Re: [Dev] [Architecture] wso2is 5.3.0: opensaml SSL peer failed hostname validation

[Bhathiya Jayasekara]

[-architecture][+dev]

Hi Dimitry,

That's very strange given that you're sure about your certificates. With
the given information I can't think of a reason for this. But I can give
you a workaround. This is not the best solution of course, since disabling
hostname verification is not recommended.

Add this line to wso2carbon.sh

*-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \*

Thanks,
Bhathiya

On Tue, Jul 4, 2017 at 8:41 PM, Dmitry Lukyanov  wrote:

> Hello all,
>
> QUESTION:
>
> Where I can configure/customize hostname validator for
> org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory in wso2is 5.3.0
> ?
>
>
> CONFIGURATION:
>
> I get clean wso2is 5.3.0 and did the following changes to configure it
> working with IP and with localhost:
>
> repository/conf/carbon.xml
>
> 172.25.22.67
> 172.25.22.67
>
> repository/resources/security/wso2carbon.jks
>
> recreated keystore with the following command to support subject alter
> names (SAN):
> keytool -genkey -dname "CN=localhost" -alias wso2carbon -validity 3650
> -keyalg RSA -keystore wso2carbon.jks -keypass wso2carbon -storepass
> wso2carbon  -ext san=ip:172.25.22.67,ip:127.0.0.1,dns:localhost
>
> in this case i see in certificate Extension/Certificate Subject Alt
> Name:
> IP Address: 172.25.22.67
> IP Address: 127.0.0.1
> DNS Name: localhost
>
> repository/resources/security/client-truststore.jks
>
> imported public key for generated private key
>
> PROBLEM:
>
> I'm sure about my certificates and simple java program successfully calls
> wso2is services using new client-truststore.jks
> Everything works fine until i try to login into wso2is dashboard:
> https://172.25.22.67:9443/dashboard/
>
> I got an error:
> [2017-07-04 17:15:28,159] ERROR {JAGGERY.acs:jag} -
> org.mozilla.javascript.WrappedException:
> Wrapped org.jaggeryjs.scriptengine.exceptions.ScriptException:
> SSL peer failed hostname validation for name: 172.25.22.67
> (/dashboard/controllers/wsUtil.jag#27)
> ...
> Caused by: javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed
> hostname validation for name: 172.25.22.67
> at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.
> verifyHostname(TLSProtocolSocketFactory.java:233)
> at org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.
> createSocket(TLSProtocolSocketFactory.java:194)
> at org.apache.commons.httpclient.HttpConnection.open(
> HttpConnection.java:707)
> at org.apache.commons.httpclient.MultiThreadedHttpConnectionMan
> ager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionMan
> ager.java:1361)
> at org.apache.commons.httpclient.HttpMethodDirector.
> executeWithRetry(HttpMethodDirector.java:387)
> at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
> HttpMethodDirector.java:171)
> at org.apache.commons.httpclient.HttpClient.executeMethod(
> HttpClient.java:397)
> at org.apache.axis2.transport.http.AbstractHTTPSender.
> executeMethod(AbstractHTTPSender.java:659)
> at org.apache.axis2.transport.http.HTTPSender.sendViaPost(
> HTTPSender.java:195)
> ... 82 more
>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Bhathiya Jayasekara*
*Associate Technical Lead,*
*WSO2 inc., http://wso2.com *

*Phone: +94715478185*
*LinkedIn: http://www.linkedin.com/in/bhathiyaj
*
*Twitter: https://twitter.com/bhathiyax *
*Blog: http://movingaheadblog.blogspot.com
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [EI] Publish WSO2 EI logs to Kibana and Elasticsearch using Filebeat - Internship Project Progress

[Thejan Rupasinghe]

Hi,

I'm trying to use Elastic Stack[1] to analyze WSO2 EI logs.

I have configured Filebeat[2] to read the logs from EI log files and
publish them to the Elasticsearch[3]. Now working on building,
visualizations and dashboards in Kibana[4] and an alerting system to send
emails when error log entries are found.

[1] https://www.elastic.co/products
[2] https://www.elastic.co/products/beats/filebeat
[3] https://www.elastic.co/products/elasticsearch
[4] https://www.elastic.co/products/kibana

Thanks
Regards,
Thejan
-- 

*Thejan Rupasinghe*

*Intern - Software EngineeringWSO2*

*Mobile : +94 77-9020962 <+94%2077%20902%200962>*

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [Architecture] WSO2 Data Analytics Server 4.0.0-M6 Released !

[Ramindu De Silva]

Hi All,

The WSO2 Smart Analytics team is pleased to announce the release of WSO2
Data Analytics Server Version 4.0.0 Milestone 6.

WSO2 Smart Analytics let digital business creating real-time, intelligent,
actionable business insights, and data products which are achieved by WSO2
Data Analytics Server's real-time, incremental & intelligent data
processing capabilities.

WSO2 DAS can:

   - Receive events from various data sources
   - Process & correlate them in real-time with the sate of the art
   high-performance real-time Siddhi Complex Event Processing Engine that
   works with easy to learn the SQL-Like query language.
   - Process analysis that spans for longer time duration with its
   incremental processing capability by achieving high performance with low
   infrastructure cost.
   - Uses Machine Learning and other models to drive intelligent insights
   from the data
   - Notifications interesting event occurrences as alerts via multiple
   types of transport & let users visualize the results via customizable
   dashboards.
   - WSO2 DAS is released under Apache Software License Version 2.0, one of
   the most business-friendly licenses available today.


You can find the product at
https://github.com/wso2/product-das/releases/download/v4.0.0-M6/wso2das-4.0.0-M6.zip

Documentation at https://docs.wso2.com/display/DAS400/

Source code at https://github.com/wso2/product-das/releases/tag/v4.0.0-M6

*WSO2 DAS 4.0.0-M6 includes following features.*

   - Debugging capabilities in Siddhi editor
   - WSO2Event IO and Mappers
   - Siddhi Apps REST API
   - Few other Siddhi Extensions
  - siddhi-execution-sentiment
  - siddhi-execution-priority
  - siddhi-execution-extrema
  - siddhi-execution-geo
  - siddhi-execution-ml
  - siddhi-script-js
  - siddhi-map-binary


*Reporting Issues*

Issues can be reported using the public JIRA available at
https://wso2.org/jira/browse/DAS

*Contact us*

WSO2 Data Analytics Server developers can be contacted via the mailing
lists:

Developer List : dev@wso2.org | Subscribe
 | Mail Archive


Alternatively, questions can also be raised in the stackoverflow:

Forum http://stackoverflow.com/questions/tagged/wso2/


*Support*

We are committed to ensuring that your enterprise middleware deployment is
completely supported from evaluation to production. Our unique approach
ensures that all support leverages our open development methodology and is
provided by the very same engineers who build the technology.

For more details and to take advantage of this unique opportunity please
visit http://wso2.com/support/.

For more information on WSO2 Smart Analytics and Smart Analytics Solutions,
visit the WSO2 Smart Analytics Page .

*~ The WSO2 Smart Analytics Team ~*

-- 
*Ramindu De Silva*
Software Engineer
WSO2 Inc.: http://wso2.com
lean.enterprise.middleware

email: ramin...@wso2.com 
mob: +94 719678895
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Role mapping through config file

[Hanen Ben Rhouma]

Thank you guys!


Regards,
Hanen

On Thu, Jul 6, 2017 at 5:15 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi Henan,
>
> There is a sample command if the IDP is WSO2 Identity Server where you can
> export the public certificate in PEM format.
>
> keytool -exportcert -alias wso2carbon -keypass wso2carbon -keystore 
> wso2carbon.jks -storepass wso2carbon -rfc -file ispublic_crt.pem
>
> Then, you can open the certificate file with a notepad so you see the
> certificate value. You can copy this certificate value and put in the file
> with in the  tag.
>
> Please note that above is only if the IDP is WSO2 IS. If the IDP is a
> third party IDP, then you can get the certificate in PEM format and read
> the value. And the you need to copy the entire content of the PEM file and
> place it between the tags.
>
>
> Thanks,
>
> Hasanthi.
>
>
> Hasanthi Dissanayake
>
> Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com 
>
> On Wed, Jul 5, 2017 at 11:40 PM, Farasath Ahamed 
> wrote:
>
>> Hi Hanen,
>>
>> I have attached a sample file based IDP file that demonstrates how to add
>>  tag and the IDP role mapping as well.
>>
>>
>> Thanks,
>> Farasath
>>
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>> On Wed, Jul 5, 2017 at 9:09 PM, Hanen Ben Rhouma 
>> wrote:
>>
>>> Same question for the tag  please. We're using a
>>> certificate so what should we mention in the xml file.
>>>
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jul 5, 2017 at 5:36 PM, Hanen Ben Rhouma 
>>> wrote:
>>>
 Hello guys,

 Could you please tell me what are the xml tags I can use within an IDP
 xml config file for role mapping. I mean the properties I can add for
 mapping roles in the tag 
 in default.xml for example


 Rehards,
 Hanen

>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] New device type for IOTS ( Laptop agent )

[Lahiru Madushanka]

Hi Waruna,

We will have some notification mechanisms in IOTS for infra / team lead
level users.
Ex:-  RAM capacity of device profile X is 8GB, when avg RAM usage of IOT
group + profile X machines reach 7GB IOT team leads and infra team must
receive notifications.

Sure, I will update this thread with the progress.

Thanks all of you guys for the suggestions. I gathered lot more use cases
and different viewpoints.

Thanks,
Lahiru

On Thu, Jul 6, 2017 at 12:13 PM, Waruna Jayaweera  wrote:

> Hi Lahiru,
>
> Few Suggestions. You can also add alerts mechanism like [1] based on
> analysed data. As an example if laptop cpu utilization is more than 90%
> then send email to operation user.
>
> As others said you can reuse most of existing components for dashboard and
> analysis. Your sample use cases are applied for any device types as we can
> use same way to do predicative maintenance in iot devices. If we have new
> device type , send some attributes to server and take some decisions. So
> you can come up with documentation as if as how we can reuse those
> components to support similar use cases in any device type/agent.
>
> [1]https://docs.wso2.com/display/DAS310/Creating+Alerts
>
> Thanks,
> Waruna
>
>
>
> On Thu, Jul 6, 2017 at 11:04 AM, Lahiru Madushanka 
> wrote:
>
>> Hi Harshan,
>>
>> Sorry for the unclarity of my initial statement. This is a continuation
>> of "Laptop" device type developed by Thisari.
>> Yeah the process is same as you explained.
>>
>> Thanks
>>
>> On Thu, Jul 6, 2017 at 10:16 AM, Harshan Liyanage 
>> wrote:
>>
>>> Hi Lahiru,
>>>
>>> Could you please clarify why we need a new device-type in this scenario?
>>> It looks like a feature on-top of "PC" or "Laptop" device-type.
>>> Analytics/ML part can be separated from the device-type. What we need to do
>>> is to just get the required data like RAM, CPU, HDD usage etc from that
>>> particular device type and push them into DAS. This is somewhat similar to
>>> what we are currently doing with the Android device-type. I'm wondering why
>>> we can't use the same approach here.
>>>
>>> Thanks,
>>>
>>> Harshan Liyanage
>>> EMM/IoT TG
>>> Mobile: *+94765672894*
>>> Email: hars...@wso2.com
>>> Blog : http://harshanliyanage.blogspot.com/
>>> *WSO2, Inc. :** wso2.com *
>>> lean.enterprise.middleware.
>>>
>>> On Wed, Jul 5, 2017 at 10:57 PM, Pasindu Jayaweera 
>>> wrote:
>>>
 Hi Lahiru,
 Q.) Other than pushing data from the laptop, will there be any
 operations or policies than can be applied from the server-side?

 Q) What could be the agent's behavior;

 a.) when the laptop is out of the network?

 b.) when the laptop has multiple operating systems?


 When designing analytics views and creating ML plans, I would like to
 suggest to make them in such a way that those units can be plugged not only
 with the laptops, but also with any device type that provide the same stats
 that you are planning to get from the laptops at this moment. Because the
 stats like RAM, CPU utilization can be fetched from most of the other
 devices as well.  So that upon the use case, those device types can reuse
 the same unit in future. WDYT?

 Thanks.

 On Wed, Jul 5, 2017 at 8:19 PM, Lahiru Madushanka 
 wrote:

>
> Hi all,
>
> Currently I am working on a new device type for IOTS which can collect
> stats from Laptops and use them for analytics and decision making process.
> This is achieved by an agent running on PC which pushes collected stats to
> the IOTS in given time intervals.
>
> Sample use case 1 :- Average ram / CPU utilization of team X can be
> use as a measurement when buying new PCs for team X.
>
> Sample use case 2 :- Prediction of average memory requirement of team
> X for next year
>
> Development Phases
>
> Phase 1
> Developing the initial agent which runs on PC and publish statistics
> to the IoTS through the MB.
> Creating event receivers / publishers and execution plans in DAS to
> handle data.
> Creating initial analytics and real time analytics views for a single
> device
>
> Phase 1 was already done by Thisari Patabendi.
>
> Phase 2
> Adding "Device profiles" to the device database.
> Data purging and summarization
> Implementing group analytics view for roles "team lead" and "infra
> level user".
>
> Phase 3
> Collect data by running agent on several test machines.
> Applying analytics on collected data and create ML plan.
> Creating analytic result dashboards
>
> Suggestions are highly appreciated.
>
> Thanks.
>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "WSO2 IoT Team Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to iot-group+unsubscr...@wso

Re: [Dev] Handling required claims in ID Token

[KasunG Gajasinghe]

Hi Gayan,

As I see, Denuwanthi is talking about the scenario where the grant type
does generate an ID token. In that case, we need to validate that generated
id token where we need to make sure the mandatory fields are there.

On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana  wrote:

> Hi Sagara, Denuwanthi,
>
> There are many ways to write custom grant type. Even ClientCredentials
> grant type can be extended to custom grant type where do not need to think
> about ID token. If can you point to exact example and explain the problem,
> it would be great.
>
> Thanks,
> Gayan
>
> On Tue, Jul 4, 2017 at 9:37 PM, Denuwanthi De Silva 
> wrote:
>
>> Thank you Sagara for the response.
>> Yes, as you mentioned it means logical to use the server error response.
>> will proceed with that.
>>
>>
>> Thanks,
>>
>> On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga 
>> wrote:
>>
>>>
>>>
>>> On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva >> > wrote:
>>>
 Hi,

 In OIDC spec,following claims are mentioned as mandatory.
 -iss
 -sub
 -aud
 -exp
 -iat

 Currently as mentioned in jira [1], it is possible to write custom
 OAuth2 grant type which returns IDToken without "sub" claim.

 When we handle this scenario, there is a small concern
  that need to be clarified.

 -When analyze the spec we could  not find any instance where it
 mentioned the error message to display in such a scenario.
 In that case, shall we come up with *new error message*?
 {"error_description":"custom description.","error":"custom_error"}

 - or throw a server exception and send the standard *server error*
 message ?
 ex:
 {"error_description":"Internal Server Error.","error":"server_error"}

>>>
>>> IMO what happen here is, server can not generate valid IDToken.
>>>  "Internal Server Error " can properly describe this behavior  so better to
>>> use that code, returning custom code may cause  interoperability  issues as
>>> well.
>>>
>>> Thanks !
>>>


 Appreciate any input on how to proceed with this.

 [1]https://wso2.org/jira/browse/IDENTITY-6088
 [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken

 Thanks,
 --
 Denuwanthi De Silva
 Senior Software Engineer;
 WSO2 Inc.; http://wso2.com,
 Email: denuwan...@wso2.com
 Blog: https://denuwanthi.wordpress.com/

>>>
>>>
>>>
>>> --
>>> Sagara Gunathunga
>>>
>>> Associate Director / Architect; WSO2, Inc.;  http://wso2.com
>>> V.P Apache Web Services;http://ws.apache.org/
>>> Linkedin; http://www.linkedin.com/in/ssagara
>>> Blog ;  http://ssagara.blogspot.com
>>>
>>>
>>
>>
>> --
>> Denuwanthi De Silva
>> Senior Software Engineer;
>> WSO2 Inc.; http://wso2.com,
>> Email: denuwan...@wso2.com
>> Blog: https://denuwanthi.wordpress.com/
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

*Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc.
email: kasung AT spamfree wso2.com
linked-in: http://lk.linkedin.com/in/gajasinghe
blog: http://kasunbg.org
phone: +1 650-745-4499, 77 678 0813
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Different logs for the account lock.

[Menaka Jayawardena]

Hi Danushka,

Thank you very much for the response.


On Thu, Jul 6, 2017 at 1:51 PM, Danushka Fernando 
wrote:

> Hi Menaka
> Reason is here in two methods its handled by two different handlers. What
> we can do is to improve logging in governance handler. You may create a
> jira for that as an improvement.
>
> Thanks & Regards
> Danushka Fernando
> Associate Tech Lead
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
> On Thu, Jul 6, 2017 at 11:44 AM, Menaka Jayawardena 
> wrote:
>
>> Hi,
>>
>> In IS 5.3.0, we can enable account lock in two methods.
>> 1. The file based method, which applies the configuration globally for
>> all the tenants.
>> 2. Enable through the management console.
>>
>> But, the logs in those two cases are looks different.
>>
>> When IS is configured using the method 1, the logs are as follows.
>> [2017-07-06 11:31:23,634]  WARN {org.wso2.carbon.core.services
>> .util.CarbonAuthenticationUtil} -  Failed Administrator login attempt
>> 'menaka[-1234]' at [2017-07-06 11:31:23,634+0530]
>> [2017-07-06 11:31:30,817]  INFO 
>> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
>> -  User, menaka has exceed the max failed login attempts. User account
>> would be locked
>> [2017-07-06 11:31:30,839]  WARN {org.wso2.carbon.core.services
>> .util.CarbonAuthenticationUtil} -  Failed Administrator login attempt
>> 'menaka[-1234]' at [2017-07-06 11:31:30,839+0530]
>> [2017-07-06 11:31:36,746]  WARN 
>> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
>> -  User account is locked for user : menaka. cannot login until the account
>> is unlocked
>> [2017-07-06 11:31:36,747] ERROR {org.wso2.carbon.core.services
>> .authentication.AuthenticationAdmin} -  System error while
>> Authenticating/Authorizing User : 17003 User account is locked for user :
>> menaka. cannot login until the account is unlocked
>> [2017-07-06 11:31:56,780]  WARN 
>> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
>> -  User account is locked for user : menaka. cannot login until the account
>> is unlocked
>> [2017-07-06 11:31:56,785] ERROR {org.wso2.carbon.core.services
>> .authentication.AuthenticationAdmin} -  System error while
>> Authenticating/Authorizing User : 17003 User account is locked for user :
>> menaka. cannot login until the account is unlocked
>>
>> This clearly says that the number of login attempts has exceeded and the
>> account is locked.
>>
>> But, when configured from the Management Console, the logs do not say
>> anything about locked account.
>>
>> [2017-07-06 11:25:23,395]  WARN {org.wso2.carbon.core.services
>> .util.CarbonAuthenticationUtil} -  Failed Administrator login attempt
>> 'menaka[-1234]' at [2017-07-06 11:25:23,395+0530]
>> [2017-07-06 11:25:34,532]  WARN {org.wso2.carbon.core.services
>> .util.CarbonAuthenticationUtil} -  Failed Administrator login attempt
>> 'menaka[-1234]' at [2017-07-06 11:25:34,532+0530]
>> [2017-07-06 11:25:45,019]  WARN {org.wso2.carbon.identity.hand
>> ler.event.account.lock.AccountLockHandler} -  Error occurred while
>> calling triggerNotification, detail : Email notification sending failed.
>> Sending email address is not configured for the user.
>> [2017-07-06 11:25:45,021]  WARN {org.wso2.carbon.core.services
>> .util.CarbonAuthenticationUtil} -  Failed Administrator login attempt
>> 'menaka[-1234]' at [2017-07-06 11:25:45,021+0530]
>> [2017-07-06 11:26:08,792] ERROR {org.wso2.carbon.core.services
>> .authentication.AuthenticationAdmin} -  System error while
>> Authenticating/Authorizing User : Error when handling event :
>> PRE_AUTHENTICATION
>>
>> Can we use the same log for both the scenarios or more specific logs for
>> the second one?
>>
>> Thanks and Regards,
>> Menaka
>>
>> --
>> *Menaka Jayawardena*
>> *Software Engineer - WSO2 Inc*
>> *Tel : 071 350 5470*
>> *LinkedIn: https://lk.linkedin.com/in/menakajayawardena
>> *
>> *Blog: https://menakamadushanka.wordpress.com/
>> *
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>


-- 
*Menaka Jayawardena*
*Software Engineer - WSO2 Inc*
*Tel : 071 350 5470*
*LinkedIn: https://lk.linkedin.com/in/menakajayawardena
*
*Blog: https://menakamadushanka.wordpress.com/
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Different logs for the account lock.

[Danushka Fernando]

Hi Menaka
Reason is here in two methods its handled by two different handlers. What
we can do is to improve logging in governance handler. You may create a
jira for that as an improvement.

Thanks & Regards
Danushka Fernando
Associate Tech Lead
WSO2 inc. http://wso2.com/
Mobile : +94716332729

On Thu, Jul 6, 2017 at 11:44 AM, Menaka Jayawardena  wrote:

> Hi,
>
> In IS 5.3.0, we can enable account lock in two methods.
> 1. The file based method, which applies the configuration globally for all
> the tenants.
> 2. Enable through the management console.
>
> But, the logs in those two cases are looks different.
>
> When IS is configured using the method 1, the logs are as follows.
> [2017-07-06 11:31:23,634]  WARN 
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
> -  Failed Administrator login attempt 'menaka[-1234]' at [2017-07-06
> 11:31:23,634+0530]
> [2017-07-06 11:31:30,817]  INFO 
> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
> -  User, menaka has exceed the max failed login attempts. User account
> would be locked
> [2017-07-06 11:31:30,839]  WARN 
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
> -  Failed Administrator login attempt 'menaka[-1234]' at [2017-07-06
> 11:31:30,839+0530]
> [2017-07-06 11:31:36,746]  WARN 
> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
> -  User account is locked for user : menaka. cannot login until the account
> is unlocked
> [2017-07-06 11:31:36,747] ERROR {org.wso2.carbon.core.
> services.authentication.AuthenticationAdmin} -  System error while
> Authenticating/Authorizing User : 17003 User account is locked for user :
> menaka. cannot login until the account is unlocked
> [2017-07-06 11:31:56,780]  WARN 
> {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}
> -  User account is locked for user : menaka. cannot login until the account
> is unlocked
> [2017-07-06 11:31:56,785] ERROR {org.wso2.carbon.core.
> services.authentication.AuthenticationAdmin} -  System error while
> Authenticating/Authorizing User : 17003 User account is locked for user :
> menaka. cannot login until the account is unlocked
>
> This clearly says that the number of login attempts has exceeded and the
> account is locked.
>
> But, when configured from the Management Console, the logs do not say
> anything about locked account.
>
> [2017-07-06 11:25:23,395]  WARN 
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
> -  Failed Administrator login attempt 'menaka[-1234]' at [2017-07-06
> 11:25:23,395+0530]
> [2017-07-06 11:25:34,532]  WARN 
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
> -  Failed Administrator login attempt 'menaka[-1234]' at [2017-07-06
> 11:25:34,532+0530]
> [2017-07-06 11:25:45,019]  WARN {org.wso2.carbon.identity.
> handler.event.account.lock.AccountLockHandler} -  Error occurred while
> calling triggerNotification, detail : Email notification sending failed.
> Sending email address is not configured for the user.
> [2017-07-06 11:25:45,021]  WARN 
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
> -  Failed Administrator login attempt 'menaka[-1234]' at [2017-07-06
> 11:25:45,021+0530]
> [2017-07-06 11:26:08,792] ERROR {org.wso2.carbon.core.
> services.authentication.AuthenticationAdmin} -  System error while
> Authenticating/Authorizing User : Error when handling event :
> PRE_AUTHENTICATION
>
> Can we use the same log for both the scenarios or more specific logs for
> the second one?
>
> Thanks and Regards,
> Menaka
>
> --
> *Menaka Jayawardena*
> *Software Engineer - WSO2 Inc*
> *Tel : 071 350 5470*
> *LinkedIn: https://lk.linkedin.com/in/menakajayawardena
> *
> *Blog: https://menakamadushanka.wordpress.com/
> *
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev