[Carbon-dev] Changing Carbon trunk dependency on Rampart/WSS4J to apache trunk

[Prabath Siriwardena]

We are having two WSO2 custom branches for Rampart and WSS4J.

There are two types of modifications happened in Rampart WSO2 custom branch.

1. Changes that do not depend on WSS4J changes in our custom branch.
2. Changes that depend on WSS4J changes in our custom branch.

[1] type of changes are being already committed to Rampart, apache trunk 
- and will go with Rampart 1.5.

But, following issue prevents us from committing [2] type of changes.

So far Rampart apache trunk depends on WSS4J 1.5.8 - and, if we are to 
commit [2] type of changes we need to get Rampart depend on WSS4J trunk 
[1.6-SNAPSHOT].

But - there have being extensive changes happened in WSS4J trunk and 
moving to it causes build failures in Rampart - due to;

1. Removal of public constants
2. Removal of public getter/setters
3. Removal of public constructors
4. Removal of deprecated public APIs

, in WSS4J.

We didn't detect this before in apache Rampart trunk - because it 
depends on WSS4J 1.5.8.

Working to get this sorted out and once done - will move the Carbon 
trunk  dependency on Rampart/WSS4J to apache trunk.

Thanks & regards.
-Prabath


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Changing Carbon trunk dependency on Rampart/WSS4J to apache trunk

[Prabath Siriwardena]

Nandana Mihindukulasooriya wrote:
> WSS4J has two on going branches, trunk and 1_5_x-fixes [1] branch. So 
> the plan is to do all the 1.5.x releases from 1_5_x-fixes branch and 
> use the trunk to do changes which are not backward compatible. Trunk 
> is focusing to towards the 1.6 release. For the releases 1.5.7 & 
> 1.5.8, 1_5_x-fixes branch was used as trunk. And the next release 
> 1.5.9 will also be from the 1_5_x-fixes branch. So for the moment, we 
> can make Rampart trunk depend on 1.5.9-SNAPSHOT and lets discuss this 
> in the Rampart dev list and plan how we plan to migrate to 1.6. WSS4J 
> plan [2] was discussed in WSS4J dev sometime back.
+1

Thanks & regards.
-Prabath
>
> thanks,
> Nandana
>
> [1] - 
> https://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/
> [2] - 
> http://markmail.org/message/yb7oofmx7dvjiak4?q=list:org.apache.ws.wss4j-dev+WSS4J+mainline
>
> On Sat, Aug 29, 2009 at 6:11 AM, Prabath Siriwardena  <mailto:prab...@wso2.com>> wrote:
>
> We are having two WSO2 custom branches for Rampart and WSS4J.
>
> There are two types of modifications happened in Rampart WSO2
> custom branch.
>
> 1. Changes that do not depend on WSS4J changes in our custom branch.
> 2. Changes that depend on WSS4J changes in our custom branch.
>
> [1] type of changes are being already committed to Rampart, apache
> trunk
> - and will go with Rampart 1.5.
>
> But, following issue prevents us from committing [2] type of changes.
>
> So far Rampart apache trunk depends on WSS4J 1.5.8 - and, if we are to
> commit [2] type of changes we need to get Rampart depend on WSS4J
> trunk
> [1.6-SNAPSHOT].
>
> But - there have being extensive changes happened in WSS4J trunk and
> moving to it causes build failures in Rampart - due to;
>
> 1. Removal of public constants
> 2. Removal of public getter/setters
> 3. Removal of public constructors
> 4. Removal of deprecated public APIs
>
> , in WSS4J.
>
> We didn't detect this before in apache Rampart trunk - because it
> depends on WSS4J 1.5.8.
>
> Working to get this sorted out and once done - will move the Carbon
> trunk  dependency on Rampart/WSS4J to apache trunk.
>
> Thanks & regards.
> -Prabath
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] jsch component missing in carbon-orbit of 2.0.1 branch causes build failures

[Prabath Siriwardena]

$subject.

Please commit jsch...

Thanks & regards.
-Prabath

___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] jsch component missing in carbon-orbit of 2.0.1 branch causes build failures

[Prabath Siriwardena]

Also following components too missing, please add them as well...

commons-beanutils
commons-digester
iText
jasper-jdt
jasperreports
jfreechart
jcommon
jxl

Thanks & regards.
-Prabath

Prabath Siriwardena wrote:
> $subject.
>
> Please commit jsch...
>
> Thanks & regards.
> -Prabath
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] jsch component missing in carbon-orbit of 2.0.1 branch causes build failures

[Prabath Siriwardena]

Thanks a lot...!

More components missing - causing build errors...

Carbon-orbit

commons-beanutils
commons-digester
iText
jasper-jdt
jasperreports
jfreechart
jcommon
jxl

Carbon-core

org.wso2.carbon.application.deployer
org.wso2.carbon.core.common
org.wso2.carbon.server.admin.common
org.wso2.carbon.user.mgt.common

Thanks & regards.
-Prabath


Rajika Kumarasiri wrote:
> Ok, committed.
>
> -Rajika
>
> On Sun, Aug 30, 2009 at 11:15 AM, Prabath Siriwardena 
> mailto:prab...@wso2.com>> wrote:
>
> $subject.
>
> Please commit jsch...
>
> Thanks & regards.
> -Prabath
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> http://wso2.org
> http://llvm.org
> http://www.minix3.org/
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] jsch component missing in carbon-orbit of 2.0.1 branch causes build failures

[Prabath Siriwardena]

Hi Ratha;

Can you please double check the pom files you have committed to 2.0.1 
branch are the correct ones...

Thanks & regards.
-Prabath

Prabath Siriwardena wrote:
> Thanks a lot...!
>
> More components missing - causing build errors...
>
> Carbon-orbit
>
> commons-beanutils
> commons-digester
> iText
> jasper-jdt
> jasperreports
> jfreechart
> jcommon
> jxl
>
> Carbon-core
>
> org.wso2.carbon.application.deployer
> org.wso2.carbon.core.common
> org.wso2.carbon.server.admin.common
> org.wso2.carbon.user.mgt.common
>
> Thanks & regards.
> -Prabath
>
>
> Rajika Kumarasiri wrote:
>> Ok, committed.
>>
>> -Rajika
>>
>> On Sun, Aug 30, 2009 at 11:15 AM, Prabath Siriwardena 
>> mailto:prab...@wso2.com>> wrote:
>>
>> $subject.
>>
>> Please commit jsch...
>>
>> Thanks & regards.
>> -Prabath
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>>
>>
>> -- 
>> http://wso2.org
>> http://llvm.org
>> http://www.minix3.org/
>>
>>
>> 
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>   
>
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] jsch component missing in carbon-orbit of 2.0.1 branch causes build failures

[Prabath Siriwardena]

Thanks Ratha...

Also some new dependencies being added to the POMs in your last commit - 
but those modules are missing in SVN... can you please verify that as well..

Thanks & regards.
-Prabath

ratha wrote:
> Prabath Siriwardena wrote:
>   
>> Hi Ratha;
>>
>> Can you please double check the pom files you have committed to 2.0.1 
>> branch are the correct ones...
>>   
>> 
>
> Corrected the version..
> Thanks.
> -Ratha.
>   
>> Thanks & regards.
>> -Prabath
>>
>> Prabath Siriwardena wrote:
>>   
>> 
>>> Thanks a lot...!
>>>
>>> More components missing - causing build errors...
>>>
>>> Carbon-orbit
>>>
>>> commons-beanutils
>>> commons-digester
>>> iText
>>> jasper-jdt
>>> jasperreports
>>> jfreechart
>>> jcommon
>>> jxl
>>>
>>> Carbon-core
>>>
>>> org.wso2.carbon.application.deployer
>>> org.wso2.carbon.core.common
>>> org.wso2.carbon.server.admin.common
>>> org.wso2.carbon.user.mgt.common
>>>
>>> Thanks & regards.
>>> -Prabath
>>>
>>>
>>> Rajika Kumarasiri wrote:
>>> 
>>>   
>>>> Ok, committed.
>>>>
>>>> -Rajika
>>>>
>>>> On Sun, Aug 30, 2009 at 11:15 AM, Prabath Siriwardena 
>>>> mailto:prab...@wso2.com>> wrote:
>>>>
>>>> $subject.
>>>>
>>>> Please commit jsch...
>>>>
>>>> Thanks & regards.
>>>> -Prabath
>>>>
>>>> ___
>>>> Carbon-dev mailing list
>>>> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> http://wso2.org
>>>> http://llvm.org
>>>> http://www.minix3.org/
>>>>
>>>>
>>>> 
>>>>
>>>> ___
>>>> Carbon-dev mailing list
>>>> Carbon-dev@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>   
>>>>   
>>>> 
>>> 
>>>   
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>   
>> 
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] jsch component missing in carbon-orbit of 2.0.1 branch causes build failures

[Prabath Siriwardena]

Hi Ratha;

May be I am wrong - but when I do diff between SVN revisions 43068& 
44367 of carbon-orbit/pom.xml I can see following being added by your 
commit - may be by a mistake with local changes.

commons-beanutils
 commons-digester
 iText
 jasper-jdt
 jasperreports
 jfreechart
 jcommon
jxl

Also - in carbon-core/pom.xml [rev 43492 Vs 44369]

org.wso2.carbon.application.deployer
org.wso2.carbon.core.common
org.wso2.carbon.server.admin.common
org.wso2.carbon.user.mgt.common

Can you please review..

Thanks & regards.
- Prabath



ratha wrote:
> Prabath Siriwardena wrote:
>   
>> Thanks Ratha...
>>
>> Also some new dependencies being added to the POMs in your last commit - 
>> but those modules are missing in SVN... can you please verify that as well..
>>
>>   
>> 
> Hi prabath,
> I added only jmdns dependency and i removed  it bcoz it is not needed to 
> 2.0.1 branch.
> I havent added any other dependencies..(
>
> Thanks.
> _Ratha.
>   
>> Thanks & regards.
>> -Prabath
>>
>> ratha wrote:
>>   
>> 
>>> Prabath Siriwardena wrote:
>>>   
>>> 
>>>   
>>>> Hi Ratha;
>>>>
>>>> Can you please double check the pom files you have committed to 2.0.1 
>>>> branch are the correct ones...
>>>>   
>>>> 
>>>>   
>>>> 
>>> Corrected the version..
>>> Thanks.
>>> -Ratha.
>>>   
>>> 
>>>   
>>>> Thanks & regards.
>>>> -Prabath
>>>>
>>>> Prabath Siriwardena wrote:
>>>>   
>>>> 
>>>>   
>>>> 
>>>>> Thanks a lot...!
>>>>>
>>>>> More components missing - causing build errors...
>>>>>
>>>>> Carbon-orbit
>>>>>
>>>>> commons-beanutils
>>>>> commons-digester
>>>>> iText
>>>>> jasper-jdt
>>>>> jasperreports
>>>>> jfreechart
>>>>> jcommon
>>>>> jxl
>>>>>
>>>>> Carbon-core
>>>>>
>>>>> org.wso2.carbon.application.deployer
>>>>> org.wso2.carbon.core.common
>>>>> org.wso2.carbon.server.admin.common
>>>>> org.wso2.carbon.user.mgt.common
>>>>>
>>>>> Thanks & regards.
>>>>> -Prabath
>>>>>
>>>>>
>>>>> Rajika Kumarasiri wrote:
>>>>> 
>>>>>   
>>>>> 
>>>>>   
>>>>>> Ok, committed.
>>>>>>
>>>>>> -Rajika
>>>>>>
>>>>>> On Sun, Aug 30, 2009 at 11:15 AM, Prabath Siriwardena 
>>>>>> mailto:prab...@wso2.com>> wrote:
>>>>>>
>>>>>> $subject.
>>>>>>
>>>>>> Please commit jsch...
>>>>>>
>>>>>> Thanks & regards.
>>>>>> -Prabath
>>>>>>
>>>>>> ___
>>>>>> Carbon-dev mailing list
>>>>>> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> http://wso2.org
>>>>>> http://llvm.org
>>>>>> http://www.minix3.org/
>>>>>>
>>>>>>
>>>>>> 
>>>>>>
>>>>>> ___
>>>>>> Carbon-dev mailing list
>>>>>> Carbon-dev@wso2.org
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>   
>>>>>>   
>>>>>> 
>>>>>>   
>>>>>> 
>>>>> 
>>>>>   
>>>>> 
>>>>>   
>>>> ___
>>>> Carbon-dev mailing list
>>>> Carbon-dev@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>   
>>>> 
>>>>   
>>>> 
>>> ___
>>> Carbon-dev mailing list
>>> Carbon-dev@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>   
>>> 
>>>   
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>   
>> 
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Security For Servers Integrated to Carbon

[Prabath Siriwardena]

Hi Srinath;

How do we generate the requests to the Servlet ? Is it from inside the
Carbon after user logged in?

This scenario looks similar to the WebSEAL authentication.

Thanks & regards.
-Prabath

Srinath Perera wrote:
> Hi All;
>
> I want to integrate Apache Solr as a Server in to the carbon (as a
> bundle, so you just drop the bundle in and you have Solr). Simply,
> Solr is a Servlet, which I can add via componet.xml, but I want
> security. Basically, the Solr server should be accessible to only
> users who has logged in to carbon. Dr. Sanjiva and myself where
> discussing this, and we thought may be we can do this via a servlet
> filter, which intercepts requests to Solr and block unauthenticated
> access.
>
> Any thoughts on how to do this? For example, if I create a servlet
> filter that gets the JSession ID from the request and allow only valid
> sessions to go in, will that do what I need? This same Filter should
> be useful when we integrate any Servelt in to carbon.
>
> Thanks
> Srinath
>
>
>
>   



___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Security For Servers Integrated to Carbon

[Prabath Siriwardena]

Srinath Perera wrote:
>> How do we generate the requests to the Servlet ? Is it from inside the
>> Carbon after user logged in?
>> 
>
> Yes, It is after logged in, and I use Solr client, which uses commons
> HTTP client.
>   
If this is the case what we could do is - we can set a signed HTTP header.

So - at the ServletFilter - it verifies the presence of a predefined 
HTTP header  and verifies the signature.

To verify a given signature - at the ServletFilter end it keeps the 
certs of trusted partners [i.e Carbon] who actually authenticated the users.

This is the pattern [similar] WebSEAL uses.

Thanks & regards.
-Prabath
> When I though about this I felt when https is used, SessionID can be
> used to authenticate. For example, AFAIK even now when we move across
> servlets/JSPs/WS in Cabron UI, this is how we authenticate, which is
> not much different in this case. (Basically, if request has a valid
> session ID, it is from a logged in user). Also since, Solr Client use
> commons http client, setting session ID to it should be possible, and
> then we do not need changes to the clients as well.
>
>   
>> This scenario looks similar to the WebSEAL authentication.
>> 
> Where can I find the code to WebSEAL?. Ideally, we should do this
> without changing  the Solr servelt, and do it though a extension point
> like servelt filter or equivalent.
>
> Thanks
> Srinath
>
>   
>> Thanks & regards.
>> -Prabath
>>
>> Srinath Perera wrote:
>> 
>>> Hi All;
>>>
>>> I want to integrate Apache Solr as a Server in to the carbon (as a
>>> bundle, so you just drop the bundle in and you have Solr). Simply,
>>> Solr is a Servlet, which I can add via componet.xml, but I want
>>> security. Basically, the Solr server should be accessible to only
>>> users who has logged in to carbon. Dr. Sanjiva and myself where
>>> discussing this, and we thought may be we can do this via a servlet
>>> filter, which intercepts requests to Solr and block unauthenticated
>>> access.
>>>
>>> Any thoughts on how to do this? For example, if I create a servlet
>>> filter that gets the JSession ID from the request and allow only valid
>>> sessions to go in, will that do what I need? This same Filter should
>>> be useful when we integrate any Servelt in to carbon.
>>>
>>> Thanks
>>> Srinath
>>>
>>>
>>>
>>>
>>>   
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>> 
>
>
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Security For Servers Integrated to Carbon

[Prabath Siriwardena]

Srinath Perera wrote:
> Hi Prabath;
> Any chance you can point me to a example? e.g. WebSEAL impl
> authentication for server/ client if that code is in our svn?
> --Srinath
>   
Hi Srinath;

WebSEAL is IBM proprietary - so code not available.

Our use case would be something similar to this.

1. User authenticates to Carbon

2. And now wants to invoke the Servlet.

3. Now, carbon adds following to the HTTP header
 
say, for example,

 - carbon-user [user logged into the system]
 - carbon-user-signed [signature of carbon-user signed by Carbon]

4. Now at the Servlet end request hits the servlet filter

5. Servlet filter extracts the two header parameters.

6. Validates the signature of the 'carbon-user-signed' header

7. If validated let the user in.

Thanks & regards.
-Prabath

> On Wed, Sep 2, 2009 at 9:41 AM, Prabath Siriwardena wrote:
>   
>> Srinath Perera wrote:
>> 
>>>> How do we generate the requests to the Servlet ? Is it from inside the
>>>> Carbon after user logged in?
>>>>
>>>> 
>>> Yes, It is after logged in, and I use Solr client, which uses commons
>>> HTTP client.
>>>
>>>   
>> If this is the case what we could do is - we can set a signed HTTP header.
>>
>> So - at the ServletFilter - it verifies the presence of a predefined HTTP
>> header  and verifies the signature.
>>
>> To verify a given signature - at the ServletFilter end it keeps the certs of
>> trusted partners [i.e Carbon] who actually authenticated the users.
>>
>> This is the pattern [similar] WebSEAL uses.
>>
>> Thanks & regards.
>> -Prabath
>> 
>>> When I though about this I felt when https is used, SessionID can be
>>> used to authenticate. For example, AFAIK even now when we move across
>>> servlets/JSPs/WS in Cabron UI, this is how we authenticate, which is
>>> not much different in this case. (Basically, if request has a valid
>>> session ID, it is from a logged in user). Also since, Solr Client use
>>> commons http client, setting session ID to it should be possible, and
>>> then we do not need changes to the clients as well.
>>>
>>>
>>>   
>>>> This scenario looks similar to the WebSEAL authentication.
>>>>
>>>> 
>>> Where can I find the code to WebSEAL?. Ideally, we should do this
>>> without changing  the Solr servelt, and do it though a extension point
>>> like servelt filter or equivalent.
>>>
>>> Thanks
>>> Srinath
>>>
>>>
>>>   
>>>> Thanks & regards.
>>>> -Prabath
>>>>
>>>> Srinath Perera wrote:
>>>>
>>>> 
>>>>> Hi All;
>>>>>
>>>>> I want to integrate Apache Solr as a Server in to the carbon (as a
>>>>> bundle, so you just drop the bundle in and you have Solr). Simply,
>>>>> Solr is a Servlet, which I can add via componet.xml, but I want
>>>>> security. Basically, the Solr server should be accessible to only
>>>>> users who has logged in to carbon. Dr. Sanjiva and myself where
>>>>> discussing this, and we thought may be we can do this via a servlet
>>>>> filter, which intercepts requests to Solr and block unauthenticated
>>>>> access.
>>>>>
>>>>> Any thoughts on how to do this? For example, if I create a servlet
>>>>> filter that gets the JSession ID from the request and allow only valid
>>>>> sessions to go in, will that do what I need? This same Filter should
>>>>> be useful when we integrate any Servelt in to carbon.
>>>>>
>>>>> Thanks
>>>>> Srinath
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>   
>>>> ___
>>>> Carbon-dev mailing list
>>>> Carbon-dev@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>
>>>> 
>>>
>>>
>>>   
>> 
>
>
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Security For Servers Integrated to Carbon

[Prabath Siriwardena]

Sanjiva Weerawarana wrote:
> Prabath, isn't there a standard protocol for this problem?? It seems 
> like a common scenario right? Not WS-Trust?
The approach I suggested is based on the model behind WS-Trust.

We can also use WS-Trust directly here - but I guess it would be a 
over-kill fir this scenario.

The other standard approach would be based on the SAML 2.0 protocol 
[which we do not have support yet].
>
> How do you do step 6 BTW?
If the Servlet trusts the Carbon for authenticating users - the Servlet 
needs to have the public cert of the Carbon in it's trust store.

Thanks & regards.
-Prabath
>
> Sanjiva.
>
> On Wed, Sep 2, 2009 at 10:14 AM, Prabath Siriwardena  <mailto:prab...@wso2.com>> wrote:
>
> Srinath Perera wrote:
> > Hi Prabath;
> > Any chance you can point me to a example? e.g. WebSEAL impl
> > authentication for server/ client if that code is in our svn?
> > --Srinath
> >
> Hi Srinath;
>
> WebSEAL is IBM proprietary - so code not available.
>
> Our use case would be something similar to this.
>
> 1. User authenticates to Carbon
>
> 2. And now wants to invoke the Servlet.
>
> 3. Now, carbon adds following to the HTTP header
>
> say, for example,
>
>  - carbon-user [user logged into the system]
>  - carbon-user-signed [signature of carbon-user signed by Carbon]
>
> 4. Now at the Servlet end request hits the servlet filter
>
> 5. Servlet filter extracts the two header parameters.
>
> 6. Validates the signature of the 'carbon-user-signed' header
>
> 7. If validated let the user in.
>
> Thanks & regards.
> -Prabath
>
> > On Wed, Sep 2, 2009 at 9:41 AM, Prabath
> Siriwardenamailto:prab...@wso2.com>> wrote:
> >
> >> Srinath Perera wrote:
> >>
> >>>> How do we generate the requests to the Servlet ? Is it from
> inside the
> >>>> Carbon after user logged in?
> >>>>
> >>>>
> >>> Yes, It is after logged in, and I use Solr client, which uses
> commons
> >>> HTTP client.
> >>>
> >>>
> >> If this is the case what we could do is - we can set a signed
> HTTP header.
> >>
> >> So - at the ServletFilter - it verifies the presence of a
> predefined HTTP
> >> header  and verifies the signature.
> >>
> >> To verify a given signature - at the ServletFilter end it keeps
> the certs of
> >> trusted partners [i.e Carbon] who actually authenticated the users.
> >>
> >> This is the pattern [similar] WebSEAL uses.
> >>
> >> Thanks & regards.
> >> -Prabath
> >>
> >>> When I though about this I felt when https is used, SessionID
> can be
> >>> used to authenticate. For example, AFAIK even now when we move
> across
> >>> servlets/JSPs/WS in Cabron UI, this is how we authenticate,
> which is
> >>> not much different in this case. (Basically, if request has a
> valid
> >>> session ID, it is from a logged in user). Also since, Solr
> Client use
> >>> commons http client, setting session ID to it should be
> possible, and
> >>> then we do not need changes to the clients as well.
> >>>
> >>>
> >>>
> >>>> This scenario looks similar to the WebSEAL authentication.
> >>>>
> >>>>
> >>> Where can I find the code to WebSEAL?. Ideally, we should do this
> >>> without changing  the Solr servelt, and do it though a
> extension point
> >>> like servelt filter or equivalent.
> >>>
> >>> Thanks
> >>> Srinath
> >>>
> >>>
> >>>
> >>>> Thanks & regards.
> >>>> -Prabath
> >>>>
> >>>> Srinath Perera wrote:
> >>>>
> >>>>
> >>>>> Hi All;
> >>>>>
> >>>>> I want to integrate Apache Solr as a Server in to the carbon
> (as a
> >>>>> bundle, so you just drop the bundle in and you have Solr).
> Simply,
> >>>>> Solr is a Servlet, which I can add via componet.xml, but I want
> >>>>> security. Basically, the Solr server s

Re: [Carbon-dev] Security For Servers Integrated to Carbon

[Prabath Siriwardena]

FYI - this is how WebSEAL behaves [one use case].

1. User wants to access a web application.

2. All the requests to the web application goes through WebSEAL

3. WebSEAL has valid credentials to access the web application

4. Once the user request hits the WebSEAL - it authenticates the user.

5. If success in 4 - it will add an HTTP header called iv-user and set 
the authenticated user's name there.

6. Then WebSEAL set's it's own credentials to access the web application 
behind - as basic auth parameters.

7. Now the request hits the web application.

8. First the Web application authenticates WebSEAL through basic auth

9. If success in 8 - it will let user iv-user in.

Thanks & regards.
-Prabath

Prabath Siriwardena wrote:
> Sanjiva Weerawarana wrote:
>> Prabath, isn't there a standard protocol for this problem?? It seems 
>> like a common scenario right? Not WS-Trust?
> The approach I suggested is based on the model behind WS-Trust.
>
> We can also use WS-Trust directly here - but I guess it would be a 
> over-kill fir this scenario.
>
> The other standard approach would be based on the SAML 2.0 protocol 
> [which we do not have support yet].
>>
>> How do you do step 6 BTW?
> If the Servlet trusts the Carbon for authenticating users - the 
> Servlet needs to have the public cert of the Carbon in it's trust store.
>
> Thanks & regards.
> -Prabath
>>
>> Sanjiva.
>>
>> On Wed, Sep 2, 2009 at 10:14 AM, Prabath Siriwardena 
>> mailto:prab...@wso2.com>> wrote:
>>
>> Srinath Perera wrote:
>> > Hi Prabath;
>> > Any chance you can point me to a example? e.g. WebSEAL impl
>> > authentication for server/ client if that code is in our svn?
>> > --Srinath
>> >
>> Hi Srinath;
>>
>> WebSEAL is IBM proprietary - so code not available.
>>
>> Our use case would be something similar to this.
>>
>> 1. User authenticates to Carbon
>>
>> 2. And now wants to invoke the Servlet.
>>
>> 3. Now, carbon adds following to the HTTP header
>>
>> say, for example,
>>
>>  - carbon-user [user logged into the system]
>>  - carbon-user-signed [signature of carbon-user signed by Carbon]
>>
>> 4. Now at the Servlet end request hits the servlet filter
>>
>> 5. Servlet filter extracts the two header parameters.
>>
>> 6. Validates the signature of the 'carbon-user-signed' header
>>
>> 7. If validated let the user in.
>>
>> Thanks & regards.
>> -Prabath
>>
>> > On Wed, Sep 2, 2009 at 9:41 AM, Prabath
>> Siriwardenamailto:prab...@wso2.com>> wrote:
>> >
>> >> Srinath Perera wrote:
>> >>
>> >>>> How do we generate the requests to the Servlet ? Is it from
>> inside the
>> >>>> Carbon after user logged in?
>> >>>>
>> >>>>
>> >>> Yes, It is after logged in, and I use Solr client, which uses
>> commons
>> >>> HTTP client.
>> >>>
>> >>>
>> >> If this is the case what we could do is - we can set a signed
>> HTTP header.
>> >>
>> >> So - at the ServletFilter - it verifies the presence of a
>> predefined HTTP
>> >> header  and verifies the signature.
>> >>
>> >> To verify a given signature - at the ServletFilter end it keeps
>> the certs of
>> >> trusted partners [i.e Carbon] who actually authenticated the 
>> users.
>> >>
>> >> This is the pattern [similar] WebSEAL uses.
>> >>
>> >> Thanks & regards.
>> >> -Prabath
>> >>
>> >>> When I though about this I felt when https is used, SessionID
>> can be
>> >>> used to authenticate. For example, AFAIK even now when we move
>> across
>> >>> servlets/JSPs/WS in Cabron UI, this is how we authenticate,
>> which is
>> >>> not much different in this case. (Basically, if request has a
>> valid
>> >>> session ID, it is from a logged in user). Also since, Solr
>> Client use
>> >>> commons http client, setting session ID to it should be
>> possible, and
>> >>> then we do not need changes to the clients as well.
>> >>>
>> >>>
>> >>

Re: [Carbon-dev] Problems with InfoCard

[Prabath Siriwardena]

Hi;

Have you patched your JDK with unlimited key strength files ?

Also - CardSpace related error messages are logged to the eventviewer - 
can u post them as well...

Thanks & regards.
-Prabath

Hrabal, Andreas wrote:
> Hey everybody,
>  
> after screwdriving for almost a day I finally decided to post on the 
> mailing list.
>  
> I have setup the WSO2 Identity Server on a Virtual Machine (WIN XP) 
> without Internet connection.
> The server itself seems to run fine. I can start the server, create 
> accounts and download infocards.
>  
> But Problem 1:
>  
> If I want to install an Infocard via the Open/Save Dialog, the card 
> gets imported, but and error occurs. The CardSpace app tells me
> "The Windows CardSpace service is too busy to process this request.  
> User has too many outstanding requests."
>  
> That seems to be a little exaggerated, since I only import one 
> infocard. And the funny thing is, like I said that card is installed 
> and can be used afterwards.
>  
>  
> Problem 2:
>  
> My second problem is the login process via infocard. I can click on 
> the infocard login screen and windows cardspace pops up. I choose my 
> installed infocard and try to receive the contents of the card first. 
> I put in my pw and I can see the contents of the card(like name, town, 
> all the attributes), so that one seems to work fine. Now I want to 
> send my card and the password screen pops up. I enter my pw but 
> afterwards I just get an errormessage from the server "Information 
> card not accepted". In the logfile I get a huge entry and it seems 
> like something is wrong with my system key store. But I have no clue 
> what to do and which keystore he is talking about (windows or just wso2).
>  
> Anybody out there who knows what to do?
>  
> Thanks in advance for your help.
>  
> Regards
>  
> Andreas
>  
> P.s. Here is the full log file entry
>  
> [2009-09-02 15:42:58,656]  INFO -  Generating display value of PPID : 
> dXJuOnV1aWQ6NEY0MUZBQjMyRUVBQ0I5NUJCMTI1MTg5NTIzMTI4Mg== 
> {org.wso2.carbon.identity.core.util.IdentityUtil}
> [2009-09-02 15:42:58,671]  INFO -  Response ready for : 
> http://identity.wso2.org/urn:uuid:CF0A1AB1F70A2E1EE51251898654292 
> {org.wso2.carbon.identity.sts.IdentityTokenIssuer}
> [2009-09-02 15:42:58,671]  INFO -  Issued token 
> {org.wso2.carbon.identity.sts.IdentityTokenIssuer}
> [2009-09-02 15:42:58,968]  INFO -  Verification successful for URI 
> "#Id-33059783" {org.apache.xml.security.signature.Reference}
> [2009-09-02 15:42:58,968]  INFO -  Verification successful for URI 
> "#Id-33059783" {org.apache.xml.security.signature.Reference}
> [2009-09-02 15:42:58,968]  INFO -  Verification successful for URI 
> "#Timestamp-7" {org.apache.xml.security.signature.Reference}
> [2009-09-02 15:42:58,968]  INFO -  Verification successful for URI 
> "#Timestamp-7" {org.apache.xml.security.signature.Reference}
> [2009-09-02 15:42:59,000] ERROR -  Cannot load system key store 
> {org.apache.axis2.rpc.receivers.RPCMessageReceiver}
> java.lang.reflect.InvocationTargetException
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>  at java.lang.reflect.Method.invoke(Unknown Source)
>  at 
> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:202)
>  at 
> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:103)
>  at 
> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
>  at 
> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:114)
>  at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:178)
>  at 
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
>  at 
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>  at 
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
>  at 
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
>  at 
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>  at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:132)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>  at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>  at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>  at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
>  at 
> org.apache.catalina.core.StandardContextVal

Re: [Carbon-dev] Test Failure in Axis2 2.0.1 Branch

[Prabath Siriwardena]

Chamara Silva wrote:
> Temporary removed endorsed folder in builder machine JDK.Rampart 
> continues build running without tests untill this issue get resolved.
>   
To get Rampart SAML2 tests running we had to endorse certain jars - 
which caused this issue.

Thilina is looking into this and will keep the list updated.

Thanks & regards.
-Prabath
> Thank you,
> Regards,
> Chamara
>
> Lahiru Gunathilake wrote:
>   
>> Hi,
>>
>> This is due to endocement of JDK in the builder machine otherwise 
>> axis2 successfully build with test in the 2.0.1 branch.
>>
>> Lahiru
>>
>> On Mon, Sep 7, 2009 at 2:56 PM, Chamara Silva > > wrote:
>>
>> There is an test failure in Axis2 2.0.1 branch.
>>
>> http://builder.wso2.org/browse/ASD-AXIS2CONTIN-191/log
>>
>> Thank You,
>> Regards,
>> Chamara
>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org 
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>>
>>
>> -- 
>> Lahiru Gunathilake
>> Software Engineer - WSO2 Inc.
>> 
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>   
>> 
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Is Identity Server suitable for SSO and Federation?

[Prabath Siriwardena]

Hi;

Yes - in these scenarios you can use WSO2 Identity Server as the IdP or 
the token issuer.

And - you need to build your client side on top of Rampart.

Please let us know how we could help you...

Thanks & regards.
-Prabath

Francesco Stampacchia wrote:
>
> Hello everyone,
> we're setting up a WSC-WSP scenario on 2 machines.
> Machine A acts as IdP and as WSC, Machine B is federated with A and 
> acts as WSP.
> Our WSC is a simple wss client (ejb-client) and WSP is a wss server 
> (ejb-server).
> we're trying to create a library (used by both WSC and WSP) that, 
> develops the following actions:
>
> 1 - Non-Browser based user single-sign-on and successive token generation
>
> 2 - SAML assertion generation on WSC side (through the token obtained 
> from step1)
>
> 3 - SAML validation on WSP side (the assertion should be validated 
> from the WSP)
>
> Can WSO2 Identity Server support us?! Does it has some API to 
> integrate it and help this development scenario?!
>
> Thanks in advance!
>
> Francesco
>
>
>
> -- 
> Stampacchia Francesco
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Is Identity Server suitable for SSO and Federation?

[Prabath Siriwardena]

Hi Stampacchia;

Francesco Stampacchia wrote:
> Hello Prabath,
> I'm trying to set up my scenario using WSO2 Identity Server 2.0, and 
> I'm findind some help in your useful blog.
>
> But I'm stuck on some consideration.
> First of all I think Identity Server could help me as IdP if I use it 
> as STS, am I right?! 
Yes... you can use Identity Server as an IdP.
> SO 've created my custom Web Service Server that exposes one method 
> (echo) and I put it under axis2. Then I pointed it through STS 
> Configuration, using wso2 standard keystore alias and keystore.
Yes - correct - that is you have added you service end point as a 
trusted end point to the STS.

But - "using wso2 standard keystore alias and keystore" is not correct. 
You need to first upload the cert corresponding to your service to the 
IS keystore and then use that cert alias in the STS configuration 
against he service end point.
>
> In this way is my service protected?! Am I doing right?!
Please see my comment above.
>
> Then I coded the client sample you give in your blog and merged it 
> with my standard client in order to first perform a token retrival and 
> then, on successful retrival, give permissions to ask the service.
> Is that ok or is there a way I can perform this task better through 
> the Identity Server?!
>
> Could you point me out some samples or a corret workflow to make it 
> all work.
At the service end you need to verify the SAML token received. Please go 
through my blog - tagged under Identity Server.

Thanks & regards.
-Prabath
>
> Thanks
>
> 2009/9/10 Francesco Stampacchia  <mailto:stampacchiafrance...@gmail.com>>
>
> Thanks Prabath,
> well, it would be great I you could address me to some how-to or
> samples that could help me in setting up my scenario.
>
> I have to adapt an already developed WSC/WSP scenario that uses
> rampart only for users authenticaton. Now I'd like to apply SSO
>     and Federation to my use case.
>
> How can Rampart and the Identity Server help me?!
>
> Cheers.
>
>
> 2009/9/10 Prabath Siriwardena  <mailto:prab...@wso2.com>>
>
> Hi;
>
> Yes - in these scenarios you can use WSO2 Identity Server as
> the IdP or
> the token issuer.
>
> And - you need to build your client side on top of Rampart.
>
> Please let us know how we could help you...
>
> Thanks & regards.
> -Prabath
>
> Francesco Stampacchia wrote:
> >
> > Hello everyone,
> > we're setting up a WSC-WSP scenario on 2 machines.
> > Machine A acts as IdP and as WSC, Machine B is federated
> with A and
> > acts as WSP.
> > Our WSC is a simple wss client (ejb-client) and WSP is a wss
> server
> > (ejb-server).
> > we're trying to create a library (used by both WSC and WSP)
> that,
> > develops the following actions:
> >
> > 1 - Non-Browser based user single-sign-on and successive
> token generation
> >
> > 2 - SAML assertion generation on WSC side (through the token
> obtained
> > from step1)
> >
> > 3 - SAML validation on WSP side (the assertion should be
> validated
> > from the WSP)
> >
> > Can WSO2 Identity Server support us?! Does it has some API to
> > integrate it and help this development scenario?!
> >
> > Thanks in advance!
> >
> > Francesco
> >
> >
> >
> > --
> > Stampacchia Francesco
> >
> 
> 
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Stampacchia Francesco
>
>
>
>
> -- 
> Stampacchia Francesco
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] RegistryEventingService exception - unable to send

[Prabath Siriwardena]

AFAIK - the console picks ports from the transports.xml - but the 
services hosted picks form axis2.xml

You will clearly see this difference in ESB - since the proxy services 
running with different ports than that of the ESB console.

Thanks & regards.
-Prabath

Senaka Fernando wrote:
> I see this as a bug too, and I reported it at [1]. Also, I wonder why 
> do we need to maintain two transport configurations? IMO we should set 
> the ports in one place and set the corresponding parameters so that 
> the other places will inherit this. Azeez did a similar change for the 
> web context in carbon, which we now only have to set in the 
> carbon.xml. I believe that the same can be done for this as well.
>
> [1] https://wso2.org/jira/browse/CARBON-5152
>
> Thanks,
> Senaka.
>
> On Sat, Sep 12, 2009 at 5:00 PM, Samisa Abeysinghe  > wrote:
>
> I alway change both these conf files, when testing BAM with G-Reg.
> And I think it is a bug. 
>
> Samisa...
>
>
> On Sat, Sep 12, 2009 at 3:54 PM, Sanjiva Weerawarana
> mailto:sanj...@wso2.com>> wrote:
>
> Isn't that a bug we need to fix: having to change the port in
> two places!
>
> Sanjiva.
>
> On Sat, Sep 12, 2009 at 10:58 AM, Supun Kamburugamuwa
> mailto:su...@wso2.com>> wrote:
>
> Hi,
>
> Previously I've changed the HTTP ports in transport.xml
> only. Then I changed the port in axis2.xml as well. Now it
> is working.
>
> Supun..
>
>
> On Fri, Sep 11, 2009 at 10:11 PM, Supun Kamburugamuwa
> mailto:su...@wso2.com>> wrote:
>
> Hi all,
>
> Previously we thought this exception occurs only with
> ESB. Now it seems it is occurring with Registry itself
> as well. I have configured a remote registry for ESB
> and I was trying to upload a file to the registry. I
> did this through the registry management console (not
> ESB console). It doesn't allow me to upload the file
> printing this exception.
>
> I've checked the IP of my machine. It is the same IP
> as the one printed in the exception. But note the
> port. I've started the Registry on port 9764 but the
> port in the URL is 9763. I think this is the cause of
> this exception.
>
> Thanks,
> Supun..
>
>
> [2009-09-11 22:32:54,562]  INFO -  Unable to
> sendViaPost to
> url[http://5.70.141.42:9763/services/RegistryEventingService
> ]
> java.net.ConnectException: Connection refused: connect
> at
> java.net.PlainSocketImpl.socketConnect(Native Method)
> at
> java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
> at
> 
> java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
> at
> java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
> at
> java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
> at java.net.Socket.connect(Socket.java:507)
> at
> sun.reflect.GeneratedMethodAccessor29.invoke(Unknown
> Source)
> at
> 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at
> java.lang.reflect.Method.invoke(Method.java:585)
> at
> 
> org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
>
> at
> 
> org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory
> .java:125)
> at
> 
> org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
> at
> 
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttp
> ConnectionManager.java:1361)
> at
> 
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
> at
> 
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at
> 
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
> 
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
>

Re: [Carbon-dev] Test Failures in Axis2 Transport 2.0.1 branch

[Prabath Siriwardena]

This seems to be due to the fix I did securing faults in Axis2 - I only 
built Axis2 with tests - and didn't catch the failure in transports.

Will look into this and keep the list updated.

Thanks & regards.
-Prabath

Chamara Silva wrote:
> There is an test failure in Axis2 transport 2.0.1 branch
>
> http://builder.wso2.org/browse/ASD-TRANSPORTCONTIN-161/log
>
> Thank you,
> Regards,
> Chamara
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Test Failures in Axis2 Transport 2.0.1 branch

[Prabath Siriwardena]

Fixed.

Thanks & regards.
-Prabath

Prabath Siriwardena wrote:
> This seems to be due to the fix I did securing faults in Axis2 - I 
> only built Axis2 with tests - and didn't catch the failure in transports.
>
> Will look into this and keep the list updated.
>
> Thanks & regards.
> -Prabath
>
> Chamara Silva wrote:
>> There is an test failure in Axis2 transport 2.0.1 branch
>>
>> http://builder.wso2.org/browse/ASD-TRANSPORTCONTIN-161/log
>>
>> Thank you,
>> Regards,
>> Chamara
>>
>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>   
>
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Is Identity Server suitable for SSO and Federation?

[Prabath Siriwardena]

ava:46)
> at org.wso2client.test.ClientTest.main(ClientTest.java:30)
> Caused by: java.lang.RuntimeException:
> org.apache.ws.security.components.crypto.Merlin cannot create
> instance
> at
> 
> org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:226)
> at
> 
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:93)
> at
> 
> org.apache.rampart.util.RampartUtil.getSignatureCrypto(RampartUtil.java:301)
> at
> 
> org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:300)
> at
> 
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:626)
> at
> 
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:413)
> at
> 
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:93)
> at
> org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429)
> at
> 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
> at
> 
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
> at
> 
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> at
> 
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
> at
> 
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
> at
> org.wso2client.client.WSO2Client.echo(WSO2Client.java:143)
> ... 34 more
> Caused by: java.lang.InstantiationException:
> org.apache.ws.security.components.crypto.Merlin
> at java.lang.Class.newInstance0(Class.java:335)
> at java.lang.Class.newInstance(Class.java:303)
> at
> 
> org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:220)
> ... 51 more
>
> I'm trying to work it out, but if you have managed it or you
> can guess its cause, it would be great!
> Sorry for bothering, but your hints are being very useful for
> my work!
>
> Thanks.
>
> 2009/9/14 Francesco Stampacchia
>  <mailto:stampacchiafrance...@gmail.com>>
>
> Thank you Prabath,
> I'm trying to work the whole scenario out following some
> of your blog's posts, but I'm getting lost.
>
> Could you point me out which of your posts can help me
> find my way?
>
> Thanks.
>
>
> 2009/9/11 Prabath Siriwardena  <mailto:prab...@wso2.com>>
>
> Hi Stampacchia;
>
> Francesco Stampacchia wrote:
> > Hello Prabath,
> > I'm trying to set up my scenario using WSO2 Identity
> Server 2.0, and
> > I'm findind some help in your useful blog.
> >
> > But I'm stuck on some consideration.
> > First of all I think Identity Server could help me
> as IdP if I use it
> > as STS, am I right?!
> Yes... you can use Identity Server as an IdP.
> > SO 've created my custom Web Service Server that
> exposes one method
> > (echo) and I put it under axis2. Then I pointed it
> through STS
> > Configuration, using wso2 standard keystore alias
> and keystore.
> Yes - correct - that is you have added you service end
> point as a
> trusted end point to the STS.
>
> But - "using wso2 standard keystore alias and
> keystore" is not correct.
> You need to first upload the cert corresponding to
> yo

Re: [Carbon-dev] Is Identity Server suitable for SSO and Federation?

[Prabath Siriwardena]

Francesco Stampacchia wrote:
> Thank you Prabath,
>  I managed to send the token to my service, but I'm still getting the 
> exception I quoted a few posts ago, what could it possibly depend on?!

It seems like you have set an invalid crypto provider at  your service 
policy - RampartConfig.

Thanks & regards.
-Prabath
>
> 2009/9/15 Prabath Siriwardena mailto:prab...@wso2.com>>
>
> Francesco Stampacchia wrote:
> > I'm finding myself stuck in implementing token validation,
> > such as trying to validate token on client side, once the token is
> > generated, doesn't work.
> >
> > But do I need to programmatically check the token or is it
> possible to
> > do so through some xml configuration file?!
> Yes - once you received the SAML Token at the service end you need can
> verify the issuer and it's validity.
>
> Thanks & regards.
> -Prabath
> >
> > I'm getting a bit lost!!!
> >
> > Thanks.
> >
> > 2009/9/14 Francesco Stampacchia  <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>>
> >
> > By the way,
> > if I get to work the client and I have added my Service in
> the STS
> > list on the IS like:
> >
> > http://localhost:9080/axis2/services/WSO2Server/echo
> >
> > pointing to my keystore, do I have to add some extra code to my
> > Server application?! Like validate Token or such?! How do I test
> > that I can validate my assertion only if I am federated to the
> > sender?!
> >
> >
> > Thanks
> >
> > 2009/9/14 Francesco Stampacchia
>  <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>>
> >
> > Hello Prabath,
> > I was able to obtain the token from the STS, but I'm finding
> > this exception when performing the sendreceive(payload)
> function
> >
> > org.wso2client.client.WSO2ClientException: Echo failed!
> > at
> > org.wso2client.client.WSO2Client.echo(WSO2Client.java:155
> > at
> org.wso2client.test.ClientTest.echo(ClientTest.java:41)
> > at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > Method)
> > at
> >
> 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > at
> >
> 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> > at java.lang.reflect.Method.invoke(Method.java:585)
> > at
> >
> 
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
> > at
> >
> 
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
> > at
> >
> 
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
> > at
> >
> 
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
> > at
> >
> 
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
> > at
> >
> 
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
> > at
> >
> 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:73)
> > at
> >
> 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:46)
> > at
> >
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180)
> > at
> >
> org.junit.runners.ParentRunner.access$000(ParentRunner.java:41)
> > at
> >
> org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173)
> > at
> >
> 
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.ja

Re: [Carbon-dev] Is Identity Server suitable for SSO and Federation?

[Prabath Siriwardena]

Seems like you don't have this in your classpath.

If you just deploy your service in Axis2 then please try following 
configuration.


JKS
[Your 
Keystore]
[Keystore 
Password]


Thanks & regards.
-Prabath

Francesco Stampacchia wrote:
> Isn't this one right?
>
> org.wso2.carbon.security.util.ServerCrypto
>
> Thanks
>
> 2009/9/15 Prabath Siriwardena mailto:prab...@wso2.com>>
>
> Francesco Stampacchia wrote:
> > Thank you Prabath,
> >  I managed to send the token to my service, but I'm still
> getting the
> > exception I quoted a few posts ago, what could it possibly
> depend on?!
>
> It seems like you have set an invalid crypto provider at  your service
> policy - RampartConfig.
>
> Thanks & regards.
> -Prabath
> >
> > 2009/9/15 Prabath Siriwardena  <mailto:prab...@wso2.com> <mailto:prab...@wso2.com
> <mailto:prab...@wso2.com>>>
> >
> > Francesco Stampacchia wrote:
> > > I'm finding myself stuck in implementing token validation,
> > > such as trying to validate token on client side, once the
> token is
> > > generated, doesn't work.
> > >
> > > But do I need to programmatically check the token or is it
> > possible to
> > > do so through some xml configuration file?!
> > Yes - once you received the SAML Token at the service end
> you need can
> > verify the issuer and it's validity.
> >
> > Thanks & regards.
> > -Prabath
> > >
> > > I'm getting a bit lost!!!
> > >
> > > Thanks.
> > >
> > > 2009/9/14 Francesco Stampacchia
>  <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>
> > > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>>>
> > >
> > > By the way,
> > > if I get to work the client and I have added my Service in
> > the STS
> > > list on the IS like:
> > >
> > > http://localhost:9080/axis2/services/WSO2Server/echo
> > >
> > > pointing to my keystore, do I have to add some extra
> code to my
> > > Server application?! Like validate Token or such?! How
> do I test
> > > that I can validate my assertion only if I am
> federated to the
> > > sender?!
> > >
> > >
> > > Thanks
> > >
> > > 2009/9/14 Francesco Stampacchia
> >  <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>
> > > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>>>
> > >
> > > Hello Prabath,
> > > I was able to obtain the token from the STS, but
> I'm finding
> > > this exception when performing the
> sendreceive(payload)
> > function
> > >
> > > org.wso2client.client.WSO2ClientException: Echo
> failed!
> > > at
> > >
> org.wso2client.client.WSO2Client.echo(WSO2Client.java:155
> > > at
> > org.wso2client.test.ClientTest.echo(ClientTest.java:41)
> > > at
> > sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > > Method)
> > > at
> > >
> >
> 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > > at
> > >
> >
> 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>  

Re: [Carbon-dev] Removing XKMS and STS services from the ESB

[Prabath Siriwardena]

Hi Supun;

The issue here is - the same bundle which exposes the XKMS service out 
is the one which exports the org.wso2.xkms2 - which is consumed by the 
security management bundle.

I guess ideally org.wso2.xkms2 should be exported by an orbit bundle.

So - with the current setup we have to keep the 
org.wso2.carbon.xkms-2.0.0 bundle - but we can  try with an workaround 
to hide the XKMS service from the UI?

Also - we can create a patch to fix this in the correct way.

What do you suggest ?

Thanks & regards.
-Prabath

Supun Kamburugamuwa wrote:
> $subject
>
> What are the modules I should remove to get rid of the above services? 
> I think bundles with the name sts and xkms in it. But I get the 
> following error when starting after removing the xkms bundle.
>
> Supun..
>
> org.osgi.framework.BundleException: The bundle could not be resolved. 
> Reason: Missing Constraint: Import-Package: org.wso2.xkms2; version="0.0
>   at 
> org.eclipse.osgi.framework.internal.core.AbstractBundle.getResolverError(AbstractBundle.java:1313)
>   at 
> org.eclipse.osgi.framework.internal.core.AbstractBundle.getResolutionFailureException(AbstractBundle.java:1297)
>   at 
> org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:309)
>   at 
> org.eclipse.osgi.framework.internal.core.AbstractBundle.start(AbstractBundle.java:280)
>   at 
> org.eclipse.osgi.framework.internal.core.AbstractBundle.start(AbstractBundle.java:272)
>   at 
> org.eclipse.equinox.internal.simpleconfigurator.ConfigApplier.startBundles(ConfigApplier.java:307)
>   at 
> org.eclipse.equinox.internal.simpleconfigurator.ConfigApplier.install(ConfigApplier.java:108)
>   at 
> org.eclipse.equinox.internal.simpleconfigurator.SimpleConfiguratorImpl.applyConfiguration(SimpleConfiguratorImpl.java:129)
>   at 
> org.eclipse.equinox.internal.simpleconfigurator.SimpleConfiguratorImpl.applyConfiguration(SimpleConfiguratorImpl.java:143)
>   at 
> org.eclipse.equinox.internal.simpleconfigurator.Activator.start(Activator.java:48)
>   at 
> org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:782)
>   at java.security.AccessController.doPrivileged(Native Method)
>   at 
> org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:773)
>   at 
> org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:754)
>   at 
> org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:352)
>   at 
> org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:370)
>   at 
> org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1068)
>   at 
> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:557)
>   at 
> org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:464)
>   at 
> org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:248)
>   at 
> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:445)
>   at 
> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:220)
>   at 
> org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:330)
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Removing XKMS and STS services from the ESB

[Prabath Siriwardena]

Ruwan Linton wrote:
> Charitha Kankanamge wrote:
>   
>> FYI: I have already raised a bug regarding this in 2009 January and
>> its priority/severity had been reduced [1]
>>
>> [1]https://wso2.org/jira/browse/CARBON-2781 -STS and XKMS services are
>> allowed to delete, however those reappeared in the service list once
>> server is restarted
>> 
> Can we make them special services and not list in the normal service
> list and present a different custom UI for each of these? For example we
> will have a STS as a different menu item and the Ui can share most of
> the code from service management.
>   
We already have both of these services [STS and XKMS] present in IS as 
menu items.

Thanks & regards.
-Prabath
> I agree with Supun this is not a service it is part of the product, if
> it reappears after the restart we shouldn't allow the user to delete it
> :-) at least.
>
> Thanks,
> Ruwan
>   
>> Charitha Kankanamge
>> WSO2 Inc.
>> http://wso2.org
>> email: chari...@wso2.com <mailto:chari...@wso2.com>
>> cell: +94 718 359 265
>> blog: http://charithaka.blogspot.com
>>
>>
>> On Thu, Oct 8, 2009 at 6:27 AM, Supun Kamburugamuwa > <mailto:su...@wso2.com>> wrote:
>>
>> But my point is if we cannot remove them they are not services in
>> the normal sense. They are part of the product.
>>
>> Supun..
>>
>>
>> On Wed, Oct 7, 2009 at 5:22 PM, Afkham Azeez > <mailto:az...@wso2.com>> wrote:
>>
>> Those services can be removed, but they will be available once
>> you restart the server since they are supplied through OSGi
>> bundles. These are non-admin, non-hidden services, which can
>> be configured through the Mgt Console, so we cannot hide them.
>>
>> Azeez
>>
>>
>> On Wed, Oct 7, 2009 at 6:34 PM, Supun Kamburugamuwa
>> mailto:su...@wso2.com>> wrote:
>>
>> I would like to bring another point. These services like
>> XKMS, STS, RegistryEventing all are shown in the Service
>> management page. If they are shown there they should obey
>> the rules that other services do. For example a user
>> should be able to remove them from the UI (because that
>> option is available through the UI).
>>
>> Thanks,
>> Supun.. 
>>
>>
>> On Wed, Oct 7, 2009 at 1:28 AM, Sameera Jayasoma
>> mailto:same...@wso2.com>> wrote:
>>
>>
>>
>> On Wed, Oct 7, 2009 at 12:56 PM, Prabath Siriwardena
>> mailto:prab...@wso2.com>> wrote:
>>
>> Hi Supun;
>>
>> The issue here is - the same bundle which exposes
>> the XKMS service out
>> is the one which exports the org.wso2.xkms2 -
>> which is consumed by the
>> security management bundle.
>>
>> I guess ideally org.wso2.xkms2 should be exported
>> by an orbit bundle.
>>
>>
>> +1. The service and the library should be separated.
>> This same scenario occurs even when you remove the
>> xkms feature from the system. P2 does not remove the
>> org.wso2.xkms bundle, since there are dependent
>> bundles on it.
>>
>> Sameera
>>
>>
>> So - with the current setup we have to keep the
>> org.wso2.carbon.xkms-2.0.0 bundle - but we can
>>  try with an workaround
>> to hide the XKMS service from the UI?
>>
>> Also - we can create a patch to fix this in the
>> correct way.
>>
>> What do you suggest ?
>>
>> Thanks & regards.
>> -Prabath
>>
>> Supun Kamburugamuwa wrote:
>> > $subject
>> >
>> > What are the modules I should remove to get rid
>> of the above services?
>> > I think bundles with the name sts and xkms in
>> it. But I get the
>> > following error when starting after removing the
>> xk

Re: [Carbon-dev] Removing XKMS and STS services from the ESB

[Prabath Siriwardena]

Ruwan Linton wrote:
>
> So do we hide those services in IS, or we do not have service management
> in IS?? 
We don't have service management component in IS.

Thanks & regards.
-Prabath
> In any case I think we should make them hidden services and show
> them on the Configure menu as different menu items, if we need to keep
> them with other products. If we do not want to we can just get rid of
> those :-) from the other products.
>
> Thanks,
> Ruwan
>   
>> Thanks & regards.
>> -Prabath
>>   
>> 
>>> I agree with Supun this is not a service it is part of the product, if
>>> it reappears after the restart we shouldn't allow the user to delete it
>>> :-) at least.
>>>
>>> Thanks,
>>> Ruwan
>>>   
>>> 
>>>   
>>>> Charitha Kankanamge
>>>> WSO2 Inc.
>>>> http://wso2.org
>>>> email: chari...@wso2.com <mailto:chari...@wso2.com>
>>>> cell: +94 718 359 265
>>>> blog: http://charithaka.blogspot.com
>>>>
>>>>
>>>> On Thu, Oct 8, 2009 at 6:27 AM, Supun Kamburugamuwa >>> <mailto:su...@wso2.com>> wrote:
>>>>
>>>> But my point is if we cannot remove them they are not services in
>>>> the normal sense. They are part of the product.
>>>>
>>>> Supun..
>>>>
>>>>
>>>> On Wed, Oct 7, 2009 at 5:22 PM, Afkham Azeez >>> <mailto:az...@wso2.com>> wrote:
>>>>
>>>> Those services can be removed, but they will be available once
>>>> you restart the server since they are supplied through OSGi
>>>> bundles. These are non-admin, non-hidden services, which can
>>>> be configured through the Mgt Console, so we cannot hide them.
>>>>
>>>> Azeez
>>>>
>>>>
>>>> On Wed, Oct 7, 2009 at 6:34 PM, Supun Kamburugamuwa
>>>> mailto:su...@wso2.com>> wrote:
>>>>
>>>> I would like to bring another point. These services like
>>>> XKMS, STS, RegistryEventing all are shown in the Service
>>>> management page. If they are shown there they should obey
>>>> the rules that other services do. For example a user
>>>> should be able to remove them from the UI (because that
>>>> option is available through the UI).
>>>>
>>>> Thanks,
>>>> Supun.. 
>>>>
>>>>
>>>> On Wed, Oct 7, 2009 at 1:28 AM, Sameera Jayasoma
>>>> mailto:same...@wso2.com>> wrote:
>>>>
>>>>
>>>>
>>>> On Wed, Oct 7, 2009 at 12:56 PM, Prabath Siriwardena
>>>> mailto:prab...@wso2.com>> wrote:
>>>>
>>>> Hi Supun;
>>>>
>>>> The issue here is - the same bundle which exposes
>>>> the XKMS service out
>>>> is the one which exports the org.wso2.xkms2 -
>>>> which is consumed by the
>>>> security management bundle.
>>>>
>>>> I guess ideally org.wso2.xkms2 should be exported
>>>> by an orbit bundle.
>>>>
>>>>
>>>> +1. The service and the library should be separated.
>>>> This same scenario occurs even when you remove the
>>>> xkms feature from the system. P2 does not remove the
>>>> org.wso2.xkms bundle, since there are dependent
>>>> bundles on it.
>>>>
>>>> Sameera
>>>>
>>>>
>>>> So - with the current setup we have to keep the
>>>> org.wso2.carbon.xkms-2.0.0 bundle - but we can
>>>>  try with an workaround
>>>> to hide the XKMS service from the UI?
>>>>
>>>> Also - we can create a patch to fix this in the
>>>> correct way.
>>>>
>>>>  

Re: [Carbon-dev] STS Questions

[Prabath Siriwardena]

This is possible. You can have different policies at the operation level 
of your service.

Thanks & regards.
-Prabath

Francesco Stampacchia wrote:
> I've setted up a client-server configuration in which, my server 
> exposes two functions, one should be reachable by every client that 
> has a reliable certificate and the other is reachable only by clients 
> that have a reliable certificate and a token issued by the STS.
> Is this possible?!
>
> I built my tests on top of the HelloService client example that comes 
> with the wso2wsas bundle.
> I found some issue in requesting the more restricted function, as I'm 
> able to reach the service everytime I just engage Rampart.
>
> How can I make my functions selective?
>
> In other words how can I make function 1 accept only 'STS 
> authenticated and rampart engaged' users and function 2 accept only 
> 'rampart engaged' users?  
>
> -- 
> Francesco Stampacchia
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] STS Questions

[Prabath Siriwardena]

We need to edit the services.xml of the service.

[1] explains how you could apply different policies at different 
bindings - you need to do something similar to that to make different 
policies available to different operations.

[2] explains how to apply policies at operation level.

Thanks & regards.
-Prabath

[1]:http://blog.rampartfaq.com/2009/08/how-to-add-secured-and-non-secured-end.html
[2]:http://wso2.org/library/3786

Francesco Stampacchia wrote:
> Do you mean we need to edit policies in the List -> Services -> 
> HelloService -> Polices? Or do I have to change my service.policy.xml?
> Could you show me some examples?!
>
> 2009/10/8 Prabath Siriwardena mailto:prab...@wso2.com>>
>
> This is possible. You can have different policies at the operation
> level
> of your service.
>
> Thanks & regards.
> -Prabath
>
> Francesco Stampacchia wrote:
> > I've setted up a client-server configuration in which, my server
> > exposes two functions, one should be reachable by every client that
> > has a reliable certificate and the other is reachable only by
> clients
> > that have a reliable certificate and a token issued by the STS.
> > Is this possible?!
> >
> > I built my tests on top of the HelloService client example that
> comes
> > with the wso2wsas bundle.
> > I found some issue in requesting the more restricted function,
> as I'm
> > able to reach the service everytime I just engage Rampart.
> >
> > How can I make my functions selective?
> >
> > In other words how can I make function 1 accept only 'STS
> > authenticated and rampart engaged' users and function 2 accept only
> > 'rampart engaged' users?
> >
> > --
> > Francesco Stampacchia
> >
> 
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Francesco Stampacchia
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] STS Questions

[Prabath Siriwardena]

Hi;

You need to do the SAML token validation at your service level.

Please have a look at [1].

Thanks & regards.
-Prabath

[1]:https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup


Francesco Stampacchia wrote:
> Hello Prabath,
> I went another time through the mail exchange we had last month and I 
> think I've understood a little better how my environment should work.
>
> I think that what I'm missing now is how the server validates the 
> token received, once it has been registered as relying service and has 
> been set as SecureConversation - Sign and Encrypt - Service as STS - 
> Bootstrap policy - Sign and Encrypt, X509 Authentication.
>
> Have you got any sample codes on how to validate the token on the 
> server side.
> Is it something I need to do programmatically or can I manage it in a 
> declarative way through WSAS, such as specifying a 
>  element in the service policy?!
>
> Thanks.
>
> 2009/10/9 Francesco Stampacchia  <mailto:stampacchiafrance...@gmail.com>>
>
> Thank you Prabath,
> but is on the net any sample in which Is shown how token
> validation is made on server side?!
>
> Can I acheive it in a declarative way on WSAS?!
>
> Thanks
>
>
> 2009/10/8 Prabath Siriwardena  <mailto:prab...@wso2.com>>
>
> We need to edit the services.xml of the service.
>
> [1] explains how you could apply different policies at different
> bindings - you need to do something similar to that to make
> different
> policies available to different operations.
>
> [2] explains how to apply policies at operation level.
>
> Thanks & regards.
> -Prabath
>
> 
> [1]:http://blog.rampartfaq.com/2009/08/how-to-add-secured-and-non-secured-end.html
> [2]:http://wso2.org/library/3786
>
> Francesco Stampacchia wrote:
> > Do you mean we need to edit policies in the List -> Services ->
> > HelloService -> Polices? Or do I have to change my
> service.policy.xml?
> > Could you show me some examples?!
> >
> > 2009/10/8 Prabath Siriwardena  <mailto:prab...@wso2.com> <mailto:prab...@wso2.com
> <mailto:prab...@wso2.com>>>
> >
> > This is possible. You can have different policies at the
> operation
> > level
> > of your service.
> >
> > Thanks & regards.
> > -Prabath
> >
> > Francesco Stampacchia wrote:
> > > I've setted up a client-server configuration in which,
> my server
> > > exposes two functions, one should be reachable by
> every client that
> > > has a reliable certificate and the other is reachable
> only by
> > clients
> > > that have a reliable certificate and a token issued by
> the STS.
> > > Is this possible?!
> > >
> > > I built my tests on top of the HelloService client
> example that
> > comes
> > > with the wso2wsas bundle.
> > > I found some issue in requesting the more restricted
> function,
> > as I'm
> > > able to reach the service everytime I just engage Rampart.
> > >
> > > How can I make my functions selective?
> > >
> > > In other words how can I make function 1 accept only 'STS
> > > authenticated and rampart engaged' users and function
> 2 accept only
> > > 'rampart engaged' users?
> > >
> > > --
> > > Francesco Stampacchia
> > >
> >
> 
> 
> > >
> > > ___
> > > Carbon-dev mailing list
> > > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> <mailto:Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>>
> > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> > >
> >
>   

Re: [Carbon-dev] STS Questions

[Prabath Siriwardena]

Francesco Stampacchia wrote:
> In other words I need to implement the SAMLTokenVerifier class's methods!?
Yes...
>
> By the way, is there any way to set SAML2.0 tokens on the WSAS not 
> using ID Cards?!
Yes - SAML2.0 support is included in Carbon 2.0.1 [WSAS 3.1.1] - which 
will be released in few hours time.

Thanks & regards.
-Prabath
>
> Thank you very much.
>
> 2009/10/9 Prabath Siriwardena mailto:prab...@wso2.com>>
>
> Hi;
>
> You need to do the SAML token validation at your service level.
>
> Please have a look at [1].
>
> Thanks & regards.
> -Prabath
>
> 
> [1]:https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup
> 
> <https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup>
>
>
> Francesco Stampacchia wrote:
> > Hello Prabath,
> > I went another time through the mail exchange we had last month
> and I
> > think I've understood a little better how my environment should
> work.
> >
> > I think that what I'm missing now is how the server validates the
> > token received, once it has been registered as relying service
> and has
> > been set as SecureConversation - Sign and Encrypt - Service as STS -
> > Bootstrap policy - Sign and Encrypt, X509 Authentication.
> >
> > Have you got any sample codes on how to validate the token on the
> > server side.
> > Is it something I need to do programmatically or can I manage it
> in a
> > declarative way through WSAS, such as specifying a
> >  element in the service policy?!
> >
> > Thanks.
> >
> > 2009/10/9 Francesco Stampacchia  <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>>
> >
>     >     Thank you Prabath,
> > but is on the net any sample in which Is shown how token
> > validation is made on server side?!
> >
> > Can I acheive it in a declarative way on WSAS?!
> >
> > Thanks
> >
> >
> > 2009/10/8 Prabath Siriwardena  <mailto:prab...@wso2.com>
> > <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>>
> >
> > We need to edit the services.xml of the service.
> >
> > [1] explains how you could apply different policies at
> different
> > bindings - you need to do something similar to that to make
> > different
> > policies available to different operations.
> >
> > [2] explains how to apply policies at operation level.
> >
> > Thanks & regards.
> > -Prabath
> >
> >
> 
> [1]:http://blog.rampartfaq.com/2009/08/how-to-add-secured-and-non-secured-end.html
> > [2]:http://wso2.org/library/3786
> >
> > Francesco Stampacchia wrote:
> > > Do you mean we need to edit policies in the List ->
> Services ->
> > > HelloService -> Polices? Or do I have to change my
> > service.policy.xml?
> > > Could you show me some examples?!
> > >
> > > 2009/10/8 Prabath Siriwardena  <mailto:prab...@wso2.com>
> > <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>
> <mailto:prab...@wso2.com <mailto:prab...@wso2.com>
> > <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>>>
> > >
> > > This is possible. You can have different policies
> at the
> > operation
> > > level
> > > of your service.
> > >
> > > Thanks & regards.
> > > -Prabath
> > >
> > > Francesco Stampacchia wrote:
> > > > I've setted up a client-server configuration in
> which,
> > my server
> > > > exposes two functions, one should be reachable by
> >  

[Carbon-dev] WSO2 Identity Server 2.0.1 Released

[Prabath Siriwardena]

The WSO2 Identity Server team is pleased to announce the release of
version 2.0.1 of the Open Source WSO2 Identity Server (IS).

IS 2.0.1 release is available for download at [1].

This is based on revolutionary the WSO2 Carbon [2] framework, Middleware
a la carte'.

All the major features have been developed as pluggable Carbon components.

New Features
---
1. SAML 2.0 Token Profile support
2. Passive STS
3. Equinox P2 based provisioning support
4. Improved Support for deploying on top of WebSphere, WebLogic, and
JBoss.
5. Various bug fixes and enhancements including architectural
improvements to Apache Axis2, Apache Rampart, Apache Sandesha2, WSO2
Carbon and other projects

Other Key Features
-
1. Entitlement Engine with XACML 2.0 support.
2. Claim based Security Token Service.
3. Extension points for SAML assertion handling.
4. OpenID Provider
5. Information Card Provider

How to Run
--
1. Extract the downloaded zip.
2. Go to the bin directory in the extracted folder.
3. Run the wso2server.sh or wso2server.bat as appropriate.
4. Point your browser to the URL https://localhost:9443/carbon
5. Use "admin", "admin" as the user name and password.
6. If you need to start the OSGi console with the server use the
property -DosgiConsole when starting the server

Known issues
--
All the known issues have been filed here [3]. Please report any other
issues you find as JIRA entries.

Contact us
-
WSO2 Identity Server developers can be contacted via the mailing lists:
For Users: carbon-u...@wso2.org
For Developers: carbon-dev@wso2.org

Alternatively, questions can also be raised in the Identity Server forum
at http://wso2.org/forum/308

Training
---
WSO2 Inc. offers a variety of professional Training Programs, including
training on general Web services as well as WSO2 Identity Server,
Apache Axis2, Data Services and a number of other products. For
additional support information please refer to
http://wso2.com/training/course-catalog/


Support
--
WSO2 Inc. offers a variety of development and production support
programs, ranging from Web-based support up through normal business
hours, to premium 24x7 phone support. For additional support information
please refer to http://wso2.com/support/


For more information on WSO2 Identity Server, visit the WSO2 Oxygen Tank[4].

Thank you for your interest in WSO2 Identity Server.

-The WSO2 Identity Server team

[1]: http://wso2.org/downloads/identity
[2]: http://wso2.org/projects/carbon
[3]: https://wso2.org/jira/browse/CARBON
[4]: http://wso2.org







___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] STS Questions

[Prabath Siriwardena]

Francesco Stampacchia wrote:
> Great!
>
> Prabath your link would be really useful, but to what package do I 
> have to referr in order to use the SAMLTokenVerifier class?
This comes with the org.wso2.carbon.identity.relyingparty bundle in 
Identity Server.

But you won't be able to use that as it is - please use that as a 
reference to build your logic.

Thanks & regards.
-Prabath
>
> Thanks
>
> 2009/10/9 Prabath Siriwardena mailto:prab...@wso2.com>>
>
> Francesco Stampacchia wrote:
> > In other words I need to implement the SAMLTokenVerifier class's
> methods!?
> Yes...
> >
> > By the way, is there any way to set SAML2.0 tokens on the WSAS not
> > using ID Cards?!
> Yes - SAML2.0 support is included in Carbon 2.0.1 [WSAS 3.1.1] - which
> will be released in few hours time.
>
> Thanks & regards.
> -Prabath
> >
> > Thank you very much.
> >
> > 2009/10/9 Prabath Siriwardena  <mailto:prab...@wso2.com> <mailto:prab...@wso2.com
> <mailto:prab...@wso2.com>>>
> >
> > Hi;
> >
> > You need to do the SAML token validation at your service level.
> >
> > Please have a look at [1].
> >
> > Thanks & regards.
> > -Prabath
> >
> >
> 
> [1]:https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup
> 
> <https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup>
> >
> 
> <https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup
> 
> <https://wso2.org/svn/browse/wso2/trunk/carbon-components/identity/org.wso2.carbon.identity.relyingparty/src/main/java/org/wso2/carbon/identity/relyingparty/saml/SAMLTokenVerifier.java?revision=33588&view=markup>>
> >
> >
> > Francesco Stampacchia wrote:
> > > Hello Prabath,
> > > I went another time through the mail exchange we had last
> month
> > and I
> > > think I've understood a little better how my environment
> should
> > work.
> > >
> > > I think that what I'm missing now is how the server
> validates the
> > > token received, once it has been registered as relying service
> > and has
> > > been set as SecureConversation - Sign and Encrypt -
> Service as STS -
> > > Bootstrap policy - Sign and Encrypt, X509 Authentication.
> > >
> > > Have you got any sample codes on how to validate the token
> on the
> > > server side.
> > > Is it something I need to do programmatically or can I
> manage it
> > in a
> > > declarative way through WSAS, such as specifying a
> > >  element in the service policy?!
> > >
> > > Thanks.
> > >
> > > 2009/10/9 Francesco Stampacchia
>  <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>
> > > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>
> > <mailto:stampacchiafrance...@gmail.com
> <mailto:stampacchiafrance...@gmail.com>>>>
> > >
> > > Thank you Prabath,
> > > but is on the net any sample in which Is shown how token
> > > validation is made on server side?!
> > >
> > > Can I acheive it in a declarative way on WSAS?!
> > >
> > > Thanks
> > >
> > >
> > > 2009/10/8 Prabath Siriwardena  <mailto:prab...@wso2.com>
> > <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>
> > > <mailto:prab...@wso2.com <mailto:prab...@wso2.com>
> <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>>>
> > >
> >   

Re: [Carbon-dev] Removing XKMS and STS services from the ESB

[Prabath Siriwardena]

Hi Supun;

I think it's much cleaner to give a patch for this. I'll do it and get 
you the patch.

Thanks & regards.
-Prabath

Supun Kamburugamuwa wrote:
> Hi, 
>
> Just wanted to know the final decision?:) Are we going to give them 
> custom UIs?
>
> Supun..
>
> On Wed, Oct 7, 2009 at 10:00 PM, Ruwan Linton  <mailto:ru...@wso2.com>> wrote:
>
> sumedha wrote:
> > Prabath Siriwardena wrote:
> >
> >> Hi Supun;
> >>
> >> The issue here is - the same bundle which exposes the XKMS
> service out
> >> is the one which exports the org.wso2.xkms2 - which is consumed
> by the
> >> security management bundle.
> >>
> >> I guess ideally org.wso2.xkms2 should be exported by an orbit
> bundle.
> >>
> >> So - with the current setup we have to keep the
> >> org.wso2.carbon.xkms-2.0.0 bundle - but we can  try with an
> workaround
> >> to hide the XKMS service from the UI?
> >>
> > A simple & dirty hack would be to set the following parameters
> in the
> > services.xml for XKMS service.
> >
> > true
> > true
> >
> > I tried setting these parameters from the UI. But even after server
> > restart, they don't seem to be taking any effect. But modifying
> > services.xml should definitely work.
> >
> Sumedha they are not admin services, it is wrong to categorize them as
> admin services, they are just hidden services. Also, Supun the above
> hack will just hide the service but will not remove it :-)
>
> Also, shall we consider hiding them from the service management
> page and
> having them there own UIs as in the IS??
>
> Thanks,
> Ruwan
> > /sumedha
> >
> >
> >> Also - we can create a patch to fix this in the correct way.
> >>
> >> What do you suggest ?
> >>
> >> Thanks & regards.
> >> -Prabath
> >>
> >>
> >
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> >
>
>
> --
> Ruwan Linton
> Technical Lead & Product Manager; WSO2 ESB; http://wso2.org/esb
> WSO2 Inc.; http://wso2.org
> email: ru...@wso2.com <mailto:ru...@wso2.com>; cell: +94 77 341 3097
> blog: http://blog.ruwan.org
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Removing XKMS and STS services from the ESB

[Prabath Siriwardena]

Samisa Abeysinghe wrote:
>
>
> On Fri, Oct 16, 2009 at 10:31 PM, Prabath Siriwardena 
> mailto:prab...@wso2.com>> wrote:
>
> Hi Supun;
>
> I think it's much cleaner to give a patch for this. I'll do it and get
> you the patch.
>
>
> What is this patch going to do. Going through this thread, I am lost 
> on the final outcome. What is the verdict on these services? (going 
> through this thread, I am lost on the final verdict)
>
> The bottom line is, if they are not required, I should be able to 
> remove it, not just hide it.
Yes - ideally we should be able to do this.

But, the issue is - the same bundle which exposes the XKMS service out  
is the one which exports the org.wso2.xkms2 - which is consumed by the 
security management bundle - so we can't just remove the bundle which 
exposes XKMS service.

The fix would be to export org.wso2.xkms2 by an orbit bundle - and 
create a dependency to that orbit bundle by both the security management 
bundle and the XKMS service bundle.

Thanks & regards.
-Prabath
>
> Samisa...
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] 2.0.2 - any more fixes to go in?

[Prabath Siriwardena]

Hi Samisa;

I think it would be better if we can have the fix for [1] in this 
release as well.

Thilina can you please have a look...

Thanks & regards.
-Prabath

[1]: https://www.wso2.org/jira/browse/CARBON-5210

Samisa Abeysinghe wrote:
> Hi All,
> We are looking into freezing the code for 2.0.2 soon. 
>
> If you are working on any more fixes for this release, please 
> shout now!!!
>
> Also make sure to finish up any pending issues by today and tomorrow. 
>
> We should target the code freeze for EOD Friday for 2.0.2. If you 
> have any concerns, this is the time to raise them. 
>
> Thanks,
> Samisa...
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://www.wso2.com/ - "The Open Source SOA Company"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Security management dependant on XKMS Re: 2.0.2 - any more fixes to go in?

[Prabath Siriwardena]

Hi Samisa;

Security Management carbon component has a dependency to XKMS orbit bundle.

Any product using the Security Management carbon component needs to have 
the XKMS bundle as well. [modification for : assembly/dist.xml]

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
>
>
> On Thu, Oct 22, 2009 at 11:28 PM, Thilina Mahesh Buddhika 
> mailto:thili...@wso2.com>> wrote:
>
> I have included newly created "xkms" orbit bundle in WSAS, ESB and
> IS distributions. This bundle has to be included in all products
> because it exports certain set of packages required by
> security-mgt bundle.
>
>
> Is this the correct dependency order? Can someone please explain.  
>
> Samisa...
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] rampart-core/rahas/policy bundles moved from carbon-components/security to orbit - in trunk

[Prabath Siriwardena]

Hi;

Fixing the issue [1] - I have moved rampart-core/rahas/policy bundles 
from carbon-components/security to orbit.

All the products are updated and built with the latest trunk.

Please let me know if you face any issues.

Thanks & regards.
-Prabath

[1]:https://wso2.org/jira/browse/CARBON-1685



___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Problem trying to build Identity Solution

[Prabath Siriwardena]

Hi Ruchith;

In the case of the build from the branch - the issues seems to be 
related to building Axis2. Can you please try to build Axis2 version 
separately  - which you checked out along with 2.0.1 platform.

Also - FYI if you want to build IS 2.0.1 - then you only need to 
checkout from [1] and build only the Identity Project - since all the 
carbon related artifacts are in maven repos.

If you also want to build carbon platform manually - then [1] will also 
check you out the Carbon 2.0. platform as well and you can build 
platform with build.sh.

Thanks & regards.
-Prabath

[1]:https://wso2.org/repos/wso2/branches/solutions/identity/2.0.1

Thanks & regards.
-Prabath

Ruchith Fernando wrote:
> Hi,
>
> I'm trying to use the WSO2 identity solution for one of my research projects.
> I'm looking for a CardSpace IdP implementation.
>
> First I checked out the trunk from [1] and tried to build it. But
> build failed with this [2] error.
>
> I also tried the 2.0.1 tag [2] but I running the build.sh fails with
> the following output [4].
>
> Any thoughts on how I can get one of these builds to work?
>
> Thanks,
> Ruchith
>
> 1. https://wso2.org/repos/wso2/trunk/solutions/identity
> 2. http://ruchith.org/is/output.trunk
> 3. https://wso2.org/repos/wso2/tags/solutions/identity/2.0.1
> 4. http://ruchith.org/is/output.2.0.1
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] External user stores cannot login to Carbon with a user name 'admin' ??

[Prabath Siriwardena]

This is my requirement;

I am going to configure an external user store with any Carbon based 
products [2.0.*].

Now - in my external user store I have a user called 'admin' and I need 
that user to login into the carbon console.

Since - when there is a user name conflict in internal and external user 
stores - we give priority to internal user store - now I want to avoid 
Carbon creating a user called 'admin' in it's internal user store.

So - before starting Carbon for the first time - I modify 
conf/user-mgt.xml - following settings.

From;


admin
admin


To


prabath
prabath


Now - my expectation is - the system won't create a user called 'admin'.

System correctly - invalidates any authentication of 'admin' user - but 
still defaultRealm.getUserStoreReader().isExistingUser(userName)  
returns true - which prevents me from using 'admin' user name from my  
external user store.

Seems like we are adding the 'admin' user from a database script - 
irrespective of the user-mgt.xml.

Any thoughts ?

Thanks & regards.
-Prabath




___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] External user stores cannot login to Carbon with a user name 'admin' ??

[Prabath Siriwardena]

Hi Senaka;

Senaka Fernando wrote:
>
> Does the database have the actual user in it after you reset the
> user-mgt.xml, and then erase the database followed by a restart with
> -Dsetup? Can you enable the H2 Web Console and verify?
>   
I didn't use -Dsetup - simply before the first run - modified the 
user-mgt.xml.

Thanks & regards.
-Prabath
> Thanks,
> Senaka.
>   
>> Any thoughts ?
>>
>> Thanks & regards.
>> -Prabath
>>
>>
>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] WSO2 Identity Server 2.0.2 Released

[Prabath Siriwardena]

The WSO2 Identity Server team is pleased to announce the release of
version 2.0.2 of the Open Source WSO2 Identity Server (IS).

IS 2.0.2 release is available for download at [1].

This is based on revolutionary the WSO2 Carbon [2] framework, Middleware
a la carte'.

All the major features have been developed as pluggable Carbon components.

New Features
---

1. Various bug fixes and enhancements including architectural
improvements to Apache Axis2, Apache Rampart, Apache Sandesha2 , WSO2
Carbon and other projects.
2. Equinox P2 based provisioning support -  extend your IS instance by
installing new P2 features [5].

Other Key Features
-
1. Entitlement Engine with XACML 2.0 support.
2. Claim based Security Token Service.
3. Extension points for SAML assertion handling.
4. OpenID Provider
5. Information Card Provider
6. SAML 2.0 Token Profile support
7. Passive STS

How to Run
--
1. Extract the downloaded zip.
2. Go to the bin directory in the extracted folder.
3. Run the wso2server.sh or wso2server.bat as appropriate.
4. Point your browser to the URL https://localhost:9443/carbon
5. Use "admin", "admin" as the user name and password.
6. If you need to start the OSGi console with the server use the
property -DosgiConsole when starting the server

Known issues
--
All the known issues have been filed here [3]. Please report any other
issues you find as JIRA entries.

Contact us
-
WSO2 Identity Server developers can be contacted via the mailing lists:
For Users: carbon-u...@wso2.org
For Developers: carbon-dev@wso2.org

Alternatively, questions can also be raised in the Identity Server forum
at http://wso2.org/forum/308

Training
---
WSO2 Inc. offers a variety of professional Training Programs, including
training on general Web services as well as WSO2 Identity Server,
Apache Axis2, Data Services and a number of other products. For
additional support information please refer to
http://wso2.com/training/course-catalog/


Support
--
WSO2 Inc. offers a variety of development and production support
programs, ranging from Web-based support up through normal business
hours, to premium 24x7 phone support. For additional support information
please refer to http://wso2.com/support/


For more information on WSO2 Identity Server, visit the WSO2 Oxygen Tank[4].

Thank you for your interest in WSO2 Identity Server.

-The WSO2 Identity Server team

[1]: http://wso2.org/downloads/identity
[2]: http://wso2.org/projects/carbon
[3]: https://wso2.org/jira/browse/CARBON
[4]: http://wso2.org
[5]: https://wso2.org/wiki/display/carbon/p2-based-provisioning-support










___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] WSO2 Identity Server using OpenID: Single Sign On does not work

[Prabath Siriwardena]

Hi Niek;

The 'remember me' feature being removed when Identity Server was 
carbonized - the JIRA you refer to is related to the pre-carbon version.

We'll be adding that feature to the very next Identity Server[IS] 
release - with some more new features to be added - hopefully by early 
next year.

Thanks a lot for sharing your experience with IS - please let us know if 
you have any other questions.

Thanks & regards.
-Prabath

Niek Linnenbank wrote:
>
> Hello,
>
> We are experimenting with the WSO2 Identity Server 2.0.2 using OpenID 
> authentication. The installation of WSO2 IS was
> very easy, and we got OpenID authentication from Joomla and Mediawiki 
> working within half an hour (impressive!)
>
> However, there is one issue which we have not yet resolved. Whenever a 
> user logs in on Joomla with OpenID for the first time, WSO2 asks for 
> the password. Then, once authenticated successfully, the user attempts 
> to login to mediawiki with OpenID, and he is redirected again to WSO2 
> but asked again for the password. The desired behaviour would be that 
> WSO2 remembered the previous successful authentication, and not ask 
> for the password again.
>
> I found this ticket on the WSO2 tracker, describing the exact same 
> problem we have, but it looks like nobody replied yet:
>
>   https://www.wso2.org/jira/browse/IDENTITY-214
>
> My question: is this still a to-be-fixed problem in WSO2, or have we 
> made somekind of strange configuration error in our setup?
>
> Thanks in advance for your help,
>
> Niek Linnenbank
>  
>
> PS: I tried to subcribe to the identity-user mailing list, but it kept 
> asking for a confirmation cookie which I didnt receive from Mailman.
>
>  
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Time for 2.0.3

[Prabath Siriwardena]

Milinda Pathirage wrote:
> Hi Identity Server Team,
>
> there are some svn externals in identity carbon features which has svn 
> externals to old locations. Please update those.
Done.

Thanks & regards.
-Prabath
>
> thanks
> Milinda
>
> On Fri, Dec 11, 2009 at 10:48 AM, Waruna Ranasinghe  > wrote:
>
> Please remove the svn external to Carbon platform from Identity
> product (in Carbon 2.0.3 branch) too.
>
> Thanks,
> Waruna
>
>
> On Fri, Dec 11, 2009 at 10:38 AM, Waruna Ranasinghe
> mailto:war...@wso2.com>> wrote:
>
>
>
> On Fri, Dec 11, 2009 at 10:31 AM, Lahiru Gunathilake
> mailto:lah...@wso2.com>> wrote:
>
>
>
> On Fri, Dec 11, 2009 at 10:25 AM, Waruna Ranasinghe
> mailto:war...@wso2.com>> wrote:
>
> Hi,
>
> Please remove the svn external to Carbon platform from
> Governance product.
>
> From where ? I mean which Governance product branch ?
>
>
> in 2.0.3
>  
>
>
> Lahiru
>
>
> Thanks,
> Waruna 
>
> On Wed, Dec 9, 2009 at 12:36 PM, Ruchira Wageesha
> mailto:ruch...@wso2.com>> wrote:
>
> Mashup Server branch works :-)
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> 
> 
> Waruna Ranasinghe
> Software Engineer, WSO2
>
> Mobile: +94 724 318285
> BLOG: http://warunapw.blogspot.com
>
> www.wso2.com  - "The open source
> SOA company"
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Lahiru Gunathilake
> Software Engineer - WSO2 Inc.
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
>
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Milinda Pathirage
> Product Manager, Business Process Server - WSO2 Inc
> Blog: http://blog.mpathirage.com
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Ask for the old password when changing Passwords

[Prabath Siriwardena]

Srinath Perera wrote:
> When we change passwords via carbon console, IMO, we should ask for
> the old password as a precaution, WDYT?
>   
This feature is already available in the trunk.

Please check IdaaS - https://identity.cloud.wso2.com - Change password.

Thanks & regards.
-Prabath
> Thanks
> Srinath
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity component integration into Carbon for authentication

[Prabath Siriwardena]

Afkham Azeez wrote:
> Have we started working on $subject instead of relying on secured HTTP 
> sessions? This is needed for the March release.
No.. still we have not started on this yet...  There is a slot allocated 
under this topic for the off-site meeting [those who are not there, but 
in this list - we'll keep you updated] next week - so we can get started 
on following week.

Thanks & regards.
-Prabath
>
> Thanks
> Afkham Azeez
> az...@wso2.com 
> WSO2 Inc. http://wso2.com
> Blog: http://afkham.org
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Compilation failure in BAM components

[Prabath Siriwardena]

$subject - in the latest trunk

[INFO] 

[ERROR] BUILD FAILURE
[INFO] 

[INFO] Compilation failure
C:\svn\wso2\trunk\platforms\carbon-components\bam\org.wso2.carbon.bam.core\src\m
ain\java\org\wso2\carbon\bam\core\dao\MonitoredServerRegDAO.java:[21,46] 
package
 org.apache.commons.beanutils.converters does not exist

Thanks & regards.
-Prabath

___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Compilation failure in BAM components

[Prabath Siriwardena]

Fixed.

Thanks.
-Prabath

Prabath Siriwardena wrote:
> $subject - in the latest trunk
>
> [INFO] 
> 
> [ERROR] BUILD FAILURE
> [INFO] 
> 
> [INFO] Compilation failure
> C:\svn\wso2\trunk\platforms\carbon-components\bam\org.wso2.carbon.bam.core\src\m
>  
>
> ain\java\org\wso2\carbon\bam\core\dao\MonitoredServerRegDAO.java:[21,46] 
> package
> org.apache.commons.beanutils.converters does not exist
>
> Thanks & regards.
> -Prabath
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Compilation failure in BAM components

[Prabath Siriwardena]

Samisa Abeysinghe wrote:
>
>
> On Sun, Jan 10, 2010 at 12:30 AM, Prabath Siriwardena 
> mailto:prab...@wso2.com>> wrote:
>
> $subject - in the latest trunk
>
> [INFO]
> 
> [ERROR] BUILD FAILURE
> [INFO]
> 
> [INFO] Compilation failure
> 
> C:\svn\wso2\trunk\platforms\carbon-components\bam\org.wso2.carbon.bam.core\src\m
> ain\java\org\wso2\carbon\bam\core\dao\MonitoredServerRegDAO.java:[21,46]
> package
>  org.apache.commons.beanutils.converters does not exist
>
>
> We do not need these bean utils do we?
Yes - there was an unused import - removed it.

Thanks & regards.
-Prabath
>
> Samisa...
>  
>
>
> Thanks & regards.
> -Prabath
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://www.wso2.com/ - "The Open Source SOA Company"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Carbon 2.0.3 RC2 packs for Testing

[Prabath Siriwardena]

Sameera Jayasoma wrote:
>
>
> On Fri, Jan 22, 2010 at 4:52 PM, Lahiru Gunathilake  > wrote:
>
> Hi all,
>
> After going through this mail thread I found few of the issues
> which wasn't replied like fixed or won't fixed.. So please have a
> look and if it's related to you please reply telling whether you
> have fixed or not.
>
>
> * Context sensitive help still contains obsolete copyright,
>   2008-2009. Please update it in all the packs.
> * License file need be updated
> * Note that, training section is no longer there.
> * Update "support" section of WSAS README.txt with the content
>   given by Hasmin, Also, remove the "Training" section from
>   README.txt.
> *  -IS-
> * The release note within the bin distribution needs to
>   changed according to new format. Here :
> *  - the new feature list need to appear before the key
>   feature list.
> * - Get Involved section is missing
> * - Known Issues section is missing.
> * - The 'Get Involved' section in new format is appearing as
>   'Reporting Problems'.
>
>
> Sameera are you done with WSAS changes, not exactly the WSAS docs
> changes?
>
> Done.
>
> Thilina are you done with the above mentioned IS fixes?
>
Done.

Thanks & regards.
-Prabath
>
>
> Most of the above changes are not product specific but someone has
> fixed these please reply to the thread so that I can confirmed
> that all the minor  fixes are done and can start the build.
>
> Lahiru
>
> On Fri, Jan 22, 2010 at 4:25 PM, Sameera Jayasoma
> mailto:same...@wso2.com>> wrote:
>
> Issues with WSAS docs are also fixed.
>
> Sameera
>
>
> On Fri, Jan 22, 2010 at 4:12 PM, Hiranya Jayathilaka
> mailto:hiranya...@gmail.com>> wrote:
>
> Problems reported regarding the ESB docs are fixed.
>
> Thanks,
> Hiranya
>
>
> On Fri, Jan 22, 2010 at 4:04 PM, Asela Pathberiya
> mailto:as...@wso2.com>> wrote:
>
> Hi Lahiru,
>
> There must be an incomplete build of the ODE component
> (https://wso2.org/jira/browse/CARBON-5859 jira is not
> fixed). Please have look.
>
> Thanx,
>
> Asela.
>
> On Fri, Jan 22, 2010 at 9:21 AM, Lahiru Gunathilake
> mailto:lah...@wso2.com>> wrote:
>
> Hi all,
>
> Please find the carbon 2.0.3 RC2 release packs in
> here [1] and qa-p2-repo at [2].
>
> [1]http://builder.wso2.org/~carbon/releases
> 
> 
> [2]http://builder.wso2.org/~carbon/releases/carbon/2.0.3/RC2/p2-repo/
> 
> 
>
> Regards
> Lahiru
>
> -- 
> Lahiru Gunathilake
> Software Engineer - WSO2 Inc.
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Hiranya Jayathilaka
> Software Engineer;
>
> WSO2 Inc.;  http://wso2.org
> E-mail: hira...@wso2.com ;
>  Mobile: +94 77 633 3491
> Blog: http://techfeast-hiranya.blogspot.com
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Lahiru Gunathilake
> Software Engineer - WSO2 Inc.
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity component integration into Carbon for authentication

[Prabath Siriwardena]

Hi Samisa;

I will start working on this from the end of this week and will keep the 
list updated

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
> Have we started on this? We need this of  Iridium. Please update.
>
> Samisa...
>
> On Fri, Jan 8, 2010 at 11:32 AM, Prabath Siriwardena  <mailto:prab...@wso2.com>> wrote:
>
> Afkham Azeez wrote:
> > Have we started working on $subject instead of relying on
> secured HTTP
> > sessions? This is needed for the March release.
> No.. still we have not started on this yet...  There is a slot
> allocated
> under this topic for the off-site meeting [those who are not
> there, but
> in this list - we'll keep you updated] next week - so we can get
> started
> on following week.
>
> Thanks & regards.
> -Prabath
> >
> > Thanks
> > Afkham Azeez
> > az...@wso2.com <mailto:az...@wso2.com> <mailto:az...@wso2.com
> <mailto:az...@wso2.com>>
> > WSO2 Inc. http://wso2.com
> > Blog: http://afkham.org
> >
> 
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://www.wso2.com/ - "lean . enterprise . middleware"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity component integration into Carbon for authentication

[Prabath Siriwardena]

Hi;

Please find the approach for integrating identity component for Carbon 
authentication - DimuthuL and I will be working on this.

Step - 1

1- Decouple UI level authentication logic. Drop a bundle and it will be 
picked automatically based on a configured priority level.
This bundle knows how to pick attributes related to the authentication 
request and which back end service to be called.

For example; right now in the UI bundle we have this logic.

if (ssoSessionId != null && password == null) {
// This is SSO related login - we don't have the password.
// Now the back-end service need to validate ssoSession id 
with back-end
// SSO-Service.
return new CarbonSSOAuthenticator(request);
} else if (ivuser != null) {
// If we have a value for this - then it's an authentication 
request redirected by
// WebSeal.
return new WebSealAuthenticator(request);
} else {
return new DefaultCarbonAuthenticator(request);
}

This limits the authentication for predefined - authentication routines. 
With the above approach we won't have these hard coded authentication 
routines.

2 - Cleaning up the back-end authentication admin service. Step - 1 will 
have it's own corresponding back-end bundle.

Steps- 1/2 will be a milestone release.

3 - User core knows whether to use the integrated user store or an 
Identity Server to delegate authentication.

Steps- 1 /2/3 will be a milestone release.

4 - Using IS to handle permissions / XACML - this needs further review - 
I will send a design on this shortly.

This completes the $subject.

Thanks & regards,
-Prabath

Prabath Siriwardena wrote:
> Hi Samisa;
>
> I will start working on this from the end of this week and will keep 
> the list updated
>
> Thanks & regards.
> -Prabath
>
> Samisa Abeysinghe wrote:
>> Have we started on this? We need this of  Iridium. Please update.
>>
>> Samisa...
>>
>> On Fri, Jan 8, 2010 at 11:32 AM, Prabath Siriwardena 
>> mailto:prab...@wso2.com>> wrote:
>>
>> Afkham Azeez wrote:
>> > Have we started working on $subject instead of relying on
>> secured HTTP
>> > sessions? This is needed for the March release.
>> No.. still we have not started on this yet...  There is a slot
>> allocated
>> under this topic for the off-site meeting [those who are not
>> there, but
>> in this list - we'll keep you updated] next week - so we can get
>> started
>> on following week.
>>
>> Thanks & regards.
>> -Prabath
>> >
>> > Thanks
>> > Afkham Azeez
>> > az...@wso2.com <mailto:az...@wso2.com> <mailto:az...@wso2.com
>> <mailto:az...@wso2.com>>
>> > WSO2 Inc. http://wso2.com
>> > Blog: http://afkham.org
>> >
>> 
>> 
>> >
>> > ___
>> > Carbon-dev mailing list
>> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
>> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>> >
>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>>
>>
>> -- 
>> Samisa Abeysinghe
>> Director, Engineering - WSO2 Inc.
>>
>> http://www.wso2.com/ - "lean . enterprise . middleware"
>> 
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>   
>
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] [ANN] WSO2 Identity Server 2.0.3 Released

[Prabath Siriwardena]

The WSO2 Identity Server team is pleased to announce the release of 
version 2.0.3 of the open source WSO2 Identity Server (IS).


This is a bug fixed release.

IS 2.0.3 release is available for download at [1].

*New Features*

Various bug fixes - including security fixes & enhancements to Apache 
Axis2, Apache Rampart, Apache Sandesha2 , WSO2 Carbon [2]  & other projects.


*How to Run*

1. Extract the downloaded zip
2. Go to the bin directory in the extracted folder
3. Run the wso2server.sh or wso2server.bat as appropriate
4. Point you browser to the URL https://localhost:9443/carbon/
5. Use "admin", "admin" as the username and password.
6. If you need to start the OSGi console with the server use the 
property -DosgiConsole when starting the server


For more details, run, wso2server.sh (wso2server.bat) --help

*Known issues*

All known issues have been filed here [3]. Please report any issues you 
find as JIRA entries.


*Reporting Problems*

Issues can be reported using the public JIRA available at 
https://wso2.org/jira/browse/identity


*Contact us*

WSO2 IS developers can be contacted via the mailing lists:
For Users: identity-u...@wso2.org
For Developers: carbon-dev@wso2.org
For details on subscriptions please see http://wso2.org/mail

Alternatively, questions can also be raised in the IS forum: 
http://wso2.org/forum/308


*Support*

We are committed to ensuring that your enterprise middleware deployment 
is completely supported from evaluation to production. Our unique 
approach ensures that all support leverages our open development 
methodology and is provided by the very same engineers who build the 
technology.


For more details and to take advantage of this unique opportunity please 
visit http://wso2.com/support/


For more information about WSO2 Identity Server please see 
http://wso2.com/products/identity-server/ or visit the WSO2 Oxygen Tank 
developer portal for addition resources.


Thank you

The WSO2 Identity Server Team

[1]. http://wso2.org/downloads/identity
[2]. http://wso2.org/projects/carbon
[3]. https://wso2.org/jira/browse/CARBON

___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Error while building - Identity Core UI Feature

[Prabath Siriwardena]

Hi Sumedha;

We've added the group id to mportFeatureDef as suggested by Saminda.

But, talking to Sameera, this could be problematic and we have just 
reverted that change.

Thanks & regards.
-Prabath

Sumedha Rubasinghe wrote:
> Identity folks,
> Are you in WIP state on identity features? Looks to me that you have a 
> bundle name incorrect.
>
> /sumedha
>
>
>
> [INFO] Building Identity Core UI Feature
> [INFO]task-segment: [clean, install]
> [INFO] 
> 
> [INFO] [clean:clean]
> [INFO] [site:attach-descriptor]
> [INFO] [carbon-p2:p2-feature-gen {execution: 4-p2-feature-generation}]
> [INFO] snapshot 
> org.wso2.carbon:org.wso2.carbon.identity.base:3.0.0-SNAPSHOT: checking 
> for updates from wso2-maven2-snapshot-repository
> [INFO] snapshot 
> org.wso2.carbon:org.wso2.carbon.identity.menu.ui:3.0.0-SNAPSHOT: 
> checking for updates from wso2-maven2-snapshot-repository
> [INFO] snapshot 
> org.wso2.carbon:org.wso2.carbon.core.ui:3.0.0-SNAPSHOT: checking for 
> updates from wso2-maven2-snapshot-repository
> Downloading: 
> http://dist.wso2.org/snapshots/maven2/org/wso2/carbon/org.wso2.carbon.core.ui/3.0.0-SNAPSHOT/org.wso2.carbon.core.ui-3.0.0-SNAPSHOT.zip
> [INFO] Unable to find resource 
> 'org.wso2.carbon:org.wso2.carbon.core.ui:zip:3.0.0-SNAPSHOT' in 
> repository wso2-maven2-snapshot-repository 
> (http://dist.wso2.org/snapshots/maven2)
> [INFO] 
> 
> [ERROR] BUILD ERROR
> [INFO] 
> 
> [INFO] Failed to resolve artifact.
>
> GroupId: org.wso2.carbon
> ArtifactId: org.wso2.carbon.core.ui
> Version: 3.0.0-SNAPSHOT
>
> Reason: Unable to download the artifact from any repository
>
> Try downloading the file manually from the project website.
>
> Then, install it using the command: 
> mvn install:install-file -DgroupId=org.wso2.carbon 
> -DartifactId=org.wso2.carbon.core.ui -Dversion=3.0.0-SNAPSHOT 
> -Dpackaging=zip -Dfile=/path/to/file
>
> Alternatively, if you host your own repository you can deploy the file 
> there: 
> mvn deploy:deploy-file -DgroupId=org.wso2.carbon 
> -DartifactId=org.wso2.carbon.core.ui -Dversion=3.0.0-SNAPSHOT 
> -Dpackaging=zip -Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id]
>
>
>   org.wso2.carbon:org.wso2.carbon.core.ui:zip:3.0.0-SNAPSHOT
>
> from the specified remote repositories:
>   wso2-maven2-snapshot-repository (http://dist.wso2.org/snapshots/maven2),
>   central (http://repo1.maven.org/maven2),
>   wso2-maven2-repository (http://dist.wso2.org/maven2)
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity component integration into Carbon for authentication

[Prabath Siriwardena]

We have decoupled the authenticators from the Carbon core and the 
identity integration will go into a custom authenticator - we have 
already developed the logic for this; based on a custom requirement.

I am working on this authenticator and will be available by the end of 
this week.

Thanks & regards.
-Prabath

Afkham Azeez wrote:
> Do we have an API/SDK sort of thing for identity integration, 
> something like the Geneva framework for application authentication?
>
> Azeez
>
> On Mon, Feb 8, 2010 at 1:06 AM, Dimuthu Leelarathne  <mailto:dimut...@wso2.com>> wrote:
>
> Hi,
>
>     On Mon, Feb 1, 2010 at 10:52 AM, Prabath Siriwardena
> mailto:prab...@wso2.com>> wrote:
>
> Hi;
>
> Please find the approach for integrating identity component
> for Carbon
> authentication - DimuthuL and I will be working on this.
>
> Step - 1
>
> 1- Decouple UI level authentication logic. Drop a bundle and
> it will be
> picked automatically based on a configured priority level.
> This bundle knows how to pick attributes related to the
> authentication
> request and which back end service to be called.
>
> For example; right now in the UI bundle we have this logic.
>
> if (ssoSessionId != null && password == null) {
>// This is SSO related login - we don't have the
> password.
>// Now the back-end service need to validate
> ssoSession id
> with back-end
>// SSO-Service.
>return new CarbonSSOAuthenticator(request);
>} else if (ivuser != null) {
>// If we have a value for this - then it's an
> authentication
> request redirected by
>// WebSeal.
>return new WebSealAuthenticator(request);
>} else {
>return new DefaultCarbonAuthenticator(request);
> }
>
> This limits the authentication for predefined - authentication
> routines.
> With the above approach we won't have these hard coded
> authentication
> routines.
>
> 2 - Cleaning up the back-end authentication admin service.
> Step - 1 will
> have it's own corresponding back-end bundle.
>
> Steps- 1/2 will be a milestone release.
>  
>
>
> These are completed. Please find authenticators at[1]. Now people
> can drop authenticators to carbon framework and they will be
> automatically picked by Carbon.
>
> Thank you,
> DimuthuL
>
> [1]https://svn.wso2.org/repos/wso2/trunk/carbon/components/authenticators
>  
>
> 3 - User core knows whether to use the integrated user store or an
> Identity Server to delegate authentication.
>
> Steps- 1 /2/3 will be a milestone release.
>
> 4 - Using IS to handle permissions / XACML - this needs
> further review -
> I will send a design on this shortly.
>
> This completes the $subject.
>
> Thanks & regards,
> -Prabath
>
> Prabath Siriwardena wrote:
> > Hi Samisa;
> >
> > I will start working on this from the end of this week and
> will keep
>     > the list updated
> >
> > Thanks & regards.
> > -Prabath
> >
> > Samisa Abeysinghe wrote:
> >> Have we started on this? We need this of  Iridium. Please
> update.
> >>
> >> Samisa...
> >>
> >> On Fri, Jan 8, 2010 at 11:32 AM, Prabath Siriwardena
> >> mailto:prab...@wso2.com>
> <mailto:prab...@wso2.com <mailto:prab...@wso2.com>>> wrote:
> >>
> >> Afkham Azeez wrote:
> >> > Have we started working on $subject instead of relying on
> >> secured HTTP
> >> > sessions? This is needed for the March release.
> >> No.. still we have not started on this yet...  There is
> a slot
> >> allocated
> >> under this topic for the off-site meeting [those who
> are not
> >> there, but
> >> in this list - we'll keep you updated] next week - so
>

Re: [Carbon-dev] POX security issue on WSO2 ESB

[Prabath Siriwardena]

Hi Marco;

This is due to the nhttp transport used in ESB. We are working on this 
to - fix this for the next ESB major release.

Thanks & regards.
-Prabath

Ughetti Marco wrote:
>
> Hi all,
>
> We work on a scenario where some services (exposed to the outside 
> world through esb service proxies) are called  by mobile phones (for 
> example symbian and .NET CF)
>
> Our services use WS-Security UsernameToken authentication.
>
> We tried to call them in the Rest-like way using  HTTPS POST with 
> basic authentication and unfortunately this worked only with WSAS but 
> not with the ESB   
>
> (see https://www.wso2.org/jira/browse/CARBON-5466)
>
>  
>
> Obviously  directly exposing the services hosted on WSAS without 
> mediation it is not an option for us
>
> We even tried  to use a mediator in order to forward the https post to 
> WSAS but it did not work (it obviously works only without 
> authentication and http)
>
> Do you know a work-around in order to solve this issue?
>
> Moreover, is there any chance that the issue CARBON-5466 will be fixed 
> in the next release of the ESB?
>
>  
>
>  Thanks in advance
>
>  
>
>  
>
>  
>
>  
>
> --
> **Telecom Italia***
> ***Marco Ughetti**
> **TI Lab**
>
> Vertical Platform & VAS
> **Vertical Platforms Innovation**
>
> **Via G. Reiss Romoli, 274 - 10148 Torino**
> **+ 39 011 2285654**
>
> **+ 39 331 6001596**
>
>  
>
> Questo messaggio e i suoi allegati sono indirizzati esclusivamente 
> alle persone indicate. La diffusione, copia o qualsiasi altra azione 
> derivante dalla conoscenza di queste informazioni sono rigorosamente 
> vietate. Qualora abbiate ricevuto questo documento per errore siete 
> cortesemente pregati di darne immediata comunicazione al mittente e di 
> provvedere alla sua distruzione, Grazie.
>
> /This e-mail and any attachments// is //confidential and may contain 
> privileged information intended for the addressee(s) only. 
> Dissemination, copying, printing or use by anybody else is 
> unauthorised. If you are not the intended recipient, please delete 
> this message and any attachments and advise the sender by return 
> e-mail, Thanks./
>
> *rispetta l'ambienteRispetta l'ambiente. Non stampare questa mail se 
> non è necessario.*
>
>
> 
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Self-registration and open-id not working

[Prabath Siriwardena]

Issues with self registration being fixed - please take an svn up

Thanks & regards.
-Prabath

Nuwan Bandara wrote:
> Hi,
>
> I have added *self-registration*, *relying-party* and *identity-core* 
> features to the gadget server product, in-order to get self 
> registration, open-id and inforcard up and running. however when 
> trying to self register I get the following exception.
>
> Exception occurred while trying to invoke service method 
> readUserFieldsForUserRegistration
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at 
> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:205)
> at 
> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
> ...
> [2010-02-09 18:03:34,599] ERROR -  Error retrieving UserFiledDTOs for 
> the dialecthttp://wso2.org/claims 
> org.apache.axis2.AxisFault: Exception occurred while trying to invoke 
> service method readUserFieldsForUserRegistration
> at 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508)
>  
> and also when trying to invoke *open-id* I get,
>
>  [2010-02-09 18:15:09,850]  INFO -  Verification successful for URI 
> "#Id-9187047"
> [2010-02-09 18:15:09,850]  INFO -  Verification successful for URI 
> "#Timestamp-1"
> [2010-02-09 18:15:09,885] ERROR -  Exception occurred while trying to 
> invoke service method getOpenIDAuthInfo
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> .
> ... 33 more
> [2010-02-09 18:15:09,996]  INFO -  Verification successful for URI 
> "#Id-21966335"
> [2010-02-09 18:15:10,000]  INFO -  Verification successful for URI 
> "#Timestamp-3"
> [2010-02-09 18:15:10,018] ERROR -  Error ouccured retrieving openid 
> authnetication information
> org.apache.axis2.AxisFault: Exception occurred while trying to invoke 
> service method getOpenIDAuthInfo
> at 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508)
> at 
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
>
> Any idea on where things have gone wrong,
>
> Thanks & Regards
> -- 
> Nuwan Bandara
> WSO2 Inc. | http://www.wso2.com
> email: nu...@wso2.com 
> mob: +94 772 907 484
> blog: http://www.nuwanbando.com
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Self-registration and open-id not working

[Prabath Siriwardena]

Nuwan Bandara wrote:
> Hi,
>
> Self registration functionality is working fine, but the registartion 
> form contains some duplicated feilds. (screen attached). This was 
> working fine in the morning, the cause should be some change done in 
> the evening.

Fixed.

Thanks & regards.
-Prabath
>
> regards
> /Nuwan
>
> On Wed, Feb 10, 2010 at 6:10 AM, Prabath Siriwardena  <mailto:prab...@wso2.com>> wrote:
>
> Issues with self registration being fixed - please take an svn up
>
> Thanks & regards.
> -Prabath
>
> Nuwan Bandara wrote:
> > Hi,
> >
> > I have added *self-registration*, *relying-party* and
> *identity-core*
> > features to the gadget server product, in-order to get self
> > registration, open-id and inforcard up and running. however when
> > trying to self register I get the following exception.
> >
> > Exception occurred while trying to invoke service method
> > readUserFieldsForUserRegistration
> > java.lang.reflect.InvocationTargetException
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > at
> >
> 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> > at java.lang.reflect.Method.invoke(Method.java:597)
> > at
> >
> 
> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:205)
> > at
> >
> 
> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
> > ...
> > [2010-02-09 18:03:34,599] ERROR -  Error retrieving
> UserFiledDTOs for
> > the dialecthttp://wso2.org/claims <http://wso2.org/claims>
> <http://wso2.org/claims>
> > org.apache.axis2.AxisFault: Exception occurred while trying to
> invoke
> > service method readUserFieldsForUserRegistration
> > at
> >
> 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508)
> >
> > and also when trying to invoke *open-id* I get,
> >
> >  [2010-02-09 18:15:09,850]  INFO -  Verification successful for URI
> > "#Id-9187047"
> > [2010-02-09 18:15:09,850]  INFO -  Verification successful for URI
> > "#Timestamp-1"
> > [2010-02-09 18:15:09,885] ERROR -  Exception occurred while
> trying to
> > invoke service method getOpenIDAuthInfo
> > java.lang.reflect.InvocationTargetException
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> > at
> >
> 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> > .
> > ... 33 more
> > [2010-02-09 18:15:09,996]  INFO -  Verification successful for URI
> > "#Id-21966335"
> > [2010-02-09 18:15:10,000]  INFO -  Verification successful for URI
> > "#Timestamp-3"
> > [2010-02-09 18:15:10,018] ERROR -  Error ouccured retrieving openid
> > authnetication information
> > org.apache.axis2.AxisFault: Exception occurred while trying to
> invoke
> > service method getOpenIDAuthInfo
> > at
> >
> 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508)
> > at
> >
> 
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
> >
> > Any idea on where things have gone wrong,
> >
> > Thanks & Regards
> > --
> > Nuwan Bandara
> > WSO2 Inc. | http://www.wso2.com
> > email: nu...@wso2.com <mailto:nu...@wso2.com>
> <mailto:nu...@wso2.com <mailto:nu...@wso2.com>>
> > mob: +94 772 907 484
> > blog: http://www.nuwanbando.com
> >
> 
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org>
> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
>
>
> ___

Re: [Carbon-dev] Self-registration and open-id not working

[Prabath Siriwardena]

Hi Nuwan;

Both self registration and OpenID logins work fine now in the current 
trunk...

Thanks & regards.
-Prabath

Nuwan Bandara wrote:
> Hi,
>
> I have added *self-registration*, *relying-party* and *identity-core* 
> features to the gadget server product, in-order to get self 
> registration, open-id and inforcard up and running. however when 
> trying to self register I get the following exception.
>
> Exception occurred while trying to invoke service method 
> readUserFieldsForUserRegistration
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at 
> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:205)
> at 
> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
> ...
> [2010-02-09 18:03:34,599] ERROR -  Error retrieving UserFiledDTOs for 
> the dialecthttp://wso2.org/claims 
> org.apache.axis2.AxisFault: Exception occurred while trying to invoke 
> service method readUserFieldsForUserRegistration
> at 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508)
>  
> and also when trying to invoke *open-id* I get,
>
>  [2010-02-09 18:15:09,850]  INFO -  Verification successful for URI 
> "#Id-9187047"
> [2010-02-09 18:15:09,850]  INFO -  Verification successful for URI 
> "#Timestamp-1"
> [2010-02-09 18:15:09,885] ERROR -  Exception occurred while trying to 
> invoke service method getOpenIDAuthInfo
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> .
> ... 33 more
> [2010-02-09 18:15:09,996]  INFO -  Verification successful for URI 
> "#Id-21966335"
> [2010-02-09 18:15:10,000]  INFO -  Verification successful for URI 
> "#Timestamp-3"
> [2010-02-09 18:15:10,018] ERROR -  Error ouccured retrieving openid 
> authnetication information
> org.apache.axis2.AxisFault: Exception occurred while trying to invoke 
> service method getOpenIDAuthInfo
> at 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508)
> at 
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
>
> Any idea on where things have gone wrong,
>
> Thanks & Regards
> -- 
> Nuwan Bandara
> WSO2 Inc. | http://www.wso2.com
> email: nu...@wso2.com 
> mob: +94 772 907 484
> blog: http://www.nuwanbando.com
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Minor UI Improvement in Configure Menu

[Prabath Siriwardena]

Ruwan Linton wrote:
> Senaka Fernando wrote:
>   
>> On Sat, Feb 13, 2010 at 12:27 PM, Ruwan Linton > > wrote:
>>
>> Hiranya Jayathilaka wrote:
>> > Hi Devs,
>> >
>> > Under the 'Configure' menu of the Carbon UI we currently have two
>> > entries called 'User Management' and 'Component Management'. IMO
>> these
>> > two labels are not consistent with the other entires in the
>> configure
>> > menu. Shall we rename the above to 'Users and Roles' and
>> 'Components'
>> > respectively?
>> +1
>>
>>
>> +1. Something that I felt too. I'm not too sure whether "Components" 
>> is the right word for the "Component Management" because the whole UI 
>> is about P2 features, and related management tasks. Therefore, "P2 
>> Features" or something similar sounds better, IMO.
>> 
> Well, it has something to do with the components as well, there fore it 
> should be "Features & Components"
>   
+1

Thanks & regards.
-Prabath
> WDYT?
>
> Thanks,
> Ruwan
>   
>> But, I'm totally +1 for "Users and Roles", as it gives a much better 
>> impression of what the UI does.
>>
>> Thanks,
>> Senaka.
>>
>>
>> Ruwan
>> >
>> > Thanks
>> > --
>> > Hiranya Jayathilaka
>> > Software Engineer;
>> > WSO2 Inc.;  http://wso2.org
>> > E-mail: hira...@wso2.com 
>> >;  Mobile: +94 77
>> > 633 3491
>> > Blog: http://techfeast-hiranya.blogspot.com
>> >
>> 
>> >
>> > ___
>> > Carbon-dev mailing list
>> > Carbon-dev@wso2.org 
>> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>> >
>>
>>
>> --
>> Ruwan Linton
>> Technical Lead & Product Manager; WSO2 ESB; http://wso2.org/esb
>> WSO2 Inc.; http://wso2.org
>> email: ru...@wso2.com ; cell: +94 77 341 3097
>> blog: http://blog.ruwan.org
>>
>> Lean . Enterprise . Middleware
>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org 
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>>
>>
>> -- 
>> Senaka Fernando
>> Software Engineer
>> WSO2 Inc.
>> E-mail: senaka AT wso2.com ;  Mobile: +94 77 322 1818
>>
>> http://www.wso2.com/ - "Lean . Enterprise . Middleware"
>> 
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>   
>> 
>
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Securing an HTTP GET/POST request

[Prabath Siriwardena]

Hi Cappa;

AFAIK you can't secure just a mediator with the available templates to 
support WS-Security.

But - to cater your specific requirement - you can easily write a 
BasicAuth mediator.

Also - another way of protecting HTTP requests is through 2-legged 
OAuth. Next version of WSO2 ESB ships with an OAuth mediator to handle this.

Thanks & regards.
-Prabath


Cappa Roberto wrote:
> Hi, I need to mediate and secure a normal HTTP request. I tried the routing 
> with the ESB mediator, without success (see 
> http://wso2.markmail.org/search/list:org.wso2.carbon-dev#query:list%3Aorg.wso2.carbon-dev+page:1+mid:iaoz74elfwomjafb+state:results),
>  but now I'm evaluating the second problem: the possibility to add security 
> (for example basic authentication) to this mediator. First question is: can  
> I add security to ESB mediators? Based on the options offered by the admin 
> console, I think the answers is no (only proxies can have authentication). By 
> the way, is there any workaroud to obtain this goal (for example by STS or 
> Identity server)?
>
> Thanks
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Securing an HTTP GET/POST request

[Prabath Siriwardena]

To add more - next version of WSO2 Identity Server is enabled with OAuth 
support. So - the OAuth mediator comes with WSO2 ESB can be configured 
to talk to WSO2 IS.

Thanks & regards.
-Prabath

Prabath Siriwardena wrote:
> Hi Cappa;
>
> AFAIK you can't secure just a mediator with the available templates to 
> support WS-Security.
>
> But - to cater your specific requirement - you can easily write a 
> BasicAuth mediator.
>
> Also - another way of protecting HTTP requests is through 2-legged 
> OAuth. Next version of WSO2 ESB ships with an OAuth mediator to handle 
> this.
>
> Thanks & regards.
> -Prabath
>
>
> Cappa Roberto wrote:
>> Hi, I need to mediate and secure a normal HTTP request. I tried the 
>> routing with the ESB mediator, without success (see 
>> http://wso2.markmail.org/search/list:org.wso2.carbon-dev#query:list%3Aorg.wso2.carbon-dev+page:1+mid:iaoz74elfwomjafb+state:results),
>>  
>> but now I'm evaluating the second problem: the possibility to add 
>> security (for example basic authentication) to this mediator. First 
>> question is: can  I add security to ESB mediators? Based on the 
>> options offered by the admin console, I think the answers is no (only 
>> proxies can have authentication). By the way, is there any workaroud 
>> to obtain this goal (for example by STS or Identity server)?
>>
>> Thanks
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>   
>
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity component related build errors in trunk

[Prabath Siriwardena]

Fixed the issues..

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
> 1. WSDL missing?
>
>  [java] Retrieving document at 
> 'src/main/resources/OpenIDProviderService.wsdl'.
>  [java] Exception in thread "main" 
> org.apache.axis2.wsdl.codegen.CodeGenerationException: Error parsing WSDL
>  [java] at 
> org.apache.axis2.wsdl.codegen.CodeGenerationEngine.(CodeGenerationEngine.java:156)
>  [java] at org.apache.axis2.wsdl.WSDL2Code.main(WSDL2Code.java:35)
>  [java] at org.apache.axis2.wsdl.WSDL2Java.main(WSDL2Java.java:24)
>  [java] Caused by: javax.wsdl.WSDLException: WSDLException: 
> faultCode=OTHER_ERROR: Unable to resolve imported document at 
> 'src/main/resources/OpenIDProviderService.wsdl'.: 
> java.io.FileNotFoundException: This file was not found: 
> file:/home/carbon/carbon-3.0.0/carbon/components/identity/org.wso2.carbon.identity.provider.openid.admin/src/main/resources/OpenIDProviderService.wsdl
>  [java] at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown 
> Source)
>  [java] at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown 
> Source)
>  [java] at 
> org.apache.axis2.wsdl.codegen.CodeGenerationEngine.readInTheWSDLFile(CodeGenerationEngine.java:288)
>  [java] at 
> org.apache.axis2.wsdl.codegen.CodeGenerationEngine.(CodeGenerationEngine.java:111)
>  [java] ... 2 more
>  [java] Caused by: java.io.FileNotFoundException: This file was 
> not found: 
> file:/home/carbon/carbon-3.0.0/carbon/components/identity/org.wso2.carbon.identity.provider.openid.admin/src/main/resources/OpenIDProviderService.wsdl
>  [java] at 
> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown Source)
>  [java] ... 6 more
>  [java] Java Result: 1
>
>
> Also
> 2. Artifact error, may be due to 1
>
> [ERROR] BUILD ERROR
> [INFO] 
> 
> [INFO] Failed to resolve artifact.
>
> GroupId: org.wso2.carbon
> ArtifactId: org.wso2.carbon.identity.authenticator.token.ui
> Version: 3.0.0-SNAPSHOT
>
> Reason: Unable to download the artifact from any repository
>
> Try downloading the file manually from the project website.
>
> Then, install it using the command:
> mvn install:install-file -DgroupId=org.wso2.carbon 
> -DartifactId=org.wso2.carbon.identity.authenticator.token.ui 
> -Dversion=3.0.0-SNAPSHOT -Dpackaging=jar -Dfile=/path/to/file
>
> Alternatively, if you host your own repository you can deploy the file 
> there:
> mvn deploy:deploy-file -DgroupId=org.wso2.carbon 
> -DartifactId=org.wso2.carbon.identity.authenticator.token.ui 
> -Dversion=3.0.0-SNAPSHOT -Dpackaging=jar -Dfile=/path/to/file 
> -Durl=[url] -DrepositoryId=[id]
>
>
>   
> org.wso2.carbon:org.wso2.carbon.identity.authenticator.token.ui:jar:3.0.0-SNAPSHOT
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Carbon 3.0.0 - Iridium - Alpha1 builds

[Prabath Siriwardena]

Samisa Abeysinghe wrote:
> I have updated IS packs.
>
> You may download now.
Thanks a lot Samisa... sorry for the inconvenience...

Thanks & regards.
-Prabath
>
> Samisa...
>
> On Mon, Feb 22, 2010 at 7:59 AM, Samisa Abeysinghe  > wrote:
>
> Please do not download IS artifacts. I am in the process of
> updating them on Prabath's advice.
>
> Samisa...
>
>
> On Mon, Feb 22, 2010 at 6:54 AM, Samisa Abeysinghe
> mailto:sam...@wso2.com>> wrote:
>
> Looks like the identity component error has not affected the
> product builds. I will post the builds soon.
>
> Samisa...
>
>
> On Mon, Feb 22, 2010 at 12:22 AM, Samisa Abeysinghe
> mailto:sam...@wso2.com>> wrote:
>
>
>
> On Sun, Feb 21, 2010 at 8:14 PM, Samisa Abeysinghe
> mailto:sam...@wso2.com>> wrote:
>
> I am blocked on a build break in orbit shinding bundle. 
>
>
> Got past this with the workaround. 
>
> Now I am getting an identity component related error. I
> sent a separate mail on this.
>
> Samisa... 
>
>
> Samisa...
>
>
> On Fri, Feb 19, 2010 at 6:20 PM, Samisa Abeysinghe
> mailto:sam...@wso2.com>> wrote:
>
> I am planing to start the build Sunday (21st)
> night, so that the packs will be available Monday
> morning. 
>
> Thanks,
> Samisa...
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identory profile build on components fail

[Prabath Siriwardena]

Fixed.

remote-usermgt component artifact id was set to system-statistics.

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
> :~/carbon-3.0.0/carbon/components$ mvn clean install 
> -Dmaven.test.skip=true -Dproduct=is
> [INFO] Scanning for projects...
> [INFO] 
> 
> [ERROR] BUILD FAILURE
> [INFO] 
> 
> [INFO] Project 'org.wso2.carbon:system-statistics' is duplicated in 
> the reactor
> [INFO] 
> 
> [INFO] For more information, run Maven with the -e switch
> [INFO] 
> 
> [INFO] Total time: 6 seconds
> [INFO] Finished at: Tue Feb 23 14:42:20 UTC 2010
> [INFO] Final Memory: 16M/981M
> [INFO] 
> 
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] [Code review] What should we take up for this week?

[Prabath Siriwardena]

Afkham Azeez wrote:
> No.
>
> DimuthuL or Prabath, please lead this session. One of you can be the 
> scribe as well

+1 - will do.

Thanks & regards.
-Prabath
>
> Thanks
> Azeez
>
> On Mon, Mar 1, 2010 at 10:55 AM, Samisa Abeysinghe  > wrote:
>
>
>
> On Mon, Mar 1, 2010 at 10:41 AM, Afkham Azeez  > wrote:
>
> $subject. Please send in your suggestions.
>
>
> Have we reviewed auth code that deals with permission model?
>
> Samisa... 
>
>
> -- 
> Afkham Azeez
> Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.;
> http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> email: az...@wso2.com  cell: +94 77 3320919
> blog: http://afkham.org
> twitter: http://twitter.com/afkham_azeez
> linked-in: http://lk.linkedin.com/in/afkhamazeez
>
> Lean . Enterprise . Middleware
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Afkham Azeez
> Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.; 
> http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> email: az...@wso2.com  cell: +94 77 3320919
> blog: http://afkham.org
> twitter: http://twitter.com/afkham_azeez
> linked-in: http://lk.linkedin.com/in/afkhamazeez
>
> Lean . Enterprise . Middleware
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] R: R: R: R: Upgrading wso2 esb from 2.1.1 to 2.1.3 with remore registry configuration

[Prabath Siriwardena]

If you are using the internal user store to manage users with roles - 
then you need to make the migration through a database script.

If you are to work on this - we are happy to provide any guidance.

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
>
>
> On Tue, Mar 2, 2010 at 5:01 PM, Cappa Roberto 
>  > wrote:
>
> But, in this post (https://www.wso2.org/forum/thread/8651) Supun
> said that users and roles are stored locally even if I've
> configured a remote registry, I suppose they are stored in the
> embedded 
>
>
> No they are stored in user manager DB. 
>
> Samisa...
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] [Code Review] 03/03/2010 Management Console Permission Model

[Prabath Siriwardena]

Session owner - DimuthuL

Notes:

org.wso2.carbon.user.mgt.internal.UserMgtInitializer
-
1. Use a meaningful constant for the tenant - 0 - avoid magic numbers
UserRegistry registry = registryService.getConfigSystemRegistry(0);
2. addPermissions() - prefer for against while loop.
3. addPermissions() - when throwing the same exception context is lost - 
create a new one with meaningful message.


org.wso2.carbon.user.mgt.permission.ManagementPermissionsAdder
--
1. Correct line length / line breaks
2. addUIPermissionFromBundle() - debug level log at the top - should be 
moved down after evaluation.
3. Debug level logging at line 92 - not required [ log.debug("Resouce 
already exists")]

4. Remove class name from log message.

YUI library

1. Discuss how we can use a common component for tree views used across 
all the other components [e.g.: Permissions / Component Manager]


org.wso2.carbon.user.mgt.common.UIPermissionNode

1. Code formatting required - whitespace between methods

org.wso2.carbon.user.mgt.TenantUserAdmin
--
1. Rename the class appropriately if it is used only as an util class.
2. Optimizing permissions need to be carry out both at the FE and BE.

org.wso2.carbon.server.admin.module.handler.AuthorizationHandler
-
1. Avoid duplicates of AUTHZ_FAULT_CODE
2. Log message in detail - when an authorization check fails - but throw 
less info in the exception it self.


Thanks & regards.
-Prabath




___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Carbon 3.0.0 - Iridium - Pre-Beta build 05

[Prabath Siriwardena]

Yumani Ranaweera wrote:
> Hi,
>
> Following features are inaccessible in IS. 
>
> Inforcard/openID   - https://wso2.org/jira/browse/CARBON-6644
> Claim Management - https://wso2.org/jira/browse/CARBON-6645
> My Profile - https://wso2.org/jira/browse/CARBON-6646
> Profile Management
>
Working on this...

Thanks & regards.
-Prabath
>
> Thanks,
> Yumani
>
>
> On Tue, Mar 9, 2010 at 9:34 AM, Ruwani Munasingha  > wrote:
>
> sorry about the confusion. The error has occurred due to a caching
> issue of the browser. We can continue with the current build.
>
> On Tue, Mar 9, 2010 at 9:21 AM, Ruwani Munasingha  > wrote:
>
> In ESB build, the synapse configuration can not be updated due
> to a js error. But there is a workaround which is creating
> sequences etc manually using UI. Therefore can we get a new
> build asap?
>
> Thanks,
> Ruwani  
>
>
> On Tue, Mar 9, 2010 at 4:31 AM, Samisa Abeysinghe
> mailto:sam...@wso2.com>> wrote:
>
>
>
> On Tue, Mar 9, 2010 at 4:23 AM, Samisa Abeysinghe
> mailto:sam...@wso2.com>> wrote:
>
> 
> http://builder.wso2.org/~carbon/releases/carbon/3.0.0/2PreBeta05/
> 
> 
>
>
> Note that I started G-Reg and I did not see any issues. 
>
> Please check if the ESB features had made in to this
> build. If not, we need one of the ESB folks to look
> into the builder source. 
>
> Also, IS is missing due to a build failure. 
>
>
> IS packs are now available. 
>
> Samisa...
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Yumani Ranaweera
> WSO2, Inc. - http://wso2.org
> Email : yum...@wso2.com 
> Cell: +94 077 7795242
> Blog   : http://yumani.blogspot.com/
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] IS build on 3.0 branch failing

[Prabath Siriwardena]

Fixed and built IS successfully in builder machine.

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
> I am still seeing this error on builder. 
>
> Please have a look looging into builder tomorrow morning. (Not now, as 
> there is a build going on)
>
> Samisa...
>
> On Sat, Mar 20, 2010 at 10:42 PM, Samisa Abeysinghe  > wrote:
>
> !MESSAGE Missing requirement: org.wso2.carbon.service.mgt
> 3.0.0.SNAPSHOT (org.wso2.carbon.service.mgt 3.0.0.SNAPSHOT)
> requires 'package org.wso2.carbon.reporting.common 0.0.0' but it
> could not be found
>
> Samisa...
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Deleting a User's Profile in Registry

[Prabath Siriwardena]

+1 for the first approach - IMHO it won't affect any current usages...

Remove the registry user profiles - remove all the associated resources 
only if not further associations are there with those.

Thanks & regards.
-Prabath


Dimuthu Leelarathne wrote:
> Hi all,
>
> I am fixing this issue - https://wso2.org/jira/browse/CARBON-6977. 
> There are two approaches to fixing this.
>
> Approach 1 - This MAY affect some products depending on usage
> ===
> When we delete a user from the database we delete his profile in 
> registry as follows.
>
> String path = RegistryConstants.PROFILES_PATH + userName;
> if (registry.resourceExists(path)) {
> registry.delete(path);
> }
> Change the above code to below.
>
> String path = RegistryConstants.PROFILES_PATH + userName;
> if (registry.resourceExists(path)) {
> Association[] associations = 
> registry.getAllAssociations(path);
> for(Association association : associations) {
> String destinationPath = 
> association.getDestinationPath();
> String sourcePath = association.getSourcePath();
> String targetPath = null;
> if(!sourcePath.equals(path)) {
> targetPath = sourcePath;
> }else{
> targetPath = destinationPath;
> }
> if(registry.getAllAssociations(targetPath).length 
> == 0){
> registry.delete(destinationPath);
> }
> }
> registry.delete(path);
> }
>
> Approach 2 - This effects IS and ? other products depending on usage.
> ===
> Change all code to store the resources under 
> "RegistryConstants.PROFILES_PATH + userName" and simply delete the 
> "RegistryConstants.PROFILES_PATH + userName". Deletes everything. 
> Simple fix on my end. Drastic changes to others.
>
> My question what to execute - "Approach 1" or "Approach 2"?
>
> Thanks,
> DimuthuL
>
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Deleting a User's Profile in Registry

[Prabath Siriwardena]

Tyrell Perera wrote:
>
> How will this affect associations between profiles. Say friends? We 
> are implementing OpenSocial via associations between user profiles. 
> These associations are made when "friending" happens between users.
Also - going further - we will also have an issue in approach - 1 when 
we have a many to one association between user to another resource - and 
the user resource under discussion becomes the only association at the 
time of deleting...

Thanks & regards.
-Prabath
>
> Tyrell
>  
>
> Thanks & regards.
> -Prabath
>


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] SNAPSHOTs on 3.0.0 branch

[Prabath Siriwardena]

This component doesn't go with the build and not included in the root 
pm. Added this one for testing only - deleted from the branch..

Thanks & regards.
-Prabath

Isuru Suriarachchi wrote:
> All these SNAPSHOTs are fixed except the following one in the identity 
> component.
>
> 
>  org.twitter4j
>  twitter4j-core
>  2.1.1-SNAPSHOT
>  compile
>   
>
> This is a SNAPSHOT dependency to an external artifact without creating 
> an internal branch. Prabath, can you please have a look?
>
> However this is a sample and should be moved into the product..
>
> Thanks,
> ~Isuru
>
> On Fri, Mar 26, 2010 at 12:41 PM, Samisa Abeysinghe  > wrote:
>
> Also, inside component:
>
> ./throttling/org.wso2.carbon.throttle/3.0.0/pom.xml:  
>  SNAPSHOT
> ./throttling/org.wso2.carbon.throttle/3.0.0/pom.xml:  
>  SNAPSHOT
> ./wsdl2form/pom.xml:  
>  1.6.0.wso2v1-SNAPSHOT
> ./wsdl2form/pom.xml:  
>  1.2.9.wso2v1-SNAPSHOT
> ./identity/org.wso2.carbon.identity.samples.oauth/3.0.0/pom.xml:  
>   2.1.1-SNAPSHOT
> ./mashup/pom.xml:  
> 1.6.0.wso2v1-SNAPSHOT
> ./human-task/org.wso2.carbon.human-task.registry.handler/3.0.0/pom.xml:
>1.2.9.wso2v1-SNAPSHOT
> ./human-task/org.wso2.carbon.human-task/3.0.0/pom.xml:  
>  1.2.9.wso2v1-SNAPSHOT
> ./mediators/smooks/3.0.0/pom.xml:  
>  1.2.4.wso2v1-SNAPSHOT
>
> Samisa...
>
> On Fri, Mar 26, 2010 at 10:38 AM, Sumedha Rubasinghe
> mailto:sume...@wso2.com>> wrote:
>
> Devs,
> Why are we having 'org.apache.axiom.trunk'[1] on orbit? This
> is something redundant. Right?
> And following bundles on orbit seems to be still associated
> with 'SNAPSHOT'.
>
> ./axis2-json/1.6.0.wso2v1-SNAPSHOT/
> ./smooks/1.2.4.wso2v1-SNAPSHOT/
>
> /sumedha
>
> [1]
> 
> https://svn.wso2.org/repos/wso2/branches/carbon/3.0.0/orbit/org.apache.axiom.trunk/3.0.0-SNAPSHOT
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
>
> -- 
> Samisa Abeysinghe
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] 3.0 branch - Error building carbon/orbit/savan-core/1.1.0-wso2v1

[Prabath Siriwardena]

Fixed and tested in builder machine.

Excluded axiom.

Thanks & regards.
-Prabath

Samisa Abeysinghe wrote:
> It is looking for axiom 1.2.8. 
>
> Looks like we need to branch Savan too??
>
>
> [INFO] 
> 
> [ERROR] BUILD FAILURE
> [INFO] 
> 
> [INFO] Compilation failure
>
> error: error reading 
> /home/carbon/.m2/repository/org/apache/ws/commons/axiom/axiom-impl/1.2.8/axiom-impl-1.2.8.jar;
>  
> error in opening zip file
>
>
> -- 
> Samisa Abeysinghe 
> Director, Engineering - WSO2 Inc.
>
> http://wso2.com/ - "lean . enterprise . middleware"
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Carbon 3.0.0 - Iridium - RC6

[Prabath Siriwardena]

Charitha Kankanamge wrote:
> The following issue must be fixed.
>
> [1] https://wso2.org/jira/browse/CARBON-7268 - Cannot install SSO 
> authenticator feature
Fixed...

Thanks & regards.
-Prabath
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] [ANN] WSO2 Identity Server 3.0.0 Released!

[Prabath Siriwardena]

Sanjiva Weerawarana wrote:
> Prabath please forward to architecture@ as well.
Done...

Thanks & regards,
-Prabath
>
> Other PMs please copy both carbon-dev and architecture@ in addition to 
> specific user lists.
>
> Thanks,
>
> Sanjiva.


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Exceptions when DOM is used instead of DOOM in Rampart (Relates to Axis2/Rampart Performance Improvement)

[Prabath Siriwardena]

I guess this is the ClassCastException you get when casting the 
timestamp to a OMElement.

Please check the creation of timestamp element...

Thanks & regards.
-Prabath

kasun Gajasinghe wrote:
> Hello,
> we were trying to use Rampart without using DOOM objects. i.e. instead 
> of converting OMElement -> DOOM we do OMElement -> DOM conversion. 
> This is done by passing *false* for the parameter '*useDoom*' in 
> methods "getSOAPEnvelopeFromDOMDocument(Document doc, boolean 
> useDoom)" and getDocumentFromSOAPEnvelope(SOAPEnvelope env, boolean 
> useDoom) @ org.apache.rampart.util.Axis2Util.java.
>
> But, this doesn't work! I am getting a ClassCastException. Does anyone 
> know a solution for this?
>
> Stack-Trace is given below.
>
> run-signencr:
> run-policy:
>  [copy] Copying 1 file to 
> /media/DATA/WSO2/axis2/jws14code-new/axis2.BACK/client/bin
>  [java] Running initialization request to prepare for timed test
>  [java] Connecting to service at 
> http://localhost:8080/axis2/services/seismic-signencr
>  [java] Rampart engaged for supplied policy
>  [java] java.lang.ClassCastException: 
> org.apache.xerces.dom.ElementNSImpl cannot be cast to 
> org.apache.axiom.om.OMElement
>  [java] at 
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:366)
>  [java] at 
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
>  [java] at 
> org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>  [java] at 
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
>  [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
>  [java] at 
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
>  [java] at 
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:424)
>  [java] at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
>  [java] at 
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
>  [java] at 
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>  [java] at 
> com.sosnoski.ws.seismic.adb.SeismicAdbStub.matchQuakes(SeismicAdbStub.java:181)
>  [java] at 
> com.sosnoski.ws.seismic.adb.Axis2LitClient.runQuery(Axis2LitClient.java:87)
>  [java] at 
> com.sosnoski.ws.seismic.adb.TestClient$TestRunnable.run(TestClient.java:210)
>  [java] at java.lang.Thread.run(Thread.java:619)
>  [java] Java Result: 1
>
> BUILD SUCCESSFUL
> Total time: 3 seconds
>
> Thanks,
> /KasunG
>
> -- 
> Kasun Gajasinghe
> Intern
> E-mail: kasung AT wso2 DOT com
>
> WSO2, Inc.; http://wso2.com
> lean.enterprise.middleware
>
>
> 
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>   


___
Carbon-dev mailing list
Carbon-dev@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Echo Service in ESB

[Prabath Siriwardena]

+1 for adding it back..

Thanks & regards,
-Prabath

On Tue, Apr 19, 2011 at 4:57 PM, Hiranya Jayathilaka  wrote:
> Hi,
> Can we add the echo service back to the ESB build? If so what are the steps
> need to be taken? Many of our articles/tutorials assume the echo service in
> ESB and it will be great if we don't break all these samples in the coming
> release.
>
> Thanks
> --
> Hiranya Jayathilaka
> Senior Software Engineer;
> WSO2 Inc.;  http://wso2.org
> E-mail: hira...@wso2.com;  Mobile: +94 77 633 3491
> Blog: http://techfeast-hiranya.blogspot.com
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Build failure in org.wso2.carbon:org.wso2.carbon.usage.summary.generator

[Prabath Siriwardena]

Project ID: org.wso2.carbon:org.wso2.carbon.usage.summary.generator
POM Location: 
/components/stratos/usage/org.wso2.carbon.usage.summary.generator/pom.xml
Validation Messages:

[0]  'dependencies.dependency.version' is missing for
org.wso2.carbon:org.wso2.carbon.usage.meteringsummarygenerationds.stub:jar


Reason: Failed to validate POM for project
org.wso2.carbon:org.wso2.carbon.usage.summary.generator at
/components/stratos/usage/org.wso2.carbon.usage.summary.generator/pom.xml

Am I missing something...?

-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Build failure in org.wso2.carbon:org.wso2.carbon.usage.summary.generator

[Prabath Siriwardena]

Following looks like the commit responsible for this.. [or may be I am
missing some updates..]

Author: sanjeewa
Date: Tue Apr 19 04:42:11 2011
New Revision: 91987
URL: http://wso2.org/svn/browse/wso2?view=rev&revision=91987

Please have a look..

Thanks & regards,
-Prabath

On Tue, Apr 19, 2011 at 8:54 PM, Afkham Azeez  wrote:
>
>
> On Tue, Apr 19, 2011 at 8:52 PM, Prabath Siriwardena 
> wrote:
>>
>> Project ID: org.wso2.carbon:org.wso2.carbon.usage.summary.generator
>> POM Location:
>> /components/stratos/usage/org.wso2.carbon.usage.summary.generator/pom.xml
>> Validation Messages:
>>
>>    [0]  'dependencies.dependency.version' is missing for
>> org.wso2.carbon:org.wso2.carbon.usage.meteringsummarygenerationds.stub:jar
>
> That package name looks horrible!
>
>>
>> Reason: Failed to validate POM for project
>> org.wso2.carbon:org.wso2.carbon.usage.summary.generator at
>> /components/stratos/usage/org.wso2.carbon.usage.summary.generator/pom.xml
>>
>> Am I missing something...?
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> http://blog.facilelogin.com
>> http://RampartFAQ.com
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
> --
> Afkham Azeez
> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
>
> Member; Apache Software Foundation; http://www.apache.org/
> email: az...@wso2.com cell: +94 77 3320919
> blog: http://blog.afkham.org
> twitter: http://twitter.com/afkham_azeez
> linked-in: http://lk.linkedin.com/in/afkhamazeez
>
> Lean . Enterprise . Middleware
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Carbon Studio enhancements related to XACML

[Prabath Siriwardena]

On Thu, Apr 21, 2011 at 11:43 PM, Sumedha Rubasinghe  wrote:
> Devs,
> After listening to Prabath's webinar on XACML, I felt it might be
> interesting to have following capabilities in Carbon Studio.
> Ability to implement/extend,
> - EntitlementCallbackHandler
> - PIPExtension
> - PIPAttributeFinder
> XACML Editor (Is there an existing plugin?)

Not for Eclipse

> Need feedback  from IS team to see how useful/valid these suggestions are.

Definitely +1

Thanks & regards,
-Prabath

> /sumedha
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Version conflicts in Drools

[Prabath Siriwardena]

In orbit bundle : 5.1.1.wso2v1

In the feature org.wso2.carbon.rule.engine.drools.feature  : 5.0.1.wso2v1

Please fix this - since it makes a build failure with a clean repo

-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Usability Improvements - Forms

[Prabath Siriwardena]

+1

Thanks & regards,
-Prabath

On Wed, Jun 22, 2011 at 10:39 AM, Chanaka Jayasena  wrote:
> Hi all,
> We are planning to improve the forms generally considering usability aspects
> in all products.
> 1 . Look and feeling of the forms.
> We have differences in the layout and look and feeling of forms in different
> UI components. Since this is taking away overall consistency in our user
> interfaces, we need to define standards and stick to those in all our UI
> components.
> 2. Validation
> I think we can improve client side validation by following some of the best
> practices listed on the following article.
> http://www.smashingmagazine.com/2009/07/07/web-form-validation-best-practices-and-tutorials/
>  In-fact we have a validation framework built in to our UI core, which
> implement some of these concepts. But it's only used for the proxy service
> UI component. Plan is to extend this to all the other components as well.
> 3. Autocomplete
> We are using autocomplete feature in registry search UI component. I think
> it will be good if we can reuse this on other components as well, when
> ever suitable.
> 4. Inline help and tips.
> Place a helpful icon right next to each field which are not self explaining.
> 5. Default text for text boxes.
> I prepared several screen shots with Amal using two different UI components
> to present these ideas. But we are not clear about when to start these
> improvements.
> thanks,
> Chanaka
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Shall we plan to do 3.2.1 feature releases of XACML, OpenID & OAuth

[Prabath Siriwardena]

Shall we plan to do the $subject.. Can we do this by 2nd week of
July..? If this blocks Stratos in anyway, we can delay.. WDYT..

-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Shall we plan to do 3.2.1 feature releases of XACML, OpenID & OAuth

[Prabath Siriwardena]

Can you please lead this Thilina... IS team it self can do the QA and
shall we plan the release date to be 8th July..?

Thanks & regards,
-Prabath

On Wed, Jun 29, 2011 at 2:12 PM, Thilina Buddhika  wrote:
> We need to get the OpenID and XACML features out before the Stratos release
> because they contain some critical fixes.
> +1 for including OAuth feature along with these two features.
> Thanks,
> Thilina
>
> On Wed, Jun 29, 2011 at 12:43 PM, Prabath Siriwardena 
> wrote:
>>
>> Shall we plan to do the $subject.. Can we do this by 2nd week of
>> July..? If this blocks Stratos in anyway, we can delay.. WDYT..
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> http://blog.facilelogin.com
>> http://RampartFAQ.com
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
> --
> Thilina Buddhika
> Associate Technical Lead
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
>
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Subscribe to the same topic with the same event sink url twice

[Prabath Siriwardena]

Please create a JIRA...

Thanks & regards,
-Prabath

On Fri, Jul 1, 2011 at 10:11 AM, Supun Kamburugamuva  wrote:
> If we do a static subscription for the same topic with the same event sink
> url twice only one subscription is shown in the UI. Now if we delete the
> subscription shown in the UI other subscription is still there and cannot be
> deleted from the UI.
> Thanks,
> Supun..
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] ServiceAdmin wont allow to expose a UT enabled service on JMS

[Prabath Siriwardena]

IIRC this restriction only applies if you apply UT via wizard. But if
you want to use JMS over TLS and use UT - you can create your custom
security policy with UT and apply it via wizard.

Thanks & regards,
-Prabath

On Wed, Jul 6, 2011 at 5:00 PM, Rajika Kumarasiri  wrote:
> When I tried to expose a UT enabled service on JMS I am ending up with the
> following error.
> ERROR {org.wso2.carbon.cloud.csg.agent.jms.JMSServicePublisher} -  Cloud not
> publish service 'SimpleStockQuoteService'. Cannot add non-HTTPS transport
> binding for Service [SimpleStockQuoteService] since a security scenario
> which requires the service to contain only the HTTPS transport binding has
> been applied to this service.
> org.apache.axis2.AxisFault: Cannot add non-HTTPS transport binding for
> Service [SimpleStockQuoteService] since a security scenario which requires
> the service to contain only the HTTPS transport binding has been applied to
> this service.
>
> See ServiceAdmin.java:971 (on 3.2.0 branch). There is a comment saying that
> it need to be added but commented for the moment. Any idea why it's keep
> like that ? Are we going to fix it ?
> Rajika
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] ServiceAdmin wont allow to expose a UT enabled service on JMS

[Prabath Siriwardena]

The restriction is only for the UsernameToken security scenario only..
You can use the UI wizard with your custom policy to make UT work over
HTTP or JMS - where the user takes the responsibility of making the
underlying transport secure.

Thanks & regards,
-Prabath

On Wed, Jul 6, 2011 at 8:40 PM, Rajika Kumarasiri  wrote:
> This is a problem for CSG agent.  When UT is enabled for a back end service
> and when we try to publish (and enable JMS for that service in the process)
> this issue occurs.
> Why do we have this restriction in the UI ?
> Rajika
>
> On Wed, Jul 6, 2011 at 5:52 PM, Prabath Siriwardena 
> wrote:
>>
>> IIRC this restriction only applies if you apply UT via wizard. But if
>> you want to use JMS over TLS and use UT - you can create your custom
>> security policy with UT and apply it via wizard.
>>
>> Thanks & regards,
>> -Prabath
>>
>> On Wed, Jul 6, 2011 at 5:00 PM, Rajika Kumarasiri  wrote:
>> > When I tried to expose a UT enabled service on JMS I am ending up with
>> > the
>> > following error.
>> > ERROR {org.wso2.carbon.cloud.csg.agent.jms.JMSServicePublisher} -  Cloud
>> > not
>> > publish service 'SimpleStockQuoteService'. Cannot add non-HTTPS
>> > transport
>> > binding for Service [SimpleStockQuoteService] since a security scenario
>> > which requires the service to contain only the HTTPS transport binding
>> > has
>> > been applied to this service.
>> > org.apache.axis2.AxisFault: Cannot add non-HTTPS transport binding for
>> > Service [SimpleStockQuoteService] since a security scenario which
>> > requires
>> > the service to contain only the HTTPS transport binding has been applied
>> > to
>> > this service.
>> >
>> > See ServiceAdmin.java:971 (on 3.2.0 branch). There is a comment saying
>> > that
>> > it need to be added but commented for the moment. Any idea why it's keep
>> > like that ? Are we going to fix it ?
>> > Rajika
>> > ___
>> > Carbon-dev mailing list
>> > Carbon-dev@wso2.org
>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>> >
>> >
>>
>>
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> http://blog.facilelogin.com
>> http://RampartFAQ.com
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Issue with timezone

[Prabath Siriwardena]

Yes, WSS4J keeps time in UTC - [1] may be slightly related...

Thanks & regards,
-Prabath

[1]: 
http://blog.rampartfaq.com/2009/08/would-timestamp-validation-fail-when.html

On Wed, Jul 13, 2011 at 6:56 AM, Afkham Azeez  wrote:
> To compare timestamps you need to normalize the time to a common timezone.
> So, this could be different from your actual machine's time for that
> machine's timezone.
>
> 
> Sent from my phone
>
> On Jul 13, 2011 5:58 AM, "Jorge Infante Osorio"  wrote:
>> Hi folks.
>>
>> I have a problem with the time zone in my ESB server.
>> When I start the server, in the UI I see the right time, for example:
>> Server Host 127.0.0.1
>> Server URL https://127.0.0.1:9445/services/
>> Server Start Time 2011-07-12 18:48:49
>> Time zone America/New_York (GMT-05:00)
>>
>> But in the message timestamp I see the right hour + 4, in this case my
>> time
>> = 19:06 and in the timestamp is 23:06
>>
>> >
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
>> y-utility-1.0.xsd" wsu:Id="Timestamp-4">
>> 2011-07-12T23:06:11.796Z
>> 2011-07-12T23:11:11.796Z
>> 
>>
>>
>> Any idea on this?
>>
>> Saludos,
>> Ing. Jorge Infante Osorio.
>> J´Dpto Soluciones SOA.
>> CDAE.
>> Fac. 5.
>> UCI.
>>
>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Build failed in Hudson: carbon_trunk #12

[Prabath Siriwardena]

Fixed..

Thanks & regards,
-Prabath

On Thu, Jul 14, 2011 at 11:18 AM, Pradeep Fernando  wrote:
> Hi,
>
> IS team, please fix this.
>
> On Thu, Jul 14, 2011 at 11:02 AM,   wrote:
>> See 
>>
>> Changes:
>>
>> [anjana] Fix for saving Carbon DS in Registry for AdminConsole
>>
>> [supun] adding the ability to disable addressing based on a property
>>
>> [anjana] Fix for Carbon DS MT Issue in Admin Console
>>
>> [azeez] Do not recurse into directories when adding jars to bootstrap 
>> classpath since this leads to unnecessary jars being loaded by mistake
>>
>> [fazlan] Fixing a compilation error
>>
>> [senaka] Improving LCM validation.
>>
>> [miyuru] fixed NPE cause in MessageStore
>>
>> --
>> [...truncated 36222 lines...]
>> [INFO] skip non existing resourceDirectory 
>> 
>> [INFO] [compiler:testCompile {execution: default-testCompile}]
>> [INFO] Not compiling test sources
>> [INFO] [surefire:test {execution: default-test}]
>> [INFO] Tests are skipped.
>> [INFO] [bundle:bundle {execution: default-bundle}]
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.axiom.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.axis2.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.commons.logging.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.rahas.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.rahas.client.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.rahas.impl.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.apache.rahas.impl.util.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.wso2.carbon.core.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.wso2.carbon.core.utils.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.wso2.carbon.security.keystore.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for 
>> org.wso2.carbon.security.keystore.service.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.wso2.carbon.security.util.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Did not find matching referal for org.wso2.carbon.utils.*
>> [WARNING] Warning building bundle 
>> org.wso2.carbon:org.wso2.carbon.identity.user.registration:bundle:3.2.0-SNAPSHOT
>>  : Importing packages that are never refered to by any class on the 
>> Bundle-Classpath[Jar:dot]: [org.osgi.framework]
>> [INFO] [install:install {execution: default-install}]
>> [INFO] Installing 
>> 
>>  to 
>> 
>> [INFO] [bundle:install {execution: default-install}]
>> [INFO] Local OBR update disabled (enable with -DobrRepository)
>> [HUDSON] Archiving disabled - not archiving 
>> 
>> [HUDSON] Archiving disabled - not archiving 
>> 

Re: [Carbon-dev] Hudson build became unstable: carbon_trunk » WSS4J #16

[Prabath Siriwardena]

Some test failures here is related to invalid key size. Please patch [1] the
JDK...

Thanks & regards,
-Prabath

[1]:
http://blog.rampartfaq.com/2009/08/faq-001-javasecurityinvalidkeyexception.html

On Fri, Jul 15, 2011 at 5:53 AM,  wrote:

> See <
> http://builder3.us1.wso2.org/hudson/job/carbon_trunk/org.apache.ws.security$wss4j/16/
> >
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Build team for the Carbon 3.2.2

[Prabath Siriwardena]

Hi folks,

I guess we need a build team to drive Carbon 3.2.2 release and dilever the
releases to QA till we get it out...

Having the same set of people during the entire release cycle would have
some practical issues, like,

1. Getting bored
2. Personal erros could be introduced to the build

Since we have around 8-10 release managers from all the products, how about
forming 2 - people team from them and rotate the team every week... Since we
only have about 4-6 weeks to go, one person has to do it only once...

Thoughts appreciated...

-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] [Meeting Minutes] Carbon 3.2.2 release discussion

[Prabath Siriwardena]

1. All the products need to be released
2. Product releases will follow the Stratos release
3. First QA release EOD today - by Ranga
4. Product smoke testing from 1st Sept to 9th Sept - QA + Product Teams
5. Stratos Testing - 19th Sept to 14th Oct - QA and and product teams wil
carry on product testing
6.17th to 27th  - buffer period for product testing
7. 28th Oct - product releases
8. RMs will go through all L1s and L2s - wil also take the full
responsibility of the build.

Thanks & regards,
-Prabath



On Wed, Aug 31, 2011 at 1:49 PM, Prabath Siriwardana wrote:

> more details 
> »
> Carbon 3.2.2 release discussion
> Carbon 3.2.2 release discussion
>
> Conference Number : +18009148405
> Conference Code : 9628716
>
> Things to discuss..
>
> 1. Which products need to be released
> 2. Release time line
> 3. QA effort
> 4. Role of Release Managers
> 5. Build team
>
> *When*
> Thu Sep 1 10:30am – 11:30am Colombo
> *Where*
> Board room - #59 + Conference call 
> (map
> )
> *Calendar*
> carbon-dev@wso2.org
> *Who*
> •
> prab...@wso2.com - organizer
> •
> Selvaratnam Uthaiyashankar
> •
> Afkham Azeez
> •
> Achala Aponso
> •
> Lalaji Sureshika
> •
> Thilina Buddhika
> •
> Senaka Fernando
> •
> Sadeep Jayasumana
> •
> Nuwan Bandara
> •
> carbon-dev@wso2.org
> •
> Sameera Jayasoma
> •
> Denis Weerasiri
> •
> Hiranya Jayathilaka
> •
> Samisa Abeysinghe
> •
> Charitha Kankanamge
> •
> Tharindu Mathew
> •
> Amila Suriarachchi
> •
> Dinusha Senanayaka
> •
> Sumedha Rubasinghe
> •
> Fazlan Sabar
> •
> Anjana Fernando
>
> Going?   
> ***Yes-
> Maybe-
> No
> ***more options 
> »
>
> Invitation from Google Calendar 
>
> You are receiving this courtesy email at the account 
> carbon-dev@wso2.orgbecause you are an attendee of this event.
>
> To stop receiving future notifications for this event, decline this event.
> Alternatively you can sign up for a Google account at
> https://www.google.com/calendar/ and control your notification settings
> for your entire calendar.
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>


-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Latest set of packs available for testing

[Prabath Siriwardena]

Stratos app server fails at the startup... App Server team please have a look..

[2011-09-06 01:00:39,342] ERROR
{org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource}
-  Error reading descriptors
java.lang.SecurityException: class "org.apache.coyote.RequestInfo"'s
signer information does not match signer information of other classes
in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:806)
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:625)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
at java.lang.Class.privateGetPublicMethods(Class.java:2547)
at java.lang.Class.getMethods(Class.java:1410)
at 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource.createManagedBean(MbeansDescriptorsIntrospectionSource.java:307)
at 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource.execute(MbeansDescriptorsIntrospectionSource.java:83)
at 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource.loadDescriptors(MbeansDescriptorsIntrospectionSource.java:76)
at org.apache.tomcat.util.modeler.Registry.load(Registry.java:696)
at 
org.apache.tomcat.util.modeler.Registry.loadDescriptors(Registry.java:807)
at 
org.apache.tomcat.util.modeler.Registry.findManagedBean(Registry.java:595)
at 
org.apache.tomcat.util.modeler.Registry.findManagedBean(Registry.java:885)
at 
org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:737)
at 
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:348)
at 
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:136)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:305)
at org.wso2.carbon.tomcat.BetterTomcat.start(BetterTomcat.java:68)
at org.wso2.carbon.server.TomcatServer.start(TomcatServer.java:114)
at org.wso2.carbon.server.Main.startServer(Main.java:74)
at org.wso2.carbon.server.Main.start(Main.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.wso2.carbon.bootstrap.Bootstrap.loadClass(Bootstrap.java:62)
at org.wso2.carbon.bootstrap.Bootstrap.main(Bootstrap.java:43)
[2011-09-06 01:00:39,349]  WARN
{org.apache.tomcat.util.modeler.Registry} -  No metadata found for
org.apache.coyote.RequestGroupInfo
[2011-09-06 01:00:39,349] ERROR
{org.apache.tomcat.util.modeler.Registry} -  Error registering
Tomcat:type=GlobalRequestProcessor,name="http-nio-9763"
java.lang.NullPointerException
at 
org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:740)
at 
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:348)
at 
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.

Re: [Carbon-dev] HTTP and Proxy Authenticators for Carbon

[Prabath Siriwardena]

Hi Senaka,

The words "Authenticators/Authenticator" would easily conflict with
the Carbon Authenticators - can you please come up with different
words..

Also - how does this differ from proxy configuration in axis2.xml..?

Thanks & regards,
-Prabath

On Tue, Sep 6, 2011 at 1:16 AM, Senaka Fernando  wrote:
> FYI,
>
> We have added $subject to Carbon, and the corresponding configuration (in
> carbon.xml) is as follows:
>
>     
>     ...
>     
>     
>     
>     
>     .*
>     
>     server
>     
>     name
>     
>     password
>     
>     
>     
>     .*
>     
>     proxy
>     
>     name
>     
>     password
>     
>     
>     
>
> This allows you to define multiple authenticators to log into multiple
> servers/proxies that require authentication. This is also useful for
> situations where Carbon is running behind a proxy (ex:- installing from P2
> repo behind proxy, accessing WSDL file from server that requires
> authentication, importing documents from sharepoint secured by NTLM
> authentication into the registry).
>
> Thanks,
> Senaka.
>
> --
> Senaka Fernando
> Product Manager - WSO2 Governance Registry;
> Associate Technical Lead; WSO2 Inc.; http://wso2.com
> Member; Apache Software Foundation; http://apache.org
>
> E-mail: senaka AT wso2.com
> P: +1 408 754 7388; ext: 51736; M: +94 77 322 1818
> Linked-In: http://linkedin.com/in/senakafernando
>
> Lean . Enterprise . Middleware
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] HTTP and Proxy Authenticators for Carbon

[Prabath Siriwardena]

Hi Senaka,

On Tue, Sep 6, 2011 at 1:47 AM, Senaka Fernando  wrote:
> I've given this the name because this is standard Java terminology. What we
> are implementing is an extension of java.net.Authenticator. Giving this some
> other name would confuse somebody. Also having said that, Authenticator in
> the java world is something that provides credentials for authentication.
> But the CarbonAuthenticator IIRC is not doing quite that, making the latter
> inconsistent. But, since we have been having it for a while, I'm not sure
> what's the correct choice here. Anyway, giving this some other name does not
> sound the correct thing to do.

Even carbon authenticators take different type of credentials... and
this seems more like a proxy proxy configuration..

This is the configuration [1] already used for axis2.

http://wso2.org/library/161
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Has Entitlement mediator has been tested in Stratos?

[Prabath Siriwardena]

On Mon, Sep 19, 2011 at 12:22 PM, Amila Suriarachchi  wrote:

>
>
> On Mon, Sep 19, 2011 at 7:06 AM, Asela Pathberiya  wrote:
>
>> Yes. it has been tested.
>>
>
> Fine. How to use entitlement mediator there? I mean what are the
> modifications needed?
>
> https://identity.cloud-test.104cloud.com.tw:9445/services";
> remoteServiceUserName="admin" remoteServicePassword="admin"
> callbackClass="org.wso2.sample.CustomerOrderEntitlementCallback"/>
>
> how to upload the callback class?
>


I think its not possible.. This seems to be a common issue -  that we don't
have a place to upload, dependent jars in ESB in Stratos - need to figure
out a way - since this is very much needed in writing a custom callback in a
security policy..

There can be a workaround - as discussed with Hiranya [haven't tested - and
looks ugly too] - we can add the callback to a XAR fill and upload it..

Thanks & regards,
-Prabath



>
> thanks,
> Amila.
>
>>
>> On Sun, Sep 18, 2011 at 9:16 PM, Amila Suriarachchi wrote:
>>
>>> hi,
>>>
>>> it seems some one has tried to use the entitlement mediator in
>>> Stratos[1].
>>>
>>> thanks,
>>> Amila.
>>>
>>>
>>> [1]
>>> http://wso2.org/library/articles/2011/06/securing-web-service-integration#comment-23421
>>>
>>> ___
>>> Carbon-dev mailing list
>>> Carbon-dev@wso2.org
>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>
>>
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>


-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity Server 3.2.2 Release Readiness

[Prabath Siriwardena]

+1

We have done improvements to 3-legged OAuth as well and committed to
the branch...

Thanks & regards,
-Prabath

On Tue, Sep 20, 2011 at 5:15 PM, Thilina Buddhika  wrote:
> Hi Folks,
> For IS 3.2.2 release, we will including the fixes/improvements for the
> following components.
> - XACML BE and FE components
> - SAML2 SSO BE an FE components
> - OpenID provider FE component
> And there are some fixes gone into Rampart and WSS4J.
> We will be adding the PassiveSTS support back to 3.2.2. (Manjula is already
> working it.)
> Asela, please make sure that all the relevant XACML related fixes are
> committed. I will make sure that all the features are branched off and P2
> profiles are up-to date.
> Thanks,
> Thilina
>
> --
> Thilina Buddhika
> Associate Technical Lead
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
>
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Caching user roles in user-core

[Prabath Siriwardena]

Hi Hasini,

Do we have an API to clear the cache..?

Thanks & regards,
-Prabath

On Tue, Sep 20, 2011 at 5:13 PM, Hasini Gunasinghe  wrote:
> Hi,
> FYI.
> $subject was implemented in all three UserStoreManagers in user core, since
> there were occasions where performance issues occurred due to fetching user
> roles from the user store for each authorization decision of the same user.
> By default, UserRolesCache is enabled and if some one wants to disable it,
> following configuration parameter is added to user-mgt.xml.
> true
> One may wants to disable the above, if user roles are modified by external
> means other than through carbon UI and want those modifications to be
> reflected in carbon server immediately.
> related jira:
> [1] https://wso2.org/jira/browse/CARBON-11073
> Thanks,
> Hasini.
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Carbon 3.2.2 Release - Code Freeze @ 2 PM IST Today

[Prabath Siriwardena]

Hi Folks,

Please note the $subject.. Appreciate a lot if you can make the branch
stable by then.. Please talk to the PMs for more details...

We'll be giving a build to QA this afternoon...

-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Carbon 3.2.2 Release - Code Freeze @ 2 PM IST Today

[Prabath Siriwardena]

On Thu, Sep 22, 2011 at 10:52 AM, Charitha Kankanamge  wrote:
> Hi Prabath,
>
>
> On Thu, Sep 22, 2011 at 10:41 AM, Prabath Siriwardena 
> wrote:
>>
>> Hi Folks,
>>
>> Please note the $subject.. Appreciate a lot if you can make the branch
>> stable by then.. Please talk to the PMs for more details...
>>
>> We'll be giving a build to QA this afternoon...
>
> Build means stratos services right? Hope cloud1 (or QA setup) will be
> updated with these packs.

Yes.. we need some one from cloud team to own the task to do the
stratos setup...

Thanks & regards,
-Prabath

>
> /Charitha
>
>
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> http://blog.facilelogin.com
>> http://RampartFAQ.com
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>



-- 
Thanks & Regards,
Prabath

http://blog.facilelogin.com
http://RampartFAQ.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev