Perfect! Thanks Chamila! Dmitry
On Wed, Oct 1, 2014 at 8:33 PM, Chamila Adhikarinayake <chami...@wso2.com> wrote: > Hi Dmitry, > This feature is already done and we ship this with APIM 1.8. Sorry for not > updating this thread. > > Regarding the scenarios, We have provided facility to add custom workflow > extension. Currently we ship UserSignUpWSWorkflowExecutor which also has a > user approval process [1]. We can also create custom workflow extension to > suit the scenario mentioned and plug them in. We can also deploy scenario > as a business process in WSO2 BPS and connect using our > UserSignUpWSWorkflowExecutor. > > [1] https://docs.wso2.com/display/AM170/Adding+a+User+Signup+Workflow > > Thanks, > Chamila. > > On Thu, Oct 2, 2014 at 3:05 AM, Dmitry Sotnikov <dmi...@wso2.com> wrote: > >> Any update on that? >> >> What is the ETA for the feature? >> >> Is there something we can review yet? >> >> Were you able to satisfy all the end-user experience requirements? >> >> Dmitry >> >> On Fri, Sep 5, 2014 at 10:09 AM, Dmitry Sotnikov <dmi...@wso2.com> wrote: >> >>> Thanks Chamila! >>> >>> Here is the workflow that I would like to see in the API Cloud: >>> >>> Scenario A: User Self Sign-Up: >>> >>> 1. Plato is an app developer and wants to develop an app for the >>> population of the Atlantis island to track the water level and notify when >>> the island goes under the sea. He finds that gods have set up a website >>> with the developer program: apis.atlantisisland.gr and goes to the site >>> to read about the APIs. >>> 2. When browsing the API Store at some point Plato tries to access >>> functionality which requires authentication (e.g. Subscribe to an API), >>> 3. Plato is presented to choice to log in or sign-up, >>> 4. If Plato clicks Sign Up, he is asked provide his email address. >>> 5. Plato provides his gmail address, >>> 6. He gets an email inviting him to join the Atlatis developer program >>> with a one-time link that takes him to the Store, asks him to specify and >>> confirm new password. >>> 7. Plato is now logged into the Atlastic API Store, and can perform all >>> activity there. >>> 8. Plato has Subscriber role - so he cannot actually go to Atlatis API >>> Publisher, etc. >>> >>> Possible variations of that: >>> >>> Scenario B: Approval is required: Zeus is the administrator of the API >>> program and gets a request to approve Plato's membership. In this case, >>> this needs to be properly communicated to both Zeus and Plato, so they know >>> what is going on, what is expected of them, current status, etc. >>> >>> Scenario C: Zeus actually wants to invite Plato to the development >>> program: Zeus goes to the corresponding UI, provides Plato's email address, >>> and Plato receives email with the invitation and one-time link (obviously >>> approvals are not required in this case.) >>> >>> Scenario D: >>> 1. Homer decides to also write an Atlatis app, and wants to sign-up. >>> 2. When he tries to sign-up he gets notified that he already has an >>> account from WSO2 which he used for his Trojan app and which he can reuse. >>> >>> All the emails that get sent need to be brandable by the tenant >>> administrators so when Troy have their API program, Trojan emails look >>> different from the ones for Atlantis. >>> >>> I understand that some of these steps will be different in the cloud and >>> in on-premise API Manager because of the custom authentication. You will >>> need to discuss with the cloud team to make sure that the implementation is >>> compatible, etc. >>> >>> I hope this helps. :) >>> >>> Dmitry >>> >>> >>> On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake < >>> chami...@wso2.com> wrote: >>> >>>> looping Dmitry to the thread >>>> >>>> >>>> On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake < >>>> chami...@wso2.com> wrote: >>>> >>>>> Hi all, >>>>> >>>>> The current user signup method (jsFunction_addUser() [1]) in API >>>>> manager uses addUser method in UserRegistrationService[2] (through >>>>> UserRegistrationAdminService from APIM) to register the user and suggested >>>>> to use that same method for tenant user signup as well (Shariq has >>>>> modified >>>>> this so that tenant-wise roles can be taken from the registry and assign >>>>> them to the tenant user ). But with that modification, This method cannot >>>>> be used for tenant signup with the current user signup workflow in the api >>>>> manager. >>>>> >>>>> When signing up an user to super user store, first add a user by >>>>> calling adduser method (from this method, user is assigned with default >>>>> internal/identity role from UserRegistrationService) and then follow the >>>>> signup workflow and finally add the role to that user. In the signup >>>>> workflow, user approval process is managed and till then the user cannot >>>>> log in. But when addUser method is called for tenant signup, a tenant >>>>> user >>>>> is created and all his roles are assigned to him at the creation point. As >>>>> a result, second point (approval process) cannot be done. (user can log in >>>>> before the approval process is done). As a result, method to assign roles >>>>> by using '/_system/governance/repository/identity/sign-up-config' >>>>> (mentioned in 'User roles for tenants' in my first mail ) cannot be used >>>>> in >>>>> this case. >>>>> >>>>> *Modified method to add user roles for tenants* >>>>> >>>>> As a result of above mentioned problem, a registry entry in >>>>> /_system/governance/repository/identity/sign-up-config won't be created as >>>>> mentioned in the first mail. Without this config, all the tenants created >>>>> using addUser method will have default internal/identity role. Registry >>>>> resource similar to 'sign-up-config' is created in seperate registry >>>>> location and this entry can be used to add roles to the tenant during the >>>>> final step. as a result approval process can be carried out during the >>>>> second step. >>>>> >>>>> >>>>> [1] >>>>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/apimgt/org.wso2.carbon.apimgt.hostobjects/1.2.3/src/main/java/org/wso2/carbon/apimgt/hostobjects/APIStoreHostObject.java >>>>> [2] >>>>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.user.registration/4.2.2/src/main/java/org/wso2/carbon/identity/user/registration/UserRegistrationService.java >>>>> >>>>> >>>>> Thanks, >>>>> Chamila. >>>>> >>>>> >>>>> On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva <ami...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Chamila, >>>>>> >>>>>> I think you have to start the TenantFlow and set the ID for the >>>>>> tenant correctly before fetching the configuration. In the method >>>>>> jsFunction_resumeWorkflow, this is done by calling >>>>>> PrivilegedCarbonContext.startTenantFlow(); >>>>>> >>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, >>>>>> true); >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake < >>>>>> chami...@wso2.com> wrote: >>>>>> >>>>>>> Actually the tasks are created with that executor for other tenants >>>>>>> as well. but not inside the correct tenant domain in the BPS. They are >>>>>>> created in carbon.super tenant domain and the related task can be >>>>>>> viewed in >>>>>>> workflow-admin ui only by login as super user. >>>>>>> >>>>>>> following is the reason I think that causes this. >>>>>>> >>>>>>> In the method jsFunction_addUser() in APIStoreHostObject following >>>>>>> code is there to create the workflow >>>>>>> >>>>>>> WorkflowExecutor userSignUpWFExecutor = >>>>>>> WorkflowExecutorFactory.getInstance() >>>>>>> >>>>>>> .getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP); >>>>>>> >>>>>>> This WorkflowExecutor is created using carbon.super user >>>>>>> configuration information in the registry. In the >>>>>>> 'getWorkflowConfigurations()' method in WorkflowExecutorFactory class >>>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); >>>>>>> is >>>>>>> used to get the domain name. (aslo tenant id). So even though there is a >>>>>>> different tenant domain, these values do not change. So superuser conf >>>>>>> is >>>>>>> used and the request is sent to the carbon.super tenant in BPS. not to >>>>>>> the >>>>>>> tenant's one. So I'm working on passing the correct domain info to this >>>>>>> >>>>>>> >>>>>>> On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias <nuw...@wso2.com> wrote: >>>>>>> >>>>>>>> On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake < >>>>>>>> chami...