Hi Darshana, On Wed, May 25, 2016 at 6:50 AM, Darshana Gunawardana <darsh...@wso2.com> wrote:
> Hi Dhanuka, > > On Thu, May 19, 2016 at 11:23 AM, Dhanuka Ranasinghe <dhan...@wso2.com> > wrote: > >> Hi All, >> >> Currently we can add user with user name with @ sign, say for example if >> the user name is "test@user" without enabling Email User, Carbon >> Management console allow to add this user. But when we are trying to do the >> same thing as user sign up with APIM manager it's getting failed with super >> tenant. We found the root cause is at [1] line. Reason is from following >> highlighted code line we are getting *tenantAwareUserName* as *test* by >> removing* @user* part. Also *tenantName* also getting as *user*, which >> are wrong, and due to that realm become *Null*. >> >> There are few things need to be consider here. >> >> 1. Is it correct allowing to add username with *@* sign at Carbon >> Management Console without enable Email User? >> > Yes. This is a valid requirement. > This can be a valid requirement, but what we say is we should not allow this because it leads to an ambiguous situation. > > >> 2. Assume we have tenant domain called *wso2.com <http://wso2.com>*, >> then create user as *abc* with password *admin* in that domain space and >> again we create user as *a...@wso2.com <a...@wso2.com>* from super tenant >> space with password as *admin.* >> > This behaviour needed to be avoided from the code by correctly > manipulating the tenant domain. > > MultitenantUtils.getTenantAwareUsername() method is not a idempotent > operation. So you need to know how the format(whether is tenant aware > username or not) of the username its returning from user.getUserName() and > use MultitenantUtils.getTenantAwareUsername() only for username which have > the tenant domain appended. > I'm not sure if this is feasible. Think of the same login example. When someone logs in, all we have is username and password. We don't provide tenant domain separately. So as I asked previously, how do you differentiate these 2 users? *Super Tenant User:* Username: a...@wso2.com Password: pass *wso2.com <http://wso2.com> Tenant User:* Username: abc Password: pass For both users, when they login, their usernames and passwords are the same. That's a problem. Isn't it? Thanks, Bhathiya > > Regards, > > > So when we try to login as* a...@wso2.com <a...@wso2.com>*, it login to > *wso2.com >> <http://wso2.com>* tenant space. To login to super tenant user we need >> to login as *a...@wso2.com@carbon.super*. Will this be OK? >> >> [1] *org.wso2.carbon.identity.user.registration.UserRegistrationService.* >> *addUser(UserDTO)* >> *String tenantAwareUserName = >> MultitenantUtils.getTenantAwareUsername(user.getUserName());* >> *String tenantName = >> MultitenantUtils.getTenantDomain(user.getUserName());* >> *realm = IdentityTenantUtil.getRealm(tenantName, null);* >> >> >> Cheers, >> Dhanuka >> >> *Dhanuka Ranasinghe* >> >> Associate TechLead >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 715381915 >> > > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
