Re: [Dev] Regarding APPM-1160

[Dinusha Senanayaka]

Agree with Ruwan's point that we should not keep credentials per tenant.
But, passing tenantId as a query parameter to API seems a security
concern.  This provides capability to access some other tenant's device
list to any of the tenant having valid access token. One way that I could
think of to avoid this is, keep only consumer/secret key in the
app-manager.xml and generate the access token when user login into the
store. In the API side, identify the user and tenant domain using access
token and filter only devices belong to that tenant space. Again, this
won't be a good solution, since we need to use password grant type which
requires to access the user password to get the access token at the time of
user login. So we back to keeping per tenant credential solution :).

Regards,
Dinusha.


On Fri, Jul 8, 2016 at 12:25 PM, Ruwan Abeykoon  wrote:

> Hi All,
> I think REST connector should have single endpoint. The rest call can have
> tenant ID in a header or as a request parameter. Then the API gateway(
> API-Manager) should be able to distinguish the respective endpoint if
> necessary. This is a functionality of APIM.
>
> The reasons are,
> 1. REST connector request/response will not be change at all between
> tenants
> 2. It is not needed to maintain credentials per tenant in AppM side.
>
> -1 on having configuration per tenant wise even in registry.
> I do not agree with the JIRA.
>
> Cheers,
> Ruwan
>
> On Fri, Jul 8, 2016 at 11:38 AM, Dinusha Senanayaka 
> wrote:
>
>> Hi Sajith,
>>
>> We could not keep each and every tenant authentication configuration in
>> app-manager.xml, due to dynamic nature of tenant creation and the growth.
>>
>> appmgt.mdm.rest.connector is the default connector that we provided to
>> connect with WSO2EMM. We could keep it's configurations in the registry.
>> Also I don't think at least 1% of the requirements will come to use
>> specific connector other than using default connectors provided by us (EMM).
>>
>> Regards,
>> Dinusha.
>>
>> On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana 
>> wrote:
>>
>>> Hi All,
>>>
>>> EMM supports multi-tenancy it is designed to work with one instance of
 App Manager via OSGI services. When they work together they function as one
 product, hence EMM and App Manager share same tenants across the multi
 tenanted environment.

>>>
>>> This means we don't need to keep the tenant config when we are
>>> connecting using OSGi service.
>>>
>>>
 This is a special scenario where AppM connects to EMM via  EMM REST
 APIs. According to how we have developed the plugin tenant admin and
 password needs to be stored in the plugin configuration. This is a
 plugin specific configuration, therefore, the plugin developer has
 flexibility to store those configurations in any way he prefers.

>>>
>>> When we are connecting using REST connector we need to have a tenant
>>> config in AppM side. How about that we kept those tenant config in
>>> app-manager.xml as below.
>>>
>>> 
>>>
>>> >> bundle="org.wso2.carbon.appmgt.mdm.restconnector">
>>> >> name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>>> 
>>> https://localhost:9450/mdm-admin
>>> 
>>> https://localhost:9448/oauth2/token
>>> >> name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka
>>> >> name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
>>> hr.com ,eng.com
>>> ,mrk.com
>>> 
>>>
>>> >> bundle="org.wso2.carbon.appmgt.mdm.osgiconnector">
>>> >> name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>>> 
>>>
>>> 
>>> 
>>> hradmin
>>> hr.123
>>> 
>>> 
>>> engadmin
>>> eng.123
>>> 
>>> 
>>> mrkadmin
>>> eng.123
>>> 
>>> 
>>>
>>> 
>>>
>>>
>>>
>>> --
>>> *Sajith Abeywardhana* | Software Engineer
>>> WSO2, Inc | lean. enterprise. middleware.
>>> #20, Palm Grove, Colombo 03, Sri Lanka.
>>> Mobile: +94772260485
>>> Email: saji...@wso2.com | Web: www.wso2.com
>>>
>>>
>>> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan 
>>> wrote:
>>>
 Hi Dinusha,

 EMM supports multi-tenancy it is designed to work with one instance of
 App Manager via OSGI services. When they work together they function as one
 product, hence EMM and App Manager share same tenants across the multi
 tenanted environment.