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> I'm creating user self signup feature for tenant store in API >>>>>>>>> Manager. Current api manager provides only self signup facility for >>>>>>>>> carbon.super store. To add tenant users, tenant admin has to manually >>>>>>>>> add >>>>>>>>> it through the carbon console. >>>>>>>>> >>>>>>>>> Following parts will be implemented >>>>>>>>> >>>>>>>>> *UI changes* (see attached images) >>>>>>>>> >>>>>>>>> 1. enable the sign-up button for tenant user store >>>>>>>>> 2. add the domain name extension for the user name field in the >>>>>>>>> user registration form. (this is appended to the user name) >>>>>>>>> >>>>>>>>> *User roles for tenants * >>>>>>>>> >>>>>>>>> Tenant signup configuration will be moved to the registry location >>>>>>>>> '/_system/governance/repository/identity/sign-up-config'. This part is >>>>>>>>> already implemented by Shariq for a IS component(See discussion in the >>>>>>>>> thread "Provide support for self signup for tenants' APIStores" for >>>>>>>>> more >>>>>>>>> info on the configuration). But this resource needed to be created >>>>>>>>> manually. So as a part of the implementation, This resource will be >>>>>>>>> added >>>>>>>>> with default values when creating a tenant. Default value will be >>>>>>>>> >>>>>>>>> <SelfSignUp> >>>>>>>>> <SignUpDomain>PRIMARY</SignUpDomain> >>>>>>>>> <SignUpRole> >>>>>>>>> <RoleName>subscriber</RoleName> >>>>>>>>> <IsExternalRole>false</IsExternalRole> >>>>>>>>> </SignUpRole> >>>>>>>>> </SelfSignUp> >>>>>>>>> >>>>>>>>> >>>>>>>>> *Modification to current work-flow for tenant sign-up. * >>>>>>>>> >>>>>>>>> The current implemented method does not work when >>>>>>>>> UserSignUpWSWorkflowExecutor is used in the work-flow. this can be >>>>>>>>> only >>>>>>>>> used with tenants signups for superuser. Existing code uses >>>>>>>>> configuration >>>>>>>>> in the carbon super user's registry entry >>>>>>>>> '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' >>>>>>>>> for >>>>>>>>> tenants as well ( see jsFunction_addUser() in >>>>>>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When >>>>>>>>> registering a tenant user for different tenant, configuration in the >>>>>>>>> tenant's workflow-extensions.xml needed to be used. >>>>>>>>> >>>>>>>>> I have implemented basic functionality[1] as requested by AmilaM >>>>>>>>> (Users can signup for tenant stores. But Tenant admin has to manually >>>>>>>>> add >>>>>>>>> the registry entry with user roles to the given location. If this >>>>>>>>> entry is >>>>>>>>> not there, a default 'identity' user role is assigned to the user. >>>>>>>>> Only >>>>>>>>> UserSignUpSimpleWorkflowExecutor for the workflow can be used with >>>>>>>>> this. If >>>>>>>>> UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant >>>>>>>>> approval tasks are not created properly) >>>>>>>>> >>>>>>>> >>>>>>>> Do we know the reason for the tasks of the BPS not being created >>>>>>>> when the UserSignUpWSWorkflowExecutor is used? We will need to dig into >>>>>>>> that IMO. >>>>>>>> >>>>>>>>> >>>>>>>>> [1] https://wso2.org/jira/browse/APIMANAGER-2785 >>>>>>>>> >>>>>>>>> Comments are highly appreciated >>>>>>>>> Thanks, >>>>>>>>> Chamila. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> Chamila Adhikarinayake >>>>>>>>> Software Engineer >>>>>>>>> WSO2, Inc. >>>>>>>>> Mobile - +94712346437 >>>>>>>>> Email - chami...@wso2.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Nuwan Dias >>>>>>>> >>>>>>>> Associate Tech Lead - WSO2, Inc. http://wso2.com >>>>>>>> email : nuw...@wso2.com >>>>>>>> Phone : +94 777 775 729 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Chamila Adhikarinayake >>>>>>> Software Engineer >>>>>>> WSO2, Inc. >>>>>>> Mobile - +94712346437 >>>>>>> Email - chami...@wso2.com >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Amila De Silva* >>>>>> >>>>>> WSO2 Inc. >>>>>> mobile :(+94) 775119302 >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Chamila Adhikarinayake >>>>> Software Engineer >>>>> WSO2, Inc. >>>>> Mobile - +94712346437 >>>>> Email - chami...@wso2.com >>>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Chamila Adhikarinayake >>>> Software Engineer >>>> WSO2, Inc. >>>> Mobile - +94712346437 >>>> Email - chami...@wso2.com >>>> >>> >>> >>> >>> -- >>> Dmitry Sotnikov >>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>> email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov >>> Lean . Enterprise . Middleware >>> >>> <http://wso2.com/events/> >>> >> >> >> >> -- >> Dmitry Sotnikov >> VP of Cloud; WSO2, Inc.; http://wso2.com/ >> email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov >> Lean . Enterprise . Middleware >> >> <http://wso2.com/events/> >> > > > > -- > Regards, > Chamila Adhikarinayake > Software Engineer > WSO2, Inc. > Mobile - +94712346437 > Email - chami...@wso2.com > -- Dmitry Sotnikov VP of Cloud; WSO2, Inc.; http://wso2.com/ email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov Lean . Enterprise . Middleware <http://wso2.com/events/>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture