:All As specified in[1] The QR code URL can be retrieved using the initTOTP method in the TOTPAdminService using the following curl request.
curl -i -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H > 'Authorization:Basic YWRtaW46YWRtaW4=' > https://localhost:9443/services/TOTPAdminService/initTOTP -k -d > 'username=testuser@carbon.super' However in IS 5.9.0 latest alpha release this doesn't work[3] as username is not included in the SOAP request created by the axis2 service. This has been caused by RequestCorrelationIdValve which is enabled by default which consumes the inputstream of the HttpServletRequest by calling getParameterNames and getParameter methods. Even Though those parsed parameters are available to the axis2, it tries to parse the input stream again in order to get the username passed along with the POST request. Since the input stream of HttpServletRequest can only be parsed once this results username being null. In the first place RequestCorrelationIdValve should not read body parameters. Hence we have decided to fix $subject by parsing the query string without using getParameterNames method which consumes the inputstream which causes several issues later in the request flow. Please find the PR[2] to fix $subject. [1] https://is.docs.wso2.com/en/5.9.0/connectors/configuring-TOTP-Authenticator/ [2] https://github.com/wso2/carbon-kernel/pull/2279 [3] https://github.com/wso2/product-is/issues/6392 Best Regards Isuranga Perera -- *Isuranga Perera* | Software Engineer | WSO2 Inc. +94 71 735 7034 | isura...@wso2.com <isu...@wso2.com>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev