Hi all, I am continuing this effort of implementing the APIs to retrieve authentication session information. I have changed the API definitions slightly according to the latest requirements. New API definitions can be found here <https://app.swaggerhub.com/apis/pamoda/SessionManagementAPI/1.0.0> [1]. The progress of the solution will be tracked in this git issue <https://github.com/wso2/product-is/issues/5769>[2].
[1] https://app.swaggerhub.com/apis/pamoda/SessionManagementAPI/1.0.0 [2] https://github.com/wso2/product-is/issues/5769 Thanks, Pamoda On Mon, Sep 10, 2018 at 12:40 PM Pushpalanka Jayawardhana <[email protected]> wrote: > + Rizmeer > > On Wed, Sep 5, 2018 at 11:18 AM Ruwan Abeykoon <[email protected]> wrote: > >> Hi All, >> +1 for Dulanja suggestion (If i get it correctly) - The API should be >> able to query with "UserID" and not based on "sessionID". We can use >> "SessionID" as an authentication mechanism, if necessary. >> >> e.g. /api/sessions/v1.0/users/{userId} // This is for illustration >> only, we need to come up with proper scheme. >> The userID should be either plain or encrypted based on privacy setting. >> >> Yes, this should replace the Analytics based session counting. Session >> tracking should be part and parcel with the product. >> >> Cheers, >> Ruwan >> >> On Wed, Sep 5, 2018 at 10:39 AM Dulanja Liyanage <[email protected]> >> wrote: >> >>> So that means the user will have to grab the commonauthId values from >>> all the browsers (in different devices) in order to get different session >>> information. IMO there should be a way the user can view all his/her >>> sessions via a single API call. >>> >>> Currently, a user can view all his/her sessions from the IS Dashboard >>> [1], and that is powered by IS Analytics. Is this new feature trying to >>> replace that? If so, there should be an API to retrieve all the sessions. >>> If that is not the purpose of this feature, I'd like to understand the >>> real-world usage of this new API. >>> >>> [1] https://docs.wso2.com/display/IS560/Terminating+User+Sessions >>> >>> Thanks, >>> Dulanja >>> >>> On Wed, Sep 5, 2018 at 10:08 AM, Chuhaashanan Nagenthiran < >>> [email protected]> wrote: >>> >>>> Here, SessionID is got from the cookie and user makes the API call by >>>> using the sessionID. >>>> >>>> Thanks. >>>> >>>> On Tue, Sep 4, 2018 at 5:32 PM, Dulanja Liyanage <[email protected]> >>>> wrote: >>>> >>>>> In that case, how does the user get hold of the SessionID to do the >>>>> API call? Does s/he has to get it from the cookie? or is there another API >>>>> that provides all the commonauthId values that were generated for all >>>>> the browser sessions? >>>>> >>>>> Thanks. >>>>> >>>>> On Tue, Sep 4, 2018 at 2:39 PM, Chuhaashanan Nagenthiran < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Dulanja, >>>>>> >>>>>> Yes. SessionID is the same value in commonauth cookie. >>>>>> >>>>>> Regards, >>>>>> >>>>>> On Tue, Sep 4, 2018 at 12:48 PM, Dulanja Liyanage <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Chuhaashanan, >>>>>>> >>>>>>> How is this SessionID generated? Is it same as the value of >>>>>>> commonauthId cookie? >>>>>>> >>>>>>> Thanks, >>>>>>> Dulanja >>>>>>> >>>>>>> On Mon, Sep 3, 2018 at 6:16 PM, Chuhaashanan Nagenthiran < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> +1 >>>>>>>> >>>>>>>> On Mon, Sep 3, 2018 at 5:42 PM, Ruwan Abeykoon <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Chuhaashanan, >>>>>>>>> It would be much extensible if "Session" table has JSON structure >>>>>>>>> or something along, having "Browser, OS, Location" etc. >>>>>>>>> Reason is that, Browser info has lot of sub units (e.g. Engine, >>>>>>>>> Version), OS (Type, Version, Distribution), Location(Country, City, >>>>>>>>> Coordinates) >>>>>>>>> Also we might need Device. >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> Ruwan >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Aug 15, 2018 at 2:09 PM Chuhaashanan Nagenthiran < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> *Problem* >>>>>>>>>> >>>>>>>>>> A user may wants to view his recently or currently logged in >>>>>>>>>> session details and terminate a currently logged in acc. But wso2 IS >>>>>>>>>> server >>>>>>>>>> does not provide this function now. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Solution* >>>>>>>>>> >>>>>>>>>> Develop an API to provide following functionalities. >>>>>>>>>> >>>>>>>>>> - Retrieve information of currently logged in and recently >>>>>>>>>> used sessions since last password changes. >>>>>>>>>> - Retrieve Time, location, OS and browser details of each >>>>>>>>>> session Logged in and recently used. >>>>>>>>>> - Terminate a particular logged in account. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Retrieve session information* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> * - User can view his currently logged in details and recently >>>>>>>>>> used session information. In each session, information about last >>>>>>>>>> time >>>>>>>>>> used, location, browser and OS details.- To view information, user >>>>>>>>>> has to >>>>>>>>>> request HTTP GET request with SessionID and can query by >>>>>>>>>> ServiceProvider >>>>>>>>>> detail for particular account. Then API will query alive UserID for >>>>>>>>>> given >>>>>>>>>> details and produce required information for user.* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Terminate a particular account* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> - If a user or admin wants to logged out from a logged in >>>>>>>>>> account, he can terminate particular account session. >>>>>>>>>> - If Identity Provider/ Service Provider/ User Account is >>>>>>>>>> deleted by admin, session will be automatically terminated by >>>>>>>>>> event >>>>>>>>>> listeners. >>>>>>>>>> - *To terminate an account, user has to request HTTP POST >>>>>>>>>> request with SessionID and can query by ServiceProvider detail for >>>>>>>>>> particular account. Then API will query alive UserID for given >>>>>>>>>> details and >>>>>>>>>> terminate account.* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Database design* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> - *UserID* which is mapped to* IDP, IDP UserID* and *Service >>>>>>>>>> Provider* is used to identify unique account. >>>>>>>>>> - Through *UserID*, information of particular account will be >>>>>>>>>> provided. >>>>>>>>>> - In *Session* table, details of *Browser, OS* and *Location* >>>>>>>>>> will not be used in query. So we can store this information as >>>>>>>>>> JSON object. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Chuhaashanan >>>>>>>>>> Intern - Software Engineering >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Ruwan Abeykoon* >>>>>>>>> *Associate Director/Architect**,* >>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >>>>>>>>> *lean.enterprise.middleware.* >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Chuhaashanan >>>>>>>> Intern - Software Engineering >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> Dulanja Liyanage >>>>>>> Lead, Platform Security Team >>>>>>> WSO2 Inc. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chuhaashanan >>>>>> Intern - Software Engineering >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Dulanja Liyanage >>>>> Lead, Platform Security Team >>>>> WSO2 Inc. >>>>> >>>> >>>> >>>> >>>> -- >>>> Chuhaashanan >>>> Intern - Software Engineering >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Dulanja Liyanage >>> Lead, Platform Security Team >>> WSO2 Inc. >>> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Associate Director/Architect**,* >> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >> *lean.enterprise.middleware.* >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: > lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- *Pamoda Wimalasiri | *Software Engineer | WSO2 Inc. (m) +94713705814 | (w) +94112145345 | (e) [email protected] <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
