subject:"\\\[Architecture\\\] API Manager \\\- Self Signup for tenant's API Store"

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-10-02 Thread Dmitry Sotnikov

Perfect! Thanks Chamila!

Dmitry

On Wed, Oct 1, 2014 at 8:33 PM, Chamila Adhikarinayake chami...@wso2.com
wrote:

 Hi Dmitry,
 This feature is already done and we ship this with APIM 1.8. Sorry for not
 updating this thread.

 Regarding the scenarios, We have provided facility to add custom workflow
 extension. Currently we ship UserSignUpWSWorkflowExecutor which also has a
 user approval process [1]. We can also create custom workflow extension to
 suit the scenario mentioned and plug them in. We can also deploy scenario
 as a business process in WSO2 BPS and connect using our
 UserSignUpWSWorkflowExecutor.

 [1] https://docs.wso2.com/display/AM170/Adding+a+User+Signup+Workflow

 Thanks,
 Chamila.

 On Thu, Oct 2, 2014 at 3:05 AM, Dmitry Sotnikov dmi...@wso2.com wrote:

 Any update on that?

 What is the ETA for the feature?

 Is there something we can review yet?

 Were you able to satisfy all the end-user experience requirements?

 Dmitry

 On Fri, Sep 5, 2014 at 10:09 AM, Dmitry Sotnikov dmi...@wso2.com wrote:

 Thanks Chamila!

 Here is the workflow that I would like to see in the API Cloud:

 Scenario A: User Self Sign-Up:

 1. Plato is an app developer and  wants to develop an app for the
 population of the Atlantis island to track the water level and notify when
 the island goes under the sea. He finds that gods have set up a website
 with the developer program: apis.atlantisisland.gr and goes to the site
 to read about the APIs.
 2. When browsing the API Store at some point Plato tries to access
 functionality which requires authentication (e.g. Subscribe to an API),
 3. Plato is presented to choice to log in or sign-up,
 4. If Plato clicks Sign Up, he is asked provide his email address.
 5. Plato provides his gmail address,
 6. He gets an email inviting him to join the Atlatis developer program
 with a one-time link that takes him to the Store, asks him to specify and
 confirm new password.
 7. Plato is now logged into the Atlastic API Store, and can perform all
 activity there.
 8. Plato has Subscriber role - so he cannot actually go to Atlatis API
 Publisher, etc.

 Possible variations of that:

 Scenario B: Approval is required: Zeus is the administrator of the API
 program and gets a request to approve Plato's membership. In this case,
 this needs to be properly communicated to both Zeus and Plato, so they know
 what is going on, what is expected of them, current status, etc.

 Scenario C: Zeus actually wants to invite Plato to the development
 program: Zeus goes to the corresponding UI, provides Plato's email address,
 and Plato receives email with the invitation and one-time link (obviously
 approvals are not required in this case.)

 Scenario D:
 1. Homer decides to also write an Atlatis app, and wants to sign-up.
 2. When he tries to sign-up he gets notified that he already has an
 account from WSO2 which he used for his Trojan app and which he can reuse.

 All the emails that get sent need to be brandable by the tenant
 administrators so when Troy have their API program, Trojan emails look
 different from the ones for Atlantis.

 I understand that some of these steps will be different in the cloud and
 in on-premise API Manager because of the custom authentication. You will
 need to discuss with the cloud team to make sure that the implementation is
 compatible, etc.

 I hope this helps. :)

 Dmitry


 On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake 
 chami...@wso2.com wrote:

 looping Dmitry to the thread


 On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake 
 chami...@wso2.com wrote:

 Hi all,

 The current user signup method (jsFunction_addUser() [1]) in API
 manager uses addUser method in UserRegistrationService[2] (through
 UserRegistrationAdminService from APIM) to register the user and suggested
 to use that same method for tenant user signup as well (Shariq has 
 modified
 this so that tenant-wise roles can be taken from the registry and assign
 them to the tenant user ). But with that modification, This method cannot
 be used for tenant signup with the current user signup workflow in the api
 manager.

 When signing up an user to super user store, first add a user by
 calling adduser method (from this method, user is assigned with default
 internal/identity role from UserRegistrationService) and then follow the
 signup workflow and finally add the role to that user. In the signup
 workflow, user approval process is managed and till then the user cannot
 log in.  But when addUser method is called for tenant signup, a tenant 
 user
 is created and all his roles are assigned to him at the creation point. As
 a result, second point (approval process) cannot be done. (user can log in
 before the approval process is done). As a result,  method to assign roles
 by using '/_system/governance/repository/identity/sign-up-config'
 (mentioned in 'User roles for tenants' in my first mail ) cannot be used 
 in
 this case.

 *Modified method to add user roles for tenants*

 As a

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-10-01 Thread Dmitry Sotnikov

Any update on that?

What is the ETA for the feature?

Is there something we can review yet?

Were you able to satisfy all the end-user experience requirements?

Dmitry

On Fri, Sep 5, 2014 at 10:09 AM, Dmitry Sotnikov dmi...@wso2.com wrote:

Thanks Chamila!

Here is the workflow that I would like to see in the API Cloud:

Scenario A: User Self Sign-Up:

1. Plato is an app developer and wants to develop an app for the
population of the Atlantis island to track the water level and notify when
the island goes under the sea. He finds that gods have set up a website
with the developer program: apis.atlantisisland.gr and goes to the site
to read about the APIs.
2. When browsing the API Store at some point Plato tries to access
functionality which requires authentication (e.g. Subscribe to an API),
3. Plato is presented to choice to log in or sign-up,
4. If Plato clicks Sign Up, he is asked provide his email address.
5. Plato provides his gmail address,
6. He gets an email inviting him to join the Atlatis developer program
with a one-time link that takes him to the Store, asks him to specify and
confirm new password.
7. Plato is now logged into the Atlastic API Store, and can perform all
activity there.
8. Plato has Subscriber role - so he cannot actually go to Atlatis API
Publisher, etc.

Possible variations of that:

Scenario B: Approval is required: Zeus is the administrator of the API
program and gets a request to approve Plato's membership. In this case,
this needs to be properly communicated to both Zeus and Plato, so they know
what is going on, what is expected of them, current status, etc.

Scenario C: Zeus actually wants to invite Plato to the development
program: Zeus goes to the corresponding UI, provides Plato's email address,
and Plato receives email with the invitation and one-time link (obviously
approvals are not required in this case.)

Scenario D:
1. Homer decides to also write an Atlatis app, and wants to sign-up.
2. When he tries to sign-up he gets notified that he already has an
account from WSO2 which he used for his Trojan app and which he can reuse.

All the emails that get sent need to be brandable by the tenant
administrators so when Troy have their API program, Trojan emails look
different from the ones for Atlantis.

I understand that some of these steps will be different in the cloud and
in on-premise API Manager because of the custom authentication. You will
need to discuss with the cloud team to make sure that the implementation is
compatible, etc.

I hope this helps. :)

Dmitry

On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake chami...@wso2.com
wrote:

looping Dmitry to the thread

On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake
chami...@wso2.com wrote:

Hi all,

The current user signup method (jsFunction_addUser() [1]) in API manager
uses addUser method in UserRegistrationService[2] (through
UserRegistrationAdminService from APIM) to register the user and suggested
to use that same method for tenant user signup as well (Shariq has modified
this so that tenant-wise roles can be taken from the registry and assign
them to the tenant user ). But with that modification, This method cannot
be used for tenant signup with the current user signup workflow in the api
manager.

When signing up an user to super user store, first add a user by calling
adduser method (from this method, user is assigned with default
internal/identity role from UserRegistrationService) and then follow the
signup workflow and finally add the role to that user. In the signup
workflow, user approval process is managed and till then the user cannot
log in. But when addUser method is called for tenant signup, a tenant user
is created and all his roles are assigned to him at the creation point. As
a result, second point (approval process) cannot be done. (user can log in
before the approval process is done). As a result, method to assign roles
by using '/_system/governance/repository/identity/sign-up-config'
(mentioned in 'User roles for tenants' in my first mail ) cannot be used in
this case.

*Modified method to add user roles for tenants*

As a result of above mentioned problem, a registry entry in
/_system/governance/repository/identity/sign-up-config won't be created as
mentioned in the first mail. Without this config, all the tenants created
using addUser method will have default internal/identity role. Registry
resource similar to 'sign-up-config' is created in seperate registry
location and this entry can be used to add roles to the tenant during the
final step. as a result approval process can be carried out during the
second step.

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-10-01 Thread Chamila Adhikarinayake

Hi Dmitry,
This feature is already done and we ship this with APIM 1.8. Sorry for not
updating this thread.

Regarding the scenarios, We have provided facility to add custom workflow
extension. Currently we ship UserSignUpWSWorkflowExecutor which also has a
user approval process [1]. We can also create custom workflow extension to
suit the scenario mentioned and plug them in. We can also deploy scenario
as a business process in WSO2 BPS and connect using our
UserSignUpWSWorkflowExecutor.

[1] https://docs.wso2.com/display/AM170/Adding+a+User+Signup+Workflow

Thanks,
Chamila.

On Thu, Oct 2, 2014 at 3:05 AM, Dmitry Sotnikov dmi...@wso2.com wrote:

 Any update on that?

 What is the ETA for the feature?

 Is there something we can review yet?

 Were you able to satisfy all the end-user experience requirements?

 Dmitry

 On Fri, Sep 5, 2014 at 10:09 AM, Dmitry Sotnikov dmi...@wso2.com wrote:

 Thanks Chamila!

 Here is the workflow that I would like to see in the API Cloud:

 Scenario A: User Self Sign-Up:

 1. Plato is an app developer and  wants to develop an app for the
 population of the Atlantis island to track the water level and notify when
 the island goes under the sea. He finds that gods have set up a website
 with the developer program: apis.atlantisisland.gr and goes to the site
 to read about the APIs.
 2. When browsing the API Store at some point Plato tries to access
 functionality which requires authentication (e.g. Subscribe to an API),
 3. Plato is presented to choice to log in or sign-up,
 4. If Plato clicks Sign Up, he is asked provide his email address.
 5. Plato provides his gmail address,
 6. He gets an email inviting him to join the Atlatis developer program
 with a one-time link that takes him to the Store, asks him to specify and
 confirm new password.
 7. Plato is now logged into the Atlastic API Store, and can perform all
 activity there.
 8. Plato has Subscriber role - so he cannot actually go to Atlatis API
 Publisher, etc.

 Possible variations of that:

 Scenario B: Approval is required: Zeus is the administrator of the API
 program and gets a request to approve Plato's membership. In this case,
 this needs to be properly communicated to both Zeus and Plato, so they know
 what is going on, what is expected of them, current status, etc.

 Scenario C: Zeus actually wants to invite Plato to the development
 program: Zeus goes to the corresponding UI, provides Plato's email address,
 and Plato receives email with the invitation and one-time link (obviously
 approvals are not required in this case.)

 Scenario D:
 1. Homer decides to also write an Atlatis app, and wants to sign-up.
 2. When he tries to sign-up he gets notified that he already has an
 account from WSO2 which he used for his Trojan app and which he can reuse.

 All the emails that get sent need to be brandable by the tenant
 administrators so when Troy have their API program, Trojan emails look
 different from the ones for Atlantis.

 I understand that some of these steps will be different in the cloud and
 in on-premise API Manager because of the custom authentication. You will
 need to discuss with the cloud team to make sure that the implementation is
 compatible, etc.

 I hope this helps. :)

 Dmitry


 On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake 
 chami...@wso2.com wrote:

 looping Dmitry to the thread


 On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake 
 chami...@wso2.com wrote:

 Hi all,

 The current user signup method (jsFunction_addUser() [1]) in API
 manager uses addUser method in UserRegistrationService[2] (through
 UserRegistrationAdminService from APIM) to register the user and suggested
 to use that same method for tenant user signup as well (Shariq has modified
 this so that tenant-wise roles can be taken from the registry and assign
 them to the tenant user ). But with that modification, This method cannot
 be used for tenant signup with the current user signup workflow in the api
 manager.

 When signing up an user to super user store, first add a user by
 calling adduser method (from this method, user is assigned with default
 internal/identity role from UserRegistrationService) and then follow the
 signup workflow and finally add the role to that user. In the signup
 workflow, user approval process is managed and till then the user cannot
 log in.  But when addUser method is called for tenant signup, a tenant user
 is created and all his roles are assigned to him at the creation point. As
 a result, second point (approval process) cannot be done. (user can log in
 before the approval process is done). As a result,  method to assign roles
 by using '/_system/governance/repository/identity/sign-up-config'
 (mentioned in 'User roles for tenants' in my first mail ) cannot be used in
 this case.

 *Modified method to add user roles for tenants*

 As a result of above mentioned problem, a registry entry in
 /_system/governance/repository/identity/sign-up-config won't be created as

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-09-05 Thread Chamila Adhikarinayake

looping Dmitry to the thread

On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake chami...@wso2.com
wrote:

Hi all,

*Modified method to add user roles for tenants*

[1]
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/apimgt/org.wso2.carbon.apimgt.hostobjects/1.2.3/src/main/java/org/wso2/carbon/apimgt/hostobjects/APIStoreHostObject.java
[2]
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.user.registration/4.2.2/src/main/java/org/wso2/carbon/identity/user/registration/UserRegistrationService.java

Thanks,
Chamila.

On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva ami...@wso2.com wrote:

Hi Chamila,

I think you have to start the TenantFlow and set the ID for the tenant
correctly before fetching the configuration. In the method
jsFunction_resumeWorkflow, this is done by calling
PrivilegedCarbonContext.startTenantFlow();

PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain,
true);

On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake
chami...@wso2.com wrote:

Actually the tasks are created with that executor for other tenants as
well. but not inside the correct tenant domain in the BPS. They are created
in carbon.super tenant domain and the related task can be viewed in
workflow-admin ui only by login as super user.

following is the reason I think that causes this.

In the method jsFunction_addUser() in APIStoreHostObject following code
is there to create the workflow

WorkflowExecutor userSignUpWFExecutor =
WorkflowExecutorFactory.getInstance()

.getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP);

This WorkflowExecutor is created using carbon.super user configuration
information in the registry. In the 'getWorkflowConfigurations()' method in
WorkflowExecutorFactory class
PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); is
used to get the domain name. (aslo tenant id). So even though there is a
different tenant domain, these values do not change. So superuser conf is
used and the request is sent to the carbon.super tenant in BPS. not to the
tenant's one. So I'm working on passing the correct domain info to this

On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias nuw...@wso2.com wrote:

On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake
chami...@wso2.com wrote:

Hi all,
I'm creating user self signup feature for tenant store in API Manager.
Current api manager provides only self signup facility for carbon.super
store. To add tenant users, tenant admin has to manually add it through
the
carbon console.

Following parts will be implemented

*UI changes* (see attached images)

1. enable the sign-up button for tenant user store
2. add the domain name extension for the user name field in the user
registration form. (this is appended to the user name)

*User roles for tenants *

Tenant signup configuration will be moved to the registry location
'/_system/governance/repository/identity/sign-up-config'. This part is
already implemented by Shariq for a

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-09-05 Thread Dmitry Sotnikov

Thanks Chamila!

Here is the workflow that I would like to see in the API Cloud:

Scenario A: User Self Sign-Up:

1. Plato is an app developer and wants to develop an app for the
population of the Atlantis island to track the water level and notify when
the island goes under the sea. He finds that gods have set up a website
with the developer program: apis.atlantisisland.gr and goes to the site to
read about the APIs.
2. When browsing the API Store at some point Plato tries to access
functionality which requires authentication (e.g. Subscribe to an API),
3. Plato is presented to choice to log in or sign-up,
4. If Plato clicks Sign Up, he is asked provide his email address.
5. Plato provides his gmail address,
6. He gets an email inviting him to join the Atlatis developer program with
a one-time link that takes him to the Store, asks him to specify and
confirm new password.
7. Plato is now logged into the Atlastic API Store, and can perform all
activity there.
8. Plato has Subscriber role - so he cannot actually go to Atlatis API
Publisher, etc.

Possible variations of that:

Scenario C: Zeus actually wants to invite Plato to the development program:
Zeus goes to the corresponding UI, provides Plato's email address, and
Plato receives email with the invitation and one-time link (obviously
approvals are not required in this case.)

Scenario D:
1. Homer decides to also write an Atlatis app, and wants to sign-up.
2. When he tries to sign-up he gets notified that he already has an account
from WSO2 which he used for his Trojan app and which he can reuse.

All the emails that get sent need to be brandable by the tenant
administrators so when Troy have their API program, Trojan emails look
different from the ones for Atlantis.

I understand that some of these steps will be different in the cloud and in
on-premise API Manager because of the custom authentication. You will need
to discuss with the cloud team to make sure that the implementation is
compatible, etc.

I hope this helps. :)

Dmitry

On Thu, Sep 4, 2014 at 11:09 PM, Chamila Adhikarinayake chami...@wso2.com
wrote:

looping Dmitry to the thread

On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake chami...@wso2.com
wrote:

Hi all,

*Modified method to add user roles for tenants*

Thanks,
Chamila.

On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva ami...@wso2.com wrote:

Hi Chamila,

I think you have to start the

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-09-04 Thread Chamila Adhikarinayake

Hi all,

*Modified method to add user roles for tenants*

Thanks,
Chamila.

On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva ami...@wso2.com wrote:

Hi Chamila,

PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain,
true);

On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake chami...@wso2.com
wrote:

following is the reason I think that causes this.

In the method jsFunction_addUser() in APIStoreHostObject following code
is there to create the workflow

WorkflowExecutor userSignUpWFExecutor =
WorkflowExecutorFactory.getInstance()

.getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP);

On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias nuw...@wso2.com wrote:

On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake
chami...@wso2.com wrote:

Following parts will be implemented

*UI changes* (see attached images)

1. enable the sign-up button for tenant user store
2. add the domain name extension for the user name field in the user
registration form. (this is appended to the user name)

*User roles for tenants *

Tenant signup configuration will be moved to the registry location
'/_system/governance/repository/identity/sign-up-config'. This part is
already implemented by Shariq for a IS component(See discussion in the
thread Provide support for self signup for tenants' APIStores for more
info on the configuration). But this resource

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-09-03 Thread Nuwan Dias

On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake chami...@wso2.com
wrote:

 Hi all,
 I'm creating user self signup feature for tenant store in API Manager.
 Current api manager provides only self signup facility for carbon.super
 store. To add tenant users, tenant admin has to manually add it through the
 carbon console.

 Following parts will be implemented

 *UI changes* (see attached images)

 1. enable the sign-up button for tenant user store
 2. add the domain name extension for the user name field in the user
 registration form. (this is appended to the user name)

 *User roles for tenants *

 Tenant signup configuration will be moved to the registry location
 '/_system/governance/repository/identity/sign-up-config'. This part is
 already implemented by Shariq for a IS component(See discussion in the
 thread Provide support for self signup for tenants' APIStores for more
 info on the configuration). But this resource needed to be created
 manually. So as a part of the implementation, This resource will be added
 with default values when creating a tenant. Default value will be

 SelfSignUp
SignUpDomainPRIMARY/SignUpDomain
SignUpRole
   RoleNamesubscriber/RoleName
   IsExternalRolefalse/IsExternalRole
/SignUpRole
 /SelfSignUp


 *Modification to current work-flow for tenant sign-up. *

 The current implemented method does not work when
 UserSignUpWSWorkflowExecutor is used in the work-flow. this can be only
 used with tenants signups for superuser. Existing code uses configuration
 in the carbon super user's registry entry
 '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' for
 tenants as well ( see jsFunction_addUser() in
 org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When
 registering a tenant user for different tenant, configuration in the
 tenant's workflow-extensions.xml needed to be used.

 I have implemented basic functionality[1] as requested by AmilaM (Users
 can signup for tenant stores. But Tenant admin has to manually add the
 registry entry with user roles to the given location. If this entry is not
 there, a default 'identity' user role is assigned to the user.  Only
 UserSignUpSimpleWorkflowExecutor for the workflow can be used with this. If
 UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant
 approval tasks are not created properly)


Do we know the reason for the tasks of the BPS not being created when the
UserSignUpWSWorkflowExecutor is used? We will need to dig into that IMO.


 [1] https://wso2.org/jira/browse/APIMANAGER-2785

 Comments are highly appreciated
 Thanks,
 Chamila.

 --
 Regards,
 Chamila Adhikarinayake
 Software Engineer
 WSO2, Inc.
 Mobile - +94712346437
 Email  - chami...@wso2.com




-- 
Nuwan Dias

Associate Tech Lead - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-09-03 Thread Chamila Adhikarinayake

Actually the tasks are created with that executor for other tenants as
well. but not inside the correct tenant domain in the BPS. They are created
in carbon.super tenant domain and the related task can be viewed in
workflow-admin ui only by login as super user.

following is the reason I think that causes this.

In the method jsFunction_addUser() in APIStoreHostObject following code is
there to create the workflow

WorkflowExecutor userSignUpWFExecutor =
WorkflowExecutorFactory.getInstance()

.getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP);

This WorkflowExecutor is created using carbon.super user configuration
information in the registry. In the 'getWorkflowConfigurations()' method in
WorkflowExecutorFactory class
PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); is
used to get the domain name. (aslo tenant id). So even though there is a
different tenant domain, these values do not change. So superuser conf is
used and  the request is sent to the carbon.super tenant in BPS. not to the
tenant's one. So I'm working on passing the correct domain info to this


On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias nuw...@wso2.com wrote:

 On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake chami...@wso2.com
 wrote:

 Hi all,
 I'm creating user self signup feature for tenant store in API Manager.
 Current api manager provides only self signup facility for carbon.super
 store. To add tenant users, tenant admin has to manually add it through the
 carbon console.

 Following parts will be implemented

 *UI changes* (see attached images)

 1. enable the sign-up button for tenant user store
 2. add the domain name extension for the user name field in the user
 registration form. (this is appended to the user name)

 *User roles for tenants *

 Tenant signup configuration will be moved to the registry location
 '/_system/governance/repository/identity/sign-up-config'. This part is
 already implemented by Shariq for a IS component(See discussion in the
 thread Provide support for self signup for tenants' APIStores for more
 info on the configuration). But this resource needed to be created
 manually. So as a part of the implementation, This resource will be added
 with default values when creating a tenant. Default value will be

 SelfSignUp
SignUpDomainPRIMARY/SignUpDomain
SignUpRole
   RoleNamesubscriber/RoleName
   IsExternalRolefalse/IsExternalRole
/SignUpRole
 /SelfSignUp


 *Modification to current work-flow for tenant sign-up. *

 The current implemented method does not work when
 UserSignUpWSWorkflowExecutor is used in the work-flow. this can be only
 used with tenants signups for superuser. Existing code uses configuration
 in the carbon super user's registry entry
 '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' for
 tenants as well ( see jsFunction_addUser() in
 org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When
 registering a tenant user for different tenant, configuration in the
 tenant's workflow-extensions.xml needed to be used.

 I have implemented basic functionality[1] as requested by AmilaM (Users
 can signup for tenant stores. But Tenant admin has to manually add the
 registry entry with user roles to the given location. If this entry is not
 there, a default 'identity' user role is assigned to the user.  Only
 UserSignUpSimpleWorkflowExecutor for the workflow can be used with this. If
 UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant
 approval tasks are not created properly)


 Do we know the reason for the tasks of the BPS not being created when the
 UserSignUpWSWorkflowExecutor is used? We will need to dig into that IMO.


 [1] https://wso2.org/jira/browse/APIMANAGER-2785

 Comments are highly appreciated
 Thanks,
 Chamila.

 --
 Regards,
 Chamila Adhikarinayake
 Software Engineer
 WSO2, Inc.
 Mobile - +94712346437
 Email  - chami...@wso2.com




 --
 Nuwan Dias

 Associate Tech Lead - WSO2, Inc. http://wso2.com
 email : nuw...@wso2.com
 Phone : +94 777 775 729




-- 
Regards,
Chamila Adhikarinayake
Software Engineer
WSO2, Inc.
Mobile - +94712346437
Email  - chami...@wso2.com
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] API Manager - Self Signup for tenant's API Store

2014-09-03 Thread Amila De Silva

Hi Chamila,

I think you have to start the TenantFlow and set the ID for the tenant
correctly before fetching the configuration. In the method
jsFunction_resumeWorkflow, this is done by calling
PrivilegedCarbonContext.startTenantFlow();

PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain,
true);



On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake chami...@wso2.com
wrote:

 Actually the tasks are created with that executor for other tenants as
 well. but not inside the correct tenant domain in the BPS. They are created
 in carbon.super tenant domain and the related task can be viewed in
 workflow-admin ui only by login as super user.

 following is the reason I think that causes this.

 In the method jsFunction_addUser() in APIStoreHostObject following code is
 there to create the workflow

 WorkflowExecutor userSignUpWFExecutor =
 WorkflowExecutorFactory.getInstance()

 .getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP);

 This WorkflowExecutor is created using carbon.super user configuration
 information in the registry. In the 'getWorkflowConfigurations()' method in
 WorkflowExecutorFactory class
 PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); is
 used to get the domain name. (aslo tenant id). So even though there is a
 different tenant domain, these values do not change. So superuser conf is
 used and  the request is sent to the carbon.super tenant in BPS. not to the
 tenant's one. So I'm working on passing the correct domain info to this


 On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias nuw...@wso2.com wrote:

 On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake chami...@wso2.com
  wrote:

 Hi all,
 I'm creating user self signup feature for tenant store in API Manager.
 Current api manager provides only self signup facility for carbon.super
 store. To add tenant users, tenant admin has to manually add it through the
 carbon console.

 Following parts will be implemented

 *UI changes* (see attached images)

 1. enable the sign-up button for tenant user store
 2. add the domain name extension for the user name field in the user
 registration form. (this is appended to the user name)

 *User roles for tenants *

 Tenant signup configuration will be moved to the registry location
 '/_system/governance/repository/identity/sign-up-config'. This part is
 already implemented by Shariq for a IS component(See discussion in the
 thread Provide support for self signup for tenants' APIStores for more
 info on the configuration). But this resource needed to be created
 manually. So as a part of the implementation, This resource will be added
 with default values when creating a tenant. Default value will be

 SelfSignUp
SignUpDomainPRIMARY/SignUpDomain
SignUpRole
   RoleNamesubscriber/RoleName
   IsExternalRolefalse/IsExternalRole
/SignUpRole
 /SelfSignUp


 *Modification to current work-flow for tenant sign-up. *

 The current implemented method does not work when
 UserSignUpWSWorkflowExecutor is used in the work-flow. this can be only
 used with tenants signups for superuser. Existing code uses configuration
 in the carbon super user's registry entry
 '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' for
 tenants as well ( see jsFunction_addUser() in
 org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When
 registering a tenant user for different tenant, configuration in the
 tenant's workflow-extensions.xml needed to be used.

 I have implemented basic functionality[1] as requested by AmilaM (Users
 can signup for tenant stores. But Tenant admin has to manually add the
 registry entry with user roles to the given location. If this entry is not
 there, a default 'identity' user role is assigned to the user.  Only
 UserSignUpSimpleWorkflowExecutor for the workflow can be used with this. If
 UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant
 approval tasks are not created properly)


 Do we know the reason for the tasks of the BPS not being created when the
 UserSignUpWSWorkflowExecutor is used? We will need to dig into that IMO.


 [1] https://wso2.org/jira/browse/APIMANAGER-2785

 Comments are highly appreciated
 Thanks,
 Chamila.

 --
 Regards,
 Chamila Adhikarinayake
 Software Engineer
 WSO2, Inc.
 Mobile - +94712346437
 Email  - chami...@wso2.com




 --
 Nuwan Dias

 Associate Tech Lead - WSO2, Inc. http://wso2.com
 email : nuw...@wso2.com
 Phone : +94 777 775 729




 --
 Regards,
 Chamila Adhikarinayake
 Software Engineer
 WSO2, Inc.
 Mobile - +94712346437
 Email  - chami...@wso2.com




-- 
*Amila De Silva*

WSO2 Inc.
mobile :(+94) 775119302
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

Re: [Architecture] API Manager - Self Signup for tenant's API Store

9 matches

Site Navigation

Mail list logo

Footer information