Hi all, We have finalized to use event handlers to validate the service provider and pass the configurations between application module with other inbound authentication modules. Please find the flow of the import application,
[image: image.png] Here we are calling the doPreUpdateApplication listener method before creating the application. Because if there is an error in the imported SP file, then the application mustn't be created. doPreUpdateApplication will validate the full application configurations including claims, idp, authenticators, authentication config and provisioning configuration. Then in the application will be created with basic details using addApplication method. Then DoImportApplication will create the inbound configurations in the corresponding modules. Finally, the service provider will be updated. Here doPreUpdateApplication inside the updateApplication method will be skipped as it has been performed earlier. thanks, Senthalan On Sun, Jun 24, 2018 at 12:47 PM Senthalan Kanagalingam <sentha...@wso2.com> wrote: > Hi Malithi, > > yes, we can implement as you suggest. My concerns are > > - We are validating the claims, authenticators, identity providers and > inbound authenticator configuration during import. This will also cause new > cyclic dependency, then we need to fix this using the same handler > approach. > - We may need to roll back during import if there is any error. This > rollback also needed to be implemented as handlers. > > > As as we have planned for export/import options for other feature in > future, is it good to have a new module to avoid these complex event > handling? > > thanks, > Senthalan. > > On Fri, Jun 22, 2018 at 6:40 PM Malithi Edirisinghe <malit...@wso2.com> > wrote: > >> Hi Senthalan, >> >> One other option would be to move export functionality of the respective >> inbound authenticator configuration for the inbound component and to get >> them plugged to the application management component as handlers. So that, >> the export connector contract will be defined in the application mgt >> component. >> >> Thanks, >> Malithi. >> >> On Fri, Jun 22, 2018 at 6:21 PM, Senthalan Kanagalingam < >> sentha...@wso2.com> wrote: >> >>> Hi all, >>> >>> We have decided to export the "Inbound Authentication Configuration" and >>> omit any secret values with the user confirmation in UI when exporting. To >>> inject the inbound authentication configuration, we need the OAuth and SAML >>> configurations of the application. But getting these configurations are >>> available as OSGi services in the different components[1][2]. >>> >>> As I am implementing the import/export in application-mgt[3] module, we >>> can't add these dependencies into the application-mgt. It will cause a >>> cyclic dependency. So we have to create another module outside >>> the carbon-identity-framework or have to think about a different approach. >>> >>> Please share your idea about how we can overcome this situation. >>> >>> [1] - https://github.com/wso2-extensions/identity-inbound-auth-oauth >>> [2] - https://github.com/wso2-extensions/identity-inbound-auth-saml >>> [3] - >>> https://github.com/wso2/carbon-identity-framework/tree/master/components/application-mgt >>> >>> thanks, >>> Senthalan >>> >>> On Mon, Jun 18, 2018 at 6:00 PM Senthalan Kanagalingam < >>> sentha...@wso2.com> wrote: >>> >>>> Hi all, >>>> >>>> I am working on the importing and exporting service provider as an xml >>>> file. Currently, we support file-based DAO for service providers. But, >>>> this new implementation allows users to export service provider and >>>> then import back through the UI. Then it will be synced with the database. >>>> This feature will be helpful in moving service provider configurations >>>> between environments. >>>> >>>> Currently, I have developed a POC using JAXB marshal[1]. We have >>>> planned to skip "Inbound Authentication Configuration" in import/export as >>>> it will contain secret information. In future, we can have configurations >>>> to specify whether the user wants to export/import these inbound >>>> authentication configurations. >>>> >>>> If the corresponding identity providers or claims are not available in >>>> IS when importing, we have planned to show a warning box and allow the >>>> import. For other kinds of exceptions, the import process will be >>>> reverted. >>>> >>>> Please share your suggestions about this new feature. >>>> >>>> [1] - >>>> https://docs.oracle.com/javase/7/docs/api/javax/xml/bind/Marshaller.html >>>> >>>> Thanks, >>>> Senthalan >>>> -- >>>> >>>> *Senthalan Kanagalingam* >>>> *Software Engineer - WSO2 Inc.* >>>> *Mobile : +94 (0) 77 18 77 466* >>>> <http://wso2.com/signature> >>>> >>> >>> >>> -- >>> >>> *Senthalan Kanagalingam* >>> *Software Engineer - WSO2 Inc.* >>> *Mobile : +94 (0) 77 18 77 466* >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> >> *Malithi Edirisinghe* >> Associate Technical Lead >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> malit...@wso2.com >> > > > -- > > *Senthalan Kanagalingam* > *Software Engineer - WSO2 Inc.* > *Mobile : +94 (0) 77 18 77 466* > <http://wso2.com/signature> > -- *Senthalan Kanagalingam* *Software Engineer - WSO2 Inc.* *Mobile : +94 (0) 77 18 77 466* <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
