Sorry my reply on handling MultitenantUtils.getTenantAwareUsername() in earlier reply is not a answer for #2, rather a comment on shared code block.
Using email username, without enabling email username property should be avoided all the times if possible. But the implementation should be able to handle both scenarios. If somebody using email username without enabling the property, there is a overhead that user has to enter the tenant domain all the time; at least client app should handle adding the tenant domain. So yes username will be needed to provide as "[email protected]@carbon.super" for super tenant users. So Super Tenant User : abc : need to provide username as [email protected] [email protected] : need to provide username as [email protected]@carbon.super wso2.com Tenant User : abc : need to provide username as [email protected] [email protected] : need to provide username as [email protected]@wso2.com On Wed, May 25, 2016 at 8:35 AM, Bhathiya Jayasekara <[email protected]> wrote: > Hi Darshana, > > On Wed, May 25, 2016 at 6:50 AM, Darshana Gunawardana <[email protected]> > wrote: > >> Hi Dhanuka, >> >> On Thu, May 19, 2016 at 11:23 AM, Dhanuka Ranasinghe <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Currently we can add user with user name with @ sign, say for example if >>> the user name is "test@user" without enabling Email User, Carbon >>> Management console allow to add this user. But when we are trying to do the >>> same thing as user sign up with APIM manager it's getting failed with super >>> tenant. We found the root cause is at [1] line. Reason is from following >>> highlighted code line we are getting *tenantAwareUserName* as *test* by >>> removing* @user* part. Also *tenantName* also getting as *user*, which >>> are wrong, and due to that realm become *Null*. >>> >>> There are few things need to be consider here. >>> >>> 1. Is it correct allowing to add username with *@* sign at Carbon >>> Management Console without enable Email User? >>> >> Yes. This is a valid requirement. >> > > This can be a valid requirement, but what we say is we should not allow > this because it leads to an ambiguous situation. > > >> >> >>> 2. Assume we have tenant domain called *wso2.com <http://wso2.com>*, >>> then create user as *abc* with password *admin* in that domain space >>> and again we create user as *[email protected] <[email protected]>* from super >>> tenant space with password as *admin.* >>> >> This behaviour needed to be avoided from the code by correctly >> manipulating the tenant domain. >> >> MultitenantUtils.getTenantAwareUsername() method is not a idempotent >> operation. So you need to know how the format(whether is tenant aware >> username or not) of the username its returning from user.getUserName() and >> use MultitenantUtils.getTenantAwareUsername() only for username which have >> the tenant domain appended. >> > > I'm not sure if this is feasible. Think of the same login example. When > someone logs in, all we have is username and password. We don't provide > tenant domain separately. So as I asked previously, how do you > differentiate these 2 users? > > *Super Tenant User:* > > Username: [email protected] > Password: pass > > > *wso2.com <http://wso2.com> Tenant User:* > > Username: abc > Password: pass > > For both users, when they login, their usernames and passwords are the > same. That's a problem. Isn't it? > > Thanks, > Bhathiya > > > >> >> Regards, >> >> >> So when we try to login as* [email protected] <[email protected]>*, it login to >> *wso2.com >>> <http://wso2.com>* tenant space. To login to super tenant user we need >>> to login as *[email protected]@carbon.super*. Will this be OK? >>> >>> [1] >>> *org.wso2.carbon.identity.user.registration.UserRegistrationService.* >>> *addUser(UserDTO)* >>> *String tenantAwareUserName = >>> MultitenantUtils.getTenantAwareUsername(user.getUserName());* >>> *String tenantName = >>> MultitenantUtils.getTenantDomain(user.getUserName());* >>> *realm = IdentityTenantUtil.getRealm(tenantName, null);* >>> >>> >>> Cheers, >>> Dhanuka >>> >>> *Dhanuka Ranasinghe* >>> >>> Associate TechLead >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 715381915 >>> >> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> >> *E-mail: [email protected] <[email protected]>* >> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >> > > > > -- > *Bhathiya Jayasekara* > *Senior Software Engineer,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <%2B94715478185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > -- Regards, *Darshana Gunawardana*Senior Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
