Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-09-22 Thread Johann Nallathamby 
On Fri, Sep 1, 2017 at 10:36 PM, Johann Nallathamby  wrote:

> In that case can we set a threadlocal variable in order to identify the
> SCIM version? Based on that the correct listener will execute and the other
> will not. Since SCIM1.1 listener will check for it's related threadlocal
> and SCIM2.0 listener it's related threadlocal there is not coupling between
> the two implementations. All the SCIM operations must set this threadlocal.
> I don't see any better solution for this problem.
>
> Regards,
> Johann.
>
> On Thu, Aug 31, 2017 at 6:54 PM, Sathya Bandara  wrote:
>
>>
>>
>> On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby 
>> wrote:
>>
>>> Hi Sathya,
>>>
>>> On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara 
>>> wrote:
>>>
 Hi Johann,

 IMO having two separate LDAP attributes for the same claims in both
 SCIM1 and SCIM2 would be redundant and cause problems in maintaining user
 attributes.

>>>
>>> True. I didn't say this is the correct solution. I only mentioned it as
>>> a work around for someone who wants to use both without any conflicts until
>>> we find a alternative or deprecate SCIM 1.1 :)
>>>
>>>
 If we need to have both listeners enabled at the time I would suggest
 to use a common util method to generate IDs and do the mappings for the
 claims that are common to both protocols.

>>>
>>> Didn't get how this would help exactly. May be I am missing some context.
>>>
>>> However, after reading through your first reply again, now I have
>>> another question. Why do both the listeners get executed when adding a new
>>> user? I know they both will get triggered. But can't we look at the dialect
>>> URI at the top and skip the execution if it's not for that listener?
>>>
>>> When adding a user through normal approach(management console) when SCIM
>>> is enabled, it is not possible to figure out the dialect URI. In this case
>>> this will not work AFAIU.
>>>
>>
> Hmm..
>

True, that when adding through management console we can't identify the
SCIM version. But do we need to? If both the listeners are doing the same
change in the user store for SCIM1 and SCIM2, then either of the listeners
doing the change will be enough right?

I think this is getting a bit too complicated over mail. We can chat
offline if needed and come to a conclusion :)


>
>
>>
>>> Thanks,
>>> Sathya
>>>
>>> Regards,
>>> Johann.
>>>
>>>

 Thanks,
 Sathya

 On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
 wrote:

> Will it work if we have two separate attributes for the problematic
> attributes like SCIM ID? If that works I guess that is one solution.
>
> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
> think that's a good solution. Introduces direct coupling between two
> implementations.
>
> Regards,
> Johann.
>
> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara 
> wrote:
>
>> Hi Thilina,
>>
>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>> different SCIM IDs will be generated for the same user when adding a new
>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the 
>> same
>> LDAP user attributes. Even though both listeners get triggered only the
>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>> response will contain the SCIM ID generated by SCIM2 listener.
>>
>> Thanks,
>> Sathya
>>
>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal > > wrote:
>>
>>>
>>> Hi all,
>>>
>>> While I was trying to fix IDENTITY-6315
>>>  I got to know that we
>>> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity 
>>> Server.
>>> Is it because of this specific issue or is there any other reasons?
>>>
>>> Thanks & Regards,
>>> Thilina.
>>>
>>> --
>>> *Thilina Madumal*
>>> *Software Engineer | **WSO2*
>>> Email: thilina...@wso2.com
>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>> Web:  http://wso2.com
>>>
>>> 
>>>
>>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-09-01 Thread Johann Nallathamby 
In that case can we set a threadlocal variable in order to identify the
SCIM version? Based on that the correct listener will execute and the other
will not. Since SCIM1.1 listener will check for it's related threadlocal
and SCIM2.0 listener it's related threadlocal there is not coupling between
the two implementations. All the SCIM operations must set this threadlocal.
I don't see any better solution for this problem.

Regards,
Johann.

On Thu, Aug 31, 2017 at 6:54 PM, Sathya Bandara  wrote:

>
>
> On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby 
> wrote:
>
>> Hi Sathya,
>>
>> On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara  wrote:
>>
>>> Hi Johann,
>>>
>>> IMO having two separate LDAP attributes for the same claims in both
>>> SCIM1 and SCIM2 would be redundant and cause problems in maintaining user
>>> attributes.
>>>
>>
>> True. I didn't say this is the correct solution. I only mentioned it as a
>> work around for someone who wants to use both without any conflicts until
>> we find a alternative or deprecate SCIM 1.1 :)
>>
>>
>>> If we need to have both listeners enabled at the time I would suggest to
>>> use a common util method to generate IDs and do the mappings for the claims
>>> that are common to both protocols.
>>>
>>
>> Didn't get how this would help exactly. May be I am missing some context.
>>
>> However, after reading through your first reply again, now I have another
>> question. Why do both the listeners get executed when adding a new user? I
>> know they both will get triggered. But can't we look at the dialect URI at
>> the top and skip the execution if it's not for that listener?
>>
>> When adding a user through normal approach(management console) when SCIM
>> is enabled, it is not possible to figure out the dialect URI. In this case
>> this will not work AFAIU.
>>
>
Hmm..


>
>> Thanks,
>> Sathya
>>
>> Regards,
>> Johann.
>>
>>
>>>
>>> Thanks,
>>> Sathya
>>>
>>> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
>>> wrote:
>>>
 Will it work if we have two separate attributes for the problematic
 attributes like SCIM ID? If that works I guess that is one solution.

 Or we need to have one listener for both SCIM 1 and SCIM2. But don't
 think that's a good solution. Introduces direct coupling between two
 implementations.

 Regards,
 Johann.

 On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara 
 wrote:

> Hi Thilina,
>
> If we enable both SCIM1 and SCIM2 listeners at the same time two
> different SCIM IDs will be generated for the same user when adding a new
> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
> LDAP user attributes. Even though both listeners get triggered only the
> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
> response will contain the SCIM ID generated by SCIM2 listener.
>
> Thanks,
> Sathya
>
> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
> wrote:
>
>>
>> Hi all,
>>
>> While I was trying to fix IDENTITY-6315
>>  I got to know that we
>> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity 
>> Server.
>> Is it because of this specific issue or is there any other reasons?
>>
>> Thanks & Regards,
>> Thilina.
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  http://wso2.com
>>
>> 
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Thanks & Regards,

 *Johann Dilantha Nallathamby*
 Senior Lead Solutions Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+9476950*
 Blog - *http://nallaa.wordpress.com *

>>>
>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>



-- 
Thanks &

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Sathya Bandara 
On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby  wrote:

> Hi Sathya,
>
> On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara  wrote:
>
>> Hi Johann,
>>
>> IMO having two separate LDAP attributes for the same claims in both SCIM1
>> and SCIM2 would be redundant and cause problems in maintaining user
>> attributes.
>>
>
> True. I didn't say this is the correct solution. I only mentioned it as a
> work around for someone who wants to use both without any conflicts until
> we find a alternative or deprecate SCIM 1.1 :)
>
>
>> If we need to have both listeners enabled at the time I would suggest to
>> use a common util method to generate IDs and do the mappings for the claims
>> that are common to both protocols.
>>
>
> Didn't get how this would help exactly. May be I am missing some context.
>
> However, after reading through your first reply again, now I have another
> question. Why do both the listeners get executed when adding a new user? I
> know they both will get triggered. But can't we look at the dialect URI at
> the top and skip the execution if it's not for that listener?
>
> When adding a user through normal approach(management console) when SCIM
> is enabled, it is not possible to figure out the dialect URI. In this case
> this will not work AFAIU.
>
> Thanks,
> Sathya
>
> Regards,
> Johann.
>
>
>>
>> Thanks,
>> Sathya
>>
>> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
>> wrote:
>>
>>> Will it work if we have two separate attributes for the problematic
>>> attributes like SCIM ID? If that works I guess that is one solution.
>>>
>>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>>> think that's a good solution. Introduces direct coupling between two
>>> implementations.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>>>
 Hi Thilina,

 If we enable both SCIM1 and SCIM2 listeners at the same time two
 different SCIM IDs will be generated for the same user when adding a new
 user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
 LDAP user attributes. Even though both listeners get triggered only the
 SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
 response will contain the SCIM ID generated by SCIM2 listener.

 Thanks,
 Sathya

 On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
 wrote:

>
> Hi all,
>
> While I was trying to fix IDENTITY-6315
>  I got to know that we
> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity 
> Server.
> Is it because of this specific issue or is there any other reasons?
>
> Thanks & Regards,
> Thilina.
>
> --
> *Thilina Madumal*
> *Software Engineer | **WSO2*
> Email: thilina...@wso2.com
> Mobile: *+ <+94%2077%20767%201807>94 774553167*
> Web:  http://wso2.com
>
> 
>
>


 --
 Sathya Bandara
 Software Engineer
 WSO2 Inc. http://wso2.com
 Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

 <+94%2071%20411%205032>

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Senior Lead Solutions Engineer
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Johann Nallathamby 
Hi Sathya,

On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara  wrote:

> Hi Johann,
>
> IMO having two separate LDAP attributes for the same claims in both SCIM1
> and SCIM2 would be redundant and cause problems in maintaining user
> attributes.
>

True. I didn't say this is the correct solution. I only mentioned it as a
work around for someone who wants to use both without any conflicts until
we find a alternative or deprecate SCIM 1.1 :)


> If we need to have both listeners enabled at the time I would suggest to
> use a common util method to generate IDs and do the mappings for the claims
> that are common to both protocols.
>

Didn't get how this would help exactly. May be I am missing some context.

However, after reading through your first reply again, now I have another
question. Why do both the listeners get executed when adding a new user? I
know they both will get triggered. But can't we look at the dialect URI at
the top and skip the execution if it's not for that listener?

Regards,
Johann.


>
> Thanks,
> Sathya
>
> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
> wrote:
>
>> Will it work if we have two separate attributes for the problematic
>> attributes like SCIM ID? If that works I guess that is one solution.
>>
>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>> think that's a good solution. Introduces direct coupling between two
>> implementations.
>>
>> Regards,
>> Johann.
>>
>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>>
>>> Hi Thilina,
>>>
>>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>>> different SCIM IDs will be generated for the same user when adding a new
>>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>>> LDAP user attributes. Even though both listeners get triggered only the
>>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>>> response will contain the SCIM ID generated by SCIM2 listener.
>>>
>>> Thanks,
>>> Sathya
>>>
>>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>>> wrote:
>>>

 Hi all,

 While I was trying to fix IDENTITY-6315
  I got to know that we
 can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
 Is it because of this specific issue or is there any other reasons?

 Thanks & Regards,
 Thilina.

 --
 *Thilina Madumal*
 *Software Engineer | **WSO2*
 Email: thilina...@wso2.com
 Mobile: *+ <+94%2077%20767%201807>94 774553167*
 Web:  http://wso2.com

 


>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Chamila Wijayarathna 
We should not have two different IDs if there is no difference in the
format (eg: length) for ID's in spec IMO

On Thu, Aug 31, 2017 at 4:59 PM, Sathya Bandara  wrote:

> Hi Johann,
>
> IMO having two separate LDAP attributes for the same claims in both SCIM1
> and SCIM2 would be redundant and cause problems in maintaining user
> attributes. If we need to have both listeners enabled at the time I would
> suggest to use a common util method to generate IDs and do the mappings for
> the claims that are common to both protocols.
>
> Thanks,
> Sathya
>
> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
> wrote:
>
>> Will it work if we have two separate attributes for the problematic
>> attributes like SCIM ID? If that works I guess that is one solution.
>>
>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>> think that's a good solution. Introduces direct coupling between two
>> implementations.
>>
>> Regards,
>> Johann.
>>
>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>>
>>> Hi Thilina,
>>>
>>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>>> different SCIM IDs will be generated for the same user when adding a new
>>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>>> LDAP user attributes. Even though both listeners get triggered only the
>>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>>> response will contain the SCIM ID generated by SCIM2 listener.
>>>
>>> Thanks,
>>> Sathya
>>>
>>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>>> wrote:
>>>

 Hi all,

 While I was trying to fix IDENTITY-6315
  I got to know that we
 can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
 Is it because of this specific issue or is there any other reasons?

 Thanks & Regards,
 Thilina.

 --
 *Thilina Madumal*
 *Software Engineer | **WSO2*
 Email: thilina...@wso2.com
 Mobile: *+ <+94%2077%20767%201807>94 774553167*
 Web:  http://wso2.com

 


>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Sathya Bandara 
Hi Johann,

IMO having two separate LDAP attributes for the same claims in both SCIM1
and SCIM2 would be redundant and cause problems in maintaining user
attributes. If we need to have both listeners enabled at the time I would
suggest to use a common util method to generate IDs and do the mappings for
the claims that are common to both protocols.

Thanks,
Sathya

On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby 
wrote:

> Will it work if we have two separate attributes for the problematic
> attributes like SCIM ID? If that works I guess that is one solution.
>
> Or we need to have one listener for both SCIM 1 and SCIM2. But don't think
> that's a good solution. Introduces direct coupling between two
> implementations.
>
> Regards,
> Johann.
>
> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:
>
>> Hi Thilina,
>>
>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>> different SCIM IDs will be generated for the same user when adding a new
>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>> LDAP user attributes. Even though both listeners get triggered only the
>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>> response will contain the SCIM ID generated by SCIM2 listener.
>>
>> Thanks,
>> Sathya
>>
>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>> wrote:
>>
>>>
>>> Hi all,
>>>
>>> While I was trying to fix IDENTITY-6315
>>>  I got to know that we
>>> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>>> Is it because of this specific issue or is there any other reasons?
>>>
>>> Thanks & Regards,
>>> Thilina.
>>>
>>> --
>>> *Thilina Madumal*
>>> *Software Engineer | **WSO2*
>>> Email: thilina...@wso2.com
>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>> Web:  http://wso2.com
>>>
>>> 
>>>
>>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-31 Thread Johann Nallathamby 
Will it work if we have two separate attributes for the problematic
attributes like SCIM ID? If that works I guess that is one solution.

Or we need to have one listener for both SCIM 1 and SCIM2. But don't think
that's a good solution. Introduces direct coupling between two
implementations.

Regards,
Johann.

On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara  wrote:

> Hi Thilina,
>
> If we enable both SCIM1 and SCIM2 listeners at the same time two different
> SCIM IDs will be generated for the same user when adding a new user through
> SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same LDAP user
> attributes. Even though both listeners get triggered only the SCIM1 ID is
> mapped to the user ID attribute. But the SCIM2 user creation response will
> contain the SCIM ID generated by SCIM2 listener.
>
> Thanks,
> Sathya
>
> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
> wrote:
>
>>
>> Hi all,
>>
>> While I was trying to fix IDENTITY-6315
>>  I got to know that we can't
>> enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>> Is it because of this specific issue or is there any other reasons?
>>
>> Thanks & Regards,
>> Thilina.
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  http://wso2.com
>>
>> 
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Ishara Karunarathna 
HI,

On Thu, Aug 31, 2017 at 7:26 AM, Sagara Gunathunga  wrote:

>
>
> On Thu, Aug 31, 2017 at 12:12 AM, Vindula Jayawardana <
> vindula...@cse.mrt.ac.lk> wrote:
>
>> Hi,
>>
>> IMO, should be able to enable both at the same time. What is the issue
>> you faced when enabling both?
>>
>> Achieving interoperability between 1.1 consumers and 2.0 providers can
>> have two practical approaches. One approach is to have a multi-protocol
>> ability in the SCIM service provider’s end. This could be potentially done
>> through unique URL structure (https://localhost:9443/wso2/scim/Users and
>> https://localhost:9443/scim2/Users). That means the provider can accept
>> both 1.1 and 2.0 consumers. On the other hand, SCIM consumer can be
>> modified to support the 1.1 and 2.0 protocols. However, since SCIM
>> specifications are focusing on keeping things simple and easy at the
>> consumer end, I would rather suggest the first approach. That’s why we
>> should be able to enable both the protocols at the same time.
>>
>> *Vindula Jayawardana*
>> Computer Science and Engineering Dept.
>> University of Moratuwa
>> mobile : +713462554
>> Email : vindula...@cse.mrt.ac.lk
>>
>> 
>> 
>> 
>> 
>>
>> *“Respect is how to treat everyone, not just those you want to impress. "*
>>
>>
>> *-Richard Branson-*
>>
>>
>>
>> On 30 August 2017 at 18:33, Sathya Bandara  wrote:
>>
>>> Hi Thilina,
>>>
>>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>>> different SCIM IDs will be generated for the same user when adding a new
>>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>>> LDAP user attributes. Even though both listeners get triggered only the
>>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>>> response will contain the SCIM ID generated by SCIM2 listener.
>>>
>>
> This is not a SCIM related problem instead a limitation of our
> implementation, SCIM is just a interface or wrapping  layer for our
> user/role management  layer. Ideally  it should not perform tasks such as
> ID generation by it's own, instead once the SCIM protocol  specific
> processing is completed  both SCIM1 and SCIM2 implementations should
> delegate requests into a common layer, in that way we can provide
> interoperability  between SCIM1 and SCIM2.
>
> +1 for Vindula's suggestion on multi-protocol approach.
>
Technically this is possible so +1 for doing this for 5.4.0.

But I don't see any value supporting both together since these are only
user management API and sonner or later we have to depricate SCIM 1.1.

Thanks,
Ishara

>
> Thanks !
>
>>
>>> Thanks,
>>> Sathya
>>>
>>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>>> wrote:
>>>

 Hi all,

 While I was trying to fix IDENTITY-6315
  I got to know that we
 can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
 Is it because of this specific issue or is there any other reasons?

 Thanks & Regards,
 Thilina.

 --
 *Thilina Madumal*
 *Software Engineer | **WSO2*
 Email: thilina...@wso2.com
 Mobile: *+ <+94%2077%20767%201807>94 774553167*
 Web:  http://wso2.com

 


>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sagara Gunathunga
>
> Associate Director / Architect; WSO2, Inc.;  http://wso2.com
> V.P Apache Web Services;http://ws.apache.org/
> Linkedin; http://www.linkedin.com/in/ssagara
> Blog ;  http://ssagara.blogspot.com
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Ishara Karunarathna
Associate Technical Lead
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
+94717996791
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Sagara Gunathunga 
On Thu, Aug 31, 2017 at 12:12 AM, Vindula Jayawardana <
vindula...@cse.mrt.ac.lk> wrote:

> Hi,
>
> IMO, should be able to enable both at the same time. What is the issue you
> faced when enabling both?
>
> Achieving interoperability between 1.1 consumers and 2.0 providers can
> have two practical approaches. One approach is to have a multi-protocol
> ability in the SCIM service provider’s end. This could be potentially done
> through unique URL structure (https://localhost:9443/wso2/scim/Users and
> https://localhost:9443/scim2/Users). That means the provider can accept
> both 1.1 and 2.0 consumers. On the other hand, SCIM consumer can be
> modified to support the 1.1 and 2.0 protocols. However, since SCIM
> specifications are focusing on keeping things simple and easy at the
> consumer end, I would rather suggest the first approach. That’s why we
> should be able to enable both the protocols at the same time.
>
> *Vindula Jayawardana*
> Computer Science and Engineering Dept.
> University of Moratuwa
> mobile : +713462554
> Email : vindula...@cse.mrt.ac.lk
>
> 
> 
> 
> 
>
> *“Respect is how to treat everyone, not just those you want to impress. "*
>
>
> *-Richard Branson-*
>
>
>
> On 30 August 2017 at 18:33, Sathya Bandara  wrote:
>
>> Hi Thilina,
>>
>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>> different SCIM IDs will be generated for the same user when adding a new
>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>> LDAP user attributes. Even though both listeners get triggered only the
>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>> response will contain the SCIM ID generated by SCIM2 listener.
>>
>
This is not a SCIM related problem instead a limitation of our
implementation, SCIM is just a interface or wrapping  layer for our
user/role management  layer. Ideally  it should not perform tasks such as
ID generation by it's own, instead once the SCIM protocol  specific
processing is completed  both SCIM1 and SCIM2 implementations should
delegate requests into a common layer, in that way we can provide
interoperability  between SCIM1 and SCIM2.

+1 for Vindula's suggestion on multi-protocol approach.

Thanks !

>
>> Thanks,
>> Sathya
>>
>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
>> wrote:
>>
>>>
>>> Hi all,
>>>
>>> While I was trying to fix IDENTITY-6315
>>>  I got to know that we
>>> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>>> Is it because of this specific issue or is there any other reasons?
>>>
>>> Thanks & Regards,
>>> Thilina.
>>>
>>> --
>>> *Thilina Madumal*
>>> *Software Engineer | **WSO2*
>>> Email: thilina...@wso2.com
>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>> Web:  http://wso2.com
>>>
>>> 
>>>
>>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Sagara Gunathunga

Associate Director / Architect; WSO2, Inc.;  http://wso2.com
V.P Apache Web Services;http://ws.apache.org/
Linkedin; http://www.linkedin.com/in/ssagara
Blog ;  http://ssagara.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Vindula Jayawardana 
Hi,

IMO, should be able to enable both at the same time. What is the issue you
faced when enabling both?

Achieving interoperability between 1.1 consumers and 2.0 providers can have
two practical approaches. One approach is to have a multi-protocol ability
in the SCIM service provider’s end. This could be potentially done through
unique URL structure (https://localhost:9443/wso2/scim/Users and
https://localhost:9443/scim2/Users). That means the provider can accept
both 1.1 and 2.0 consumers. On the other hand, SCIM consumer can be
modified to support the 1.1 and 2.0 protocols. However, since SCIM
specifications are focusing on keeping things simple and easy at the
consumer end, I would rather suggest the first approach. That’s why we
should be able to enable both the protocols at the same time.

*Vindula Jayawardana*
Computer Science and Engineering Dept.
University of Moratuwa
mobile : +713462554
Email : vindula...@cse.mrt.ac.lk






*“Respect is how to treat everyone, not just those you want to impress. "*


*-Richard Branson-*



On 30 August 2017 at 18:33, Sathya Bandara  wrote:

> Hi Thilina,
>
> If we enable both SCIM1 and SCIM2 listeners at the same time two different
> SCIM IDs will be generated for the same user when adding a new user through
> SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same LDAP user
> attributes. Even though both listeners get triggered only the SCIM1 ID is
> mapped to the user ID attribute. But the SCIM2 user creation response will
> contain the SCIM ID generated by SCIM2 listener.
>
> Thanks,
> Sathya
>
> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
> wrote:
>
>>
>> Hi all,
>>
>> While I was trying to fix IDENTITY-6315
>>  I got to know that we can't
>> enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>> Is it because of this specific issue or is there any other reasons?
>>
>> Thanks & Regards,
>> Thilina.
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  http://wso2.com
>>
>> 
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Sathya Bandara 
Hi Thilina,

If we enable both SCIM1 and SCIM2 listeners at the same time two different
SCIM IDs will be generated for the same user when adding a new user through
SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same LDAP user
attributes. Even though both listeners get triggered only the SCIM1 ID is
mapped to the user ID attribute. But the SCIM2 user creation response will
contain the SCIM ID generated by SCIM2 listener.

Thanks,
Sathya

On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal 
wrote:

>
> Hi all,
>
> While I was trying to fix IDENTITY-6315
>  I got to know that we can't
> enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
> Is it because of this specific issue or is there any other reasons?
>
> Thanks & Regards,
> Thilina.
>
> --
> *Thilina Madumal*
> *Software Engineer | **WSO2*
> Email: thilina...@wso2.com
> Mobile: *+ <+94%2077%20767%201807>94 774553167*
> Web:  http://wso2.com
>
> 
>
>


-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Chamila Wijayarathna 
It should be possible to enable both at same time IMO

On Wed, Aug 30, 2017 at 11:00 PM, Farasath Ahamed 
wrote:

>
>
> On Wednesday, August 30, 2017, Thilina Madumal 
> wrote:
>
>>
>> Hi all,
>>
>> While I was trying to fix IDENTITY-6315
>>  I got to know that we can't
>> enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>> Is it because of this specific issue or is there any other reasons?
>>
>
> I don't see a reason as to why we can't have both SCIM implementations
> enabled at the same time since each of them expose a seperate web app.
>
> From outside its just like having two APIs to do user operations. Did you
> face any issues when enabling both?
>
>
>>
>> Thanks & Regards,
>>
> Thilina.
>>
>> --
>> *Thilina Madumal*
>> *Software Engineer | **WSO2*
>> Email: thilina...@wso2.com
>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>> Web:  http://wso2.com
>>
>> 
>>
>>
>
> --
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Farasath Ahamed 
On Wednesday, August 30, 2017, Thilina Madumal  wrote:

>
> Hi all,
>
> While I was trying to fix IDENTITY-6315
>  I got to know that we can't
> enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
> Is it because of this specific issue or is there any other reasons?
>

I don't see a reason as to why we can't have both SCIM implementations
enabled at the same time since each of them expose a seperate web app.

>From outside its just like having two APIs to do user operations. Did you
face any issues when enabling both?


>
> Thanks & Regards,
>
Thilina.
>
> --
> *Thilina Madumal*
> *Software Engineer | **WSO2*
> Email: thilina...@wso2.com
> 
> Mobile: *+ <+94%2077%20767%201807>94 774553167*
> Web:  http://wso2.com
>
> 
>
>

-- 
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?

2017-08-30 Thread Thilina Madumal 
Hi all,

While I was trying to fix IDENTITY-6315
 I got to know that we can't
enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
Is it because of this specific issue or is there any other reasons?

Thanks & Regards,
Thilina.

-- 
*Thilina Madumal*
*Software Engineer | **WSO2*
Email: thilina...@wso2.com
Mobile: *+ <+94%2077%20767%201807>94 774553167*
Web:  http://wso2.com


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev