Hi All, I have tested the following,
Create service provider and tested OAuth flow with playground when hashing access tokens, refresh tokens, client secrets, and authorization codes feature enabled. No blocking issues found. [+] Stable - go ahead and release Thanks, On Tue, Jun 19, 2018 at 4:52 PM, Nadeeshani Pathirennehelage < [email protected]> wrote: > Hi All, > > +1 from Platform Security Team. > > Thank You, > Nadeeshani. > > On Tue, Jun 19, 2018 at 4:42 PM, Ashen Weerathunga <[email protected]> wrote: > >> Hi All, >> >> I have tested the following and found no issues. >> >> - Consent Management for Self Sign Up. >> - Creating Users with the Ask Password Option. >> - Password pattern validation. >> - SAML SSO with Consent Management. >> >> [+] Stable - go ahead and release >> >> Thanks, >> Ashen >> >> >> On Tue, Jun 19, 2018 at 3:59 PM Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Tested the IS 5.6.0-RC3 integration with IS-Analytics-5.6.0 >>> And check the session analytics reports. >>> >>> >>> No blocking issues found. >>> [+] Stable >>> >>> Thanks, >>> Ishara >>> >>> >>> >>> >>> >>> On Tue, Jun 19, 2018 at 3:48 PM Isuri Anuradha <[email protected]> wrote: >>> >>>> Hi all, >>>> >>>> I've tested following scenarios on the IS 5.6.0-RC3 pack. >>>> >>>> - SAML to SAML federation flow. >>>> - Publish and Update XACML policies. >>>> - OAuth token revocation. >>>> >>>> No blocking issues found. >>>> >>>> [+] Stable >>>> >>>> Thanks >>>> Isuri. >>>> >>>> On Tue, Jun 19, 2018 at 3:34 PM, Omindu Rathnaweera <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> Tested SCIM 2.0 basic operations. No blocking issues found >>>>> >>>>> [+] Stable - Go ahead and release >>>>> >>>>> Regards, >>>>> Omindu. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Tue, Jun 19, 2018 at 3:14 PM Nipuni Bhagya <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> I've tested following scenarios on the IS 5.6.0-RC3 pack. >>>>>> >>>>>> - Configuring Single-Sign-On with SAML2 >>>>>> - Configuring Single-Sign-On with OIDC >>>>>> - Configuring Multi-Factor Authentication >>>>>> - Configuring Twitter as a Federated Authenticator >>>>>> - Setting up Self-Signup >>>>>> - Creating a workflow >>>>>> - Tested Consent management API (Add/Retrieve purposes, >>>>>> Add/revoke consents.) >>>>>> >>>>>> No blocking issues found. >>>>>> >>>>>> [+] Stable >>>>>> >>>>>> Thanks, >>>>>> >>>>>> >>>>>> On Tue, Jun 19, 2018 at 2:38 AM Pulasthi Mahawithana < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Tested SSO with Multi step/multi option authentication, Google >>>>>>> and Twitter authenticators >>>>>>> >>>>>>> No blocking issues found. >>>>>>> >>>>>>> [+] Stable - Go ahead and release >>>>>>> >>>>>>> >>>>>>> On Tue, Jun 19, 2018 at 2:59 PM Hasanthi Purnima Dissanayake < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Tested below scenarios on IS 5.6.0-RC3 pack, >>>>>>>> >>>>>>>> - Register a service provider >>>>>>>> - Obtain an access token using JWT grant type >>>>>>>> - Invoke user info endpoint using the token. >>>>>>>> >>>>>>>> No blocking issues found. >>>>>>>> >>>>>>>> [+] Stable - Go ahead and release >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Hasanthi >>>>>>>> >>>>>>>> On Tue, Jun 19, 2018 at 2:44 PM, Dewni Weeraman <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Tested below scenarios on IS 5.6.0-RC3 pack, >>>>>>>>> >>>>>>>>> - Invoke the OAuth Introspection Endpoint. >>>>>>>>> - OAuth token revocation. >>>>>>>>> - Entitlement policy creation using write policy in xml and >>>>>>>>> publishing. >>>>>>>>> - Using REST APIs via XACML to manage entitlement. >>>>>>>>> - Create, update, get, delete an OAuth app using Dynamic >>>>>>>>> Client Registration endpoint. >>>>>>>>> >>>>>>>>> >>>>>>>>> No blocking issues found. >>>>>>>>> >>>>>>>>> [+] Stable - Go ahead and release >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Dewni >>>>>>>>> >>>>>>>>> On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi all, >>>>>>>>>> >>>>>>>>>> I've tested following scenarios on the IS 5.6.0-RC3 pack. >>>>>>>>>> >>>>>>>>>> User management (add/update/remove users). >>>>>>>>>> User management in secondary userstores (Read-Write LDAP). >>>>>>>>>> Consent Management in SAML SSO. >>>>>>>>>> SAML to SAML federation. >>>>>>>>>> Creating workflows definitions for primary userstore users. >>>>>>>>>> Engaging/Disabling workflows on user-store operations. >>>>>>>>>> Enable role based authorization using XACML for service providers. >>>>>>>>>> Tenant creation/update/disabling. >>>>>>>>>> >>>>>>>>>> No blocking issues are found. >>>>>>>>>> >>>>>>>>>> [+] Stable - go ahead and release. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Sathya >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi all, >>>>>>>>>>> >>>>>>>>>>> I've tested following scenarios on the IS 5.6.0-RC3 pack with >>>>>>>>>>> default database setup. >>>>>>>>>>> >>>>>>>>>>> - Enable user self-registration and self-register a new user. >>>>>>>>>>> - Add multiple consent purposes with multiple PII categories. >>>>>>>>>>> - Login to dashboard and see whether we can see the default >>>>>>>>>>> consent and above added PII categories. >>>>>>>>>>> - Confirm claims are getting filtered based on consents. >>>>>>>>>>> - Configure a service provider with OpenID Connect and >>>>>>>>>>> acquire access tokens via Authorization Code, Implicit, Client >>>>>>>>>>> Credential >>>>>>>>>>> and Password grant types. >>>>>>>>>>> - Enable ID token encryption for the service provider and >>>>>>>>>>> test the flow with decryption for all grant types. >>>>>>>>>>> - Delete the self-signed up user, create another user with >>>>>>>>>>> the exact same username, log in to the dashboard and see what >>>>>>>>>>> are the >>>>>>>>>>> consents shown. >>>>>>>>>>> - Revoke consents of the user via the dashboard and try >>>>>>>>>>> accessing the SP to verify the consents are asked again. >>>>>>>>>>> - Delete the SP, login to the dashboard and see whether the >>>>>>>>>>> consents are deleted for that SP. >>>>>>>>>>> >>>>>>>>>>> No blocking issues are found. >>>>>>>>>>> >>>>>>>>>>> [+] Stable - go ahead and release. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Vihanga. >>>>>>>>>>> >>>>>>>>>>> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi all, >>>>>>>>>>>> >>>>>>>>>>>> We are pleased to announce the third release candidate of WSO2 >>>>>>>>>>>> Identity Server 5.6.0. >>>>>>>>>>>> >>>>>>>>>>>> This release fixes the following issues >>>>>>>>>>>> >>>>>>>>>>>> - 5.6.0-RC Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/40?closed=1> >>>>>>>>>>>> - 5.6.0-Beta Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/39?closed=1> >>>>>>>>>>>> - 5.6.0-Alpha2 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/43?closed=1> >>>>>>>>>>>> - 5.6.0-Alpha Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/38?closed=1> >>>>>>>>>>>> - 5.6.0-M7 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/37?closed=1> >>>>>>>>>>>> - 5.6.0-M6 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/36?closed=1> >>>>>>>>>>>> - 5.6.0-M5 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/35?closed=1> >>>>>>>>>>>> - 5.6.0-M4 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/34?closed=1> >>>>>>>>>>>> - 5.6.0-M3 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/33?closed=1> >>>>>>>>>>>> - 5.6.0-M2 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/31?closed=1> >>>>>>>>>>>> - 5.6.0-M1 Fixes >>>>>>>>>>>> <https://github.com/wso2/product-is/milestone/30?closed=1> >>>>>>>>>>>> >>>>>>>>>>>> Source and distribution, >>>>>>>>>>>> Runtime - https://github.com/wso2/pro >>>>>>>>>>>> duct-is/releases/tag/v5.6.0-rc3 >>>>>>>>>>>> Analytics - https://github.com/wso2/anal >>>>>>>>>>>> ytics-is/releases/v5.6.0-rc3 >>>>>>>>>>>> >>>>>>>>>>>> Please download, test the product and vote. >>>>>>>>>>>> >>>>>>>>>>>> [+] Stable - go ahead and release >>>>>>>>>>>> [-] Broken - do not release (explain why) >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> WSO2 Identity and Access Management Team >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> Madawa Soysa / Senior Software Engineer >>>>>>>>>>>> [email protected] / +94714616050 >>>>>>>>>>>> >>>>>>>>>>>> *WSO2 Inc.* >>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>> >>>>>>>>>>>> <https://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>> >>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>> >>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>> >>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Sathya Bandara >>>>>>>>>> Software Engineer >>>>>>>>>> WSO2 Inc. http://wso2.com >>>>>>>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032> >>>>>>>>>> >>>>>>>>>> <+94%2071%20411%205032> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Dewni Weeraman* >>>>>>>>> Trainee Software Engineer | WSO2 >>>>>>>>> >>>>>>>>> Email: [email protected] >>>>>>>>> Mobile: +94772979049 >>>>>>>>> Web: http://wso2.com/ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Hasanthi Dissanayake >>>>>>>> >>>>>>>> Senior Software Engineer | WSO2 >>>>>>>> >>>>>>>> E: [email protected] >>>>>>>> M :0718407133| http://wso2.com <http://wso2.com/> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Pulasthi Mahawithana* >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>> Mobile: +94-71-5179022 >>>>>>> Blog: https://medium.com/@pulasthi7/ >>>>>>> >>>>>>> <https://wso2.com/signature> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> *Kind Regards,Nipuni Bhagya* >>>>>> >>>>>> *Software Engineering Intern* >>>>>> *WSO2* >>>>>> >>>>>> >>>>>> >>>>>> *Mobile : +94 0779028904* >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>> >>>>> >>>>> -- >>>>> Omindu Rathnaweera >>>>> Senior Software Engineer, WSO2 Inc. >>>>> Mobile: +94 771 197 211 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Isuri Anuradha >>>> Trainee Software Engineer | WSO2 >>>> >>>> Emaii : [email protected] >>>> Mobile : +94775941280 >>>> web :http://wso2.com >>>> >>>> <http:///wso2.com> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> *Ashen Weerathunga* >> Senior Software Engineer >> WSO2 Inc.: http://wso2.com >> lean.enterprise.middleware >> >> Email: [email protected] >> Mobile: +94716042995 >> LinkedIn: *http://lk.linkedin.com/in/ashenweerathunga >> <http://lk.linkedin.com/in/ashenweerathunga>* >> >> <http://wso2.com/signature> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Pathirennehelage Nadeeshani > Software Engineer | WSO2 Inc. > Platform Security Team > mobile : +94 716545223 > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Biruntha Software Engineer WSO2 Email: [email protected] LinkedIn: https://lk.linkedin.com/in/biruntha Mobile : +94773718986
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
