldn't find a way to do that. Is this a know > issue or are there any configuration to change this > AssertionConsumerServiceUrl ? . Could you please tell me , where this > request is being generated, when I lunch the app. > > Regards > > > > -- > Lahiru J Ekanayake. > University Of Peradeniya > Mobile : +94718812629 <+94%2071%20881%202629> > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS 5.3.0] Secondary LDAP User Store Properties - DNSUrl and DnsDomain
Hi Javier, The SVN URL you have given is applicable for Carbon 4.2.0 based products. For IS 5.3.0, you can refer the link [1]. There, URLOfDNS [1] and DNSDomainName [2] properties are used in the given lines. I am adding few folks from the IAM Team to get you help with your query. [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/LDAPConnectionContext.java [2] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/LDAPConnectionContext.java#L69 [3] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/LDAPConnectionContext.java#L71 Thanks, Tharindu Edirisinghe On Thu, Nov 30, 2017 at 4:50 PM, Vazquez-Hidalgo, Javier < javier.vazquez-hida...@tdsecurities.com> wrote: > Hello, > > > > When configuring a secondary LDAP user store I see (in the carbon kernel > source code) that there are two properties named “URLOfDNS” and > “DNSDomainName”, can someone explain how they work together and under which > circumstances is recommended to set these properties. > > > > https://svn.wso2.org/repos/wso2/carbon/kernel/tags/4.2.0/ > core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/ > wso2/carbon/user/core/ldap/LDAPConnectionContext.java > > > > > > Thanks, > > Javier Vazquez > > > > > > If you wish to unsubscribe from receiving commercial electronic messages > from TD Bank Group, please click here <http://www.td.com/tdoptout> or go > to the following web address: www.td.com/tdoptout > Si vous souhaitez vous désabonner des messages électroniques de nature > commerciale envoyés par Groupe Banque TD veuillez cliquer ici > <http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab > > > NOTICE: Confidential message which may be privileged. Unauthorized > use/disclosure prohibited. If received in error, please go to > www.td.com/legal for instructions. > AVIS : Message confidentiel dont le contenu peut être privilégié. > Utilisation/divulgation interdites sans permission. Si reçu par erreur, > prière d'aller au www.td.com/francais/avis_juridique pour des > instructions. > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [WSO2 IS] Clarification on Claim Configuration in Service Provider
Hi Dilshani, The blog post [1] would be useful for you which is exactly the same scenario that you have faced. An example OAuth flow is explained in [2]. [1] http://dinukshaish.blogspot.com/2017/02/mandatory-claims-in-oauth-20-with.html [2] http://dinukshaish.blogspot.com/2017/02/getting-started-with-oauth-20-using.html Thanks, TharinduE On Wed, Dec 13, 2017 at 7:50 AM, Omindu Rathnaweera <omi...@wso2.com> wrote: > Hi Dilshani, > > If you have marked a requested claim in SP claim configs as mandatory, IS > will prompt this page if the claim is not available for the user in the > user store and it's not specific to the SPA. In your case, for the > authenticated user 'department' claim value is not available in the user > store hence the prompt. Refer 'Information on mapping claims' section in > [1] for a detailed explanation on mandatory claims. > > [1] - https://docs.wso2.com/display/IS530/Configuring+ > Claims+for+a+Service+Provider > > Regards, > Omindu. > > On Wed, Dec 13, 2017 at 3:57 PM, Dilshani Subasinghe <dilsh...@wso2.com> > wrote: > >> Hi All, >> >> I am working on scenario 17 (Single Page Application (SPA) proxy) [1]. >> >> In this scenario, I configure SP with OAuth 2.0 authorization code >> grant. So I try out claims configurations in SP side. While testing that, >> noticed different behaviors in IS while requesting mandatory claims as >> follows; >> >> >> >> >> Above screenshot also showing that only requesting one claim >> (department), while it configured two mandatory claims in SP. >> >> I need to clarify exact way of requesting claims. Is that going to handle >> by IS or by web app? If it is going to handle by IS, it should show all >> mandatory claims. We tried claim mapping in SP with Travelocity and it >> works fine. >> According to this scenario, I have to use Single Page Application [2]. >> Hence bit confuse about the functionality (Whether this is a limitation of >> SPA or issue in IS). >> >> Any help on this will be highly appreciated. >> >> [1] https://medium.facilelogin.com/thirty-solution-patterns- >> with-the-wso2-identity-server-16f9fd0c0389 >> [2] https://github.com/facilelogin/aratuwa/tree/master/ >> oauth2.0-apps/org.wso2.carbon.identity.oauth.spa >> >> Thanks. >> >> -- >> >> Dilshani Subasinghe >> Software Engineer - QA *|* WSO2 >> lean *|* enterprise *|* middleware >> >> Mobile : +94773375185 <+94%2077%20337%205185> >> Blog: dilshani.me >> >> <https://wso2.com/signature> >> > > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Adding Google as identity provider to WSO2 API Manager 2.1.0 without integrating WSO2 Identiy Server
Hi Shiva, If we can get the google authenticator [1] feature installed on APIM 2.1.0 successfully, then your requirement is possible. I'm thinking of a solution where we manually build the authenticator to support APIM and getting it installed. I've added few members from the API Manager Dev team to get some help here. [1] https://store.wso2.com/store/assets/isconnector/details/47fd2ab8-952f-4e2b-b9d8-af302aa1b396 Best Regards, Tharindu Edirisinghe On Thu, Dec 7, 2017 at 11:04 AM, Shiva Kumar K R <shiv...@securelyshare.com> wrote: > Hi Tharindu, > > Thank you so much for your response. > I already have registered with Google an OAuth app and got client > credentials, I will tell my requirement properly below, please suggest me > any solution. > 1) I obtain WSO2 client credentials in API store for my application. > 2) I will also obtain Google OAuth app client credentials. > 3) I need to configure WSO2 in such a way that when I request > http://localhost:8243/authorize, it should redirect to Google > authentication page. > 4) User will authenticate with Google and it will redirect to WSO2 to > generate authorization code and WO2 will provide me that code. > 5) User app then request http://localhost:8243/token to get access token > to call my APIs. > > Is this possible with some customization or adding a feature that support > this flow instead of using Identity Server 5.3.0. > > On Thu, Dec 7, 2017 at 8:07 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Shiva, >> >> If the external Identity Provider supports SAML based authentication, >> then you can do this straight away using only the API Manager 2.1.0. >> >> For that, you can create an IDP from the Management Console and under the >> Federated Authenticators, you can add SAML configuration related to the >> external IDP. (See the attached image IDP_Config.png). >> >> Then, when you have the APIs published from the publisher, you can go the >> store, create an application and subscribe for the published APIs. There, >> when you generate the Keys for the application, in the Management Console >> you can see that a corresponding service provider getting automatically >> registered for that application. (See the attached image List_SPs.png). >> >> Then, in that service provider configuration, under the Local and >> Outbound Authentication section, you can link the federated authenticator >> which you have already added as an IDP (SAML based). >> >> This way, when the OAuth request comes to API Manager for generating an >> access token for the particular application (service provider), API Manager >> will perform the federated authentication flow. >> >> I have tested this with an external SAML based IDP and it worked. >> >> If you need to use facebook, by default the facebook federated >> authenticator feature is not installed in API Manager. If we can get the >> feature installed, then similarly we should be able to get facebook also to >> working in the same way. However we haven't tested that out. >> >> Thanks, >> Tharindu Edirisinghe >> >> >> >> On Wed, Dec 6, 2017 at 2:32 PM, Shiva Kumar K R < >> shiv...@securelyshare.com> wrote: >> >>> Hi, >>> >>> I have to use Google, Facebook or any third party Identiy provider just >>> to authenticate users and giving access to my APIs by generating access >>> token in my WSO2. I know Identity server support it but because of resource >>> constraints I want this to be achieved through only WSO2 API Manager. Is >>> there any work around also please suggest me. >>> >>> Thank You, >>> Shiva Kumar >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Error after enabling secure vault in APIM 2.2.0 (TBR) pack
Hi Devs, I'm trying to build the APIM 2.2.0 (to be released) pack. For that, I built the carbon-apimgt [1] and then the product-apim [2]. Build was successful and I got the *wso2am-2.2.0-SNAPSHOT* pack. Then, I need to test secure vault and for that I ran *./ciphertool.sh -Dconfigure* from bin directory without changing anything. Then I started the pack and it prints the following error and the pack doesn't startup. [2017-11-29 14:16:20,748] INFO - TemplateDeployerServiceTrackerDS Successfully deployed the execution manager tracker service *[2017-11-29 14:16:21,528] FATAL - TomcatBundleActivator Error while starting server NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.* at org.apache.xerces.dom.AttributeMap.internalRemoveNamedItem(Unknown Source) at org.apache.xerces.dom.AttributeMap.removeNamedItem(Unknown Source) at org.wso2.carbon.tomcat.internal.ServerManager.init(ServerManager.java:107) at org.wso2.carbon.tomcat.internal.TomcatBundleActivator.start(TomcatBundleActivator.java:45) at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390) at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) It seems this is the same issue reported in [3] (according to JIRA, it's already fixed). I tested above scenario with APIM 2.1.0 (both vanilla and WUM packs) and there was no error. So, I guess this should have been introduced in the 2.2.0 pack. Please check. [1] https://github.com/wso2/carbon-apimgt/tree/6.x [2] https://github.com/wso2/product-apim/tree/2.x [3] https://wso2.org/jira/browse/CARBON-16104 Thanks, TharinduE -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] WSO2 Identity Server 5.4.0 Alpha 9 Released !!!
endpoint using playground sample fails when using email >as the user name >- [IDENTITY-6558 <https://wso2.org/jira/browse/IDENTITY-6558>] - >SAML2.IsPassiveAuthn=true is not available in travelocity.properties >- [IDENTITY-6581 <https://wso2.org/jira/browse/IDENTITY-6581>] - Error >with SAML Extension Grant Type >- [IDENTITY-6703 <https://wso2.org/jira/browse/IDENTITY-6703>] - Bad >Grammar in the exception: "SAML Assertion not found in the Response" >- [IDENTITY-6736 <https://wso2.org/jira/browse/IDENTITY-6736>] - All >the query params in "Additional Query Parameters" of federated oauth/openid >connect IDP config is not visible in management console >- [IDENTITY-6797 <https://wso2.org/jira/browse/IDENTITY-6797>] - Stack >trace of exception displayed in web browser in case of empty SAMLRequest >- [IDENTITY-6805 <https://wso2.org/jira/browse/IDENTITY-6805>] - NPE >possibility in NTLMAuthenticationGrantHandler >- [IDENTITY-6895 <https://wso2.org/jira/browse/IDENTITY-6895>] - >Claims not returned properly after SP requested claims updated >- [IDENTITY-6896 <https://wso2.org/jira/browse/IDENTITY-6896>] - >Oauth2 Revoke endpoint does not validate repeated parameters >- [IDENTITY-6897 <https://wso2.org/jira/browse/IDENTITY-6897>] - Claim >filtering not handled in UserInfoJWTResponseBuilder >- [IDENTITY-6898 <https://wso2.org/jira/browse/IDENTITY-6898>] - >Revoke endpoint sends an Unauthorized response when Invalid Authorization >header exists, but the token is empty. >- [IDENTITY-6901 <https://wso2.org/jira/browse/IDENTITY-6901>] - >Validate subjectConfirmationData time limits to fall within the time window >given in the Conditions in the saml assertion >- [IDENTITY-6909 <https://wso2.org/jira/browse/IDENTITY-6909>] - HTML >tags should be closed properly > > Improvement > >- [IDENTITY-2530 <https://wso2.org/jira/browse/IDENTITY-2530>] - Make >refresh tokens optional for SAML2 Bearer grant type >- [IDENTITY-4980 <https://wso2.org/jira/browse/IDENTITY-4980>] - >Exception during access token generation right after expiration >- [IDENTITY-5483 <https://wso2.org/jira/browse/IDENTITY-5483>] - >Validate user against given user store and save correct user domain in >saml2-bearer grant type. >- [IDENTITY-5975 <https://wso2.org/jira/browse/IDENTITY-5975>] - Need >to handle errors in oAuth Endpoints >- [IDENTITY-6224 <https://wso2.org/jira/browse/IDENTITY-6224>] - >Improve logs in controlClaimsFromScope() of SAMLAssertionClaimsCallback >class >- [IDENTITY-6900 <https://wso2.org/jira/browse/IDENTITY-6900>] - Make >subject claim consistent across all grant types > > > > *Contribute to WSO2 Identity Server* > > *Mailing Lists* > > Join our mailing lists and correspond with the developers directly. We > also encourage you to take part in discussions related to the product in > the architecture mailing list. If you have any questions regarding the > product you can use our StackOverflow forum to raise them as well. > >- Developer List: dev@wso2.org >- Architecture List: architect...@wso2.org >- User Forum: StackOverflow ><http://stackoverflow.com/questions/tagged/wso2is> > > Reporting Issues > We encourage you to report issues, improvements, and feature requests > regarding WSO2 Identity Server through our public WSO2 Identity Server > JIRA <https://wso2.org/jira/projects/IDENTITY/issues>. > > ~ The WSO2 Identity and Access Management Team ~ > > > > Thanks, > Farasath Ahamed > Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Clarificatoin on Identity federation between service providers and identity providers with incompatible identity federation protocols
Hi Ushani, I think these are the correct ways to do this. I don't think you need to do any config for resident IDP. *Use Case 1 * travelocity sample --> IS (the protocol is SAML) IS --> External IDP (any external IDP that supports OpenIDConnect/OAuth) - You can use Facebook federated authenticator here (or another IS) *Use Case 2* playground sample --> IS (the protocol is OAuth) IS --> External IDP (any external IDP that supports SAML) - You can use salesforce for this (or another IS) Thanks, TharinduE On Tue, Nov 14, 2017 at 11:45 AM, Ushani Balasooriya <ush...@wso2.com> wrote: > Hi IAM Team, > > I am trying to implement a sample using travelocity web app which can be > configured for identity federation between sp and IDP with incompatible > Identity federation protocols. > > My Pattern is "*Identity federation between service providers and > identity providers with incompatible identity federation protocols*" as > mentioned in Solution 11 of this blog post [1]. > > In order to try this I need to find out the correct and valid use cases. > > Use Case 1 - Configure travelocity web app as a SP which uses SAML and > WSO2 IS resident IDP which uses Oauth. - This is Valid obviously and > curently I have configured it as explained in our documents. > > > My question is on Use Case 2. > > *Use case 2* - Configure a service provider which uses Oauth and IDP > which uses SAML. > > I feel above use case is not valid. > > Please correct me if I am wrong. If the use case 2 is valid, please > explain me it with a valid scenario which uses Oauth as SP and SAML as IDP. > > If the above use case2 is not valid, can you please let me know what are > the possible and valid use cases which are relevant for the pattern > mentioned in the blog considering the different protocols such as SAML, > Oauth, Passive STS. > > [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the- > wso2-identity-server-16f9fd0c0389 > > Appreciate your response. > > Thanks, > -- > *Ushani Balasooriya* > Associate Technical Lead - EE; > WSO2 Inc; http://www.wso2.com/. > Mobile; +94772636796 > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Resolving a confusion about Openid as an inbound authentication
. >>>> >>>> Question 1: >>>> >>>> When I refer into the Travelocity sample, in the travelocity login page >>>> there is a option as “login with openid”. >>>> >>>> Is it some thing related to the OAuth/Openid Connect Configuration or >>>> is it the link to access when we configure Openid configuration as the >>>> Inbound authentication? >>>> >>>> This is not much clear in the document [1]. >>>> >>>> Question 2: >>>> >>>> What is the purpose of having OpenID Configuration in travelocity and >>>> what that inbound config will do? >>>> >>>> It is not documented in the IS Doc [2] >>>> >>>> [1].https://docs.wso2.com/display/IS530/Configuring+Inbound+ >>>> Authentication+for+a+Service+Provider >>>> >>>> [2].https://docs.wso2.com/display/IS530/Configuring+Inbound+ >>>> Authentication+for+a+Service+Provider >>>> >>>> >>>> Thank You, >>>> >>>> Shanika. >>>> >>>> -- >>>> *Shanika Wickramasinghe* >>>> Software Engineer - QA Team >>>> >>>> Email: shani...@wso2.com >>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>> Web : http://wso2.com >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> *Shanika Wickramasinghe* >> Software Engineer - QA Team >> >> Email: shani...@wso2.com >> Mobile : +94713503563 <+94%2071%20350%203563> >> Web : http://wso2.com >> >> <http://wso2.com/signature> >> > > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] SSL issue in EI while using Entitlement mediator with IS
By the way, shouldn't we BCC (instead of CC) the internal mailing lists when mailing to public mailing lists like Dev ? Hi Dilshani, Disabling hostname verification to bypass this issue would not be a good practice. This error message can come due to several certificate related issues. Therefore, to isolate the exact issue, would you be able to start EI with enabling SSL debug logs for handshake. -Djavax.net.debug=ssl:handshake You'll have to append the SSL debug logs to a file as it would just print to terminal without appending to carbon log. sh integrator.sh -Djavax.net.debug=ssl:handshake > ssl.log Once EI is running, try out the same flow and check (or share) the SSL debug log. Then you should be able to identify the root cause Thanks, TharinduE On Thu, Oct 26, 2017 at 10:16 PM, Dilshani Subasinghe <dilsh...@wso2.com> wrote: > Hi all, > > I implemented "Fine-grained access control for SOAP services" (Refer 25th > pattern in this blog [1]) pattern using WSO2 EI 6.1.1 and WSO2 IS 5.3.0. I > was able to implement the pattern locally and tested it successfully. While > I'm moving to cloud setup, I got some errors while EI going to make the > connection with IS. > > I got an error as follows: > > [*2017-10-26 18:52:05,406] [EI-Core] INFO - HTTPSender Unable to > sendViaPost to url[https://192.168.57.251/services/EntitlementService > <https://192.168.57.251/services/EntitlementService>]* > *javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname > validation for name: null* > * at org.opensaml.ws.soap.client.ht > <http://org.opensaml.ws.soap.client.ht>tp.TLSProtocolSocketFactory.ve > <http://tp.TLSProtocolSocketFactory.ve>rifyHostname(TLSProtocolSocketFactory.java:233)* > * at org.opensaml.ws.soap.client.ht > <http://org.opensaml.ws.soap.client.ht>tp.TLSProtocolSocketFactory.cr > <http://tp.TLSProtocolSocketFactory.cr>eateSocket(TLSProtocolSocketFactory.java:186)* > * at > org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)* > > After referring some docs and emails, found out we need to add following > property in the integrator.sh script. > > *-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \* > > After adding that, again got an error as follows: > > [2017-10-26 20:19:16,448] [EI-Core] INFO - HTTPSender Unable to > sendViaPost to url[https://is.dev.wso2.org/services/EntitlementService] > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessi > onImpl.java:431) > at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact > ory.verifyHostName(SSLProtocolSocketFactory.java:259) > at org.apache.commons.httpclient.protocol.SSLProtocolSocketFact > ory.createSocket(SSLProtocolSocketFactory.java:158) > > Any idea on fixing this issue? > > [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the- > wso2-identity-server-16f9fd0c0389 > > -- > Best Regards, > > Dilshani Subasinghe > Software Engineer - QA *|* WSO2 > lean *|* enterprise *|* middleware > > Mobile : +94773375185 <+94%2077%20337%205185> > Blog: dilshani.me > > <https://wso2.com/signature> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Issue with WSO2 Add User functionality.
Hi Karthik,
Can you modify the SERVER/repository/conf/carbon.xml file and disable the
XSS and CSRF valves using following config.
*false*
*false*
Then restart the server and check if you get the same issue. Let us know
the output so we can assist you to get the issue fixed.
Please not that above is just to check if the CSRF and XSS valves are
causing this issue, as it's not recommended to turn off security features
in the product.
Regards,
TharinduE
On Thu, Aug 10, 2017 at 10:18 AM, Tharindu Edirisinghe <tharin...@wso2.com>
wrote:
> Hi Karthik,
>
> Here I am forwarding this email to WSO2 Dev mail group, since this is not
> related to a security issue in WSO2 products/services.
>
> Regards,
> Tharindu
>
> On Thu, Aug 10, 2017 at 10:07 AM, Karthik Saravanan <
> karthik_sarava...@persistent.com> wrote:
>
>> Hi WSO2 team,
>>
>> I am stuck deep in a problem. Your help will be very much appreciated.
>>
>>
>>
>> 1. We had WSO2 running in our environment for a long time. We had
>> a JSP based client application to perform bulk upload of Users and this was
>> working fine.
>>
>> 2. Since yesterday the bulk upload functionality is failing with
>> an exception shown below and was reported to us by the client. The client
>> side JSP code has never been changed at all since 2 yrs.
>>
>>
>>
>> org.wso2.carbon.identity.mgt.stub.UserInformationRecoverySer
>> viceIdentityMgtServiceExceptionException: UserInformationRecoveryService
>> IdentityMgtServiceExceptionException
>>
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>> Method)
>>
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance(Native
>> ConstructorAccessorImpl.java:57)
>>
>> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(De
>> legatingConstructorAccessorImpl.java:45)
>>
>> at java.lang.reflect.Constructor.newInstance(Constructor.java:5
>> 26)
>>
>> at java.lang.Class.newInstance(Class.java:383)
>>
>> at org.wso2.carbon.identity.mgt.stub.UserInformationRecoverySer
>> viceStub.registerUser(UserInformationRecoveryServiceStub.java:685)
>>
>> at org.wso2.sample.inforecovery.client.UserInformationRecoveryC
>> lient.registerUser(UserInformationRecoveryClient.java:280)
>>
>> at org.genwi.clients.bemis.BemisClient.addBemisUser(BemisClient
>> .java:172)
>>
>> at org.wso2.sample.inforecovery.controller.SelfSignupController
>> .handleBulkUpload(SelfSignupController.java:336)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 3. For past 2 months when we restarted the servers It used to only
>> check for patches and find no new patches and therefore start the servers
>> properly stating there are no patches to apply. The last patch was in March
>> 2017
>>
>> 4. However when I restarted WSO2 yesterday it said it found a new
>> patch
>>
>>
>>
>> [2017-08-09 09:44:27,178] INFO {org.wso2.carbon.server.util.PatchUtils}
>> -
>> org.wso2.carbon.identity.application.authenticator.requestpath.oauth_4.2.0.jar
>> has been added
>>
>> [2017-08-09 09:44:27,178] INFO
>> {org.wso2.carbon.server.extensions.PatchInstaller}
>> - Patch changes detected
>>
>> [2017-08-09 09:44:27,178] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - Applying patches ...
>>
>> [2017-08-09 09:44:27,178] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - restoring bundle backup directory
>>
>> [2017-08-09 09:54:20,390] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - Checking for patch changes ...
>>
>> [2017-08-09 09:54:20,392] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch available - patch
>>
>> [2017-08-09 09:54:20,392] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch available - patch0001
>>
>> [2017-08-09 09:54:20,392] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch available - patch0002
>>
>> [2017-08-09 09:54:20,393] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch available - patch0003
>>
>> [2017-08-09 09:54:20,393] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch available - patch0004
>>
>> [2017-08-09 09:54:20,393] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch available - patch0005
>>
>> [2017-08-09 09:54:20,393] INFO {org.wso2.carbon.server.util.PatchUtils}
>> - New patch a
Re: [Dev] Issue with WSO2 Add User functionality.
old > patches causing any issues because they were anyways applied once. > > > > > > > > Can you please help. I am really stuck. > > > > Thanks > > Karthik > > > > > DISCLAIMER > == > This e-mail may contain privileged and confidential information which is > the property of Persistent Systems Ltd. It is intended only for the use of > the individual or entity to which it is addressed. If you are not the > intended recipient, you are not authorized to read, retain, copy, print, > distribute or use this message. If you have received this communication in > error, please notify the sender and delete all copies of this message. > Persistent Systems Ltd. does not accept any liability for virus infected > mails. > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Get Super tenant admin email
Hi Godwin, Can't you get the email address of the admin as a user claim ? I created a new tenant and at the time of tenant creation, we need to specify the email address of the tenant admin. Then the same email address is added as the admin's email address in the profile of the admin. So, if we retrieve the email address of the admin user of the tenant, I believe we receive the tenant's email address. For super tenant, since we don't create it (automatically created), we don't specify the email address for the tenant (like for other tenants). Then I believe what you need to retrieve is the email address defined in super tenant admin's profile. Is that the case ? Regards, TharinduE On Tue, Jul 11, 2017 at 7:09 PM, Godwin Shrimal <god...@wso2.com> wrote: > Hi Ayesh, > > What I want is super tenant admin email. > > > Thanks > Godwin > > On Jul 11, 2017 12:17 AM, "Ayesha Dissanayaka" <aye...@wso2.com> wrote: > >> Hi Godwin, >> >> You can admin username from carbon context when in super-tenant flow. >> >> PrivilegedCarbonContext.getThreadLocalCarbonContext().getUse >> rRealm().getRealmConfiguration() >> .getAdminUserName() >> >> Thanks! >> -Ayesha >> >> >> On Tue, Jul 11, 2017 at 7:35 AM, Godwin Shrimal <god...@wso2.com> wrote: >> >>> Hi All, >>> >>> We cannot get super tenant information via TenantManager. Below code >>> returns null, So how can we get the super tenant admin's email address ? >>> >>> *tenantManager.getTenant(-1234)* >>> >>> >>> Thanks >>> Godwin >>> >>> -- >>> *Godwin Amila Shrimal* >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Ayesha Dissanayaka* >> Senior Software Engineer, >> WSO2, Inc : http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> 20, Palm grove Avenue, Colombo 3 >> E-Mail: aye...@wso2.com <ayshsa...@gmail.com> >> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Axis2 MSMQ Transport receiver does not support configuring the message content type through the property transport.msmq.ContentType at Proxy level
Hi Devs, Although the property *transport.msmq.ContentType *is defined in [1], it is not getting set in the MSMQ transport receiver when reading messages. As a result, in a scenario where we need to read messages with *application/xml *content type, it is not configurable and the XML message will be read as* text/xml*. Then the server expects the message to be enclosed in a SOAP envelop, but if we have just a raw XML message, server cannot read it. It will show the error below. [2017-05-25 19:35:53,697] [] ERROR - NativeWorkerPool Uncaught exception org.apache.axiom.soap.SOAPProcessingException: *First Element must contain the local name, Envelope , but found hello* at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.constructNode(StAXSOAPModelBuilder.java:305) at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createOMElement(StAXSOAPModelBuilder.java:252) at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createNextOMElement(StAXSOAPModelBuilder.java:234) at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249) at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:204) at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.(StAXSOAPModelBuilder.java:154) at org.apache.axiom.om.impl.AbstractOMMetaFactory.createStAXSOAPModelBuilder(AbstractOMMetaFactory.java:73) at org.apache.axiom.om.impl.AbstractOMMetaFactory.createSOAPModelBuilder(AbstractOMMetaFactory.java:79) at org.apache.axiom.om.OMXMLBuilderFactory.createSOAPModelBuilder(OMXMLBuilderFactory.java:196) at org.apache.axis2.builder.SOAPBuilder.processDocument(SOAPBuilder.java:65) at org.apache.axis2.format.TextMessageBuilderAdapter.processDocument(TextMessageBuilderAdapter.java:54) at org.apache.axis2.format.TextMessageBuilderAdapter.processDocument(TextMessageBuilderAdapter.java:70) at org.apache.axis2.format.TextMessageBuilderAdapter.processDocument(TextMessageBuilderAdapter.java:76) at org.apache.axis2.transport.msmq.util.MSMQUtil.setSOAPEnvelope(MSMQUtil.java:73) at org.apache.axis2.transport.msmq.MSMQMessageReceiver.processThroughEngine(MSMQMessageReceiver.java:98) at org.apache.axis2.transport.msmq.MSMQMessageReceiver.onMessage(MSMQMessageReceiver.java:64) at org.apache.axis2.transport.msmq.ServiceTaskManager.handleMessage(ServiceTaskManager.java:252) at org.apache.axis2.transport.msmq.ServiceTaskManager.access$700(ServiceTaskManager.java:40) at org.apache.axis2.transport.msmq.ServiceTaskManager$MessageListenerTask.run(ServiceTaskManager.java:235) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) The fix is to make use of the property [1] and if it is set in the proxy's configuration, use it as the receiver's message content type when reading messages. I created the Issue [2] to track this. Also the fix is sent via the GIT PR [3]. Please review and merge. [1] https://github.com/wso2/wso2-axis2-transports/blob/master/ modules/msmq/src/main/java/org/apache/axis2/transport/ msmq/MSMQConstants.java#L27 [2] https://github.com/wso2/wso2-axis2-transports/issues/120 [3] https://github.com/wso2/wso2-axis2-transports/pull/121 Regards, Tharindu -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 <+94%2077%20518%201586> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Writing a custom OAuth2 token generator/issuer for IS 5.3.0
Thanks Pushpalanka for looking into this.
I created the JIRA [1] to track this.
[1] https://wso2.org/jira/browse/IDENTITY-5855
On Fri, Apr 7, 2017 at 10:01 AM, Pushpalanka Jayawardhana <la...@wso2.com>
wrote:
> Hi,
>
> * *is the latest addition from the two
> options which we should continue to use.
> *IdentityOAuthTokenGenerator *seems to be introduced to resolve some
> limitations in *OAuthTokenGenerator, *but not totally removed for
> backward compatibility.
>
> Anyway logs seems to be misleading and needs correction.
>
> Thanks,
>
> On Fri, Apr 7, 2017 at 9:50 AM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> Hi Devs,
>>
>> I need to implement my own OAuth2 token generator/issuer for IS 5.3.0.
>>
>> For that I wrote a class extending
>> *org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl
>> *class and put the component into lib directory (non OSGI).
>>
>> Then in identity.xml file, under tag, I add the tag
>> ** and engage my custom token
>> generator/issuer by adding the fully qualified class name as the value of
>> the tag.
>>
>> Using the playground2 sample, I got the entire flow to working where all
>> the methods I have overridden are hit properly.
>>
>> However, I see the following INFO log.
>>
>> *[2017-04-07 09:32:32,334] INFO
>> {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} - The
>> default OAuth token issuer will be used. No custom token generator is set.*
>>
>> I went through the code in [1] and found that the reason for the log is
>> that there is no ** tag in identity.xml which I
>> have defined.
>>
>> So my question is, are the tags *IdentityOAuthTokenGenerator *and
>> *OAuthTokenGenerator
>> *both serve the same purpose ? or what is the difference.
>>
>> Also since I have got the flow to working, can I ignore the above info
>> log although I am using my own token issuer ?
>>
>> [1] https://github.com/wso2/carbon-identity/blob/master/componen
>> ts/oauth/org.wso2.carbon.identity.oauth/src/main/java/
>> org/wso2/carbon/identity/oauth/config/OAuthServerConfiguration.java
>>
>> Thanks,
>> TharinduE
>>
>> --
>>
>> Tharindu Edirisinghe
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : http://tharindue.blogspot.com
>> mobile : +94 775181586 <077%20518%201586>
>>
>
>
>
> --
> Pushpalanka.
> --
> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/
> Mobile: +94779716248
> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/
> pushpalanka/ | Twitter: @pushpalanka
>
>
--
Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] unsubscribe
Sorry, the subject of the mail should be unsubscribe. Regards, Tharindu On Mon, Mar 6, 2017 at 7:57 PM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > Hi Anshu, > > If you wish to unsubscribe from WSO2 developer mailing list, please send > an email to dev-requ...@wso2.org with the subject subscribe. > > See [1] for details. > > [1] http://wso2.com/mail/ > > Regards, > Tharindu > > On Mon, Mar 6, 2017 at 5:19 PM, ANSHU ADITYA <annshu.adit...@gmail.com> > wrote: > >> >> >> -- >> Thanks & Regards !! >> >> *Anshu Aditya* >> Final Year >> *Electronics & Communication* >> *The LNMIIT, Jaipur* >> *Contact No : +91-8527696121 <+91%2085276%2096121>* >> *Alternate Email Id: annshu0...@gmail.com <annshu0...@gmail.com>* >> <https://www.linkedin.com/in/anshu-aditya-55ba078b> >> *gitHub* <https://github.com/pyAddict> >> >> >> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Tharindu Edirisinghe > Senior Software Engineer | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 <+94%2077%20518%201586> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] unsubscribe
Hi Anshu, If you wish to unsubscribe from WSO2 developer mailing list, please send an email to dev-requ...@wso2.org with the subject subscribe. See [1] for details. [1] http://wso2.com/mail/ Regards, Tharindu On Mon, Mar 6, 2017 at 5:19 PM, ANSHU ADITYA <annshu.adit...@gmail.com> wrote: > > > -- > Thanks & Regards !! > > *Anshu Aditya* > Final Year > *Electronics & Communication* > *The LNMIIT, Jaipur* > *Contact No : +91-8527696121 <+91%2085276%2096121>* > *Alternate Email Id: annshu0...@gmail.com <annshu0...@gmail.com>* > <https://www.linkedin.com/in/anshu-aditya-55ba078b> > *gitHub* <https://github.com/pyAddict> > > > > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSoC 2017 - Proposal 8: CLI tool for WSO2 API Manager
Hi Ayeshmantha, We are glad to see your interest in doing GSoC with WSO2. I have added the mentors of the project here, so they will guide you for proceeding further. Best Regards, Tharindu Edirisinghe On Wed, Mar 1, 2017 at 1:25 PM, Ayeshmantha Perera <akayeshman...@gmail.com> wrote: > Hi All, > > I'm Ayeshmantha Perera, from Sri Lanka Institute of Information > Technology, currently studying in the final (4th) year specializing in > Software Engineering. > > I am interested in taking part in GSoC 2017 with WSO2 and and hope to > apply for the CLI tool on API Manager. > > I have been following up the work done by the API Manager team of WSO2 and > went through the webinars that was handled by WSO2 API Manager team. > > I have experienced working on WSO2 API Manager in my previous working > experience as an Intern.And I'm experienced on WSO2 ESB and Also the WSO2 > Data analytics server also. > > Other than the experience on the products I have experience on working > with Go lang ,Java EE ,Maven,Git,OAuth2 protocol,JAX-RS,Spring > ,Hibernater.And I have 1 year experience on Node.js development, with > Meanstack 1 and Meanstack 2 and Also With React , Redux , Reactive > Programming and Android, Cross platform(React native ,Native Base.IO , > Native Script , Ionic 2 ) And also I have more than 2 year experience on > working with .Net(Web pages , MVC , WEB API). > And also have experience with working on Azure , AWS also > > And I'm getting familiar with SSO enabling that have been mentioned on the > subscription task. > > For now I have wrote a blog on what I have done and also I have proposed > my solution for two tasks and also how to up and run with the product(Blog > URL:- http://gsocproposal8.blogspot.com/) > > > Considering above, I appreciate if you can guide me for getting started > with the project. > > [1] [WSO2 Webinar : Introducing WSO2 API Manager for Complete API > Management] > https://www.youtube.com/watch?v=UcqW8o7I86Q > > [2][WSO2Con USA 2015 : Extending and Customizing WSO2 API Manager] > https://www.youtube.com/watch?v=39bn6UL2R6I > > Best Regards > Ayeshmantha > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding gsoc 2017 projects
Hi Anshu, We are glad to see your interest. The list of GSoC 2017 project ideas can be found in the link [1]. Please go through the list and select a project that matches your interests and apply for GSoC with WSO2. [1] https://docs.wso2.com/display/GSoC/Project+Proposals+for+2017 Best Regards, Tharindu Edirisinghe On Sun, Feb 26, 2017 at 11:47 PM, ANSHU ADITYA <annshu.adit...@gmail.com> wrote: > Hi, > I have been working in data science since 3+ years and based on my > experience I want to contribute in some good open source projects, if you > are participating this year also in gsoc 2017. > *Anshu Aditya* > Final Year > *Electronics & Communication* > *The LNMIIT, Jaipur* > *Contact No : +91-8527696121 <+91%2085276%2096121>* > *Alternate Email Id: annshu0...@gmail.com <annshu0...@gmail.com>* > <https://www.linkedin.com/in/anshu-aditya-55ba078b> > *gitHub* <https://github.com/pyAddict> > > > > > ᐧ > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] unsubscribe
Hi Hasitha, For unsubscribing WSO2 Dev mail, send an email to *dev-requ...@wso2.org <dev-requ...@wso2.org>* with the subject *unsubscribe*. More info in [1]. [1] http://wso2.com/mail/ Best Regards, TharinduE On Sun, Jan 29, 2017 at 6:50 PM, Hasitha Jayasundara < hasithajayasunda...@gmail.com> wrote: > > > -- > *D.M.Hasitha Nadishan Jayasundara* > *Department of Electronic and Telecommunication Engineering* > University of Moratuwa > *mobile:* *+94711959266 <+94%2071%20195%209266>* > *blogspot*: learnjavawithisla.blogspot.com/ *email:* hasithajayasundar > a...@gmail.com > <https://www.facebook.com/hasitha.nadishan.3> > <https://twitter.com/HNadishan> > <https://lk.linkedin.com/in/hasithajayasundara> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Supporting MongoDB as a Secondary Userstore : an Extension for WSO2 Platform
Thanks for sharing the thread Vinod. In our project we would focus only on the user management. However later we can integrate the analytics as well together to build a complete usecase. On Mon, Jan 9, 2017 at 5:20 PM, Vinod Kavinda <vi...@wso2.com> wrote: > Hi All, > FYI, there is another attempt for using MongoDB with WSO2 Analytics. See > the Dev mail thread [1]. > > [1] - "[Dev] [MongoDB] MongoDB support for analytics" > > On Mon, Jan 9, 2017 at 12:30 PM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi all, >> >> I am willing to contribute and January (30, 31) is ok for me for a meeting >> >> thanks, >> Asantha >> >> On Sun, Jan 8, 2017 at 10:20 PM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Devs, >>> >>> Along with Google Summer of Code 2016, we initiated this project [1] for >>> supporting MongoDB as a secondary userstore for WSO2 products. >>> >>> Asantha (CC'ed) here successfully completed the project where it >>> supported IS 5.1.0. (for IS 5.2.0 we need to do some minor modification to >>> get it to working and for IS 5.3.0 which is about to be released.. we'll >>> have to do some more changes because the claim management API is changed). >>> >>> We cannot ship this with a WSO2 product, because it is not scalable. The >>> end user might use a different version of MongoDB database or JDBC driver, >>> releasing patches would be difficult if any bug is found etc. >>> >>> Therefore the best way is to develop it as a connector (extension) and >>> publicly release to WSO2 store. >>> >>> For that, I am initiating this email where we can discuss on how to >>> proceed with this. >>> >>> @Kathees - I hope you can take the ownership of this. We can get >>> Asantha's help as well whenever necessary. >>> >>> My idea is to have a meeting for this during the last week of January >>> (30,31) and come up with a plan. >>> >>> [1] https://docs.wso2.com/display/GSoC/Project+Proposals+for+201 >>> 6#ProjectProposalsfor2016-Proposal21:[IS]DocumentBasedNoSQLS >>> upportforWSO2IdentityServerDatabase >>> >>> Thanks, >>> TharinduE >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : tharindue.blogspot.com >>> mobile : +94 775181586 <+94%2077%20518%201586> >>> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Vinod Kavinda > Software Engineer > *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* > Mobile : +94 (0) 712 415544 > Blog : http://soatechflicks.blogspot.com/ > [image: http://wso2.com/signature] > <http://wso2.com/signature> > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Supporting MongoDB as a Secondary Userstore : an Extension for WSO2 Platform
Hi Devs, Along with Google Summer of Code 2016, we initiated this project [1] for supporting MongoDB as a secondary userstore for WSO2 products. Asantha (CC'ed) here successfully completed the project where it supported IS 5.1.0. (for IS 5.2.0 we need to do some minor modification to get it to working and for IS 5.3.0 which is about to be released.. we'll have to do some more changes because the claim management API is changed). We cannot ship this with a WSO2 product, because it is not scalable. The end user might use a different version of MongoDB database or JDBC driver, releasing patches would be difficult if any bug is found etc. Therefore the best way is to develop it as a connector (extension) and publicly release to WSO2 store. For that, I am initiating this email where we can discuss on how to proceed with this. @Kathees - I hope you can take the ownership of this. We can get Asantha's help as well whenever necessary. My idea is to have a meeting for this during the last week of January (30,31) and come up with a plan. [1] https://docs.wso2.com/display/GSoC/Project+Proposals+for+2016#ProjectProposalsfor2016-Proposal21:[IS]DocumentBasedNoSQLSupportforWSO2IdentityServerDatabase Thanks, TharinduE -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding users/roles creation per tenant and within a secondary ReadWriteLDAP userstore
Hi Hanen, No. As designed, when you create a tenant, the admin will be created in the PRIMARY userstore. This tenant admin may later login to the management console and add any secondary userstore and create users in those user stores. Regards, Tharindu On Tue, Dec 20, 2016 at 7:54 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote: > Thanks guys for the answer, I restarted from a fresh installation of WSO2 > and kept my secondary user store, will let you know if it changes anything. > > I have another question please, I noticed that tenant admin is always > persisted under primary userstore, is there a specific syntax i need to > mention when creating him (username, email, etc.) in order to find him > under secondary user store? > > Regards, > Hanen > > On Tue, Dec 20, 2016 at 1:56 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Hanen, >> >> When you called the RemoteUserStoreManager admin service, you have to >> use the particular tenant admin's credentials to authenticate in the SOAP >> client. Then the user will be added to the particular tenant when you >> browse the LDAP you would see the user is created. Let us know if this is >> not the case so we can guide you. >> >> Regards, >> Tharindu >> >> On Mon, Dec 19, 2016 at 10:46 PM, Hanen Ben Rhouma <hanen...@gmail.com> >> wrote: >> >>> Hello, >>> >>> I have a question regarding tenants management within WSO2 IS; When I >>> create a tenant there is a tenant admin created simultaneously, I checked >>> apacheDS directory and didn't find him there. Where is he persisted? >>> >>> I have another question regarding secondary user store: I have >>> configured a ReadWriteLDAPUserstore as a secondary user store under a >>> tenant directory (tenant-related LDAP). >>> When I create my users through a SOAP call by using the >>> RemoteUserStoreManager, I can see them within the administration console >>> but not within my LDAP and if I create users from within the LDAP I can see >>> them through the administration console prefixed with "DOMAIN_NAME/". >>> Could you please clarify all this for me, how can I have my users >>> persisted correctly within the LDAP and through the application? >>> >>> >>> Regards, >>> Hanen >>> >>> _______ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Regarding users/roles creation per tenant and within a secondary ReadWriteLDAP userstore
Hi Hanen, When you called the RemoteUserStoreManager admin service, you have to use the particular tenant admin's credentials to authenticate in the SOAP client. Then the user will be added to the particular tenant when you browse the LDAP you would see the user is created. Let us know if this is not the case so we can guide you. Regards, Tharindu On Mon, Dec 19, 2016 at 10:46 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote: > Hello, > > I have a question regarding tenants management within WSO2 IS; When I > create a tenant there is a tenant admin created simultaneously, I checked > apacheDS directory and didn't find him there. Where is he persisted? > > I have another question regarding secondary user store: I have configured > a ReadWriteLDAPUserstore as a secondary user store under a tenant directory > (tenant-related LDAP). > When I create my users through a SOAP call by using the > RemoteUserStoreManager, I can see them within the administration console > but not within my LDAP and if I create users from within the LDAP I can see > them through the administration console prefixed with "DOMAIN_NAME/". > Could you please clarify all this for me, how can I have my users > persisted correctly within the LDAP and through the application? > > > Regards, > Hanen > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] WSO2 IS : Create a Tenant
Hi Hanen, Yes, the limit defined in the configuration file is not used and therefore you can deploy multi-users even with the default Demo plan. Regards, Tharindu On Wed, Dec 14, 2016 at 4:16 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote: > Thanks Ishara for the answer. As I can see in multitenancy-packages.xml > the demo plan offers a limit of one user; what does that mean, are we > allowed to deploy multi-users per tenant on AWS for example even if we have > a Demo plan? > > Regards, > > > *Hanen Ben Rhouma* > *Java Tech Lead* > > On Wed, Dec 14, 2016 at 12:56 AM, Ishara Cooray <isha...@wso2.com> wrote: > >> Hi Hanen, >> >> "Select Usage Plan For Tenant" functionality comes from Stratos. It let >> the admin to choose a subscription packages for the creating tenant. One >> can define subscription packages in "/repository/conf >> /multitenancy/multitenancy-packages.xml" file. However this >> configuration is no longer loaded and the "Demo" package that is shown in >> the dropdown is a hard-coded value. This feature is not used as in >> standalone products but was used with the cloud deployments because this >> functionality was moved to stratos manager. >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 <+94%2077%20262%209512> >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Tue, Dec 13, 2016 at 8:07 PM, Hanen Ben Rhouma <hanen...@gmail.com> >> wrote: >> >>> Hello guys, >>> >>> When trying to create a tenant, there is only one option for usage plan >>> which is "Demo", how can we customize it and what are the other options? >>> >>> >>> Regards, >>> Hanen >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] API Manager 2.0.0 - Cannot add SAML inbound authentication config to Service Provider
Thanks !
On Wed, Oct 19, 2016 at 10:45 AM, Abimaran Kugathasan <abima...@wso2.com>
wrote:
> Hi Tharindu,
>
> Yes, This is a known issue, yet to be fixed. Reported through [1]
>
> [1] : https://wso2.org/jira/browse/APIMANAGER-4493
>
> On Wed, Oct 19, 2016 at 10:27 AM, Tharindu Edirisinghe <tharin...@wso2.com
> > wrote:
>
>> Hi Devs,
>>
>> I'm using a fresh pack of API Manager 2.0.0 and added a Service Provider.
>> It got registered correctly.
>>
>> Then I edit the SP and try to add SAML inbound authentication and then I
>> get an empty page. Tested this on both Firefox and Chrome and the behavior
>> is same.
>>
>> Here's the backend error. Is this known issue ? or is there a patch ?
>>
>>
>> TID: [-1234] [] [2016-10-19 10:15:36,464] ERROR
>> {org.apache.tiles.jsp.context.JspTilesRequestContext} - JSPException
>> while including path '/sso-saml/add_service_provider.jsp'.
>> {org.apache.tiles.jsp.context.JspTilesRequestContext}
>> javax.servlet.jsp.JspException: ServletException while including page.
>> at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:102)
>> at org.apache.tiles.jsp.context.JspTilesRequestContext.include(
>> JspTilesRequestContext.java:88)
>> at org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch
>> (JspTilesRequestContext.java:82)
>> at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesC
>> ontainer.java:465)
>> at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(Insert
>> AttributeTag.java:140)
>> at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(Insert
>> AttributeTag.java:117)
>> at org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderT
>> agSupport.java:171)
>> at org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(
>> RoleSecurityTagSupport.java:75)
>> at org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(Con
>> tainerTagSupport.java:80)
>> at org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_00
>> 5finsertAttribute_005f7(template_jsp.java:661)
>> at org.apache.jsp.admin.layout.template_jsp._jspService(templat
>> e_jsp.java:377)
>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.apache.jasper.servlet.JspServletWrapper.service(JspServl
>> etWrapper.java:439)
>> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServl
>> et.java:395)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
>> at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.
>> java:80)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
>> rvice(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>> n.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>> ssAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>> ce(ProxyServlet.java:68)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
>> (DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte
>> r.java:52)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic
>> ationDispatcher.java:747)
>> at org.apache.catalina.core.ApplicationDispatcher.processReques
>> t(ApplicationDispatcher.java:485)
>> at org.apache.catalina.core.ApplicationDispatcher.doForward(App
>> licationDispatcher.java:410)
>> at org.apache.catalina.core.ApplicationDispatcher.forward(Appli
>> cationDispatcher.java:337)
>> at org.eclipse.equinox.http.servlet.internal.RequestDispatcherA
>> daptor.forward(RequestDispatcherAdaptor.java:30)
>&g
[Dev] API Manager 2.0.0 - Cannot add SAML inbound authentication config to Service Provider
(ProxyServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: javax.servlet.ServletException: File /sso-saml/add_service_provider.jsp not found Thanks, TharinduE -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Get the private and public keys of a user
Hi Niranda,
I've attached a sample Java class here that you can refer to get the
private key and public key. I've written this for signing a JWT but you can
use the same code segments for your scenario as well.
Thanks,
TharinduE
On Fri, Oct 7, 2016 at 8:54 AM, Danushka Fernando <danush...@wso2.com>
wrote:
> AFAIK SAML Token is signed using the tenant keystore. You can use the
> org.wso2.carbon.core.util.KeyStoreManager to achieve that. There are
> getDefaultPrivateKey and getDefaultPublicKey which will give you the
> default keys of the keystore.
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729
>
> On Thu, Oct 6, 2016 at 5:38 PM, Niranda Perera <nira...@wso2.com> wrote:
>
>> Hi,
>>
>> I am trying to create a SAML response manually. This is a special type of
>> SAML response named SAML NameIdResponse and I am trying to set a signature
>> in it.
>>
>> I am trying to create a signature element, as mentioned here [1].
>>
>> For me to do this, I need to access the private and public keys
>> programatically.
>>
>> Could you please point me to a place where I could extract these
>> information?
>>
>> Best
>>
>> [1] http://www.programcreek.com/java-api-examples/index.php?
>> source_dir=saml-generator-master/src/main/java/com/rackspace
>> /saml/SamlAssertionProducer.java
>>
>> --
>> *Niranda Perera*
>> Software Engineer, WSO2 Inc.
>> Mobile: +94-71-554-8430
>> Twitter: @n1r44 <https://twitter.com/N1R44>
>> https://pythagoreanscript.wordpress.com/
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : tharindue.blogspot.com
mobile : +94 775181586
package org.wso2.carbon.jwt.helper;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Calendar;
import java.util.concurrent.ConcurrentHashMap;
public class JWTHelper {
private static Log log = LogFactory.getLog(JWTHelper.class);
private static final String SHA256_WITH_RSA = "SHA256withRSA";
private static String signatureAlgorithm = SHA256_WITH_RSA;
private static final String NONE = "NONE";
private static volatile long ttl = -1L;
private static ConcurrentHashMap<Integer, Key> privateKeys = new ConcurrentHashMap<Integer, Key>();
private static ConcurrentHashMap<Integer, Certificate> publicCerts = new ConcurrentHashMap<Integer, Certificate>();
public static String generateJWT(String tenantDomain) throws Exception {
String jwt = buildJWT(tenantDomain);
log.info("JWT = " + jwt);
return jwt;
}
/**
* Method that generates the JWT.
*
* @return signed JWT token
* @throws Exception
*/
private static String buildJWT(String tenantDomain) throws Exception {
//generating expiring timestamp
long currentTime = Calendar.getInstance().getTimeInMillis();
long expireIn = currentTime + 1000 * 60 * getTTL();
String jwtBody;
String issuer = "wso2.org/appserver";
int tenantId = getTenantId(tenantDomain);
//Sample JWT body
//{"iss":"wso2.org/appserver","exp":1448299984841,"tenant_domain":"wso2.com","tenant_id":"1"}
StringBuilder jwtBuilder = new StringBuilder();
jwtBuilder.append("{");
jwtBuilder.append("\"iss\":\"");
jwtBuilder.append(issuer);
jwtBuilder.append("\",");
jwtBuilder.append("\"exp\":");
jwtBuilder.append(String.valueOf(expireIn));
jwtBuilder.append(",");
jwtBuilder.append("\"tenant_domain\":\"");
jwtBuilder.append(tenantDomain);
jwtBuilder.append("\",");
jwtBuilder.append("\"tenant_id\":\"");
jwtBuilder.append(String.valueOf(tenantId));
jw
Re: [Dev] [Vote] Release WSO2 Complex Event Processor (CEP) 4.2.0-RC2
Hi All, Platform Security Team has reviewed all security reports against CEP 4.2.0 and verified. Here's the +1 for proceeding with the release. Thanks, Tharindu On Tue, Sep 6, 2016 at 10:23 PM, Dilini Muthumala <dil...@wso2.com> wrote: > Hi Devs, > > This is the second release candidate (RC2) of WSO2 Complex Event Processor > version 4.2.0. > > *New Features / Improvements in This Release* > > [CEP-322 <https://wso2.org/jira/browse/CEP-322>] - Unique time window > support for Siddhi > [CEP-1442 <https://wso2.org/jira/browse/CEP-1442>] - Create a role for > analytics dashboard with necessary permissions (CEP & DAS) > [CEP-1476 <https://wso2.org/jira/browse/CEP-1476>] - Siddhi Map Extension > : map:CreateFromXML() only support XML with root element > [CEP-1488 <https://wso2.org/jira/browse/CEP-1488>] - Allow '-' in > @Import/@Export section in execution plan > [CEP-1497 <https://wso2.org/jira/browse/CEP-1497>] - Custom XML input > mapping should be able to populate stream attributes from XML attributes > [CEP-1507 <https://wso2.org/jira/browse/CEP-1507>] - Siddhi Extension for > calculate percentile values > [CEP-1510 <https://wso2.org/jira/browse/CEP-1510>] - External Time Batch > Window Implementation > [CEP-1511 <https://wso2.org/jira/browse/CEP-1511>] - Template Manager > support for other deployable artifacts > [CEP-1512 <https://wso2.org/jira/browse/CEP-1512>] - MaxForever and > MinForever Attribute Aggregators for Siddhi > [CEP-1514 <https://wso2.org/jira/browse/CEP-1514>] - Make Distruptor as > configurable in Siddhi > [CEP-1515 <https://wso2.org/jira/browse/CEP-1515>] - RDBMS event table > does not work with new RDBMS database types > [CEP-1516 <https://wso2.org/jira/browse/CEP-1516>] - Distinct Attribute > Aggretaor for Siddhi > [CEP-1517 <https://wso2.org/jira/browse/CEP-1517>] - Split Function for > String Siddhi Extension > [CEP-1520 <https://wso2.org/jira/browse/CEP-1520>] - Necessary > improvement to ExternalTimeBatch window > [CEP-1526 <https://wso2.org/jira/browse/CEP-1526>] - Improve event > receiver/publisher JMS configuration to support Tibco EMS > [CEP-1528 <https://wso2.org/jira/browse/CEP-1528>] - Provide support for > string values to be used in line charts x axis in real time gadets > [CEP-1532 <https://wso2.org/jira/browse/CEP-1532>] - Add basicAuth enable > property for http event receiver > [CEP-1540 <https://wso2.org/jira/browse/CEP-1540>] - [Template Manager > UI] JSP pages which are not invoked through Ajax are named as > *_ajaxprocessor.jsp > [CEP-1574 <https://wso2.org/jira/browse/CEP-1574>] - JNDI Connector to > Sonic MQ. > > > *Fixed Issues in This Release* > >- Bug Fixes <https://wso2.org/jira/browse/CEP-1570?filter=13164> > > *Known Issues* > >- Known Issues <https://wso2.org/jira/browse/CEP-256?filter=13165> > > *Source and distribution packages:* > >- > *https://github.com/wso2/product-cep/releases/download/v4.2.0-rc2/wso2cep-4.2.0-RC2.zip > > <https://github.com/wso2/product-cep/releases/download/v4.2.0-rc2/wso2cep-4.2.0-RC2.zip>* > > > Please download, test, and vote. The README file under the distribution > contains guide and instructions on how to try it out locally. [+] Stable - > Go ahead and release [-] Broken - Do not release (explain why) This vote > will be open for 72 hours or as needed. Regards, > WSO2 CEP Team > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
Excellent work Asantha. We really appreciate your effort put towards making this project a success ! On Mon, Aug 22, 2016 at 8:52 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi all, > > I have prepared my final report in GSoC[1] and there i have added all my > repositories,PR,blog posts,documents and mail threads and i have prepared a > final blog post here[2] mentioning all my experience in GSoC 2016 > > [1] https://asanthamax.github.io/mongodbuserstore/ > [2] http://asanthamax.blogspot.com/2016/08/my-gsoc-final-summary.html > > Thanks, > Asantha > > > On Sat, Aug 20, 2016 at 1:23 AM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Chamila, >> >> I have added new pull requests to orbit[1] for new org.json version >> >> [1]https://github.com/wso2/orbit/pull/225 >> >> thanks, >> Asantha >> >> On Fri, Aug 19, 2016 at 9:58 PM, Chamila Wijayarathna < >> cdwijayarat...@gmail.com> wrote: >> >>> Hi Asantha, >>> >>> For creating new orbit, you will have to send 1 PR to wso2/orbit >>> repository[1] as well. There inside json folder, you'll have to define a >>> new json orbit with new version (eg: 3.0.0wso2v2) and there you will have >>> to refer the new json version you are depending on. >>> >>> In your PR, you are referring to 3.0.0wso2v1 which is depending on the >>> older version we are talking about. So this will still cause the issue you >>> are talking. >>> >>> Thank You! >>> >>> On Sat, Aug 20, 2016 at 12:47 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Johann, >>>> >>>> first of all ,sorry for the late reply earlier i wasn't added org.json >>>> to bundleDef now i have fixed the issue and i have added new orbit as >>>> chamila mentioned for org.json as defined in here[1] i have added version >>>> 20160212 because version 20140107 which is already in IS causing some >>>> problems for my userstore methods even it successfully deployed ,after >>>> adding version 20160212 solved the issue now my userstore is deploy >>>> org.json 20160212 also to the IS during packaging and i have updated >>>> the PR[2] with the latest modifications >>>> >>>> [1]https://github.com/wso2/orbit/blob/master/json/3.0.0.wso2v1/pom.xml >>>> [2]https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 >>>> >>>> thanks, >>>> Asantha >>>> >>>> On Fri, Aug 19, 2016 at 5:45 AM, Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> Hi Asantha, >>>>> >>>>> As Chamila mentioned you need to bundle the required library in your >>>>> feature as well, so that it is self contained, and can be installed >>>>> independently in any carbon server. >>>>> >>>>> Have you added that in your PR? I couldn't see a bundleDef for >>>>> org.json. >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> On Fri, Aug 19, 2016 at 3:04 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> First of all let me apologize for the late reply ,I have changed the >>>>>> org.json version as chamila said and now it's working no need to add json >>>>>> lib manually and version changed will not affected to any of my code i >>>>>> have >>>>>> updated the PR[1] with latest modifications now it's need >>>>>> mongodb-java-driver only to run the module no other extra library >>>>>> required >>>>>> >>>>>> [1]https://github.com/wso2-extensions/identity-userstore-mon >>>>>> godb/pull/1 >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Fri, Aug 19, 2016 at 1:26 AM, Chamila Wijayarathna < >>>>>> cdwijayarat...@gmail.com> wrote: >>>>>> >>>>>>> Hi Asantha, >>>>>>> >>>>>>> If you have used any new features of org.json which is not available >>>>>>> in that old version, I think you will have to create an orbit with new >>>>>>> org.json version. >>>>>>> >>
Re: [Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
Thanks Chamila for the input. @Asantha - Can you try to change the json dependency version to what Chamila has mentioned and test. On Fri, Aug 19, 2016 at 10:43 AM, Chamila Wijayarathna < cdwijayarat...@gmail.com> wrote: > Hi Asantha, Tharindu, > > I think IS already packs json, but the version is 20140107 which comes > from wso2 orbit bundle [1]. You are receiving the error due to version > mismatch, because you are using version 20160212. > > Can you try using existing dependency and check if your features work okay > with that version?\\ > > Thank You! > > [1]. https://github.com/wso2/orbit/blob/master/json/3.0.0.wso2v1 > > On Fri, Aug 19, 2016 at 3:03 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> I meant shipping with the product... by packing with the product. >> >> Yes, it should be packed by the feature. >> >> I'll look more into Charon's dependency as well. >> >> On Fri, Aug 19, 2016 at 10:26 AM, Chamila Wijayarathna < >> cdwijayarat...@gmail.com> wrote: >> >>> Hi Harsha, >>> >>> The license seems to be okay, isn't it? It doesn't mention anything that >>> prevent us from using it. Also I think we use same library for json related >>> stuff in charon as well. So it can't be an issue IMO. >>> >>> @Tharindu, Why we should pack this in product? Shouldn't we pack this in >>> the feature? >>> >>> Thank You! >>> >>> On Fri, Aug 19, 2016 at 2:11 PM, Harsha Thirimanna <hars...@wso2.com> >>> wrote: >>> >>>> As in the license, there are some restrictions. >>>> >>>> http://www.json.org/license.html >>>> >>>> *Harsha Thirimanna* >>>> Associate Tech Lead | WSO2 >>>> >>>> Email: hars...@wso2.com >>>> Mob: +94715186770 >>>> Blog: http://harshathirimanna.blogspot.com/ >>>> Twitter: http://twitter.com/harshathirimann >>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>> rsha-thirimanna/10/ab8/122 >>>> <http://wso2.com/signature> >>>> >>>> On Fri, Aug 19, 2016 at 9:30 AM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Thanks Asantha. >>>>> >>>>> @Johann/Darshana - Would it be possible to pack org.json [1] >>>>> dependency to the product itself ? >>>>> >>>>> [1] https://mvnrepository.com/artifact/org.json/json/20160212 >>>>> >>>>> Regards, >>>>> TharinduE >>>>> >>>>> On Fri, Aug 19, 2016 at 12:48 AM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> >>>>>> As you instructed i have finished all above process and i already >>>>>> sent a PR[1] to product-is with my modifications and earlier i have sent >>>>>> a >>>>>> PR[2] to identity-userstore-mongodb >>>>>> during the deployment of the product-is i face the following issue >>>>>> In my MongoDBUserStoreManager plugin i will be using org.json[2] lib >>>>>> for query purposes so it is a dependent for my plugin to work ,For the >>>>>> moment i manually added json lib to dropin folder to activate my bundle >>>>>> otherwise i will get following error when i open osgi console and checked >>>>>> Missing optionally imported package org.json_[20160212.0.0,2016021 >>>>>> 3.0.0). >>>>>> In order to activate the bundle need to add mongo-java-driver[4] also >>>>>> to dropins folder after that it will activate successfully, >>>>>> Is there any method to ship the json lib also with my bundle when >>>>>> deploying it to IS? >>>>>> [1]https://github.com/wso2/product-is/pull/668 >>>>>> [2]https://github.com/wso2-extensions/identity-userstore-mon >>>>>> godb/pull/1 >>>>>> [3]https://mvnrepository.com/artifact/org.json/json/20160212 >>>>>> [4]https://mvnrepository.com/artifact/org.mongodb/mongo-java >>>>>> -driver/3.2.2 >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Aug 18, 2016 at 2:19 AM, Tharindu Edirisinghe < >>>>>> tharin...@wso2.com> wrote:
Re: [Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
I meant shipping with the product... by packing with the product. Yes, it should be packed by the feature. I'll look more into Charon's dependency as well. On Fri, Aug 19, 2016 at 10:26 AM, Chamila Wijayarathna < cdwijayarat...@gmail.com> wrote: > Hi Harsha, > > The license seems to be okay, isn't it? It doesn't mention anything that > prevent us from using it. Also I think we use same library for json related > stuff in charon as well. So it can't be an issue IMO. > > @Tharindu, Why we should pack this in product? Shouldn't we pack this in > the feature? > > Thank You! > > On Fri, Aug 19, 2016 at 2:11 PM, Harsha Thirimanna <hars...@wso2.com> > wrote: > >> As in the license, there are some restrictions. >> >> http://www.json.org/license.html >> >> *Harsha Thirimanna* >> Associate Tech Lead | WSO2 >> >> Email: hars...@wso2.com >> Mob: +94715186770 >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> >> On Fri, Aug 19, 2016 at 9:30 AM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Thanks Asantha. >>> >>> @Johann/Darshana - Would it be possible to pack org.json [1] dependency >>> to the product itself ? >>> >>> [1] https://mvnrepository.com/artifact/org.json/json/20160212 >>> >>> Regards, >>> TharinduE >>> >>> On Fri, Aug 19, 2016 at 12:48 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> As you instructed i have finished all above process and i already sent >>>> a PR[1] to product-is with my modifications and earlier i have sent a PR[2] >>>> to identity-userstore-mongodb >>>> during the deployment of the product-is i face the following issue >>>> In my MongoDBUserStoreManager plugin i will be using org.json[2] lib >>>> for query purposes so it is a dependent for my plugin to work ,For the >>>> moment i manually added json lib to dropin folder to activate my bundle >>>> otherwise i will get following error when i open osgi console and checked >>>> Missing optionally imported package org.json_[20160212.0.0,2016021 >>>> 3.0.0). >>>> In order to activate the bundle need to add mongo-java-driver[4] also >>>> to dropins folder after that it will activate successfully, >>>> Is there any method to ship the json lib also with my bundle when >>>> deploying it to IS? >>>> [1]https://github.com/wso2/product-is/pull/668 >>>> [2]https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 >>>> [3]https://mvnrepository.com/artifact/org.json/json/20160212 >>>> [4]https://mvnrepository.com/artifact/org.mongodb/mongo-java >>>> -driver/3.2.2 >>>> >>>> Thanks, >>>> Asantha >>>> >>>> >>>> >>>> On Thu, Aug 18, 2016 at 2:19 AM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Asntha, >>>>> >>>>> Please follow steps below to complete the project. >>>>> >>>>> 1. In your features [1] folder, you have to create etc folder and put >>>>> feature.properties file in it. This is same as [2]. >>>>> 2. You have to create server.feature in [1]. Refer [3] and do the >>>>> same. Make necessary modifications to pom file. >>>>> 3. Once you do above, you can commit and push so that your PR [4] will >>>>> automatically get these changes appended. >>>>> >>>>> Next step is to add this feature to IS product so when the product is >>>>> built, the jar file is automatically packed to the product. For that, >>>>> follow the instructions below. >>>>> >>>>> 4. Clone product-is [5] and do a clean repo build skipping tests. (you >>>>> can just backup .m2 directory in your home and create an empty folder with >>>>> name .m2. Then you can run mvn clean install -Dmaven.test.skip=true" >>>>> command in product-is. >>>>> 5. Once the product is built, you can get the zip file in >>>>> modules/distribution folder. Run the product and check if you can access >>>>> management console. >>>>> 6. Next step is to build your featu
Re: [Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
Seems we'll have to find some alternative if we are to pack this to the product. @Asantha - Can you check if Apache has a library that provides similar functionality. Thanks, TharinduE On Fri, Aug 19, 2016 at 9:41 AM, Harsha Thirimanna <hars...@wso2.com> wrote: > As in the license, there are some restrictions. > > http://www.json.org/license.html > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: hars...@wso2.com > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Fri, Aug 19, 2016 at 9:30 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Thanks Asantha. >> >> @Johann/Darshana - Would it be possible to pack org.json [1] dependency >> to the product itself ? >> >> [1] https://mvnrepository.com/artifact/org.json/json/20160212 >> >> Regards, >> TharinduE >> >> On Fri, Aug 19, 2016 at 12:48 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> As you instructed i have finished all above process and i already sent a >>> PR[1] to product-is with my modifications and earlier i have sent a PR[2] >>> to identity-userstore-mongodb >>> during the deployment of the product-is i face the following issue >>> In my MongoDBUserStoreManager plugin i will be using org.json[2] lib for >>> query purposes so it is a dependent for my plugin to work ,For the moment i >>> manually added json lib to dropin folder to activate my bundle otherwise i >>> will get following error when i open osgi console and checked >>> Missing optionally imported package org.json_[20160212.0.0,2016021 >>> 3.0.0). >>> In order to activate the bundle need to add mongo-java-driver[4] also to >>> dropins folder after that it will activate successfully, >>> Is there any method to ship the json lib also with my bundle when >>> deploying it to IS? >>> [1]https://github.com/wso2/product-is/pull/668 >>> [2]https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 >>> [3]https://mvnrepository.com/artifact/org.json/json/20160212 >>> [4]https://mvnrepository.com/artifact/org.mongodb/mongo-java >>> -driver/3.2.2 >>> >>> Thanks, >>> Asantha >>> >>> >>> >>> On Thu, Aug 18, 2016 at 2:19 AM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> Hi Asntha, >>>> >>>> Please follow steps below to complete the project. >>>> >>>> 1. In your features [1] folder, you have to create etc folder and put >>>> feature.properties file in it. This is same as [2]. >>>> 2. You have to create server.feature in [1]. Refer [3] and do the same. >>>> Make necessary modifications to pom file. >>>> 3. Once you do above, you can commit and push so that your PR [4] will >>>> automatically get these changes appended. >>>> >>>> Next step is to add this feature to IS product so when the product is >>>> built, the jar file is automatically packed to the product. For that, >>>> follow the instructions below. >>>> >>>> 4. Clone product-is [5] and do a clean repo build skipping tests. (you >>>> can just backup .m2 directory in your home and create an empty folder with >>>> name .m2. Then you can run mvn clean install -Dmaven.test.skip=true" >>>> command in product-is. >>>> 5. Once the product is built, you can get the zip file in >>>> modules/distribution folder. Run the product and check if you can access >>>> management console. >>>> 6. Next step is to build your feature so local m2 repository get the >>>> jar files of your feature. >>>> 7. Then, you can fork product-is and modify parent pom [6] adding a new >>>> property for your feature's version. Similar to below property, you can add >>>> your own one. >>>> >>>> 5.1.1>>> .remote.version> >>>> >>>> 8. Modify the p2-profile-get pom file [7] and include your feature >>>> there. You can search for "*user.store.remote.feature*" and following >>>> that, add details for your feature. >>>> 9. Then re-build the product-is, get the zip file, run it and in >>>> Management Console, check if mongodb userstore is listed. Also
Re: [Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
Thanks Asantha. @Johann/Darshana - Would it be possible to pack org.json [1] dependency to the product itself ? [1] https://mvnrepository.com/artifact/org.json/json/20160212 Regards, TharinduE On Fri, Aug 19, 2016 at 12:48 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > As you instructed i have finished all above process and i already sent a > PR[1] to product-is with my modifications and earlier i have sent a PR[2] > to identity-userstore-mongodb > during the deployment of the product-is i face the following issue > In my MongoDBUserStoreManager plugin i will be using org.json[2] lib for > query purposes so it is a dependent for my plugin to work ,For the moment i > manually added json lib to dropin folder to activate my bundle otherwise i > will get following error when i open osgi console and checked > Missing optionally imported package org.json_[20160212.0.0,20160213.0.0). > In order to activate the bundle need to add mongo-java-driver[4] also to > dropins folder after that it will activate successfully, > Is there any method to ship the json lib also with my bundle when > deploying it to IS? > [1]https://github.com/wso2/product-is/pull/668 > [2]https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 > [3]https://mvnrepository.com/artifact/org.json/json/20160212 > [4]https://mvnrepository.com/artifact/org.mongodb/mongo-java-driver/3.2.2 > > Thanks, > Asantha > > > > On Thu, Aug 18, 2016 at 2:19 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Asntha, >> >> Please follow steps below to complete the project. >> >> 1. In your features [1] folder, you have to create etc folder and put >> feature.properties file in it. This is same as [2]. >> 2. You have to create server.feature in [1]. Refer [3] and do the same. >> Make necessary modifications to pom file. >> 3. Once you do above, you can commit and push so that your PR [4] will >> automatically get these changes appended. >> >> Next step is to add this feature to IS product so when the product is >> built, the jar file is automatically packed to the product. For that, >> follow the instructions below. >> >> 4. Clone product-is [5] and do a clean repo build skipping tests. (you >> can just backup .m2 directory in your home and create an empty folder with >> name .m2. Then you can run mvn clean install -Dmaven.test.skip=true" >> command in product-is. >> 5. Once the product is built, you can get the zip file in >> modules/distribution folder. Run the product and check if you can access >> management console. >> 6. Next step is to build your feature so local m2 repository get the jar >> files of your feature. >> 7. Then, you can fork product-is and modify parent pom [6] adding a new >> property for your feature's version. Similar to below property, you can add >> your own one. >> >> 5.1.1> .remote.version> >> >> 8. Modify the p2-profile-get pom file [7] and include your feature >> there. You can search for "*user.store.remote.feature*" and following >> that, add details for your feature. >> 9. Then re-build the product-is, get the zip file, run it and in >> Management Console, check if mongodb userstore is listed. Also you can >> check if the jar file is packed in plugins. >> 10. Finally send a PR to product-is with these changes. >> >> >> [1] https://github.com/asanthamax/identity-userstore-mongodb/tre >> e/master/features >> [2] https://github.com/wso2-extensions/identity-userstore-remote >> /blob/master/features/etc/feature.properties >> [3] https://github.com/wso2-extensions/identity-userstore-remote >> /tree/master/features/org.wso2.carbon.identity.user.stor >> e.remote.server.feature >> [4] https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 >> [5] https://github.com/wso2/product-is/ >> [6] https://github.com/wso2/product-is/blob/master/pom.xml >> [7] https://github.com/wso2/product-is/blob/master/modules/p2- >> profile-gen/pom.xml >> >> Thanks, >> TharinduE >> >> On Tue, Aug 16, 2016 at 1:13 PM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> According to your instructions i have added the components folder with >>> the mongodbuserstore package to my forked repo[1] and i also sent the pull >>> request to origin also[2] i have refactor the main package to >>> *org.wso2.carbon.identity.user.store.mo >>> <http://org.wso2.carbon.identity.user.store.mo>**ngodb * >>> expecting your feedback >>> [1
Re: [Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
Hi Asntha, Please follow steps below to complete the project. 1. In your features [1] folder, you have to create etc folder and put feature.properties file in it. This is same as [2]. 2. You have to create server.feature in [1]. Refer [3] and do the same. Make necessary modifications to pom file. 3. Once you do above, you can commit and push so that your PR [4] will automatically get these changes appended. Next step is to add this feature to IS product so when the product is built, the jar file is automatically packed to the product. For that, follow the instructions below. 4. Clone product-is [5] and do a clean repo build skipping tests. (you can just backup .m2 directory in your home and create an empty folder with name .m2. Then you can run mvn clean install -Dmaven.test.skip=true" command in product-is. 5. Once the product is built, you can get the zip file in modules/distribution folder. Run the product and check if you can access management console. 6. Next step is to build your feature so local m2 repository get the jar files of your feature. 7. Then, you can fork product-is and modify parent pom [6] adding a new property for your feature's version. Similar to below property, you can add your own one. 5.1.1 8. Modify the p2-profile-get pom file [7] and include your feature there. You can search for "*user.store.remote.feature*" and following that, add details for your feature. 9. Then re-build the product-is, get the zip file, run it and in Management Console, check if mongodb userstore is listed. Also you can check if the jar file is packed in plugins. 10. Finally send a PR to product-is with these changes. [1] https://github.com/asanthamax/identity-userstore-mongodb/tree/master/features [2] https://github.com/wso2-extensions/identity-userstore-remote/blob/master/features/etc/feature.properties [3] https://github.com/wso2-extensions/identity-userstore-remote/tree/master/features/org.wso2.carbon.identity.user.store.remote.server.feature [4] https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 [5] https://github.com/wso2/product-is/ [6] https://github.com/wso2/product-is/blob/master/pom.xml [7] https://github.com/wso2/product-is/blob/master/modules/p2-profile-gen/pom.xml Thanks, TharinduE On Tue, Aug 16, 2016 at 1:13 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > According to your instructions i have added the components folder with the > mongodbuserstore package to my forked repo[1] and i also sent the pull > request to origin also[2] i have refactor the main package to > *org.wso2.carbon.identity.user.store.mo > <http://org.wso2.carbon.identity.user.store.mo>**ngodb * > expecting your feedback > [1] https://github.com/asanthamax/identity-userstore-mongodb > [2] https://github.com/wso2-extensions/identity-userstore-mongodb/pull/1 > Thanks, > Asantha > > On Tue, Aug 16, 2016 at 2:45 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Asantha, >> >> Now that you have completed the project [1], for the final evaluation, >> you need to contribute your code to WSO2 codebase. >> >> For that, we have created the repository [2]. >> >> You can refer [3] to get some idea about the package structure of the >> repo. >> >> Further, you can refactor your project and rename the main package to >> *org.wso2.carbon.identity.user.store.mo >> <http://org.wso2.carbon.identity.user.store.mo>**ngodb*. >> >> You can send a pull request with these. >> >> I will help you with writing the feature and creating the parent pom file >> later. >> >> >> [1] https://docs.wso2.com/display/GSoC/Project+Proposals+for+201 >> 6#ProjectProposalsfor2016-Proposal21:[IS]DocumentBasedNoSQLS >> upportforWSO2IdentityServerDatabase >> [2] https://github.com/wso2-extensions/identity-userstore-mongodb >> [3] https://github.com/wso2-extensions/identity-userstore-remote >> >> Thank you, >> TharinduE >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : tharindue.blogspot.com >> mobile : +94 775181586 >> > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [GSoC Final Evaluation] Proposal 21: [IS] Document Based NoSQL Support for WSO2 Identity Server Database
Hi Asantha, Now that you have completed the project [1], for the final evaluation, you need to contribute your code to WSO2 codebase. For that, we have created the repository [2]. You can refer [3] to get some idea about the package structure of the repo. Further, you can refactor your project and rename the main package to *org.wso2.carbon.identity.user.store.mo <http://org.wso2.carbon.identity.user.store.mo>**ngodb*. You can send a pull request with these. I will help you with writing the feature and creating the parent pom file later. [1] https://docs.wso2.com/display/GSoC/Project+Proposals+for+2016#ProjectProposalsfor2016-Proposal21:[IS]DocumentBasedNoSQLSupportforWSO2IdentityServerDatabase [2] https://github.com/wso2-extensions/identity-userstore-mongodb [3] https://github.com/wso2-extensions/identity-userstore-remote Thank you, TharinduE -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuration for MB Topic Acknowledgement
Hi Indika, Thanks for the quick response. The subscriber is an ESB proxy service and it needs to send the acknowledgement to the MB Topic after finishing the subscriber work. So how to send the acknowledge from the proxy service ? Currently, the proxy subscriber has following configuration. contentType application/xml myTopicConnectionFactory topic true Task.name sub-name consumer subId-Chorus_Task_TopicSubscriber_For_GTsub-name Appreciate your feedback on this. Best Regards, TharinduE On Mon, Aug 8, 2016 at 1:13 PM, Indika Sampath <indi...@wso2.com> wrote: > Hi Tharindu, > > Message acknowledge handle at client side, not in the server side. In your > JMS program, set acknowledgement mode to CLIENT_ACKNOWLEDGE > > queueSession = queueConnection.createQueueSession(false, > QueueSession.CLIENT_ACKNOWLEDGE); > > When client receives message, do the acknowlegment explicitly. > > TextMessage message = (TextMessage) consumer.receive(); > message.acknowledge(); > > Cheers! > > > On Mon, Aug 8, 2016 at 12:55 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Devs, >> >> By default, $subject is *AUTO_ACKNOWLEDGE* as mentioned in WSO2 >> documentation. >> >> I need to change this behavior to keep messages until it gets the >> acknowledgment for that. >> >> What are the changes I need to do? Is it only the config change in >> axis2.xml or need to change in subscriber as well ? >> >> Thanks, >> TharinduE >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : tharindue.blogspot.com >> mobile : +94 775181586 >> > > > > -- > Indika Sampath > Senior Software Engineer > WSO2 Inc. > http://wso2.com > > Phone: +94 716 424 744 > Blog: http://indikasampath.blogspot.com/ > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Configuration for MB Topic Acknowledgement
Hi Devs, By default, $subject is *AUTO_ACKNOWLEDGE* as mentioned in WSO2 documentation. I need to change this behavior to keep messages until it gets the acknowledgment for that. What are the changes I need to do? Is it only the config change in axis2.xml or need to change in subscriber as well ? Thanks, TharinduE -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
+Mohan Hi Asantha, I've added Mohan to this mail thread who is working in the Analytics team at WSO2. He will be able to give a helping hand to the user activity analysis part that you are doing in this project. I've scheduled a google hangout (12th Aug 2016 5.00 p.m IST) for discussing this further where Mohan would join to clarify your concerns in this project. I've already sent a meeting request. Meanwhile, it is better to reply to this thread with the problems you have faced so Mohan can get an idea on in which areas you need help. Thanks, TharinduE On Mon, Aug 1, 2016 at 12:05 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > yes sure i am comfortable with any time and look forward for that > > Thanks, > Asantha > > On Sun, Jul 31, 2016 at 12:15 PM, Tharindu Edirisinghe <tharin...@wso2.com > > wrote: > >> Hi Asantha, >> >> Good work so far. Since we are reaching the final stage of GSoC, let's >> have a hangout at the end of this week and plan the final steps to complete >> the project. >> >> I will go through the deliverables and provide feedback soon. >> >> Thanks, >> Tharindu >> >> On Mon, Jul 25, 2016 at 12:08 PM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> I have cleaned up all the bugs and removed all unnecessary codes and >>> committed all the changes into my repository[1] >>> >>> [1] https://github.com/asanthamax/mongodbuserstore >>> >>> Thanks, >>> Asantha >>> >>> On Sat, Jul 23, 2016 at 8:26 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> here i added all the commitments to spread sheet[1] and also i updated >>>> my blog with about java document api[2] and also i added findbug report[3] >>>> and also i updated my blog with the code quality analysis process i have >>>> done[4] >>>> >>>> [1]https://docs.google.com/spreadsheets/d/1jwSR_qFV- >>>> LfOS7ZTZ8CpiFFTYPoudDQF7zQhvblivaE/edit?usp=sharing >>>> [2]http://asanthamax.blogspot.com/2016/07/mongodb-user- >>>> store-package-hierarchy.html >>>> [3]https://googledrive.com/host/0B__ZE1ru1jkXZFdES3BOaHVyZ3M/ >>>> [4]http://asanthamax.blogspot.com/2016/07/findbugs-in- >>>> mongodbuserstoremanager-in.html >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Fri, Jul 22, 2016 at 8:45 AM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> I have created the API documentation and hosted in my google drive[1] >>>>> i will be preparing code inspection report as well will share it as soon >>>>> as >>>>> well i also added github page also to the userstore script in here[2] as >>>>> well >>>>> [1] http://googledrive.com/host/0B__ZE1ru1jkXbDVoSDlveV9yNk0 >>>>> [2] https://asanthamax.github.io/mongodbuserstore/ >>>>> >>>>> Thanks, >>>>> Asantha >>>>> >>>>> On Tue, Jul 12, 2016 at 11:59 AM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> sure we will arrange a hangout on next week and sure i will refer the >>>>>> link and do the necessary inspect in my code for any security >>>>>> vulnerabilities and update you sooner >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Tue, Jul 12, 2016 at 9:56 AM, Tharindu Edirisinghe < >>>>>> tharin...@wso2.com> wrote: >>>>>> >>>>>>> Hi Asantha, >>>>>>> >>>>>>> Thanks for the update. I'm out of the country this week and won't be >>>>>>> available. Let's have a hangout next week and discuss the final steps of >>>>>>> the project. >>>>>>> >>>>>>> Along with find bugs, if you haven't enabled findsecuritybugs >>>>>>> plugin, you can refer [1] and check if any security weaknesses are >>>>>>> there in >>>>>>> the code. >>>>>>> >>>>>>> [1] http://tharindue.blogspot.in/2016/06/static-code-analysis- >>>>>>> for-ja
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, Good work so far. Since we are reaching the final stage of GSoC, let's have a hangout at the end of this week and plan the final steps to complete the project. I will go through the deliverables and provide feedback soon. Thanks, Tharindu On Mon, Jul 25, 2016 at 12:08 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > I have cleaned up all the bugs and removed all unnecessary codes and > committed all the changes into my repository[1] > > [1] https://github.com/asanthamax/mongodbuserstore > > Thanks, > Asantha > > On Sat, Jul 23, 2016 at 8:26 AM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> here i added all the commitments to spread sheet[1] and also i updated my >> blog with about java document api[2] and also i added findbug report[3] and >> also i updated my blog with the code quality analysis process i have done[4] >> >> [1] >> https://docs.google.com/spreadsheets/d/1jwSR_qFV-LfOS7ZTZ8CpiFFTYPoudDQF7zQhvblivaE/edit?usp=sharing >> [2] >> http://asanthamax.blogspot.com/2016/07/mongodb-user-store-package-hierarchy.html >> [3]https://googledrive.com/host/0B__ZE1ru1jkXZFdES3BOaHVyZ3M/ >> [4] >> http://asanthamax.blogspot.com/2016/07/findbugs-in-mongodbuserstoremanager-in.html >> >> Thanks, >> Asantha >> >> On Fri, Jul 22, 2016 at 8:45 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> I have created the API documentation and hosted in my google drive[1] i >>> will be preparing code inspection report as well will share it as soon as >>> well i also added github page also to the userstore script in here[2] as >>> well >>> [1] http://googledrive.com/host/0B__ZE1ru1jkXbDVoSDlveV9yNk0 >>> [2] https://asanthamax.github.io/mongodbuserstore/ >>> >>> Thanks, >>> Asantha >>> >>> On Tue, Jul 12, 2016 at 11:59 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> sure we will arrange a hangout on next week and sure i will refer the >>>> link and do the necessary inspect in my code for any security >>>> vulnerabilities and update you sooner >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Tue, Jul 12, 2016 at 9:56 AM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Asantha, >>>>> >>>>> Thanks for the update. I'm out of the country this week and won't be >>>>> available. Let's have a hangout next week and discuss the final steps of >>>>> the project. >>>>> >>>>> Along with find bugs, if you haven't enabled findsecuritybugs plugin, >>>>> you can refer [1] and check if any security weaknesses are there in the >>>>> code. >>>>> >>>>> [1] >>>>> http://tharindue.blogspot.in/2016/06/static-code-analysis-for-java-using.html >>>>> >>>>> Thanks, >>>>> TharinduE >>>>> >>>>> On Tue, Jul 12, 2016 at 5:32 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> I have clean up the code according to find bug plugin and also for >>>>>> rollback purposes since it only concern when modifying or adding new user >>>>>> or role to user store i have manually added rollback option where if >>>>>> error >>>>>> occured all the changes done to db in code segment will be discard from >>>>>> db >>>>>> i updated the my repository with recent changes[1] now i preparing the >>>>>> documentation and test scripts. >>>>>> >>>>>> [1] https://github.com/asanthamax/mongodbuserstore >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Mon, Jul 4, 2016 at 2:54 AM, Asantha Thilina < >>>>>> asanthathil...@gmail.com> wrote: >>>>>> >>>>>>> Hi Tharindu, >>>>>>> >>>>>>> thanks for the reply ,sure i will try out that and update the >>>>>>> progress as soon as possible >>>>>>> >>>>>>> Thanks, >>>>>>> Asantha >>>>>>> >>>>>&
Re: [Dev] [IS] XML configuration to set the public certificate in IdP
So if the certificate's content is like this, -BEGIN CERTIFICATE- *MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=* -END CERTIFICATE- If you add the value in tags like below in the XML file of the IDP's configuration, *MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=* doesn't it work ? On Fri, Jul 29, 2016 at 1:53 PM, Gayan Yalpathwala <gay...@wso2.com> wrote: > Thank you for the reply Tharindu. This helps but not exactly what I wanted > to know. > > I am trying to add an external IdP to IS, for which I have written an XML > based IdP configuration that goes under > repository/conf/identity/identity-providers. I already have the public cert > from the external IdP and I am worried about how to include that in the > aforesaid XML config. There is a tag named in a sample IdP > config, but adding the certificate directly there or adding the encoded > value hasn't worked for me so far. Do we have a sample XML config that can > help here? > > Thanks, > > On Thu, Jul 28, 2016 at 5:37 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Gayan, >> >> Here's a sample command if the IDP is WSO2 Identity Server where you can >> export the public certificate in PEM format. >> >> >> >> *keytool -exportcert -alias wso2carbon -keypass wso2carbon -keystore >> wso2carbon.jks -storepass wso2carbon -rfc -file ispublic_crt.pem* >> Then, the certificate file, you can open with a notepad so you see the >> certificate value. Sample is below. >> >> -BEGIN CERTIFICATE- >> >> >> >> >> >> >> >> >> >> >> *MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=* >> -END CERTIFICATE- >> >> You can copy this certificate value (highlight above) and put in the file. >> >> Note that above is only if the IDP is WSO2 IS. If the IDP is a third >> party IDP, then you can get the certificate in PEM format and read the >> value. >> >> Regards, >> TharinduE >> >> On Thu, Jul 28, 2016 at 7:22 PM, Gayan Yalpathwala <gay...@wso2.com> >> wrote: >> >>> Hi devs, >>> >>> I have a file based IdP configuration in which I need to add the public >>> certificate of the IdP. I have tried by adding the certificate content as >>> it is, under the tag, and also tried with the base64 encoded >>> version of the same, with no luck. What is the correct way to add this >>> configuration? >>> >>> Thanks, >>> >>> -- >>> *Gayan Kaushalya Yalpathwala* >>> Software Engineer >>> WSO2 Inc.; h
Re: [Dev] [IS] XML configuration to set the public certificate in IdP
Hi Gayan, Here's a sample command if the IDP is WSO2 Identity Server where you can export the public certificate in PEM format. *keytool -exportcert -alias wso2carbon -keypass wso2carbon -keystore wso2carbon.jks -storepass wso2carbon -rfc -file ispublic_crt.pem* Then, the certificate file, you can open with a notepad so you see the certificate value. Sample is below. -BEGIN CERTIFICATE- *MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=* -END CERTIFICATE- You can copy this certificate value (highlight above) and put in the file. Note that above is only if the IDP is WSO2 IS. If the IDP is a third party IDP, then you can get the certificate in PEM format and read the value. Regards, TharinduE On Thu, Jul 28, 2016 at 7:22 PM, Gayan Yalpathwala <gay...@wso2.com> wrote: > Hi devs, > > I have a file based IdP configuration in which I need to add the public > certificate of the IdP. I have tried by adding the certificate content as > it is, under the tag, and also tried with the base64 encoded > version of the same, with no luck. What is the correct way to add this > configuration? > > Thanks, > > -- > *Gayan Kaushalya Yalpathwala* > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > LK: +94 71 868 2704 > UK: +44 747 844 3609 > > <http://asia14.wso2con.com/> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, Thanks for the update. I'm out of the country this week and won't be available. Let's have a hangout next week and discuss the final steps of the project. Along with find bugs, if you haven't enabled findsecuritybugs plugin, you can refer [1] and check if any security weaknesses are there in the code. [1] http://tharindue.blogspot.in/2016/06/static-code-analysis-for-java-using.html Thanks, TharinduE On Tue, Jul 12, 2016 at 5:32 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > I have clean up the code according to find bug plugin and also for > rollback purposes since it only concern when modifying or adding new user > or role to user store i have manually added rollback option where if error > occured all the changes done to db in code segment will be discard from db > i updated the my repository with recent changes[1] now i preparing the > documentation and test scripts. > > [1] https://github.com/asanthamax/mongodbuserstore > > Thanks, > Asantha > > On Mon, Jul 4, 2016 at 2:54 AM, Asantha Thilina <asanthathil...@gmail.com> > wrote: > >> Hi Tharindu, >> >> thanks for the reply ,sure i will try out that and update the progress as >> soon as possible >> >> Thanks, >> Asantha >> >> On Mon, Jul 4, 2016 at 1:38 AM, Tharindu Edirisinghe <tharin...@wso2.com> >> wrote: >> >>> Hi Asantha, >>> >>> While you are adding the roll back transaction capability, also look >>> into testing a high load and try to generate database level exceptions. >>> Once thing you can try out is writing a client for performing userstore >>> manager operations such as add user, add role, login, logout etc. and play >>> it with a high concurrency using Jmeter. Then we should be able to get a >>> better understanding of transaction management with respective to MongoDB. >>> >>> Regards, >>> TharinduE >>> >>> On Mon, Jul 4, 2016 at 10:57 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi all, >>>> >>>> i will be trying for implement roll back transactions capability in >>>> MongoDB to add to MongoDB User Store[2] i found that MongoDB use a concept >>>> call two phase commit[1] i trying to implement that inside my code but it >>>> seems to be little complex and i think it may arise performance issue when >>>> adding high load of dataset at once is there any other better method i can >>>> achieve this task? any advices would be grateful >>>> >>>> [1] https://docs.mongodb.com/manual/tutorial/perform-two-phase-commits/ >>>> [2] https://github.com/asanthamax/mongodbuserstore >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Wed, Jun 29, 2016 at 2:55 PM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> I have finished and added delete functions also to users ,roles and >>>>> user claim deletions to my repo[1] >>>>> >>>>> [1] https://github.com/asanthamax/mongodbuserstore >>>>> >>>>> Thanks, >>>>> Asantha >>>>> >>>>> On Mon, Jun 27, 2016 at 4:18 AM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi aiya, >>>>>> >>>>>> i have small problem in my research, i will be developing convolution >>>>>> neural network using deeplearning4j to detect frauds i have discovered >>>>>> some >>>>>> fraud patterns which can use to train my network but the problem i having >>>>>> is,are there any possibility to add condition driven capability to >>>>>> dataset >>>>>> to train model >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Wed, Jun 22, 2016 at 9:35 PM, Tharindu Edirisinghe < >>>>>> tharin...@wso2.com> wrote: >>>>>> >>>>>>> Good work Asantha... Meanwhile let's look at getting your research >>>>>>> work published as well. I will provide feedback for the work so far in >>>>>>> couple of days time. I have also completed the Mid Review based on your >>>>>>> current work where you are already ahead of schedule. >>>>>>> >>>>>>> Regards, >>
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, While you are adding the roll back transaction capability, also look into testing a high load and try to generate database level exceptions. Once thing you can try out is writing a client for performing userstore manager operations such as add user, add role, login, logout etc. and play it with a high concurrency using Jmeter. Then we should be able to get a better understanding of transaction management with respective to MongoDB. Regards, TharinduE On Mon, Jul 4, 2016 at 10:57 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi all, > > i will be trying for implement roll back transactions capability in > MongoDB to add to MongoDB User Store[2] i found that MongoDB use a concept > call two phase commit[1] i trying to implement that inside my code but it > seems to be little complex and i think it may arise performance issue when > adding high load of dataset at once is there any other better method i can > achieve this task? any advices would be grateful > > [1] https://docs.mongodb.com/manual/tutorial/perform-two-phase-commits/ > [2] https://github.com/asanthamax/mongodbuserstore > > Thanks, > Asantha > > On Wed, Jun 29, 2016 at 2:55 PM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> I have finished and added delete functions also to users ,roles and user >> claim deletions to my repo[1] >> >> [1] https://github.com/asanthamax/mongodbuserstore >> >> Thanks, >> Asantha >> >> On Mon, Jun 27, 2016 at 4:18 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi aiya, >>> >>> i have small problem in my research, i will be developing convolution >>> neural network using deeplearning4j to detect frauds i have discovered some >>> fraud patterns which can use to train my network but the problem i having >>> is,are there any possibility to add condition driven capability to dataset >>> to train model >>> >>> Thanks, >>> Asantha >>> >>> On Wed, Jun 22, 2016 at 9:35 PM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> Good work Asantha... Meanwhile let's look at getting your research work >>>> published as well. I will provide feedback for the work so far in couple of >>>> days time. I have also completed the Mid Review based on your current work >>>> where you are already ahead of schedule. >>>> >>>> Regards, >>>> TharinduE >>>> >>>> On Wed, Jun 22, 2016 at 9:41 PM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> following is the summary of operations i have implemented up to now >>>>> and yet to implement >>>>> >>>>> 1. Add new MongoDB User Store - done both case sensitive and >>>>> intensensitive >>>>> 2. Add new users to MongoDB user store - done both case sensitive and >>>>> intensensitive >>>>> 3. Add new roles to MongoDB user store - done both case sensitive and >>>>> intensensitive >>>>> 4. Search users and roles - done both case sensitive and intensensitive >>>>> 5. Assign roles to mongodb user store users - done both case sensitive >>>>> and intensensitive >>>>> 6. Assign users to mongodb user store roles - done both case sensitive >>>>> and intensensitive >>>>> 7. Edit claim values of user profiles - done both case sensitive and >>>>> intensensitive >>>>> for those implemented user operations i have added selenium scripts >>>>> also to my repo[1] and also i have prepared user guide[2] and >>>>> administrator >>>>> guide[3] also and also i have updated my blog[4] with all my tasks what i >>>>> have done and following are the tasks yet to complete >>>>> >>>>> 1. implement delete operations >>>>> 2. implement new profiles adding >>>>> 3. check for injections possibilities and improve the security of all >>>>> the functions >>>>> 4. prepare full test scripts for all the functions >>>>> 5. prepare developer guide and database architecture diagrams >>>>> >>>>> expect your feedback >>>>> >>>>> [1] https://github.com/asanthamax/mongodbuserstore >>>>> [2] >>>>> https://docs.google.com/document/d/1mdnmYruzQz5QSxAYwM1XVeJntJMFdxUsV5gord7LuPA/edit?u
Re: [Dev] deep neural network for detect frauds
Hi Nirmal, The data is not in hand right now.. but we can assume we have data. Currently in Identity Server, it does not publish security related events such as login, logout, password change etc. What Asantha would do is write a Listener ( i.e extend AbstractUserOperationEventListener) and for each user operation it would publish an event. Once he does it, we can perform some user operations with a load test and gather data (get the events generated). Based on this data he needs to carry out the analysis. Thanks, TharinduE On Mon, Jun 27, 2016 at 6:22 PM, Nirmal Fernando <nir...@wso2.com> wrote: > Seshika implemented a fraud detection toolbox using Markov chain models > (using real-time siddhi queries) [1]. API-M Analytics product uses Markov > chain model to detect abnormal resource access patterns. > > In WSO2 ML, we have implemented a clustering based anomaly detection > algorithm [2]. > > [1] > http://wso2.com/analytics/solutions/fraud-and-anomaly-detection-solution/ > [2] > https://docs.wso2.com/display/ML110/Generating+a+Model+Using+the+K+Means+Anomaly+Detection+Algorithm+with+Labeled+Data > > > On Mon, Jun 27, 2016 at 5:45 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> +DamithN, Seshika, Nirmal >> >> >> @DamithN - I found the mail thread [1] bit similar. Are there any other >> reference to the work you've done for that ? >> >> @Seshika, Nirmal - Do you guys have any input for the work Asantha is >> trying to do ? He is a GSoC student that I mentor this year. >> >> Appreciate if you can help him out with this. >> >> >> [1] "[Architecture] Security Authentication Analytics" >> >> Thanks, >> TharinduE >> >> On Mon, Jun 27, 2016 at 4:15 PM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi all, >>> >>> i am a GSOC student who doing the *project 21 : NoSQL User Store >>> Development for Identity Server* and i am developing a *convolutional >>> neural network* to detect *frauds* using deeplearning4j[1] for my >>> research, i have done some case studies regarding fraud patterns ,i have >>> mainly focused on frauds that can be occur in online money transactions and >>> in login authentications i have refer some research papers[2],[3] and a >>> white paper[4] regrading those possible fraud patterns >>> I choosed convolutional neural network to develop my model but i am >>> little confused about how could include those fraud patterns in to my model >>> in a way it can detect a fraud in real time >>> >> > Once you have a built model, you could write a siddhi extension to perform > predictions (i.e. detect frauds in this case). > > Question: do we have data in hand? or are you trying to build a model on > the fly? > > and also is convolutional network is a best way to achieve my task or is >>> there any better method than this?,i would be grateful if anyone can guide >>> me to achieve this task >>> [1]http://deeplearning4j.org/convolutionalnets >>> [2]http://www.ijsce.org/attachments/File/NCAI2011/IJSCE_NCAI2011_025.pdf >>> [3] >>> https://www.researchgate.net/publication/200795976_Fraud_Detection_using_Neural_Networks >>> [4]https://neo4j.com/resources/fraud-detection-white-paper/ >>> >>> Thanks, >>> Asantha >>> >> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : tharindue.blogspot.com >> mobile : +94 775181586 >> > > > > -- > > Thanks & regards, > Nirmal > > Team Lead - WSO2 Machine Learner > Associate Technical Lead - Data Technologies Team, WSO2 Inc. > Mobile: +94715779733 > Blog: http://nirmalfdo.blogspot.com/ > > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] deep neural network for detect frauds
+DamithN, Seshika, Nirmal @DamithN - I found the mail thread [1] bit similar. Are there any other reference to the work you've done for that ? @Seshika, Nirmal - Do you guys have any input for the work Asantha is trying to do ? He is a GSoC student that I mentor this year. Appreciate if you can help him out with this. [1] "[Architecture] Security Authentication Analytics" Thanks, TharinduE On Mon, Jun 27, 2016 at 4:15 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi all, > > i am a GSOC student who doing the *project 21 : NoSQL User Store > Development for Identity Server* and i am developing a *convolutional > neural network* to detect *frauds* using deeplearning4j[1] for my > research, i have done some case studies regarding fraud patterns ,i have > mainly focused on frauds that can be occur in online money transactions and > in login authentications i have refer some research papers[2],[3] and a > white paper[4] regrading those possible fraud patterns > I choosed convolutional neural network to develop my model but i am little > confused about how could include those fraud patterns in to my model in a > way it can detect a fraud in real time and also is convolutional network is > a best way to achieve my task or is there any better method than this?,i > would be grateful if anyone can guide me to achieve this task > [1]http://deeplearning4j.org/convolutionalnets > [2]http://www.ijsce.org/attachments/File/NCAI2011/IJSCE_NCAI2011_025.pdf > [3] > https://www.researchgate.net/publication/200795976_Fraud_Detection_using_Neural_Networks > [4]https://neo4j.com/resources/fraud-detection-white-paper/ > > Thanks, > Asantha > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Good work Asantha... Meanwhile let's look at getting your research work published as well. I will provide feedback for the work so far in couple of days time. I have also completed the Mid Review based on your current work where you are already ahead of schedule. Regards, TharinduE On Wed, Jun 22, 2016 at 9:41 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > following is the summary of operations i have implemented up to now and > yet to implement > > 1. Add new MongoDB User Store - done both case sensitive and intensensitive > 2. Add new users to MongoDB user store - done both case sensitive and > intensensitive > 3. Add new roles to MongoDB user store - done both case sensitive and > intensensitive > 4. Search users and roles - done both case sensitive and intensensitive > 5. Assign roles to mongodb user store users - done both case sensitive and > intensensitive > 6. Assign users to mongodb user store roles - done both case sensitive and > intensensitive > 7. Edit claim values of user profiles - done both case sensitive and > intensensitive > for those implemented user operations i have added selenium scripts also > to my repo[1] and also i have prepared user guide[2] and administrator > guide[3] also and also i have updated my blog[4] with all my tasks what i > have done and following are the tasks yet to complete > > 1. implement delete operations > 2. implement new profiles adding > 3. check for injections possibilities and improve the security of all the > functions > 4. prepare full test scripts for all the functions > 5. prepare developer guide and database architecture diagrams > > expect your feedback > > [1] https://github.com/asanthamax/mongodbuserstore > [2] > https://docs.google.com/document/d/1mdnmYruzQz5QSxAYwM1XVeJntJMFdxUsV5gord7LuPA/edit?usp=sharing > [3] > https://docs.google.com/document/d/1fCLfZYsPOBkHMzRCGM3aexoBSplX3bKIRmONmFsgkBc/edit?usp=sharing > [4] http://asanthamax.blogspot.com > > Thanks, > Asantha > > On Wed, Jun 22, 2016 at 12:29 AM, Asantha Thilina < > asanthathil...@gmail.com> wrote: > >> Hi Tharindu, >> >> I have finished the case insensitive user operations as well and i added >> selenium test scripts for those implemented functions to my repo[1] except >> delete function all the other functions with test script added to my repo[1] >> >> [1] https://github.com/asanthamax/mongodbuserstore >> >> Thanks, >> Asantha >> >> On Fri, Jun 17, 2016 at 2:28 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> sure i'll be look forward for the hangout >>> >>> Thanks, >>> Asantha >>> >>> On Fri, Jun 17, 2016 at 2:22 AM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> Hi Asantha, >>>> >>>> I will go through the docs and provide feedback soon. Let's have a >>>> hangout session to discuss the pending issues. >>>> >>>> I'm available today 9.00 P.M IST for a google hangout. >>>> >>>> Thanks, >>>> TharinduE >>>> >>>> On Fri, Jun 17, 2016 at 11:30 AM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> I have prepared the user guide[1] and administrator guide[2] in google >>>>> doc since all tasks are not finished yet i have only added the tasks i >>>>> have >>>>> already done and there is still the developer guide has to be prepare i >>>>> will prepare it as sooner as well >>>>> >>>>> [1] >>>>> https://docs.google.com/document/d/1fCLfZYsPOBkHMzRCGM3aexoBSplX3bKIRmONmFsgkBc/edit?usp=sharing >>>>> [2] >>>>> https://docs.google.com/document/d/1mdnmYruzQz5QSxAYwM1XVeJntJMFdxUsV5gord7LuPA/edit?usp=sharing >>>>> >>>>> Thanks, >>>>> Asantha >>>>> >>>>> On Tue, Jun 14, 2016 at 1:55 AM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> >>>>>> sure i will prepare those documents sooner >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Mon, Jun 13, 2016 at 9:38 PM, Tharindu Edirisinghe < >>>>>> tharin...@wso2.com> wrote: >>>>>> >>>>>>> Excellent work Asantha ! >&
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, I will go through the docs and provide feedback soon. Let's have a hangout session to discuss the pending issues. I'm available today 9.00 P.M IST for a google hangout. Thanks, TharinduE On Fri, Jun 17, 2016 at 11:30 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > I have prepared the user guide[1] and administrator guide[2] in google doc > since all tasks are not finished yet i have only added the tasks i have > already done and there is still the developer guide has to be prepare i > will prepare it as sooner as well > > [1] > https://docs.google.com/document/d/1fCLfZYsPOBkHMzRCGM3aexoBSplX3bKIRmONmFsgkBc/edit?usp=sharing > [2] > https://docs.google.com/document/d/1mdnmYruzQz5QSxAYwM1XVeJntJMFdxUsV5gord7LuPA/edit?usp=sharing > > Thanks, > Asantha > > On Tue, Jun 14, 2016 at 1:55 AM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> sure i will prepare those documents sooner >> >> Thanks, >> Asantha >> >> On Mon, Jun 13, 2016 at 9:38 PM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Excellent work Asantha ! >>> >>> Meanwhile you can prepare a document also adding the screenshots you >>> have got. Basically we will need following documentation. >>> >>> 1. Developer Guide ( The architecture of the userstoremanager, diagrams >>> of all the collections, how they are related to each other etc.) >>> >>> 2. Administrator Guide (How to guide a server administrator to setup a >>> secondary userstore with mongodb) >>> >>> 3. User Guide (All the functionality of the userstoremanager, i.e each >>> function in RemoteUserStoreManager with sample SOAP requests and responses) >>> >>> We will need to look at the QA aspect of the project also.. but let's >>> keep aside for the moment until we get all the functionality working. >>> >>> Thanks for all the hard work ! >>> >>> Best Regards, >>> Tharindu Edirisinghe >>> >>> On Tue, Jun 14, 2016 at 12:46 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> as you advice me i added soap ui screen shots of test result and >>>> selenium script for implemented functions into my repository[1] >>>> >>>> [1] https://github.com/asanthamax/mongodbuserstore >>>> Thanks, >>>> Asantha >>>> >>>> On Mon, Jun 13, 2016 at 6:23 AM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> i updated my blog[1] with all the works i have done so far there i >>>>> added all the methods and their use in MongoDBUserStoreManager , >>>>> hopes your feedback >>>>> [1] http://asanthamax.blogspot.com/ >>>>> Thanks, >>>>> Asantha >>>>> >>>>> On Sun, Jun 12, 2016 at 2:11 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> >>>>>> i have solved the login issue for registered users in my mongodb user >>>>>> store. after compare my implementation with JDBCUserStoreManager i >>>>>> realized >>>>>> that i would gone through the wrong path by implementing UserStoreManager >>>>>> so i changed it by extending AbstractUserStoreManager instead of >>>>>> UserStoreManager thereafter most of the issues i have faced being >>>>>> resolved >>>>>> now it can add new users,roles and assign users to roles ,roles to users >>>>>> can change user profile claim values and also registered users can >>>>>> successfully logged into IS still the delete part has to be implemented >>>>>> and >>>>>> i will prepare a test scripts for my already implemented working parts >>>>>> sooner and from implemented modules only issue i'm facing at the moment >>>>>> is >>>>>> i can't decrypt the salted password of MongoDB server configuration in >>>>>> user >>>>>> store property xml file >>>>>> And also I need some advice from you to how i can improve the >>>>>> security of my query parameters in MongoDB >>>>>> i updated all my works in my repository[1] >>>>>>
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Excellent work Asantha ! Meanwhile you can prepare a document also adding the screenshots you have got. Basically we will need following documentation. 1. Developer Guide ( The architecture of the userstoremanager, diagrams of all the collections, how they are related to each other etc.) 2. Administrator Guide (How to guide a server administrator to setup a secondary userstore with mongodb) 3. User Guide (All the functionality of the userstoremanager, i.e each function in RemoteUserStoreManager with sample SOAP requests and responses) We will need to look at the QA aspect of the project also.. but let's keep aside for the moment until we get all the functionality working. Thanks for all the hard work ! Best Regards, Tharindu Edirisinghe On Tue, Jun 14, 2016 at 12:46 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > as you advice me i added soap ui screen shots of test result and selenium > script for implemented functions into my repository[1] > > [1] https://github.com/asanthamax/mongodbuserstore > Thanks, > Asantha > > On Mon, Jun 13, 2016 at 6:23 AM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> i updated my blog[1] with all the works i have done so far there i added >> all the methods and their use in MongoDBUserStoreManager , >> hopes your feedback >> [1] http://asanthamax.blogspot.com/ >> Thanks, >> Asantha >> >> On Sun, Jun 12, 2016 at 2:11 PM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> i have solved the login issue for registered users in my mongodb user >>> store. after compare my implementation with JDBCUserStoreManager i realized >>> that i would gone through the wrong path by implementing UserStoreManager >>> so i changed it by extending AbstractUserStoreManager instead of >>> UserStoreManager thereafter most of the issues i have faced being resolved >>> now it can add new users,roles and assign users to roles ,roles to users >>> can change user profile claim values and also registered users can >>> successfully logged into IS still the delete part has to be implemented and >>> i will prepare a test scripts for my already implemented working parts >>> sooner and from implemented modules only issue i'm facing at the moment is >>> i can't decrypt the salted password of MongoDB server configuration in user >>> store property xml file >>> And also I need some advice from you to how i can improve the security >>> of my query parameters in MongoDB >>> i updated all my works in my repository[1] >>> >>> [1]https://github.com/asanthamax/mongodbuserstore >>> >>> Thanks, >>> Asantha >>> >>> On Fri, Jun 10, 2016 at 12:51 PM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> sorry for the delay i have updated my blog today and i'm keep posting >>>> all the progress in their[1] up to now and i am look forward for your >>>> feedbacks and comments >>>> >>>> [1]http://asanthamax.blogspot.com/ >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Thu, Jun 9, 2016 at 7:37 AM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Asantha, >>>>> >>>>> Great ! There has been a delay in my replies but it's really good to >>>>> see your progress with the project with a minimum level of supervision. >>>>> >>>>> I will arrange a review next week with the Identity Server team for >>>>> the work completed so far and then we can provide the Mid Review feedback >>>>> for the project. >>>>> >>>>> Keep on communicating the progress and the issues you face via emails >>>>> and also update your blog with the findings. >>>>> >>>>> Thank you, >>>>> TharinduE >>>>> >>>>> On Thu, Jun 9, 2016 at 4:44 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> >>>>>> i rearranged the UM_USER_ATTRIBUTE collection now when ever user >>>>>> update his profile, claim values will save in the collection the way we >>>>>> discussed in hangout i updated my repo[1] with latest modification >>>>>> >>>>>> [1] https://github.com/asanthamax/mongo
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, Great ! There has been a delay in my replies but it's really good to see your progress with the project with a minimum level of supervision. I will arrange a review next week with the Identity Server team for the work completed so far and then we can provide the Mid Review feedback for the project. Keep on communicating the progress and the issues you face via emails and also update your blog with the findings. Thank you, TharinduE On Thu, Jun 9, 2016 at 4:44 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > i rearranged the UM_USER_ATTRIBUTE collection now when ever user update > his profile, claim values will save in the collection the way we discussed > in hangout i updated my repo[1] with latest modification > > [1] https://github.com/asanthamax/mongodbuserstore > > Thanks, > Asantha > > On Wed, Jun 8, 2016 at 8:03 AM, Asantha Thilina <asanthathil...@gmail.com> > wrote: > >> Hi Tharindu, >> >> sorry i forget to attach my github repository here is the repository link >> i have update the repository with my latest errors fixed >> https://github.com/asanthamax/mongodbuserstore >> >> Thanks, >> Asantha >> >> On Wed, Jun 8, 2016 at 8:00 AM, Asantha Thilina <asanthathil...@gmail.com >> > wrote: >> >>> Hi Tharindu, >>> >>> I have fixed the claims issue now it can update and add claims to user >>> but still the db structure is same as in relational structure i have >>> currently mapping it to a way we discussed ,most of the issues being fixed >>> now following tasks can do in now MongoDBUserStoreManager >>> can add users. >>> can add roles. >>> can assign roles to users. >>> can assign users to roles. >>> can edit user claim values in update profile. >>> I creating the documentation of my MongoDBUserStoreManager as well >>> sooner i will publish the document and also test scripts as well >>> And also following are the issues now i facing in >>> registered users in my user store domain can't login to the IS it's >>> giving error as MongoDBUserStoreManager can't cast to >>> AbstractUserStoreManager since i done MongoDBUserStoreManager by >>> implementing the UserStoreManager is there any special changes to do in my >>> code to authenticate user ? i debugged and see my doAuthenticate method not >>> get triggered during runtime >>> expect some advice from you >>> >>> Thanks, >>> Asantha >>> >>> On Mon, Jun 6, 2016 at 1:18 AM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> ok sure i will modify the readme content as appropriately,at the moment >>>> i didn't add that feature, set to all default i will modify that to add a >>>> port number also, >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Mon, Jun 6, 2016 at 12:04 AM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Asantha, >>>>> >>>>> We might not need implementing the HybridRoleManager... I'll provide >>>>> you the exact details after trying out the functionality you have >>>>> implemented up to now. >>>>> >>>>> Can you please write a basic document with the steps for creating the >>>>> mongodb database and adding a userstore in IS pointing to the created >>>>> mongodb database and include in the ReadMe of github repo. >>>>> >>>>> Also if mongodb server is running in a different port other than the >>>>> default port, can we still connect to that ? I didn't see a place to >>>>> define >>>>> the port in the configuration.. should it be added as a connection string >>>>> ? >>>>> (didn't go through the code to find what is going wrong) >>>>> >>>>> Thanks, >>>>> TharinduE >>>>> >>>>> On Sun, Jun 5, 2016 at 11:55 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> >>>>>> As we discussed on hangout i doing the changes in UM_USER_ATTRIBUTE >>>>>> collection and also changing the hybrid role to master datasource but >>>>>> when >>>>>> i try to add user to hybrid role i facing
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha,
We might not need implementing the HybridRoleManager... I'll provide you
the exact details after trying out the functionality you have implemented
up to now.
Can you please write a basic document with the steps for creating the
mongodb database and adding a userstore in IS pointing to the created
mongodb database and include in the ReadMe of github repo.
Also if mongodb server is running in a different port other than the
default port, can we still connect to that ? I didn't see a place to define
the port in the configuration.. should it be added as a connection string ?
(didn't go through the code to find what is going wrong)
Thanks,
TharinduE
On Sun, Jun 5, 2016 at 11:55 PM, Asantha Thilina <asanthathil...@gmail.com>
wrote:
> Hi Tharindu,
>
> As we discussed on hangout i doing the changes in UM_USER_ATTRIBUTE
> collection and also changing the hybrid role to master datasource but when
> i try to add user to hybrid role i facing a small issue i can't grab the
> datasource ,in HybridRoleManager class it need to give java.sql.DataSource
> but in my current user store manager class i have never used a sql
> datasource(since it nosql) so i think i need to grab the master datasource
> of IS which is h2 database datasource, is there a way to get the primary
> datasource?
>
> Thanks,
> Asantha
>
> On Sat, Jun 4, 2016 at 1:59 PM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> The call details are as following.
>>
>> 1. Demonstrated how to use WSO2 admin services.
>>
>> 2. All the user operations in *RemoteUserStoreManagerService *[1] should
>> be tested (using SOAP UI) for the mongodb userstore.
>>
>> 3. When the user profile is saved in a JDBC userstore, for each attribute
>> of the user, it will add a new entry in *UM_USER_ATTRIBUTE **(Refer [2]
>> for more information) *like below.
>>
>>
>> +---+--+-+---++--+
>> | UM_ID | UM_ATTR_NAME | UM_ATTR_VALUE | UM_PROFILE_ID |
>> UM_USER_ID | UM_TENANT_ID |
>>
>> +---+--+-+---++--+
>> | 1 | im | | default
>> | 1 |-1234 |
>> | 2 | region | Western | default
>> | 1 |-1234 |
>> | 3 | streetAddress| | default
>> | 1 |-1234 |
>> | 4 | country | | default
>> | 1 |-1234 |
>> | 5 | mobile | | default
>> | 1 |-1234 |
>> | 6 | sn | NewLastname | default
>> | 1 |-1234 |
>> | 7 | profileConfiguration | default | default
>> | 1 |-1234 |
>> | 8 | dateOfBirth | | default
>> | 1 |-1234 |
>> | 9 | mail | newu...@new.com | default
>> | 1 |-1234 |
>> |10 | organizationName | WSO2| default
>> | 1 |-1234 |
>> |11 | givenName| NewUser | default
>> | 1 |-1234 |
>> |12 | province | western | default
>> | 1 |-1234 |
>>
>> +---+--+-+---++--+
>>
>> Performance wise this is not a good design. For mongodb userstore, I
>> suggested to add a new document in *UM_USER_ATTRIBUTE *collection for
>> each user. If the attribute value is empty in the profile, an empty string
>> can be stored.
>>
>> {
>>"im": "",
>>" region": "Western",
>>"street": "Address",
>>"country": "",
>>"mobile": "",
>>"sn": "NewLastname",
>>"profileConfiguration": "default",
>>"dateOfBirth": "",
>>"mail": "newu...@new.com",
>>"organizationName": "WSO2",
>>"givenName": "NewUser",
>>"province": "western"
>>
>> }
>>
>> 3. Profile saving is having some issues currently and we need to further
>> investigate what is going wrong. Until the issue is figured out, asked to
>> manually create json documents in *UM_USER_ATTRIBUTE *collection and
>> implement the retrieval of user attributes.
>>
>> *(can test getU
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
The call details are as following.
1. Demonstrated how to use WSO2 admin services.
2. All the user operations in *RemoteUserStoreManagerService *[1] should be
tested (using SOAP UI) for the mongodb userstore.
3. When the user profile is saved in a JDBC userstore, for each attribute
of the user, it will add a new entry in *UM_USER_ATTRIBUTE **(Refer [2] for
more information) *like below.
+---+--+-+---++--+
| UM_ID | UM_ATTR_NAME | UM_ATTR_VALUE | UM_PROFILE_ID |
UM_USER_ID | UM_TENANT_ID |
+---+--+-+---++--+
| 1 | im | | default |
1 |-1234 |
| 2 | region | Western | default |
1 |-1234 |
| 3 | streetAddress| | default |
1 |-1234 |
| 4 | country | | default |
1 |-1234 |
| 5 | mobile | | default |
1 |-1234 |
| 6 | sn | NewLastname | default |
1 |-1234 |
| 7 | profileConfiguration | default | default |
1 |-1234 |
| 8 | dateOfBirth | | default |
1 |-1234 |
| 9 | mail | newu...@new.com | default |
1 |-1234 |
|10 | organizationName | WSO2| default |
1 |-1234 |
|11 | givenName| NewUser | default |
1 |-1234 |
|12 | province | western | default |
1 |-1234 |
+---+--+-+---++--+
Performance wise this is not a good design. For mongodb userstore, I
suggested to add a new document in *UM_USER_ATTRIBUTE *collection for each
user. If the attribute value is empty in the profile, an empty string can
be stored.
{
"im": "",
" region": "Western",
"street": "Address",
"country": "",
"mobile": "",
"sn": "NewLastname",
"profileConfiguration": "default",
"dateOfBirth": "",
"mail": "newu...@new.com",
"organizationName": "WSO2",
"givenName": "NewUser",
"province": "western"
}
3. Profile saving is having some issues currently and we need to further
investigate what is going wrong. Until the issue is figured out, asked to
manually create json documents in *UM_USER_ATTRIBUTE *collection and
implement the retrieval of user attributes.
*(can test getUserClaimValues method in the admin service using SOAP UI)*
4. For the analytics part of the project, suggested to extend the
*AbstractUserOperationEventListener
*class [1] and override the methods for publishing events.
5. Developer documentation, Administration Guide and Testing Guide *(sample
SOAP requests and responses in RemoteUserStoreManagerService API) *should
be written as deliverables. For all actions related to the mongodb
userstore manager *(i.e add user, delete user, add role ...) *, Selenium
scripts should be provided *(can use firefox selenium addon and record each
operation and provide the scripts)*.
So far the progress is satisfactory. Keep on the good work !
[1] https://localhost:9443/services/RemoteUserStoreManagerService?wsdl
[2]
http://tharindue.blogspot.com/2015/04/wso2-identity-server-data-dictionary.html
[3]
https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserOperationEventListener.java
Thank you,
TharinduE
On Sat, Jun 4, 2016 at 9:48 AM, Asantha Thilina <asanthathil...@gmail.com>
wrote:
> Hi Tharindu,
>
> ok sure i will look forward for that
>
> Thanks,
> Asantha
>
> On Fri, Jun 3, 2016 at 2:44 PM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> Hi Asantha,
>>
>> Shall we have a google hangout tomorrow (Saturday) at 9.00 p.m ? So we
>> can discuss about the issues you are facing and get them resolved.
>>
>> Regards,
>> TharinduE
>>
>> On Fri, Jun 3, 2016 at 11:43 PM, Asantha Thilina <
>> asanthathil...@gmail.com> wrote:
>>
>>> Hi Tharindu,
>>>
>>> i fixed the most of the errors appeared in my user store in user
>>> management side now it's almost done in user management side now i can add
>>> new users ,roles and search roles of users and users of roles only issue i
>>> having now is i can't update a user profile of user in user store i getting
>>> a exception ,i want to get some advice from you to r
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, Shall we have a google hangout tomorrow (Saturday) at 9.00 p.m ? So we can discuss about the issues you are facing and get them resolved. Regards, TharinduE On Fri, Jun 3, 2016 at 11:43 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > i fixed the most of the errors appeared in my user store in user > management side now it's almost done in user management side now i can add > new users ,roles and search roles of users and users of roles only issue i > having now is i can't update a user profile of user in user store i getting > a exception ,i want to get some advice from you to resolve that error and > to implement a logic to commit transaction in mongodb and also another > small problem is when i added a new claim where will it save in primary > user store ? is there any feature to change the user store where claims > going to save. like it giving an option to select userstore in a dropdown > when adding newusers and roles. > > all the works i have done so far in my repo[1] > > [1] . https://github.com/asanthamax/mongodbuserstore > > Thanks, > Asantha > > On Wed, Jun 1, 2016 at 3:00 AM, Asantha Thilina <asanthathil...@gmail.com> > wrote: > >> >> -- Forwarded message -- >> From: Asantha Thilina <asanthathil...@gmail.com> >> Date: Wed, Jun 1, 2016 at 2:59 AM >> Subject: Fwd: GSOC 2016 - Project 21 : MongoDB Userstore Development >> To: WSO2 Developers' List <dev@wso2.org>, Tharindu Edirisinghe < >> tharin...@wso2.com> >> >> >> >> -- Forwarded message -- >> From: Asantha Thilina <asanthathil...@gmail.com> >> Date: Wed, Jun 1, 2016 at 2:51 AM >> Subject: Re: GSOC 2016 - Project 21 : MongoDB Userstore Development >> To: Tharindu Edirisinghe <tharin...@wso2.com> >> Cc: WSO2 Developers' List <dev@wso2.org>, Lakmal Rupasinghe < >> lakma...@sliit.lk> >> >> >> Hi Tharindu, >> >> I fixed the most of the errors i got now my user store working it is >> successfully registered and can add users and roles to user store as well >> still there are some issues in other functions those are query errors i >> still fixing those as well ,i having some issues about database >> transaction point of view and i need some advice from you, in mongodb there >> is no option to rollback transaction if error occurred how can i manage it? >> can we arrange a hangout meeting today or any comfortable day for you ? i'm >> ok with any time >> all the updates up to now i pushed to my repository[1] >> >> [1] https://github.com/asanthamax/mongodbuserstore >> >> Thanks, >> Asantha >> >> On Fri, May 27, 2016 at 1:56 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> sure i'll be look forward for that >>> >>> Thanks, >>> Asantha >>> >>> On Thu, May 26, 2016 at 9:37 PM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> Hi Asantha, >>>> >>>> Glad to hear the progress... Sure I'll review over the weekend and >>>> provide feedback. By next week we'll have a hangout to discuss on how to >>>> move forward and the difficulties you have faced. Keep the momentum going >>>> ! >>>> >>>> Regards, >>>> TharinduE >>>> >>>> On Fri, May 27, 2016 at 12:17 AM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> i been able to fix the mongodb user store intitalizing error now it >>>>> working successfully it will be registered as a secondary user store in IS >>>>> and when going to add a new users and roles it will show the domain of >>>>> mongodb userstore still i having small issues in my json query formats for >>>>> mongodb i fixing those issues at the moment all the progress so far i made >>>>> updated to my github repository[1] and i recently updated my blog[2] as >>>>> well,can you review my code and give me a feedback? >>>>> >>>>> [1]https://github.com/asanthamax/mongodbuserstore >>>>> [2]http://asanthamax.blogspot.com/ >>>>> >>>>> Thanks, >>>>> Asantha >>>>> >>>>> On Sun, May 22, 2016 at 3:38 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>&
Re: [Dev] [IS] Not able to login to the system after configuring OTP with secondary user store
lang.Thread.run(Thread.java:745) > Caused by: java.security.PrivilegedActionException: > java.lang.reflect.InvocationTargetException > at java.security.AccessController.doPrivileged(Native Method) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:148) > ... 85 more > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:151) > ... 87 more > Caused by: org.wso2.carbon.user.core.UserStoreException: UserNotFound: > User Test4does not exist in: PRIMARY > at > org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValues(AbstractUserStoreManager.java:696) > ... 91 more > > Thanks > > -- > Prakhash Sivakumar > Software Engineer | WSO2 Inc > Platform Security Team > Mobile : +94771510080 > Blog : https://medium.com/@PrakhashS > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, Glad to hear the progress... Sure I'll review over the weekend and provide feedback. By next week we'll have a hangout to discuss on how to move forward and the difficulties you have faced. Keep the momentum going ! Regards, TharinduE On Fri, May 27, 2016 at 12:17 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > i been able to fix the mongodb user store intitalizing error now it > working successfully it will be registered as a secondary user store in IS > and when going to add a new users and roles it will show the domain of > mongodb userstore still i having small issues in my json query formats for > mongodb i fixing those issues at the moment all the progress so far i made > updated to my github repository[1] and i recently updated my blog[2] as > well,can you review my code and give me a feedback? > > [1]https://github.com/asanthamax/mongodbuserstore > [2]http://asanthamax.blogspot.com/ > > Thanks, > Asantha > > On Sun, May 22, 2016 at 3:38 PM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> I have override all the methods in AbstractUserStoreManager in my >> MongoDBUserStoreManager class after that when i try to add new secondary >> user store in management console i got following error i attached the >> screen shot of the error with this mail >> i have pushed all the progress upto now to my github repository[1] >> can you give me some tips to solve this issue? >> any suggestion would be grateful >> [1] https://github.com/asanthamax/mongodbuserstore >> Thanks, >> Asantha >> >> On Thu, May 19, 2016 at 11:47 PM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> sorry for the late reply ,as you advised i remove the scr reference and >>> its corresponding methods from user store now it's works fine but i having >>> another small issue if i wanted to run my mongodb user store as as my >>> primary user store how would i do that? >>> i added my user store configurations to user-mgt.xml file and comented >>> the ldap userstore properties and i added MongoDBUserStore to >>> tenant-mgt.xml as well but then i get error as datasource cannot be casted >>> to MongoDB db source while deploying thats mean its still referring to >>> Default Activator inside carbon core module how would i set it to my >>> activator to reffer? >>> any suggestion or help would be grateful >>> Thanks, >>> Asantha >>> >>> On Wed, May 18, 2016 at 10:29 PM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> Hi Asantha, >>>> >>>> Great progress so far ! >>>> >>>> Since the reference is given to realm service in the bundle activator, >>>> you should be facing the issue. Can you remove the service reference from >>>> the bundle activator class. (You can delete the following from the class). >>>> >>>> * @scr.reference name="user.realmservice.default" >>>> * interface="org.wso2.carbon.user.core.service.RealmService" >>>> cardinality="1..1" >>>> * policy="dynamic" bind="setRealmService" >>>> * unbind="unsetRealmService" >>>> >>>> Also delete the following methods where realm service is used. >>>> >>>> getRealmService() >>>> setRealmService(RealmService rlmService) >>>> unsetRealmService(RealmService rlmService) >>>> >>>> After that can you try if the userstore manager is working as expected. >>>> If you face any issues, please get back. >>>> >>>> Thank you, >>>> TharinduE >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Sun, May 15, 2016 at 7:48 PM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> I found the issue after debugging into my code ,my service bundle is >>>>> not get activated because i referring into mongodb-driver which is not >>>>> osgi >>>>> comaptible and i just found another library in here[1] and it is worked >>>>> for >>>>> me ,fixed project i pushed into my github repository [2]. >>>>> i found out that *DefaultRealmService* which is used in Bundle >>>>> Activator of JDBCUserstoreManager cannot
Re: [Dev] GSOC 2016 - Project 21 : MongoDB Userstore Development
Hi Asantha, Great progress so far ! Since the reference is given to realm service in the bundle activator, you should be facing the issue. Can you remove the service reference from the bundle activator class. (You can delete the following from the class). * @scr.reference name="user.realmservice.default" * interface="org.wso2.carbon.user.core.service.RealmService" cardinality="1..1" * policy="dynamic" bind="setRealmService" * unbind="unsetRealmService" Also delete the following methods where realm service is used. getRealmService() setRealmService(RealmService rlmService) unsetRealmService(RealmService rlmService) After that can you try if the userstore manager is working as expected. If you face any issues, please get back. Thank you, TharinduE On Sun, May 15, 2016 at 7:48 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > I found the issue after debugging into my code ,my service bundle is not > get activated because i referring into mongodb-driver which is not osgi > comaptible and i just found another library in here[1] and it is worked for > me ,fixed project i pushed into my github repository [2]. > i found out that *DefaultRealmService* which is used in Bundle Activator > of JDBCUserstoreManager cannot be used for MongoDB since it used > *java.sql.DataSource*. > Is their having any DataSource class like that for MongoDB? or would i > have to create a different logic to implement that scenario in MongoDB? > waiting for your suggestion > > [1]. http://central.maven.org/maven2/org/mongodb/mongo-java-driver/3.2.2/ > [2]. https://github.com/asanthamax/mongodbuserstore > Thanks, > Asantha > > On Sat, May 14, 2016 at 10:53 AM, Asantha Thilina < > asanthathil...@gmail.com> wrote: > >> Hi Tharindu, >> >> i faced following issue while i developing , >> after adding my new json query support i didn't able to see My >> MongoDBUserStore in dropdown in create user store option. >> for json related activites i used an external json dependency from >> here[1] and i added it jar to lib folder in IS as well,i have enabled >> remote debugging and inspect my code and there i found in my >> *MongoDBUserStoreDSComponent >> *class *activate *method triggered but execute 1st line of code only. it >> will not registered the service but in my osgi console window when i run *ss >> mongo* command i get monodb.userstore bundle and mongodb java driver >> bundle are activated successfully i attached my console output and identity >> server output for your consideration as well >> any suggestion would be grateful >> >> [1]. http://mvnrepository.com/artifact/org.json/json/20160212 >> my github repository >> >> https://github.com/asanthamax/mongodbuserstore/tree/master/mongodb.userstoremanager >> Thanks, >> Asantha >> >> >> On Thu, May 12, 2016 at 2:01 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Tharindu, >>> >>> since mongodb driver not having prepared statement support earlier i >>> developed a logic to support prepared statement but i realized that it has >>> a limitation such as parameters has to be pass as same order it exists in >>> prepared statement then as you suggested to use key value relationship >>> instead of order during our hangout conversation i created a new logic same >>> to prepared statement in sql and it will work according to key value >>> relationship and i created standard query format for mongodb with json to >>> support prepared statements and i rewrite the JDBCRealmConstants class with >>> those supporting json queries instead of sql queries >>> >>> All of my prepared statement methods contain in MongoDBPreparedStatement >>> interface and its implementation in MongoDBPreparedStatementImpl class >>> >>> All the changes i have pushed to my repo in here[1] >>> >>> security of this prepared statements has to be improve >>> >>> I'll be grateful if you can provide me some suggestions to improve it >>> and also another small issue i having is can i write a DataSource for >>> MongoDB as in java.sql.DataSource ? >>> >>> [1] >>> https://github.com/asanthamax/mongodbuserstore/tree/master/mongodb.userstoremanager >>> >>> Thanks, >>> Asantha >>> >> >> > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Clarification on isUserAuthorized method
Hi Milan, You can use MultitenantUtils.getTenantAwareUsername [1] method here. boolean status = authorizationManager.isUserAuthorized( *MultitenantUtils.getTenantAwareUsername(username)* , permission, UI_EXECUTE); Then you can obtain the username without the tenant domain out of the username you already have that contains the tenant domain. [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/multitenancy/MultitenantUtils.java#L40 Regards, TharinduE On Fri, May 13, 2016 at 12:49 PM, Milan Perera <mi...@wso2.com> wrote: > Hi Tharindu, > > No, im not using the *RemoteAuthorizationManagerService *admin service. > Below is the code snippet which I use. > > > RealmService realmService = > OAuthExtensionsDataHolder.getInstance().getRealmService(); > > AuthorizationManager authorizationManager = > realmService.getTenantUserRealm(tenantId).getAuthorizationManager(); > > String username = accessTokenDO.getAuthzUser.getUserName(); *// this returns > the name with tenant domain, ex: admin@carbon.super* > > boolean status = authorizationManager.isUserAuthorized(username , permission, > UI_EXECUTE); > > > Is there anything else that I should do here or is there a way to overcome my > initial issue? > > Thanks, > > > On Fri, May 13, 2016 at 12:25 PM, Tharindu Edirisinghe <tharin...@wso2.com > > wrote: > >> Hi Milan, >> >> Are you calling the *isUserAuthorized *method in >> *RemoteAuthorizationManagerService >> *[1] admin service ? If so you need to send the username without the >> tenant domain. The tenant domain of the user is derived by the admin's >> tenant domain who calls the admin service. >> >> [1] >> https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl >> >> Regards, >> TharinduE >> >> On Fri, May 13, 2016 at 11:17 AM, Milan Perera <mi...@wso2.com> wrote: >> >>> Hi all, >>> >>> Im using "*isUserAuthorized*" method to check whether a particular user >>> has relevant permission. >>> However when I pass the username as "*admin@carbon.super*" as a >>> parameter, I always get '*false*' and if I pass just "*admin*" it >>> returns '*true*'. >>> >>> Is this the expected behavior or is there any other way to do that? >>> >>> Thanks, >>> -- >>> *Milan Perera *| Software Engineer >>> WSO2, Inc | lean. enterprise. middleware. >>> #20, Palm Grove, Colombo 03, Sri Lanka >>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345 >>> Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com >>> <http://lk.linkedin.com/in/milanharinduperera> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Tharindu Edirisinghe >> Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : tharindue.blogspot.com >> mobile : +94 775181586 >> > > > > -- > *Milan Perera *| Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 77 309 7088 | Work: +94 11 214 5345 > Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com > <http://lk.linkedin.com/in/milanharinduperera> > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Clarification on isUserAuthorized method
Hi Milan, Are you calling the *isUserAuthorized *method in *RemoteAuthorizationManagerService *[1] admin service ? If so you need to send the username without the tenant domain. The tenant domain of the user is derived by the admin's tenant domain who calls the admin service. [1] https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl Regards, TharinduE On Fri, May 13, 2016 at 11:17 AM, Milan Perera <mi...@wso2.com> wrote: > Hi all, > > Im using "*isUserAuthorized*" method to check whether a particular user > has relevant permission. > However when I pass the username as "*admin@carbon.super*" as a > parameter, I always get '*false*' and if I pass just "*admin*" it returns > '*true*'. > > Is this the expected behavior or is there any other way to do that? > > Thanks, > -- > *Milan Perera *| Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 77 309 7088 | Work: +94 11 214 5345 > Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com > <http://lk.linkedin.com/in/milanharinduperera> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSOC 2016 - Project 21 : Review Proposal
Hi Asantha, How about 4.30 p.m today ? Regards, TharinduE On Mon, Apr 25, 2016 at 8:19 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > thanks for the wishes and i am really interesting and looking forward to > continue on project,yeah sure we will have a hangout and i would be > grateful if we can arrange the meeting on evening round about 3.00 P.M. or > any time later that ,is it ok > > Thanks, > Asantha > > On Mon, Apr 25, 2016 at 6:57 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Asantha, >> >> Congratulations on getting selected for GSOC 2016 ! Hope you are doing >> well. Shall we have a google hangout tomorrow 26/04/2016 to discuss how to >> proceed with the project ? What time would suit you ? >> >> Regards, >> TharinduE >> >> On Thu, Mar 24, 2016 at 9:18 AM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi all, >>> >>> Thanks a lot for your valuable comments and feedback i done all the >>> changes as you suggested in feedback and submitted the final document to >>> google ,modified google doc is in here[1] >>> >>> [1] >>> https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing >>> >>> Thanks, >>> Asantha >>> >>> On Wed, Mar 23, 2016 at 8:08 PM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> thanks for the comment, sure i do the modifications as suggested, >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Wed, Mar 23, 2016 at 6:54 PM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Asantha, >>>>> >>>>> I've done some minor modifications to the doc. For the methods exposed >>>>> through the API, can you add them in a table to improve the readability. >>>>> (Chamila has suggested this already as a comment in the doc). You can have >>>>> some columns for Method Name, Return type, parameters, description. >>>>> >>>>> Once you do this, submit it to google because the deadline is tomorrow >>>>> for proposal submission. >>>>> >>>>> Thanks, >>>>> TharinduE >>>>> >>>>> On Wed, Mar 23, 2016 at 9:08 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Tharindu, >>>>>> >>>>>> I modified my project proposal[1] in google doc, as you suggested i >>>>>> added function list which i am going to exposed to apis after modified >>>>>> the >>>>>> content i shared the doc to summer of code. >>>>>> waiting for your feedback >>>>>> [1] >>>>>> https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Tue, Mar 22, 2016 at 8:16 PM, Asantha Thilina < >>>>>> asanthathil...@gmail.com> wrote: >>>>>> >>>>>>> Hi Tharindu, >>>>>>> >>>>>>> thanks a lot for the feedbacks, sure i will modify the content of >>>>>>> the proposal as suggested and submit to google within today >>>>>>> >>>>>>> Thanks, >>>>>>> Asantha >>>>>>> >>>>>>> >>>>>>> On Wed, Mar 23, 2016 at 7:45 AM, Tharindu Edirisinghe < >>>>>>> tharin...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi Asantha, >>>>>>>> >>>>>>>> I've added the latest proposal you've sent to google docs in [1]. >>>>>>>> As Chamila suggested, can you list down the methods that you expose in >>>>>>>> the >>>>>>>> API (public methods in the userstore manager) in the proposal so that >>>>>>>> it is >>>>>>>> easy to understand the functionality of the userstore manager. Also it >>>>>>>> is >>>>>>>> better to submit the proposal to google now and update later if any >>>>>>>> modification is needed. >>>
Re: [Dev] GSOC 2016 - Project 21 : Review Proposal
Hi Asantha, Congratulations on getting selected for GSOC 2016 ! Hope you are doing well. Shall we have a google hangout tomorrow 26/04/2016 to discuss how to proceed with the project ? What time would suit you ? Regards, TharinduE On Thu, Mar 24, 2016 at 9:18 AM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi all, > > Thanks a lot for your valuable comments and feedback i done all the > changes as you suggested in feedback and submitted the final document to > google ,modified google doc is in here[1] > > [1] > https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing > > Thanks, > Asantha > > On Wed, Mar 23, 2016 at 8:08 PM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> thanks for the comment, sure i do the modifications as suggested, >> >> Thanks, >> Asantha >> >> On Wed, Mar 23, 2016 at 6:54 PM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Asantha, >>> >>> I've done some minor modifications to the doc. For the methods exposed >>> through the API, can you add them in a table to improve the readability. >>> (Chamila has suggested this already as a comment in the doc). You can have >>> some columns for Method Name, Return type, parameters, description. >>> >>> Once you do this, submit it to google because the deadline is tomorrow >>> for proposal submission. >>> >>> Thanks, >>> TharinduE >>> >>> On Wed, Mar 23, 2016 at 9:08 PM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Tharindu, >>>> >>>> I modified my project proposal[1] in google doc, as you suggested i >>>> added function list which i am going to exposed to apis after modified the >>>> content i shared the doc to summer of code. >>>> waiting for your feedback >>>> [1] >>>> https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Tue, Mar 22, 2016 at 8:16 PM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> thanks a lot for the feedbacks, sure i will modify the content of the >>>>> proposal as suggested and submit to google within today >>>>> >>>>> Thanks, >>>>> Asantha >>>>> >>>>> >>>>> On Wed, Mar 23, 2016 at 7:45 AM, Tharindu Edirisinghe < >>>>> tharin...@wso2.com> wrote: >>>>> >>>>>> Hi Asantha, >>>>>> >>>>>> I've added the latest proposal you've sent to google docs in [1]. As >>>>>> Chamila suggested, can you list down the methods that you expose in the >>>>>> API >>>>>> (public methods in the userstore manager) in the proposal so that it is >>>>>> easy to understand the functionality of the userstore manager. Also it is >>>>>> better to submit the proposal to google now and update later if any >>>>>> modification is needed. >>>>>> >>>>>> [1] >>>>>> https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing >>>>>> >>>>>> Thanks, >>>>>> TharinduE >>>>>> >>>>>> On Mon, Mar 21, 2016 at 9:58 PM, Asantha Thilina < >>>>>> asanthathil...@gmail.com> wrote: >>>>>> >>>>>>> Hi Chamila, >>>>>>> >>>>>>> Thanks a lot for the feedback, sure i will update my proposal as you >>>>>>> suggested >>>>>>> >>>>>>> Thanks, >>>>>>> Asantha >>>>>>> >>>>>>> On Mon, Mar 21, 2016 at 9:18 AM, Chamila Wijayarathna < >>>>>>> cham...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi Asantha, >>>>>>>> >>>>>>>> Looks good, please talk with Tharindu also before submitting the >>>>>>>> proposal. Even you submit your proposal, you can improve it until 25th. >>>>>>>> >>>>>>>> So if time permits, I would like to suggest you to add some details >>>>>
Re: [Dev] Changing the Primary Keystore password in IS 5.0.0 SP1.
dOnStartup(StandardContext.java:5027) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5314) > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > > Thanks and Best Regards, > > Kamidu Sachith Punchihewa > *Software Engineer* > WSO2, Inc. > lean . enterprise . middleware > Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> > > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Using email as username for a JDBC-based user store
*UserNameSearchFilter* and *UserNameListFilter* are LDAP specific
properties and not needed for JDBC userstores.
If you enable “*EnableEmailUserName*” in carbon.xml file regexp would be
govern by "UsernameWithEmailJavaScriptRegEx" property not the
“UsernameJavaRegEx”.. Therefore, you need to configure new property called
UsernameWithEmailJavaScriptRegEx as following.
[a-zA-Z0-9@
._-|//]{3,30}$
On Mon, Apr 25, 2016 at 10:16 AM, Dilini Gunatilake <dili...@wso2.com>
wrote:
> Hi Farasath,
>
> Those config parameters are not added in the JDBCUserStoreManager by
> default. But, you can follow the same doc you referred and add them
> manually. The required parameters are as follows.
>
> mail
> name="UserNameSearchFilter">((objectClass=identityPerson)(mail=?))
> name="UserNameListFilter">((objectClass=identityPerson)(mail=*))
> name="UsernameJavaRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$
>
> Regards,
> Dilini
>
> On Mon, Apr 25, 2016 at 9:21 AM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> Hi Farasath,
>>
>> Have you looked at [1] ? You should be able to get it to working with the
>> instructions in that.
>>
>> [1] http://xacmlinfo.org/2014/10/07/email-username-with-identity-server/
>>
>> Regards,
>> TharinduE
>>
>> On Mon, Apr 25, 2016 at 7:05 AM, Danushka Fernando <danush...@wso2.com>
>> wrote:
>>
>>> Have you try adding the property to the configuration?
>>>
>>> Thanks & Regards
>>> Danushka Fernando
>>> Senior Software Engineer
>>> WSO2 inc. http://wso2.com/
>>> Mobile : +94716332729
>>>
>>> On Mon, Apr 25, 2016 at 12:02 AM, Farasath Ahamed <farasa...@wso2.com>
>>> wrote:
>>>
>>>> I was able to set email as the username for an LDAP-based user store
>>>> following [1]. Although [1] suggests it's the same for a JDBC-based user
>>>> store I couldn't find the same config parameters in the user-mgt.xml for an
>>>> external JDBC user store.
>>>>
>>>> Can someone pointout how to achieve the $subject?
>>>>
>>>>
>>>> [1]
>>>> https://docs.wso2.com/display/IS510/Using+Email+Address+as+the+Username
>>>>
>>>>
>>>> Farasath Ahamed
>>>> Software Engineer,
>>>> WSO2 Inc.; http://wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>>
>>>> Email: farasa...@wso2.com
>>>> Mobile: +94777603866
>>>> Blog: blog.farazath.com
>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>> _______
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : tharindue.blogspot.com
>> mobile : +94 775181586
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Dilini GunatilakeSoftware Engineer - QA Team*
> Mobile : +94 (0) 771 162518
> dili...@wso2.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Tharindu Edirisinghe
Software Engineer | WSO2 Inc
Platform Security Team
Blog : tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] Using email as username for a JDBC-based user store
Hi Farasath, Have you looked at [1] ? You should be able to get it to working with the instructions in that. [1] http://xacmlinfo.org/2014/10/07/email-username-with-identity-server/ Regards, TharinduE On Mon, Apr 25, 2016 at 7:05 AM, Danushka Fernando <danush...@wso2.com> wrote: > Have you try adding the property to the configuration? > > Thanks & Regards > Danushka Fernando > Senior Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > > On Mon, Apr 25, 2016 at 12:02 AM, Farasath Ahamed <farasa...@wso2.com> > wrote: > >> I was able to set email as the username for an LDAP-based user store >> following [1]. Although [1] suggests it's the same for a JDBC-based user >> store I couldn't find the same config parameters in the user-mgt.xml for an >> external JDBC user store. >> >> Can someone pointout how to achieve the $subject? >> >> >> [1] >> https://docs.wso2.com/display/IS510/Using+Email+Address+as+the+Username >> >> >> Farasath Ahamed >> Software Engineer, >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> >> Email: farasa...@wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Setting up MySQL database
e.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) >>> >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) >>> >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) >>> >>> Caused by: java.lang.Exception: Error occurred while executing : >>> CREATE INDEX REG_PATH_IND_BY_PATH_VALUE USING HASH ON >>> REG_PATH(REG_PATH_VALUE, REG_TENANT_ID) >>> >>> at >>> org.wso2.carbon.utils.dbcreator.DatabaseCreator.executeSQL(DatabaseCreator.java:169) >>> >>> at >>> org.wso2.carbon.utils.dbcreator.DatabaseCreator.executeSQLScript(DatabaseCreator.java:325) >>> >>> at >>> org.wso2.carbon.utils.dbcreator.DatabaseCreator.createRegistryDatabase(DatabaseCreator.java:61) >>> >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.initializeDatabase(DefaultRealmService.java:296) >>> >>> ... 19 more >>> >>> Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: >>> Specified key was too long; max key length is 767 bytes >>> >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) >>> >>> at >>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >>> >>> at >>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >>> >>> at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >>> >>> at com.mysql.jdbc.Util.handleNewInstance(Util.java:404) >>> >>> at com.mysql.jdbc.Util.getInstance(Util.java:387) >>> >>> at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939) >>> >>> at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878) >>> >>> at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814) >>> >>> at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478) >>> >>> at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625) >>> >>> at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547) >>> >>> at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2505) >>> >>> at com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:840) >>> >>> at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:740) >>> >>> at >>> org.wso2.carbon.utils.dbcreator.DatabaseCreator.executeSQL(DatabaseCreator.java:139) >>> >>> ... 22 more >>> >>> >>> [1] https://docs.wso2.com/display/ES200/Setting+up+MySQL >>> [2] >>> -- >>> *S.Elilmatha* >>> Associate Software Engineer, >>> >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> Mobile 0779842221. >>> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > *S.Elilmatha* > Associate Software Engineer, > > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > Mobile 0779842221. > > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] [IS] Change the nameid-format in SAML Response
Hi Waruna, One thing you can try out is setting the "Subject Claim URI" in Claim Configuration of Service Provider. For example if you set the Subject Claim URI to "http://wso2.org/claims.givenname;, then in the SAML response you will not receive the tenant for the username. *admin* However if the Service Provider is SAAS enabled, you won't receive the tenant domain of the logged in user. Regards, TharinduE On Tue, Mar 29, 2016 at 4:42 PM, Waruna Jayaweera <waru...@wso2.com> wrote: > Hi, > I have configured SAML SSO for API manager store ( 1.10.0) with IS 5.1.0. > It seems SAML response nameid contains the full username for super tenant > users as [1]. Is there any way to configure Identity server to send the > SAML response name ID without carbon.super domain [2]. > > [1] Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin@carbon.super > > [2] Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin > Thanks, > Waruna > > > > > -- > Regards, > > Waruna Lakshitha Jayaweera > Software Engineer > WSO2 Inc; http://wso2.com > phone: +94713255198 > > _______ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] GSOC 2016 - Project 21 : Review Proposal
Hi Asantha, I've done some minor modifications to the doc. For the methods exposed through the API, can you add them in a table to improve the readability. (Chamila has suggested this already as a comment in the doc). You can have some columns for Method Name, Return type, parameters, description. Once you do this, submit it to google because the deadline is tomorrow for proposal submission. Thanks, TharinduE On Wed, Mar 23, 2016 at 9:08 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Tharindu, > > I modified my project proposal[1] in google doc, as you suggested i added > function list which i am going to exposed to apis after modified the > content i shared the doc to summer of code. > waiting for your feedback > [1] > https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing > > Thanks, > Asantha > > On Tue, Mar 22, 2016 at 8:16 PM, Asantha Thilina <asanthathil...@gmail.com > > wrote: > >> Hi Tharindu, >> >> thanks a lot for the feedbacks, sure i will modify the content of the >> proposal as suggested and submit to google within today >> >> Thanks, >> Asantha >> >> >> On Wed, Mar 23, 2016 at 7:45 AM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Asantha, >>> >>> I've added the latest proposal you've sent to google docs in [1]. As >>> Chamila suggested, can you list down the methods that you expose in the API >>> (public methods in the userstore manager) in the proposal so that it is >>> easy to understand the functionality of the userstore manager. Also it is >>> better to submit the proposal to google now and update later if any >>> modification is needed. >>> >>> [1] >>> https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing >>> >>> Thanks, >>> TharinduE >>> >>> On Mon, Mar 21, 2016 at 9:58 PM, Asantha Thilina < >>> asanthathil...@gmail.com> wrote: >>> >>>> Hi Chamila, >>>> >>>> Thanks a lot for the feedback, sure i will update my proposal as you >>>> suggested >>>> >>>> Thanks, >>>> Asantha >>>> >>>> On Mon, Mar 21, 2016 at 9:18 AM, Chamila Wijayarathna <cham...@wso2.com >>>> > wrote: >>>> >>>>> Hi Asantha, >>>>> >>>>> Looks good, please talk with Tharindu also before submitting the >>>>> proposal. Even you submit your proposal, you can improve it until 25th. >>>>> >>>>> So if time permits, I would like to suggest you to add some details >>>>> about what are the APIs and functions you are going to expose after >>>>> developing this new user store manager, if you have already decided on >>>>> them. Since you may have went through the codes of existing user store >>>>> managers, you may already have an idea about what are the functions you >>>>> need to exposed to outside. So if can add at least few functions you are >>>>> going to expose with some details, it would make your proposal more >>>>> attractive. Also I would like to suggest you to add link of github repo >>>>> where you have started development. Also if you have written any blogs >>>>> related to the project, mongoDB, etc. please mention them also in your >>>>> proposal. >>>>> >>>>> Also I see some formatting issues and some dates has got repeated in >>>>> your timeline, hope you will correct the when submitting proposal at GSoC >>>>> site. >>>>> >>>>> Cheers! >>>>> >>>>> On Mon, Mar 21, 2016 at 9:18 PM, Asantha Thilina < >>>>> asanthathil...@gmail.com> wrote: >>>>> >>>>>> Hi Chamila, >>>>>> >>>>>> Thanks a lot for your valuable feedback as you suggested i corrected >>>>>> my project proposal and here i attached my finalize project proposal >>>>>> >>>>>> expecting your feedback >>>>>> >>>>>> Thanks, >>>>>> Asantha >>>>>> >>>>>> On Mon, Mar 21, 2016 at 5:44 AM, Chamila Wijayarathna < >>>>>> cham...@wso2.com> wrote: >>>>>> >>>>>>> Hi Asantha, >>>>>>> >>>>>>> Thanks for sending your proposal. It seems to
Re: [Dev] GSOC 2016 - Project 21 : Review Proposal
Hi Asantha, I've added the latest proposal you've sent to google docs in [1]. As Chamila suggested, can you list down the methods that you expose in the API (public methods in the userstore manager) in the proposal so that it is easy to understand the functionality of the userstore manager. Also it is better to submit the proposal to google now and update later if any modification is needed. [1] https://docs.google.com/document/d/1xv7iB3VAUElvf1Cl3So0TSLCSjuZOS-IyT-Fy_1zl_c/edit?usp=sharing Thanks, TharinduE On Mon, Mar 21, 2016 at 9:58 PM, Asantha Thilina <asanthathil...@gmail.com> wrote: > Hi Chamila, > > Thanks a lot for the feedback, sure i will update my proposal as you > suggested > > Thanks, > Asantha > > On Mon, Mar 21, 2016 at 9:18 AM, Chamila Wijayarathna <cham...@wso2.com> > wrote: > >> Hi Asantha, >> >> Looks good, please talk with Tharindu also before submitting the >> proposal. Even you submit your proposal, you can improve it until 25th. >> >> So if time permits, I would like to suggest you to add some details about >> what are the APIs and functions you are going to expose after developing >> this new user store manager, if you have already decided on them. Since you >> may have went through the codes of existing user store managers, you may >> already have an idea about what are the functions you need to exposed to >> outside. So if can add at least few functions you are going to expose with >> some details, it would make your proposal more attractive. Also I would >> like to suggest you to add link of github repo where you have started >> development. Also if you have written any blogs related to the project, >> mongoDB, etc. please mention them also in your proposal. >> >> Also I see some formatting issues and some dates has got repeated in your >> timeline, hope you will correct the when submitting proposal at GSoC site. >> >> Cheers! >> >> On Mon, Mar 21, 2016 at 9:18 PM, Asantha Thilina < >> asanthathil...@gmail.com> wrote: >> >>> Hi Chamila, >>> >>> Thanks a lot for your valuable feedback as you suggested i corrected my >>> project proposal and here i attached my finalize project proposal >>> >>> expecting your feedback >>> >>> Thanks, >>> Asantha >>> >>> On Mon, Mar 21, 2016 at 5:44 AM, Chamila Wijayarathna <cham...@wso2.com> >>> wrote: >>> >>>> Hi Asantha, >>>> >>>> Thanks for sending your proposal. It seems to be in good shape, but I >>>> would like to suggest few more improvements. >>>> >>>>1. You have mentioned you are implementing Custom User Store >>>>Manager by extending JDBCUserStoreManager. But actually you have to >>>> extend >>>>AbstractUserStoreManager. I think you have done this correctly in the >>>> code >>>>you sent previously. Please correct this. >>>>2. I think by custom user store manager, you have meant mongoDB >>>>user store manager you are planning to implement, in most places. Its >>>>better to mention specifically as MongoDBUserStoreManager than saying >>>>custom user store manager. >>>>3. You have mentioned about "Implement a proper encryption >>>>mechanism to overcome the security hauls in custom User store Manager.". >>>>Can you be more specific on what are the security holes you are talking >>>>about. AFAIK encryption mechanisms we are currently using are quite ok >>>> and >>>>if there are no any strong reasons, I suggest you to follow the existing >>>>mechanisms. >>>>4. It would be great if you can allocate 1-2 weeks for doing a >>>>small research on how other NoSQL databases such as CouchDB, Neo4j can >>>> be >>>>used to implement an user store in IS. By looking at your time line, I >>>>think it would be possible to allocate some time for this in the 2nd >>>> half >>>>of the programme. We can do this if time permits, but its better to >>>> mention >>>>it in your proposal as optional (I believe it would make the project >>>> more >>>>complete). >>>> >>>> Looking forward to see your proposal. >>>> >>>> Good Luck! >>>> >>>> On Mon, Mar 21, 2016 at 5:15 PM, Asantha Thilina < >>>> asanthathil...@gmail.com> wrote: >>>> >>>>> Hi All, >
[Dev] Fwd: GSoC 2016
Hi Johann/Omindu, Can you please guide Inzamam with the details of the SCIM 2.0 project or else any suitable project that he would be interested in. Thanks, TharinduE -- Forwarded message -- From: inzimam iqbal <inzi...@gmail.com> Date: Wed, Mar 16, 2016 at 3:57 PM Subject: Fwd: GSoC 2016 To: tharin...@wso2.com Hi, I’m Inzamam, student of Faculty of Engineering, University of Moratuwa. I’m interested in the project 20 - making the WSO2 identity server compatible with SCIM 2.0. I’m familiar with java and developing web services. I’m familiarizing my self with SCIM. Please direct me in the right direction. Thank you -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS]Grant Types not getting saved when using OAuthAdminService
Hi Vinod, I also tested the same with IS 5.1.0 fresh pack and could not reproduce your scenario. The grant types is a space separated string. If you create the OAuth app from management console, for each grant type you have selected with the checkboxes, it will add something like "authorization_code implicit password client_credentials refresh_token" to the GRANT_TYPES column of IDN_OAUTH_CONSUMER_APPS table. Can you please share more details about the environment and the request you have used to create applications. Thanks, TharinduE On Thu, Mar 17, 2016 at 5:40 PM, Maduranga Siriwardena <madura...@wso2.com> wrote: > Hi Vinod, > > I have used OAuthAdminService to register an OAuth application and I was > able to save the grant types properly. > > Any grant type is not allowed by default. If client_credentials is not > included in the grant types list you will not be able to use that grant > type to generate an access token. > > Bellow is the Soap request I used to register the application. > > http://schemas.xmlsoap.org/soap/envelope/; > xmlns:xsd="http://org.apache.axis2/xsd; xmlns:xsd1=" > http://dto.oauth.identity.carbon.wso2.org/xsd;> > > > > > OAuth-2.0 > test > > https://localhost:9443/services/OAuthAdminService > authorization_code implicit > > > > > > Thanks, > Maduranga. > > On Thu, Mar 17, 2016 at 4:36 PM, Vinod Kavinda <vi...@wso2.com> wrote: > >> Hi, >> I'm trying to register an oAuth client using OAuthAdminService. I'm >> sending the grant types string with the request. I have checked the table >> "IDN_OAUTH_CONSUMER_APPS", the grant types column is always NULL. >> >> But, I could generate access tokens with client_credentials grant type. >> Is it because by default all types are allowed? >> >> Am I missing something here? How can I set the specific set of grant >> types? >> >> I'm using IS 5.0.1. Appreciate your feedback on this. >> >> >> Regards, >> Vinod >> >> -- >> Vinod Kavinda >> Software Engineer >> *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* >> Mobile : +94 (0) 712 415544 >> Blog : http://soatechflicks.blogspot.com/ >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Maduranga Siriwardena > Software Engineer > WSO2 Inc. > > email: madura...@wso2.com > mobile: +94718990591 > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Fwd: Gsoc Project proposal 21
Hi Asantha,
Following two online courses (duration : 1 and 1/2 months) at MongoDB
University started yesterday. We recommend you to enroll for these courses
and follow them which would help you for working on this project.
M101P: MongoDB for Developers [1]
M101J: MongoDB for Java Developers [2]
[1] https://university.mongodb.com/courses/M101P/about
[2] https://university.mongodb.com/courses/M101J/about
Thanks,
Tharindu Edirisinghe
On Wed, Mar 16, 2016 at 7:10 AM, Tharindu Edirisinghe <tharin...@wso2.com>
wrote:
> Hi Asantha,
>
> We appreciate your quick response and sharing your WSO2 experience via the
> blog. Keep on progressing on the project and if you get stuck at any point,
> don't hesitate to reach us. We will share some details regarding sending
> the project proposal soon.
>
> Thank you,
> Tharindu Edirisinghe
>
> On Wed, Mar 16, 2016 at 2:32 AM, Asantha Thilina <asanthathil...@gmail.com
> > wrote:
>
>>
>> -- Forwarded message --
>> From: Asantha Thilina <asanthathil...@gmail.com>
>> Date: Tue, Mar 15, 2016 at 1:46 PM
>> Subject: Re: Gsoc Project proposal 21
>> To: Tharindu Edirisinghe <tharin...@wso2.com>
>>
>>
>> Hi Tharindu,
>>
>> Thanks for the reply look forward for you feedback meanwhile i created a
>> new blog and posted what i have learn so far in their [1].I will keep
>> progressing through the project and update my status in blog as well as to
>> you
>>
>> [1]. http://asanthamax.blogspot.com/
>>
>> Thanks,
>> Regards,
>> Asantha
>>
>> On Mon, Mar 14, 2016 at 6:33 PM, Tharindu Edirisinghe <tharin...@wso2.com
>> > wrote:
>>
>>> Hi Asantha,
>>>
>>> Great work ! We will check the source code and provide you feedback
>>> soon. Regarding implementing the interface rather than extending the
>>> JDBCUserStoreManager class... yes here we can and have to implement all the
>>> methods from the scratch because we won't be be able to reuse any code used
>>> in RDBMSs. As you progress through the project, write your experiences in a
>>> blog too...
>>>
>>> Thanks,
>>> TharinduE
>>>
>>> On Tue, Mar 15, 2016 at 2:48 AM, Asantha Thilina <
>>> asanthathil...@gmail.com> wrote:
>>>
>>>> Hi Tharindu,
>>>>
>>>> with the help of your guidance and reference links you sent i been able
>>>> to create partially completed working sample of user store for mongodb ,i
>>>> created the userstore by implementing the UserStoreManager interface is it
>>>> a better way to implement the user store? here i shared my work in [1].hope
>>>> for your feedback to continue the user store development,
>>>> Now i'm in the stage of developing the database architecture for
>>>> mongodb and i will soon update all my works done so far in my blog
>>>>
>>>> [1] https://github.com/asanthamax/mongodbuserstore
>>>>
>>>> Thanks,
>>>> Regards,
>>>> Asantha
>>>>
>>>> On Sat, Mar 12, 2016 at 1:28 AM, Tharindu Edirisinghe <
>>>> tharin...@wso2.com> wrote:
>>>>
>>>>> Hi Asantha,
>>>>>
>>>>> Glad to see you are progressing through the project.
>>>>>
>>>>> Since you are trying this in Identity Server 5.1.0, you need to update
>>>>> the dependencies with correct versions as below.
>>>>>
>>>>>
>>>>> org.wso2.carbon
>>>>> org.wso2.carbon.user.core
>>>>> 4.4.3
>>>>>
>>>>>
>>>>> org.wso2.carbon
>>>>> org.wso2.carbon.user.api
>>>>> 4.4.3
>>>>>
>>>>>
>>>>>
>>>>> Also for the OSGI issue, I used the maven-scr-plugin 1.7.2 version and
>>>>> could get the OSGI bundle created properly.
>>>>>
>>>>> org.apache.felix
>>>>> maven-scr-plugin
>>>>> 1.7.2
>>>>>
>>>>>
>>>>> I have sent a pull request [1] with these changes to your GIT repo.
>>>>>
>>>>> When you extend the AbstractUserStoreManager class, you must implement
>>>>> the following two methods.
>>>>>
>>>>>
>>>>> public Properties getDefaultUserStoreProperties() {
>>>>> return null;
>>>>> }
>>>>>
>>>>> public Map<S
Re: [Dev] Fwd: Gsoc Project proposal 21
Hi Asantha,
We appreciate your quick response and sharing your WSO2 experience via the
blog. Keep on progressing on the project and if you get stuck at any point,
don't hesitate to reach us. We will share some details regarding sending
the project proposal soon.
Thank you,
Tharindu Edirisinghe
On Wed, Mar 16, 2016 at 2:32 AM, Asantha Thilina <asanthathil...@gmail.com>
wrote:
>
> -- Forwarded message --
> From: Asantha Thilina <asanthathil...@gmail.com>
> Date: Tue, Mar 15, 2016 at 1:46 PM
> Subject: Re: Gsoc Project proposal 21
> To: Tharindu Edirisinghe <tharin...@wso2.com>
>
>
> Hi Tharindu,
>
> Thanks for the reply look forward for you feedback meanwhile i created a
> new blog and posted what i have learn so far in their [1].I will keep
> progressing through the project and update my status in blog as well as to
> you
>
> [1]. http://asanthamax.blogspot.com/
>
> Thanks,
> Regards,
> Asantha
>
> On Mon, Mar 14, 2016 at 6:33 PM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> Hi Asantha,
>>
>> Great work ! We will check the source code and provide you feedback soon.
>> Regarding implementing the interface rather than extending the
>> JDBCUserStoreManager class... yes here we can and have to implement all the
>> methods from the scratch because we won't be be able to reuse any code used
>> in RDBMSs. As you progress through the project, write your experiences in a
>> blog too...
>>
>> Thanks,
>> TharinduE
>>
>> On Tue, Mar 15, 2016 at 2:48 AM, Asantha Thilina <
>> asanthathil...@gmail.com> wrote:
>>
>>> Hi Tharindu,
>>>
>>> with the help of your guidance and reference links you sent i been able
>>> to create partially completed working sample of user store for mongodb ,i
>>> created the userstore by implementing the UserStoreManager interface is it
>>> a better way to implement the user store? here i shared my work in [1].hope
>>> for your feedback to continue the user store development,
>>> Now i'm in the stage of developing the database architecture for mongodb
>>> and i will soon update all my works done so far in my blog
>>>
>>> [1] https://github.com/asanthamax/mongodbuserstore
>>>
>>> Thanks,
>>> Regards,
>>> Asantha
>>>
>>> On Sat, Mar 12, 2016 at 1:28 AM, Tharindu Edirisinghe <
>>> tharin...@wso2.com> wrote:
>>>
>>>> Hi Asantha,
>>>>
>>>> Glad to see you are progressing through the project.
>>>>
>>>> Since you are trying this in Identity Server 5.1.0, you need to update
>>>> the dependencies with correct versions as below.
>>>>
>>>>
>>>> org.wso2.carbon
>>>> org.wso2.carbon.user.core
>>>> 4.4.3
>>>>
>>>>
>>>> org.wso2.carbon
>>>> org.wso2.carbon.user.api
>>>> 4.4.3
>>>>
>>>>
>>>>
>>>> Also for the OSGI issue, I used the maven-scr-plugin 1.7.2 version and
>>>> could get the OSGI bundle created properly.
>>>>
>>>> org.apache.felix
>>>> maven-scr-plugin
>>>> 1.7.2
>>>>
>>>>
>>>> I have sent a pull request [1] with these changes to your GIT repo.
>>>>
>>>> When you extend the AbstractUserStoreManager class, you must implement
>>>> the following two methods.
>>>>
>>>>
>>>> public Properties getDefaultUserStoreProperties() {
>>>> return null;
>>>> }
>>>>
>>>> public Map<String, String> getProperties(Tenant tenant) throws
>>>> UserStoreException {
>>>> return null;
>>>> }
>>>>
>>>> If you have not implemented those two methods, then in the management
>>>> console UI, userstores dropdown, your userstore manager will not appear.
>>>>
>>>> You can find a working sample in [2]. However it is done for IS 5.0.0
>>>> version, but you can modify the dependencies in POM file as above and get
>>>> it working on IS 5.1.0.
>>>>
>>>> Once you get it to working, you can refactor the code and add your own
>>>> implementation for the MongoDB userstore manager so that you won't face any
>>>> OSGI related issues.
>>>>
>>>> [1] https://github.com/asanthamax/mongodbuserstoremanager/pull/1/files
>>>>
>>>> [2]
>>>> https://svn.ws
Re: [Dev] How to set Password Policy per tenant
Hi Gayan, Yes, for your case, you can ignore the realm service and the data holder. Regards, TharinduE On Tue, Mar 15, 2016 at 4:34 PM, Kathees Rajendram <kath...@wso2.com> wrote: > Hi, > > I have written for this [1] during the authentication flow, if the > password is expired, you will be prompted to reset the password. You can > find it in [1]. > > [1] - > https://github.com/wso2-extensions/identity-outbound-auth-passwordPolicy/pull/1 > > Thanks, > Kathees > > On Tue, Mar 15, 2016 at 4:17 PM, Gayan Gunawardana <ga...@wso2.com> wrote: > >> >> >> On Tue, Mar 15, 2016 at 1:47 PM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Gayan, >>> >>> I have written a sample to get the same requirement done. You can find >>> it in [1]. >>> >>> In the code, I have added some sample policy patterns for different >>> tenants. You can add the per tenant policies in identity-mgt.properties as >>> well and then retrieve the policy patterns in the init method of this >>> sample. >>> >>> Note that if you put the regex directly in the code, then it's the same >>> java regex you have to put. If you define the patterns in >>> identity-mgt.properties file, then you may have to put some escaping like >>> \\. >>> >>> [1] >>> https://github.com/thariyarox/WSO2PasswordPatternPolicySamples/tree/master/TenantSpecificPasswordPatterns/password-policy-extension/src/main/java/com/wso2/password/policy >>> >> >> Thanks Tharindu. I guess for this use case no use of >> CustomPasswordPatternDataHolder and realm service. >> >>> >>> Regards, >>> TharinduE >>> >>> On Tue, Mar 15, 2016 at 9:48 AM, Gayan Gunawardana <ga...@wso2.com> >>> wrote: >>> >>>> >>>> >>>> On Tue, Mar 15, 2016 at 9:42 AM, Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> Yes. We don't have tenanted password policy validator by default in >>>>> IS. We may have to write one. >>>>> >>>> Thanks Johann. Will look into custom password validator. >>>> >>>>> >>>>> On Tue, Mar 15, 2016 at 9:25 AM, Gayan Gunawardana <ga...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> Is there a way to configure password policy per tenant ? >>>>>> >>>>>> Do we need to write custom password validator according to [1] ? >>>>>> >>>>>> >>>>>> [1] >>>>>> https://docs.wso2.com/display/IS510/Writing+a+Custom+Password+Validator >>>>>> >>>>>> Thanks, >>>>>> Gayan >>>>>> -- >>>>>> Gayan Gunawardana >>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>> Email: ga...@wso2.com >>>>>> Mobile: +94 (71) 8020933 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>> Governance Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+9476950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Gayan Gunawardana >>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>> Email: ga...@wso2.com >>>> Mobile: +94 (71) 8020933 >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : tharindue.blogspot.com >>> mobile : +94 775181586 >>> >> >> >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: ga...@wso2.com >> Mobile: +94 (71) 8020933 >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Kathees > Software Engineer, > email: kath...@wso2.com > mobile: +94772596173 > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] How to set Password Policy per tenant
Hi Gayan, I have written a sample to get the same requirement done. You can find it in [1]. In the code, I have added some sample policy patterns for different tenants. You can add the per tenant policies in identity-mgt.properties as well and then retrieve the policy patterns in the init method of this sample. Note that if you put the regex directly in the code, then it's the same java regex you have to put. If you define the patterns in identity-mgt.properties file, then you may have to put some escaping like \\. [1] https://github.com/thariyarox/WSO2PasswordPatternPolicySamples/tree/master/TenantSpecificPasswordPatterns/password-policy-extension/src/main/java/com/wso2/password/policy Regards, TharinduE On Tue, Mar 15, 2016 at 9:48 AM, Gayan Gunawardana <ga...@wso2.com> wrote: > > > On Tue, Mar 15, 2016 at 9:42 AM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Yes. We don't have tenanted password policy validator by default in IS. >> We may have to write one. >> > Thanks Johann. Will look into custom password validator. > >> >> On Tue, Mar 15, 2016 at 9:25 AM, Gayan Gunawardana <ga...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> Is there a way to configure password policy per tenant ? >>> >>> Do we need to write custom password validator according to [1] ? >>> >>> >>> [1] >>> https://docs.wso2.com/display/IS510/Writing+a+Custom+Password+Validator >>> >>> Thanks, >>> Gayan >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: ga...@wso2.com >>> Mobile: +94 (71) 8020933 >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+9476950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: ga...@wso2.com > Mobile: +94 (71) 8020933 > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