>>>
 This is a special scenario where AppM connects to EMM via  EMM REST
 APIs. According to how we have developed the plugin tenant admin and
 password needs to be stored in the plugin configuration. This 

Re: [Dev] Regarding APPM-1160

[Ruwan Abeykoon]

Hi All,
I think REST connector should have single endpoint. The rest call can have
tenant ID in a header or as a request parameter. Then the API gateway(
API-Manager) should be able to distinguish the respective endpoint if
necessary. This is a functionality of APIM.

The reasons are,
1. REST connector request/response will not be change at all between tenants
2. It is not needed to maintain credentials per tenant in AppM side.

-1 on having configuration per tenant wise even in registry.
I do not agree with the JIRA.

Cheers,
Ruwan

On Fri, Jul 8, 2016 at 11:38 AM, Dinusha Senanayaka 
wrote:

> Hi Sajith,
>
> We could not keep each and every tenant authentication configuration in
> app-manager.xml, due to dynamic nature of tenant creation and the growth.
>
> appmgt.mdm.rest.connector is the default connector that we provided to
> connect with WSO2EMM. We could keep it's configurations in the registry.
> Also I don't think at least 1% of the requirements will come to use
> specific connector other than using default connectors provided by us (EMM).
>
> Regards,
> Dinusha.
>
> On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana 
> wrote:
>
>> Hi All,
>>
>> EMM supports multi-tenancy it is designed to work with one instance of
>>> App Manager via OSGI services. When they work together they function as one
>>> product, hence EMM and App Manager share same tenants across the multi
>>> tenanted environment.
>>>
>>
>> This means we don't need to keep the tenant config when we are connecting
>> using OSGi service.
>>
>>
>>> This is a special scenario where AppM connects to EMM via  EMM REST
>>> APIs. According to how we have developed the plugin tenant admin and
>>> password needs to be stored in the plugin configuration. This is a
>>> plugin specific configuration, therefore, the plugin developer has
>>> flexibility to store those configurations in any way he prefers.
>>>
>>
>> When we are connecting using REST connector we need to have a tenant
>> config in AppM side. How about that we kept those tenant config in
>> app-manager.xml as below.
>>
>> 
>>
>> > bundle="org.wso2.carbon.appmgt.mdm.restconnector">
>> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>> 
>> https://localhost:9450/mdm-admin
>> 
>> https://localhost:9448/oauth2/token
>> > name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka
>> > name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
>> hr.com ,eng.com
>> ,mrk.com
>> 
>>
>> > bundle="org.wso2.carbon.appmgt.mdm.osgiconnector">
>> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>> 
>>
>> 
>> 
>> hradmin
>> hr.123
>> 
>> 
>> engadmin
>> eng.123
>> 
>> 
>> mrkadmin
>> eng.123
>> 
>> 
>>
>> 
>>
>>
>>
>> --
>> *Sajith Abeywardhana* | Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka.
>> Mobile: +94772260485
>> Email: saji...@wso2.com | Web: www.wso2.com
>>
>>
>> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan 
>> wrote:
>>
>>> Hi Dinusha,
>>>
>>> EMM supports multi-tenancy it is designed to work with one instance of
>>> App Manager via OSGI services. When they work together they function as one
>>> product, hence EMM and App Manager share same tenants across the multi
>>> tenanted environment.
>>>
>>
>>> This is a special scenario where AppM connects to EMM via  EMM REST
>>> APIs. According to how we have developed the plugin tenant admin and
>>> password needs to be stored in the plugin configuration. This is a
>>> plugin specific configuration, therefore, the plugin developer has
>>> flexibility to store those configurations in any way he prefers.
>>>
>>> When it's comes to multi tenancy, +1 we have to store those
>>> configurations in the registry for the rest connector plugin . But how we
>>> store those values are plugin specific.
>>>
>>>
>>> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka 
>>> wrote:
>>>
 Hi Chathura,

 Does multi-tenancy supports in EMM for device management ? If yes, we
 need to fix [1] as well, which means we cannot keep this configuration in
 the app-manager.xml. Need to take it to registry.

 [1] https://wso2.org/jira/browse/APPM-1160

 Regards,
 Dinsuha.

 --
 Dinusha Dilrukshi
 Associate Technical Lead
 WSO2 Inc.: http://wso2.com/
 Mobile: +94725255071
 Blog: http://dinushasblog.blogspot.com/

>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Chatura Dilan Perera
>>> *Associate Tech Lead** - 

Re: [Dev] Regarding APPM-1160

[Dinusha Senanayaka]

Hi Sajith,

We could not keep each and every tenant authentication configuration in
app-manager.xml, due to dynamic nature of tenant creation and the growth.

appmgt.mdm.rest.connector is the default connector that we provided to
connect with WSO2EMM. We could keep it's configurations in the registry.
Also I don't think at least 1% of the requirements will come to use
specific connector other than using default connectors provided by us (EMM).

Regards,
Dinusha.

On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana 
wrote:

> Hi All,
>
> EMM supports multi-tenancy it is designed to work with one instance of
>> App Manager via OSGI services. When they work together they function as one
>> product, hence EMM and App Manager share same tenants across the multi
>> tenanted environment.
>>
>
> This means we don't need to keep the tenant config when we are connecting
> using OSGi service.
>
>
>> This is a special scenario where AppM connects to EMM via  EMM REST
>> APIs. According to how we have developed the plugin tenant admin and
>> password needs to be stored in the plugin configuration. This is a
>> plugin specific configuration, therefore, the plugin developer has
>> flexibility to store those configurations in any way he prefers.
>>
>
> When we are connecting using REST connector we need to have a tenant
> config in AppM side. How about that we kept those tenant config in
> app-manager.xml as below.
>
> 
>
>  bundle="org.wso2.carbon.appmgt.mdm.restconnector">
>  name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
> 
> https://localhost:9450/mdm-admin
> 
> https://localhost:9448/oauth2/token
>  name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka
>  name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
> hr.com ,eng.com
> ,mrk.com
> 
>
>  bundle="org.wso2.carbon.appmgt.mdm.osgiconnector">
>  name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
> 
>
> 
> 
> hradmin
> hr.123
> 
> 
> engadmin
> eng.123
> 
> 
> mrkadmin
> eng.123
> 
> 
>
> 
>
>
>
> --
> *Sajith Abeywardhana* | Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka.
> Mobile: +94772260485
> Email: saji...@wso2.com | Web: www.wso2.com
>
>
> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan 
> wrote:
>
>> Hi Dinusha,
>>
>> EMM supports multi-tenancy it is designed to work with one instance of
>> App Manager via OSGI services. When they work together they function as one
>> product, hence EMM and App Manager share same tenants across the multi
>> tenanted environment.
>>
>
>> This is a special scenario where AppM connects to EMM via  EMM REST
>> APIs. According to how we have developed the plugin tenant admin and
>> password needs to be stored in the plugin configuration. This is a
>> plugin specific configuration, therefore, the plugin developer has
>> flexibility to store those configurations in any way he prefers.
>>
>> When it's comes to multi tenancy, +1 we have to store those
>> configurations in the registry for the rest connector plugin . But how we
>> store those values are plugin specific.
>>
>>
>> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka 
>> wrote:
>>
>>> Hi Chathura,
>>>
>>> Does multi-tenancy supports in EMM for device management ? If yes, we
>>> need to fix [1] as well, which means we cannot keep this configuration in
>>> the app-manager.xml. Need to take it to registry.
>>>
>>> [1] https://wso2.org/jira/browse/APPM-1160
>>>
>>> Regards,
>>> Dinsuha.
>>>
>>> --
>>> Dinusha Dilrukshi
>>> Associate Technical Lead
>>> WSO2 Inc.: http://wso2.com/
>>> Mobile: +94725255071
>>> Blog: http://dinushasblog.blogspot.com/
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Chatura Dilan Perera
>> *Associate Tech Lead** - WSO2 Inc.*
>> www.dilan.me
>>
>
>
>
>


-- 
Dinusha Dilrukshi
Associate Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding APPM-1160

[Sajith Abeywardhana]

Hi All,

EMM supports multi-tenancy it is designed to work with one instance of App
> Manager via OSGI services. When they work together they function as one
> product, hence EMM and App Manager share same tenants across the multi
> tenanted environment.
>

This means we don't need to keep the tenant config when we are connecting
using OSGi service.


> This is a special scenario where AppM connects to EMM via  EMM REST
> APIs. According to how we have developed the plugin tenant admin and
> password needs to be stored in the plugin configuration. This is a
> plugin specific configuration, therefore, the plugin developer has
> flexibility to store those configurations in any way he prefers.
>

When we are connecting using REST connector we need to have a tenant config
in AppM side. How about that we kept those tenant config in app-manager.xml
as below.




/store/extensions/assets/mobileapp/resources/models/%s.png
https://localhost:9450/mdm-admin


https://localhost:9448/oauth2/token
WjLm24IxBVLF0oz0VJfmtJbjJbka
v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
hr.com ,eng.com
,mrk.com



/store/extensions/assets/mobileapp/resources/models/%s.png




hradmin
hr.123


engadmin
eng.123


mrkadmin
eng.123







-- 
*Sajith Abeywardhana* | Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka.
Mobile: +94772260485
Email: saji...@wso2.com | Web: www.wso2.com


On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan  wrote:

> Hi Dinusha,
>
> EMM supports multi-tenancy it is designed to work with one instance of
> App Manager via OSGI services. When they work together they function as one
> product, hence EMM and App Manager share same tenants across the multi
> tenanted environment.
>

> This is a special scenario where AppM connects to EMM via  EMM REST
> APIs. According to how we have developed the plugin tenant admin and
> password needs to be stored in the plugin configuration. This is a
> plugin specific configuration, therefore, the plugin developer has
> flexibility to store those configurations in any way he prefers.
>
> When it's comes to multi tenancy, +1 we have to store those
> configurations in the registry for the rest connector plugin . But how we
> store those values are plugin specific.
>
>
> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka 
> wrote:
>
>> Hi Chathura,
>>
>> Does multi-tenancy supports in EMM for device management ? If yes, we
>> need to fix [1] as well, which means we cannot keep this configuration in
>> the app-manager.xml. Need to take it to registry.
>>
>> [1] https://wso2.org/jira/browse/APPM-1160
>>
>> Regards,
>> Dinsuha.
>>
>> --
>> Dinusha Dilrukshi
>> Associate Technical Lead
>> WSO2 Inc.: http://wso2.com/
>> Mobile: +94725255071
>> Blog: http://dinushasblog.blogspot.com/
>>
>
>
>
> --
> Regards,
>
> Chatura Dilan Perera
> *Associate Tech Lead** - WSO2 Inc.*
> www.dilan.me
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding APPM-1160

[Chathura Dilan]

Hi Dinusha,

EMM supports multi-tenancy it is designed to work with one instance of App
Manager via OSGI services. When they work together they function as one
product, hence EMM and App Manager share same tenants across the multi
tenanted environment.

This is a special scenario where AppM connects to EMM via  EMM REST
APIs. According to how we have developed the plugin tenant admin and
password needs to be stored in the plugin configuration. This is a
plugin specific configuration, therefore, the plugin developer has
flexibility to store those configurations in any way he prefers.

When it's comes to multi tenancy, +1 we have to store those
configurations in the registry for the rest connector plugin . But how we
store those values are plugin specific.


On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka 
wrote:

> Hi Chathura,
>
> Does multi-tenancy supports in EMM for device management ? If yes, we need
> to fix [1] as well, which means we cannot keep this configuration in the
> app-manager.xml. Need to take it to registry.
>
> [1] https://wso2.org/jira/browse/APPM-1160
>
> Regards,
> Dinsuha.
>
> --
> Dinusha Dilrukshi
> Associate Technical Lead
> WSO2 Inc.: http://wso2.com/
> Mobile: +94725255071
> Blog: http://dinushasblog.blogspot.com/
>



-- 
Regards,

Chatura Dilan Perera
*Associate Tech Lead** - WSO2 Inc.*
www.dilan.me
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Regarding APPM-1160

[Dinusha Senanayaka]

Hi Chathura,

Does multi-tenancy supports in EMM for device management ? If yes, we need
to fix [1] as well, which means we cannot keep this configuration in the
app-manager.xml. Need to take it to registry.

[1] https://wso2.org/jira/browse/APPM-1160

Regards,
Dinsuha.

-- 
Dinusha Dilrukshi
Associate Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev