[Dev] Change token url in WSO2 API Manager

[shiva.k]

Hi Wso2 team,

 

Please can you suggest any ways to change default token generation url,
http://  :8280/token  to
http:// 
:8280/t//token.

For eg.

Default token generation is http://wso2.com:8280/token

I want - http://wso2.com:8280/t/securelyshare.com/token

 

How can I achieve this, thanks in advance.

 

Thank You,

Shiva Kumar KR

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Should we trim usernames when authenticating at UserStore level?

[Farasath Ahamed]

Created [1] to track this

[1] https://github.com/wso2/product-is/issues/1352

Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 




On Sun, Sep 3, 2017 at 3:54 PM, Johann Nallathamby  wrote:

> +1
>
> It should be consistent and I also don't think we should be trimming.
>
> On Sun, Sep 3, 2017 at 12:40 PM, Farasath Ahamed 
> wrote:
>
>> Hi Devs,
>>
>> Noticed that we trim the username when performing authentication in LDAP
>> and AD Userstore Managers[1]. But we do not do trim the username in
>> JDBCUserStoreManager[2]?
>>
>> IMO we should have the similar behaviour for all the user stores, ie.
>> either we trim the username in each of them or we don't trim in any of them?
>>
>> On the other hand, I think we shouldn't trim the username at all since it
>> leads to issue like[3], where the authentication was successful because of
>> trimming the spaces silently but claims retrieval etc. fails due to the
>> incorrect username with extra spaces.
>>
>> Appreciate your thoughts!
>>
>>
>> [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/or
>> g.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/
>> core/ldap/ReadOnlyLDAPUserStoreManager.java#L357
>>
>> [2] https://github.com/wso2/carbon-kernel/blob/f551d3530300a
>> 43ca1afc2a56d62be34f2d72320/core/org.wso2.carbon.user.
>> core/src/main/java/org/wso2/carbon/user/core/jdbc/JDBCUser
>> StoreManager.java#L1152-L1235
>>
>> [3] https://wso2.org/jira/browse/IDENTITY-5864
>>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSDL] [SOAP-Services] org.apache.axis2.AxisFault: Mapping qname not fond

[Thilina Madumal]

Hi all,

Found out the root-cause for the above-mentioned issue.
In AXIS2 web-services, service methods cannot send generic types.
Thus the service methods' return type needs to be the concrete class itself.

Here  is
the PR which solves the

> org.apache.axis2.AxisFault: Mapping qname not fond for the package:
> org.wso2.carbon.user.core.claim


Regards,
Thilina.


On Mon, Sep 4, 2017 at 11:12 AM, Thilina Madumal 
wrote:

> Hi Devs,
>
> I'm trying to figure out a solution for IDENTITY-2861
>  which has been around from
> IAM-5.0.0 release.
>
> Here for the 'getClaim' in 'RemoteClaimManagerService' it gives an error
> saying,
>
>> org.apache.axis2.AxisFault: Mapping qname not fond for the package:
>> org.wso2.carbon.user.core.claim
>>
>
> One explanation I got for the above error is,
>
>> getClaim operation's signature declares the return type as
>> org.wso2.carbon.user.api.Claim. However this method returns a subclass
>> (org.wso2.carbon.user.core.claim.Claim) of this, which causes an error.
>
>
> Could someone tell me why does it give an Axis2Fault?
> AFAIU it shouldn't give an error as the returned one is a subclass. That
> is the Java way. We can assign a child class to its parent reference.
>
> Thanks & Regards,
> Thilina.
>
> --
> *Thilina Madumal*
> *Software Engineer | **WSO2*
> Email: thilina...@wso2.com
> Mobile: *+ <+94%2077%20767%201807>94 774553167*
> Web:  http://wso2.com
>
> 
>
>


-- 
*Thilina Madumal*
*Software Engineer | **WSO2*
Email: thilina...@wso2.com
Mobile: *+ <+94%2077%20767%201807>94 774553167*
Web:  http://wso2.com


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] GSoC 2017 - WS-Trust Implementation for IS6

[Isuranga Perera]

Hi All,

I was able to complete the WS-Trust Implementation for Identity Server 6
with all the functional requirements.

Project Repository [1]
Documentation [2]

I would like to thanks my mentors Johann Nallathamby, Malithi Edirisinghe,
Kasun Gajasinghe who gave an immense support throughout the project by
giving necessary guidance whenever needed. In addition to that, I would
like to thanks,  Sagara Gunathnga, Harsha Thirimanne and Thusitha Dayaratne
for supporting me through Dev list.

[1] https://github.com/IsurangaPerera/identity-inbound-auth-sts
[2]
 
https://docs.google.com/document/d/1ZRLQnazRgH4ZZu2luxFmYjXVpRw17n29NkkjeTXVWn0/edit?usp=sharing


Best Regards
Isuranga Perera
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Some concerns on IDENTITY-6324

[Johann Nallathamby]

Hi Isura,

On Mon, Sep 4, 2017 at 9:35 PM, Isura Karunaratne  wrote:

> Hi Johann,
>
> On Mon, Sep 4, 2017 at 8:18 PM Johann Nallathamby  wrote:
>
>> Hi Hasanthi/Nuwandi/IAM Team,
>>
>> 1. Can we please add a description in the JIRA as to what this JIRA is
>> for?
>>
>> 2. The fix has made a public enum change:
>> "MAX_ATTEMTS_EXCEEDED" -> "MAX_ATTEMTS_EXCEEDED".
>> Is this intentional? In any case the spelling is still wrong.
>>
>> 3. We have introduced a new protected method "
>> setUserClaimsValuesInUserStore". Again is this intentional? And we have
>> a threadlocal solution to prevent listenered being triggered twice. In that
>> case do we need this new method?
>>
>
> Here we are going to support account locking failure reason. In that case,
> we need a way to identify following account lock reasons separately.
>
> - Admin Lock User Account
> - Account not confirmed
> - Account locked due to exceeding max failure attempts
>
> We have to check account lock claim in setUserClaimValues method to check
> whether admin user is going to lock a user. Since the recursion in
> UserStoreBasedIdentityDaaStore, we can't put that logic inside
> setUserClaimValues method, because we use setUserClaimValues method to
> store the reason for other scenarios as well.
>

Simply we could check for the appropriate conditions using both the account
lock claim and the lock reason claim. This way we can differentiate between
the different conditions. This isn't that complicated is it? I know with
multiple if-else conditions this becomes a bit confusing for people, but
that is a problem in our pre IS 5.3.0 where all the code was written in the
listener (code to handle various scenarios and code to persist identity
claims). In IS 5.3.0 we have separated out the persisting logic and the
logic to handle various identity management scenarios to different handler
classes. So it should be much more simpler to understand.

Why I don't like the current fix is that it is purposely skipping the
listeners. We had the same solutions in IS 5.0.0 and removed it to avoid
skipping listeners by down casting to the specific UserStoreManagers,
because then the solution doesn't work for custom user store managers. Now
we are going back to the same solution. This issue is simple logic error. I
don't think we need to do such a change and go back to something we removed
earlier sighting other bigger concerns.

I already discussed this offline with *@Farasath.* He knows what I am
talking about.

Shall we change the fix and not change the model altogether?

Btw, did we test the same in the new implementation in IS 5.3.0? How do it
do there?

Regards,
Johann.


>
>
> Thanks
> Isura.
>
>
>> [1] https://wso2.org/jira/browse/IDENTITY-6324
>>
>> Thanks & Regards,
>> Johann.
>>
>> --
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>


-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Custom API handler gets ClassNotFoundException

[Todd Hill]

Thanks, Harsha, that might prove useful, but the bigger question to me is
why even bother with the bundle part ...

When I worked on the 4.8.0 ESB version, I just had to put the .jar file
into /repository/components/lib and the wso2 framework took care
of bundling it and moving it to the dropins directory (along with whatever
bundling needs are required).

The APIM also seems to do the same thing (i.e., put it in the
/repository/components/lib directory and, again, the framework
does the bundling and putting it in the dropins directory).

There isn't much difference in the wso2-framework generated MANIFEST.MF
file between the two. And yet I get ClassNotFoundExceptions in the APIM
version.

TO COMPARE:

generated MANIFEST.MF - 4.8.0 version of ESB:
Manifest-Version: 1.0
Export-Package: edu.wisc.services.esbpoc
DynamicImport-Package: *
Bundle-ClassPath: .,esb.poc-1.0-SNAPSHOT.jar
Bundle-Version: 1.0.0
Bundle-Name: esb.poc_1.0_SNAPSHOT
Bundle-ManifestVersion: 2
Bundle-SymbolicName: esb.poc_1.0_SNAPSHOT

generated MANIFEST.MF - 2.1.0 API Manager version:
Manifest-Version: 1.0
Bundle-SymbolicName: esb.poc_1.0.0_SNAPSHOT
Export-Package: edu.wisc.services.esbpoc
Bundle-Name: esb.poc_1.0.0_SNAPSHOT
Bundle-Version: 1.0.0
Bundle-ClassPath: .,esb.poc-1.0.0-SNAPSHOT.jar
Bundle-ManifestVersion: 2
DynamicImport-Package: *

On Mon, Sep 4, 2017 at 12:12 PM Harsha Kumara  wrote:

> Hi Todd,
>
> Resource in [1] may be a good reference for you.
>
> [1]
> https://github.com/R-Rajkumar/samples/blob/master/message-builder-handler/pom.xml
>
> Thanks,
> Harsha
>
> On Mon, Sep 4, 2017 at 10:16 PM, Todd Hill  wrote:
>
>> meant to send it to the DEV list too.
>>
>>
>> -- Forwarded message -
>> From: Todd Hill 
>> Date: Mon, Sep 4, 2017 at 11:38 AM
>> Subject: Re: [Dev] Custom API handler gets ClassNotFoundException
>> To: Harsha Kumara 
>>
>>
>> The profile I'm using is 'apim' (as opposed to the 'esb' profile). The
>> bundle is comment out because I wasn't able to get
>> that working either.
>>
>>
>> On Mon, Sep 4, 2017 at 11:35 AM Harsha Kumara  wrote:
>>
>>> Hi Todd,
>>>
>>> Can you attach the pom.xml of your custom handler?
>>>
>>> Thanks,
>>> Harsha
>>>
>>> On Mon, Sep 4, 2017 at 9:58 PM, Todd Hill  wrote:
>>>
 Sorry if this is not the right place to send questions about writing a
 custom Handler for WSO2 API Manager 2.1.0, but I don't see any other places
 listed.

 I have written a custom handler that worked well with WSO2 ESB 4.8.0.
 We are migrating to using the API Manager v2.1.0, so I updated the maven
 dependencies, but now after I put the jar into
 /repository/components/lib and restart the API Manager, I get
 this when my Handler class is invoked:

 Caused by: java.lang.ClassNotFoundException:
 org.apache.synapse.core.axis2.Axis2MessageContext cannot be found by
 esb.poc_1.0_SNAPSHOT_1.0.0
 at
 org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:501)
 at
 org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421)
 at
 org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412)
 at
 org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:357)


 Here is the method in the handler:

 private void processPayload(CaosDecisionMakingData decisionMakingData,
 MessageContext mc){
 try {
 RelayUtils.buildMessage(((Axis2MessageContext)
 mc).getAxis2MessageContext());
 } catch (IOException e) {
 throw new RuntimeException(e);
 } catch (XMLStreamException e) {
 throw new RuntimeException(e);
 }
 OMElement restPayload = mc.getEnvelope().getBody().getFirstElement();
 if (restPayload != null) {
 decisionMakingData.setPostBodyElement(restPayload);
 }
 }

 The line with RelayUtils containing the cast is where the problem is.


 Thanks for any help or direction you can give.

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Harsha Kumara
>>> Software Engineer, WSO2 Inc.
>>> Mobile: +94775505618 <+94%2077%20550%205618>
>>> Blog:harshcreationz.blogspot.com
>>>
>>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618 <+94%2077%20550%205618>
> Blog:harshcreationz.blogspot.com
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Custom API handler gets ClassNotFoundException

[Harsha Kumara]

Hi Todd,

Resource in [1] may be a good reference for you.

[1]
https://github.com/R-Rajkumar/samples/blob/master/message-builder-handler/pom.xml

Thanks,
Harsha

On Mon, Sep 4, 2017 at 10:16 PM, Todd Hill  wrote:

> meant to send it to the DEV list too.
>
>
> -- Forwarded message -
> From: Todd Hill 
> Date: Mon, Sep 4, 2017 at 11:38 AM
> Subject: Re: [Dev] Custom API handler gets ClassNotFoundException
> To: Harsha Kumara 
>
>
> The profile I'm using is 'apim' (as opposed to the 'esb' profile). The
> bundle is comment out because I wasn't able to get
> that working either.
>
>
> On Mon, Sep 4, 2017 at 11:35 AM Harsha Kumara  wrote:
>
>> Hi Todd,
>>
>> Can you attach the pom.xml of your custom handler?
>>
>> Thanks,
>> Harsha
>>
>> On Mon, Sep 4, 2017 at 9:58 PM, Todd Hill  wrote:
>>
>>> Sorry if this is not the right place to send questions about writing a
>>> custom Handler for WSO2 API Manager 2.1.0, but I don't see any other places
>>> listed.
>>>
>>> I have written a custom handler that worked well with WSO2 ESB 4.8.0. We
>>> are migrating to using the API Manager v2.1.0, so I updated the maven
>>> dependencies, but now after I put the jar into 
>>> /repository/components/lib
>>> and restart the API Manager, I get this when my Handler class is invoked:
>>>
>>> Caused by: java.lang.ClassNotFoundException:
>>> org.apache.synapse.core.axis2.Axis2MessageContext cannot be found by
>>> esb.poc_1.0_SNAPSHOT_1.0.0
>>> at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(
>>> BundleLoader.java:501)
>>> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(
>>> BundleLoader.java:421)
>>> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(
>>> BundleLoader.java:412)
>>> at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(
>>> DefaultClassLoader.java:107)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>>>
>>>
>>> Here is the method in the handler:
>>>
>>> private void processPayload(CaosDecisionMakingData decisionMakingData,
>>> MessageContext mc){
>>> try {
>>> RelayUtils.buildMessage(((Axis2MessageContext)
>>> mc).getAxis2MessageContext());
>>> } catch (IOException e) {
>>> throw new RuntimeException(e);
>>> } catch (XMLStreamException e) {
>>> throw new RuntimeException(e);
>>> }
>>> OMElement restPayload = mc.getEnvelope().getBody().getFirstElement();
>>> if (restPayload != null) {
>>> decisionMakingData.setPostBodyElement(restPayload);
>>> }
>>> }
>>>
>>> The line with RelayUtils containing the cast is where the problem is.
>>>
>>>
>>> Thanks for any help or direction you can give.
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Harsha Kumara
>> Software Engineer, WSO2 Inc.
>> Mobile: +94775505618 <+94%2077%20550%205618>
>> Blog:harshcreationz.blogspot.com
>>
>


-- 
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: +94775505618
Blog:harshcreationz.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Fwd: Custom API handler gets ClassNotFoundException

[Todd Hill]

meant to send it to the DEV list too.

-- Forwarded message -
From: Todd Hill 
Date: Mon, Sep 4, 2017 at 11:38 AM
Subject: Re: [Dev] Custom API handler gets ClassNotFoundException
To: Harsha Kumara 


The profile I'm using is 'apim' (as opposed to the 'esb' profile). The
bundle is comment out because I wasn't able to get
that working either.


On Mon, Sep 4, 2017 at 11:35 AM Harsha Kumara  wrote:

> Hi Todd,
>
> Can you attach the pom.xml of your custom handler?
>
> Thanks,
> Harsha
>
> On Mon, Sep 4, 2017 at 9:58 PM, Todd Hill  wrote:
>
>> Sorry if this is not the right place to send questions about writing a
>> custom Handler for WSO2 API Manager 2.1.0, but I don't see any other places
>> listed.
>>
>> I have written a custom handler that worked well with WSO2 ESB 4.8.0. We
>> are migrating to using the API Manager v2.1.0, so I updated the maven
>> dependencies, but now after I put the jar into
>> /repository/components/lib and restart the API Manager, I get
>> this when my Handler class is invoked:
>>
>> Caused by: java.lang.ClassNotFoundException:
>> org.apache.synapse.core.axis2.Axis2MessageContext cannot be found by
>> esb.poc_1.0_SNAPSHOT_1.0.0
>> at
>> org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:501)
>> at
>> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421)
>> at
>> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412)
>> at
>> org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>>
>>
>> Here is the method in the handler:
>>
>> private void processPayload(CaosDecisionMakingData decisionMakingData,
>> MessageContext mc){
>> try {
>> RelayUtils.buildMessage(((Axis2MessageContext)
>> mc).getAxis2MessageContext());
>> } catch (IOException e) {
>> throw new RuntimeException(e);
>> } catch (XMLStreamException e) {
>> throw new RuntimeException(e);
>> }
>> OMElement restPayload = mc.getEnvelope().getBody().getFirstElement();
>> if (restPayload != null) {
>> decisionMakingData.setPostBodyElement(restPayload);
>> }
>> }
>>
>> The line with RelayUtils containing the cast is where the problem is.
>>
>>
>> Thanks for any help or direction you can give.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618 <+94%2077%20550%205618>
> Blog:harshcreationz.blogspot.com
>

http://maven.apache.org/POM/4.0.0;
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;>
4.0.0



edu.wisc.services
esb.poc
1.0.0-SNAPSHOT



wso2-nexus
WSO2 internal Repository
http://maven.wso2.org/nexus/content/groups/wso2-public/





esb

${user.home}/wso2esb-4.8.0/repository/components/lib



org.apache.synapse
synapse-core
2.1.7-wso2v10


org.apache.synapse
synapse-nhttp-transport
2.1.7-wso2v10


org.apache.synapse
synapse-commons
2.1.7-wso2v10


org.apache.axis2.wso2
axis2
1.6.1.wso2v10


org.wso2.carbon
org.wso2.carbon.identity.oauth.stub
4.2.2


com.google.guava
guava
12.0


net.sf.saxon
Saxon-HE
9.6.0-1





apim

${user.home}/wso2am-2.1.0/repository/components/lib
${user.home}/wso2am-2.1.0/repository/resources/api_templates



org.apache.synapse
synapse-core
2.1.7-wso2v10


org.apache.synapse
synapse-nhttp-transport
2.1.2-wso2v2


org.apache.synapse
synapse-commons
2.1.2-wso2v2


net.sf.saxon
Saxon-HE
9.6.0-1

Re: [Dev] Custom API handler gets ClassNotFoundException

[Harsha Kumara]

Hi Todd,

Can you attach the pom.xml of your custom handler?

Thanks,
Harsha

On Mon, Sep 4, 2017 at 9:58 PM, Todd Hill  wrote:

> Sorry if this is not the right place to send questions about writing a
> custom Handler for WSO2 API Manager 2.1.0, but I don't see any other places
> listed.
>
> I have written a custom handler that worked well with WSO2 ESB 4.8.0. We
> are migrating to using the API Manager v2.1.0, so I updated the maven
> dependencies, but now after I put the jar into 
> /repository/components/lib
> and restart the API Manager, I get this when my Handler class is invoked:
>
> Caused by: java.lang.ClassNotFoundException:
> org.apache.synapse.core.axis2.Axis2MessageContext cannot be found by
> esb.poc_1.0_SNAPSHOT_1.0.0
> at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(
> BundleLoader.java:501)
> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(
> BundleLoader.java:421)
> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(
> BundleLoader.java:412)
> at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(
> DefaultClassLoader.java:107)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>
>
> Here is the method in the handler:
>
> private void processPayload(CaosDecisionMakingData decisionMakingData,
> MessageContext mc){
> try {
> RelayUtils.buildMessage(((Axis2MessageContext)
> mc).getAxis2MessageContext());
> } catch (IOException e) {
> throw new RuntimeException(e);
> } catch (XMLStreamException e) {
> throw new RuntimeException(e);
> }
> OMElement restPayload = mc.getEnvelope().getBody().getFirstElement();
> if (restPayload != null) {
> decisionMakingData.setPostBodyElement(restPayload);
> }
> }
>
> The line with RelayUtils containing the cast is where the problem is.
>
>
> Thanks for any help or direction you can give.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: +94775505618
Blog:harshcreationz.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Custom API handler gets ClassNotFoundException

[Todd Hill]

Sorry if this is not the right place to send questions about writing a
custom Handler for WSO2 API Manager 2.1.0, but I don't see any other places
listed.

I have written a custom handler that worked well with WSO2 ESB 4.8.0. We
are migrating to using the API Manager v2.1.0, so I updated the maven
dependencies, but now after I put the jar into
/repository/components/lib and restart the API Manager, I get
this when my Handler class is invoked:

Caused by: java.lang.ClassNotFoundException:
org.apache.synapse.core.axis2.Axis2MessageContext cannot be found by
esb.poc_1.0_SNAPSHOT_1.0.0
at
org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:501)
at
org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421)
at
org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412)
at
org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)


Here is the method in the handler:

private void processPayload(CaosDecisionMakingData decisionMakingData,
MessageContext mc){
try {
RelayUtils.buildMessage(((Axis2MessageContext)
mc).getAxis2MessageContext());
} catch (IOException e) {
throw new RuntimeException(e);
} catch (XMLStreamException e) {
throw new RuntimeException(e);
}
OMElement restPayload = mc.getEnvelope().getBody().getFirstElement();
if (restPayload != null) {
decisionMakingData.setPostBodyElement(restPayload);
}
}

The line with RelayUtils containing the cast is where the problem is.


Thanks for any help or direction you can give.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Some concerns on IDENTITY-6324

[Isura Karunaratne]

Hi Johann,

On Mon, Sep 4, 2017 at 8:18 PM Johann Nallathamby  wrote:

> Hi Hasanthi/Nuwandi/IAM Team,
>
> 1. Can we please add a description in the JIRA as to what this JIRA is for?
>
> 2. The fix has made a public enum change:
> "MAX_ATTEMTS_EXCEEDED" -> "MAX_ATTEMTS_EXCEEDED".
> Is this intentional? In any case the spelling is still wrong.
>
> 3. We have introduced a new protected method
> "setUserClaimsValuesInUserStore". Again is this intentional? And we have a
> threadlocal solution to prevent listenered being triggered twice. In that
> case do we need this new method?
>

Here we are going to support account locking failure reason. In that case,
we need a way to identify following account lock reasons separately.

- Admin Lock User Account
- Account not confirmed
- Account locked due to exceeding max failure attempts

We have to check account lock claim in setUserClaimValues method to check
whether admin user is going to lock a user. Since the recursion in
UserStoreBasedIdentityDaaStore, we can't put that logic inside
setUserClaimValues method, because we use setUserClaimValues method to
store the reason for other scenarios as well.


Thanks
Isura.


> [1] https://wso2.org/jira/browse/IDENTITY-6324
>
> Thanks & Regards,
> Johann.
>
> --
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Shall we remove InfoRecoverySample from product-is?

[Isura Karunaratne]

On Mon, Sep 4, 2017 at 9:00 PM Pulasthi Mahawithana 
wrote:

> Hi Johann,
>
> Since we are still keeping the deprecated SOAP APIs we'll keep the sample
> also till the next major version.
>
Yes. +1 to keep the sample since we support SOAP apis too.

Thanks
Isura

>
> On Mon, Sep 4, 2017 at 8:42 PM, Johann Nallathamby 
> wrote:
>
>> If we are going to keep it in product-is we need to maintain
>> compatibility with latest APIs. But I think we have even resolved some
>> public JIRAs mentioning the fact that we now support this in identity-mgt
>> webapp. So we don't need a separate sample for this.
>>
>> So, I think we can do $subject.
>>
>> Regards,
>> Johann.
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>
>
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022
> Blog: https://medium.com/@pulasthi7/
>
> 
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Shall we remove InfoRecoverySample from product-is?

[Pulasthi Mahawithana]

Hi Johann,

Since we are still keeping the deprecated SOAP APIs we'll keep the sample
also till the next major version.

On Mon, Sep 4, 2017 at 8:42 PM, Johann Nallathamby  wrote:

> If we are going to keep it in product-is we need to maintain compatibility
> with latest APIs. But I think we have even resolved some public JIRAs
> mentioning the fact that we now support this in identity-mgt webapp. So we
> don't need a separate sample for this.
>
> So, I think we can do $subject.
>
> Regards,
> Johann.
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>



-- 
*Pulasthi Mahawithana*
Senior Software Engineer
WSO2 Inc., http://wso2.com/
Mobile: +94-71-5179022
Blog: https://medium.com/@pulasthi7/


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Shall we remove InfoRecoverySample from product-is?

[Johann Nallathamby]

If we are going to keep it in product-is we need to maintain compatibility
with latest APIs. But I think we have even resolved some public JIRAs
mentioning the fact that we now support this in identity-mgt webapp. So we
don't need a separate sample for this.

So, I think we can do $subject.

Regards,
Johann.

-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Some concerns on IDENTITY-6324

[Johann Nallathamby]

Hi Hasanthi/Nuwandi/IAM Team,

1. Can we please add a description in the JIRA as to what this JIRA is for?

2. The fix has made a public enum change:
"MAX_ATTEMTS_EXCEEDED" -> "MAX_ATTEMTS_EXCEEDED".
Is this intentional? In any case the spelling is still wrong.

3. We have introduced a new protected method
"setUserClaimsValuesInUserStore". Again is this intentional? And we have a
threadlocal solution to prevent listenered being triggered twice. In that
case do we need this new method?

[1] https://wso2.org/jira/browse/IDENTITY-6324

Thanks & Regards,
Johann.

-- 

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] how to obtain tenant domain from just clientid and client secret.

[shiva.k]

Hi, 

I am using WSO2 api manager 2.1.0, and I am extending password grant type
handler to customize few operations

I tried to obtain tenant domain from OAuthAppDO from I got the below
exception please help me.

 

This is utility method I trying to get OauthAppDO from which I get
AuthenticatedUser object and it's tenantdomain. But it's throwing exception.

 

String tenantDomain =
OAuthUtil.getAppInformationByClientId(oAuth2AccessTokenReqDTO.getClientId())
.getUser().getTenantDomain();

 

... 47 more

[2017-09-04 18:55:59,723] ERROR - StandardWrapperValve Servlet.service() for
servlet [OAuth2Endpoints] in context with path [/oauth2] threw exception

java.lang.RuntimeException: org.apache.cxf.interceptor.Fault:
org.wso2.carbon.identity.oauth.OAuthUtil.getAppInformationByClientId(Ljava/l
ang/String;)Lorg/wso2/carbon/identity/oauth/dao/OAuthAppDO;

at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Abs
tractFaultChainInitiatorObserver.java:116)

at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
.java:336)

at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationOb
server.java:121)

at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDes
tination.java:249)

at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servlet
Controller.java:248)

at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
java:222)

at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
java:153)

at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServ
let.java:171)

at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractH
TTPServlet.java:289)

at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServ
let.java:209)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSer
vlet.java:265)

at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:303)

at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:208)

at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:241)

at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:208)

at
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecu
rityFilter.java:120)

at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:241)

at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:208)

at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:218)

at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:122)

at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:505)

at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169
)

at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103
)

at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(Composit
eValve.java:99)

at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatVal
ve.java:47)

at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValv
e.java:57)

at
org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve
.invoke(TenantLazyLoaderValve.java:48)

at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatVa
lveContainer.java:47)

at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:
62)

at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(Car
bonStuckThreadDetectionValve.java:159)

at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)

at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonCon
textCreatorValve.java:57)

at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:116)

at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)

at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:1087)

at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:637)

at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
a:1756)

at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
1715)

at

[Dev] [Siddhi] TestUtility to throw Assertion Errors from main thread

[Gobinath]

Hi,

As per my experience during my GSoC project, the assertion errors thrown by
worker threads in the unit test callbacks do not interrupt the compiling
process.

I discussed with Suho during a code review and come up with a solution by
storing the assertion errors in a java.util.List and throw them later in
the main thread. I have sent a PR containing the prototype of my
implementation and a sample application of it [1]. Could you please check
the design, class name and the location.

I am thinking about adding overloaded methods with Predicates as shown
below but it can be used only in combined with Assert.assertTrue. WDYT?

public static TestCallBack addQueryCallback(SiddhiAppRuntime
siddhiAppRuntime, String queryName, Predicate... predicates) {
// ...
}

[1] https://github.com/wso2/siddhi/pull/510

PS: @Suho & @Nirmal please ignore my previous mail which has an incorrect
dev mail address.

Thanks & Regards,
Gobinath

-- 
*Gobinath** Loganathan*
Graduate Student,
Electrical and Computer Engineering,
Western University.
Email  : slgobin...@gmail.com
Blog: javahelps.com 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Some tests in OIDC test suite are not working for response_type = id_token

[Hasini Witharana]

Hi,

Some tests in the OIDC certification test suite[1] are not working for the
response_type = id_token. Tests that are not working are given below.

   - OP-scope-All
   - OP-scope-phone
   - OP-scope-email
   - OP-scope-address
   - OP-scope-profile
   - OP-Response-form_post

For these tests we don't get any feedback from the test suite. When I
inquire about that, OIDC certification community has opened a github issue
for not giving any response.[2]

I checked our response with Gluu server's response for the test
"OP-scope-address". Gluu server is fully OIDC certified. The comparison is
attached below.

Number of parameters are same in both responses and only difference is
"aud" value in id_token is returned as a list in our response where as Gluu
return it as a string.

As per the OIDC specification[3] "aud" value is defined as below.

audREQUIRED. Audience(s) that this ID Token is intended for. It MUST
contain the OAuth 2.0 client_id of the Relying Party as an audience value.
It MAY also contain identifiers for other audiences. In the general case,
the aud value is an array of case sensitive strings. *In the common special
case when there is one audience, the aud value MAY be a single case
sensitive string.*

We only return one audience for "aud" value but it is returned as an array.
As per the specification it is not mandatory to return a string as "aud"
value when it contains only one value.

How ever these same tests are finely working for other response
types.(code, id_token token). In those cases also, we return the "aud"
value as an array.

Can you please help me on this issue?

Thank you.

[1] - https://op.certification.openid.net:60024
[2] - https://github.com/openid-certification/oidctest/issues/48
[3] - http://openid.net/specs/openid-connect-core-1_0.html

-- 

*Hasini Witharana*
Software Engineering Intern | WSO2


*Email : hasi...@wso2.com *

*Mobile : +94713850143 <+94%2071%20385%200143>[image:
http://wso2.com/signature] *


comparison
Description: Binary data
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

[Johann Nallathamby]

On Mon, Sep 4, 2017 at 3:02 PM, Rushmin Fernando  wrote:

> Hi Johann,
>
> The fix handles the tenant scenario as well.
>
> Are you specifically talking about having different domain names for
> tenants?
>

Yes.


>
> Best Regards,
> Rushmin
>
>
> On Mon, Sep 4, 2017 at 2:59 PM, Johann Nallathamby 
> wrote:
>
>> Hi Rushmin,
>>
>> I think the better, easier, uncomplicated fix that also works for tenants
>> will be to make this a text box with a default value instead of a label.
>>
>> Can we change the fix like that?
>>
>> Regards,
>> Johann.
>>
>> On Fri, Sep 1, 2017 at 5:17 PM, Rushmin Fernando 
>> wrote:
>>
>>> Thank you for pointing this out Johann.
>>>
>>> Actually, the code doesn't do anything specific to the super tenant.
>>>
>>> The issue is with method name 'updateSuperTenantIdpWithNewEPUrls' which
>>> is incorrect and misleading. It was my mistake :-(
>>>
>>> I just sent a PR [1] fixing the method name.
>>>
>>> @Darshana, could you review and merge it.
>>>
>>> Best Regards,
>>> Rushmin
>>>
>>> [1] - https://github.com/wso2/carbon-identity-framework/pull/1043
>>>
>>> On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby 
>>> wrote:
>>>
 IAM Folks,

 Can we do a better fix for this? I don't seem to agree with this fix.

 1. We have written super tenant specific code. We shows that we treat
 super tenant differently and can be error prone.
 2. The problem still remains for already created tenants.

 Another thing we need to address is that (not related to this issue),
 some deployments require to have different DNS names for tenants.

 My suggestion:
 Make this field a text box that is modifiable.

 Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in
 that?

 Regards,
 Johann.

 -- Forwarded message --
 From: Farasath Ahamed (JIRA) 
 Date: Thu, May 18, 2017 at 1:54 AM
 Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata
 URLs are always pointing to localhost:9443
 To: carbon-j...@wso2.org


 Farasath Ahamed
 
 *created* an issue

 WSO2 Identity Server  / [image:
 Improvement]  IDENTITY-5948
 
 Generated IdP metadata URLs are always pointing to localhost:9443
 
 Issue Type: [image: Improvement] Improvement
 Affects Versions: 5.3.0-GA
 Assignee: Thanuja Lakmal
 
 Components: saml2-sso
 Created: 18/May/17 1:53 AM
 Fix Versions: 5.3.1-GA
 Priority: [image: High] High
 Reporter: Farasath Ahamed
 

 During the first startup if we do not change the hostname of the IS
 server.
 All endpoints related to SAML configs gets generated for localhost.

 Thereafter even if you change the hostname still they will remain as
 hostname,

 >>> xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
 entityID="localhost" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" 
 validUntil="2017-05-17T21:20:17.955Z" use="signing" xmlns="http://www.w3.org/2000/09/xmldsig#;>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
 Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
 CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
 AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
 sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
 AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
 QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
 O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=>>>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
 Location="https://localhost:9443/samlsso; 
 ResponseLocation="https://localhost:9443/samlsso"/>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified>>>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
 Location="https://localhost:9443/samlsso"/ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
 Location="https://localhost:9443/samlsso"/>

 Any new tenants created after the hostname change will have the correct
 URL with the hostname. But super tenant's metadata URL becomes unusable.

 

Re: [Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

[Rushmin Fernando]

Hi Johann,

The fix handles the tenant scenario as well.

Are you specifically talking about having different domain names for
tenants?

Best Regards,
Rushmin


On Mon, Sep 4, 2017 at 2:59 PM, Johann Nallathamby  wrote:

> Hi Rushmin,
>
> I think the better, easier, uncomplicated fix that also works for tenants
> will be to make this a text box with a default value instead of a label.
>
> Can we change the fix like that?
>
> Regards,
> Johann.
>
> On Fri, Sep 1, 2017 at 5:17 PM, Rushmin Fernando  wrote:
>
>> Thank you for pointing this out Johann.
>>
>> Actually, the code doesn't do anything specific to the super tenant.
>>
>> The issue is with method name 'updateSuperTenantIdpWithNewEPUrls' which
>> is incorrect and misleading. It was my mistake :-(
>>
>> I just sent a PR [1] fixing the method name.
>>
>> @Darshana, could you review and merge it.
>>
>> Best Regards,
>> Rushmin
>>
>> [1] - https://github.com/wso2/carbon-identity-framework/pull/1043
>>
>> On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby 
>> wrote:
>>
>>> IAM Folks,
>>>
>>> Can we do a better fix for this? I don't seem to agree with this fix.
>>>
>>> 1. We have written super tenant specific code. We shows that we treat
>>> super tenant differently and can be error prone.
>>> 2. The problem still remains for already created tenants.
>>>
>>> Another thing we need to address is that (not related to this issue),
>>> some deployments require to have different DNS names for tenants.
>>>
>>> My suggestion:
>>> Make this field a text box that is modifiable.
>>>
>>> Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in
>>> that?
>>>
>>> Regards,
>>> Johann.
>>>
>>> -- Forwarded message --
>>> From: Farasath Ahamed (JIRA) 
>>> Date: Thu, May 18, 2017 at 1:54 AM
>>> Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata
>>> URLs are always pointing to localhost:9443
>>> To: carbon-j...@wso2.org
>>>
>>>
>>> Farasath Ahamed
>>> 
>>> *created* an issue
>>>
>>> WSO2 Identity Server  / [image:
>>> Improvement]  IDENTITY-5948
>>> 
>>> Generated IdP metadata URLs are always pointing to localhost:9443
>>> 
>>> Issue Type: [image: Improvement] Improvement
>>> Affects Versions: 5.3.0-GA
>>> Assignee: Thanuja Lakmal
>>> 
>>> Components: saml2-sso
>>> Created: 18/May/17 1:53 AM
>>> Fix Versions: 5.3.1-GA
>>> Priority: [image: High] High
>>> Reporter: Farasath Ahamed
>>> 
>>>
>>> During the first startup if we do not change the hostname of the IS
>>> server.
>>> All endpoints related to SAML configs gets generated for localhost.
>>>
>>> Thereafter even if you change the hostname still they will remain as
>>> hostname,
>>>
>>> >> xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
>>> entityID="localhost">>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" 
>>> validUntil="2017-05-17T21:20:17.955Z">>> xmlns="http://www.w3.org/2000/09/xmldsig#;>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
>>> Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
>>> CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
>>> AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
>>> sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
>>> HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
>>> AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
>>> QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
>>> O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=>>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
>>> Location="https://localhost:9443/samlsso; 
>>> ResponseLocation="https://localhost:9443/samlsso"/>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified>>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
>>> Location="https://localhost:9443/samlsso"/>>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
>>> Location="https://localhost:9443/samlsso"/>
>>>
>>> Any new tenants created after the hostname change will have the correct
>>> URL with the hostname. But super tenant's metadata URL becomes unusable.
>>>
>>> Basically, the endpoint in SAML Metadata file is static values.
>>> IMO we should generate them dynamically so that any change to an
>>> environment parameter would be reflected correctly.
>>> [image: Add Comment]
>>> 

Re: [Dev] [IAM] (IDENTITY-5948) Can't we do a better fix for this?

[Johann Nallathamby]

Hi Rushmin,

I think the better, easier, uncomplicated fix that also works for tenants
will be to make this a text box with a default value instead of a label.

Can we change the fix like that?

Regards,
Johann.

On Fri, Sep 1, 2017 at 5:17 PM, Rushmin Fernando  wrote:

> Thank you for pointing this out Johann.
>
> Actually, the code doesn't do anything specific to the super tenant.
>
> The issue is with method name 'updateSuperTenantIdpWithNewEPUrls' which
> is incorrect and misleading. It was my mistake :-(
>
> I just sent a PR [1] fixing the method name.
>
> @Darshana, could you review and merge it.
>
> Best Regards,
> Rushmin
>
> [1] - https://github.com/wso2/carbon-identity-framework/pull/1043
>
> On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby 
> wrote:
>
>> IAM Folks,
>>
>> Can we do a better fix for this? I don't seem to agree with this fix.
>>
>> 1. We have written super tenant specific code. We shows that we treat
>> super tenant differently and can be error prone.
>> 2. The problem still remains for already created tenants.
>>
>> Another thing we need to address is that (not related to this issue),
>> some deployments require to have different DNS names for tenants.
>>
>> My suggestion:
>> Make this field a text box that is modifiable.
>>
>> Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in
>> that?
>>
>> Regards,
>> Johann.
>>
>> -- Forwarded message --
>> From: Farasath Ahamed (JIRA) 
>> Date: Thu, May 18, 2017 at 1:54 AM
>> Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata URLs
>> are always pointing to localhost:9443
>> To: carbon-j...@wso2.org
>>
>>
>> Farasath Ahamed
>> 
>> *created* an issue
>>
>> WSO2 Identity Server  / [image:
>> Improvement]  IDENTITY-5948
>> 
>> Generated IdP metadata URLs are always pointing to localhost:9443
>> 
>> Issue Type: [image: Improvement] Improvement
>> Affects Versions: 5.3.0-GA
>> Assignee: Thanuja Lakmal
>> 
>> Components: saml2-sso
>> Created: 18/May/17 1:53 AM
>> Fix Versions: 5.3.1-GA
>> Priority: [image: High] High
>> Reporter: Farasath Ahamed
>> 
>>
>> During the first startup if we do not change the hostname of the IS
>> server.
>> All endpoints related to SAML configs gets generated for localhost.
>>
>> Thereafter even if you change the hostname still they will remain as
>> hostname,
>>
>> > xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
>> entityID="localhost">> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" 
>> validUntil="2017-05-17T21:20:17.955Z">> xmlns="http://www.w3.org/2000/09/xmldsig#;>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
>> Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
>> CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
>> AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
>> sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
>> HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
>> AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
>> QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
>> O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
>> Location="https://localhost:9443/samlsso; 
>> ResponseLocation="https://localhost:9443/samlsso"/>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
>> Location="https://localhost:9443/samlsso"/>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
>> Location="https://localhost:9443/samlsso"/>
>>
>> Any new tenants created after the hostname change will have the correct
>> URL with the hostname. But super tenant's metadata URL becomes unusable.
>>
>> Basically, the endpoint in SAML Metadata file is static values.
>> IMO we should generate them dynamically so that any change to an
>> environment parameter would be reflected correctly.
>> [image: Add Comment]
>>  Add Comment
>> 
>>
>> This message was sent by Atlassian JIRA (v7.2.2#72004-sha1:9d51328)
>> [image: Atlassian logo]
>>
>> ___
>> Carbon-jira mailing list
>> carbon-j...@wso2.org
>> 

Re: [Dev] Avoid Invoking REST endpoints from SSO login page

[Hasintha Indrajee]

I think we must avoid this if this is just to check whether the endpoint
exists or not. This is anyway a costly operation. Head will only reduce the
transport cost. Otherwise when the head request reaches back end, it does
the relevant operation treating the request as a GET and avoid responding
with actual payload. In our case this is very costly because within these
calls, there are user store accesses and multiple other DB accesses.

On Fri, Aug 18, 2017 at 4:39 PM, Isura Karunaratne  wrote:

>
> On Fri, Aug 18, 2017 at 4:33 PM Malithi Edirisinghe 
> wrote:
>
>> On Fri, Aug 18, 2017 at 4:02 PM, Isura Karunaratne 
>> wrote:
>>
>>> Hi Malithi,
>>>
>>> On Fri, Aug 18, 2017 at 3:41 PM, Malithi Edirisinghe 
>>> wrote:
>>>


 On Fri, Aug 18, 2017 at 12:31 PM, Nuwandi Wickramasinghe <
 nuwan...@wso2.com> wrote:

> Looks like http calls are done to validate the endpoint url. Do we
> need this validation before showing the link?
>
> Shall we remove these calls and directly show the hyper link?
>

 So here the validation is done as we are invoking another webapp. So
 that this check make sure a broken link is never to be shown in this login
 page. Moreover, this is just a HEAD call so I don't think invoking that
 impacts the login page performance, because the actual page is not getting
 rendered here.
 The other thing is these webapps are coming from two features, so IMO,
 we cannot directly couple them together.

>>>
>>> Is that working correctly?. I think HEAD operation returns 200 OK for
>>> any endpoint starting with https://localhost:9443.
>>>
>>
>> How can that happen ?
>>
> Because carbon redirects invalid urls to main page.
>
>
> We call head on the URL right. Anyway, if it's not working we should fix.
>>
>>>
>>> Thanks
>>> Isura.
>>>
>>>
> On Fri, Aug 18, 2017 at 11:54 AM, Farasath Ahamed 
> wrote:
>
>>
>> There is another complication here. We are not honouring the hostname
>> verification settings set by Kernel when doing the backend call.
>> Ideally, we should be using the common-http client if we are doing
>> any backend https calls.
>>
>>
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>> On Fri, Aug 18, 2017 at 11:45 AM, Gayan Gunawardana 
>> wrote:
>>
>>> In IS 5.4.0-m2 SSO login page we can see couple of hyper links for
>>> Forgot Password, Forgot Username, Register Now as below.
>>>
>>>
>>> ​
>>> Actually how it renders is
>>>
>>>  <%
>>> url = new URL(identityMgtEndpointContext +
>>> "/recoverpassword.do?callback=" + Encode.forHtmlAttribute
>>> (urlEncodedURL));
>>> httpURLConnection = (HttpURLConnection)
>>> url.openConnection();
>>> httpURLConnection.setRequestMethod("HEAD");
>>> httpURLConnection.connect();
>>> if (httpURLConnection.getResponseCode() ==
>>> HttpURLConnection.HTTP_OK) {
>>> %>
>>> Forgot Password
>>> 
>>> 
>>> <%
>>> }
>>>
>>> So every time when user goes to SSO login page need to send 3 http
>>> requests to render 3 hyper links. Also if any of API raises back-end
>>> exception, bad stack trace will be printed as below.
>>>
>>> WARN {org.apache.cxf.phase.PhaseInterceptorChain} -  Application {
>>> http://endpoint.recovery.identity.carbon.wso2.org/}ClaimsApi has
>>> thrown exception, unwinding now
>>> org.apache.cxf.interceptor.Fault
>>>
>>>  Is there a better way to handle this situation ?
>>>
>>> Thanks,
>>> Gayan
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873 <071%20921%204873>
>



 --

 *Malithi Edirisinghe*
 Associate Technical Lead
 WSO2 Inc.

 Mobile : +94 (0) 718176807
 malit...@wso2.com

>>>
>>>
>>>
>>> --
>>>
>>> *Isura Dilhara Karunaratne*
>>> Associate Technical Lead | WSO2
>>> Email: is...@wso2.com
>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>> Blog : http://isurad.blogspot.com/
>>>
>>>
>>>
>>>
>>
>>
>> --
>>
>> *Malithi Edirisinghe*
>> Associate Technical Lead
>> WSO2 Inc.
>>
>> Mobile : +94 (0) 718176807
>> malit...@wso2.com
>>
> --
>
> *Isura Dilhara Karunaratne*
> 

Re: [Dev] Siddhi CEP

[Minudika Malshan]

Hi Hasara,

It's nice to hear about your interest on Siddhi.

As the first step, go through the Siddhi guide[1].
Then try to create and run some siddhi apps on *WSO2 Stream Processor*[2].

After getting familiar with the flow,
you can go through Siddhi source code[2] and it's extensions' source
codes[4], run some tests and try to understand how the work is getting done.

You can also find the issues to be solved in the siddhi issue tracker[5]

Please raise if there are any doubts.

[1] https://wso2.github.io/siddhi/documentation/siddhi-4.0/
[2] https://docs.wso2.com/display/SP400/Quick+Start+Guide
[3] https://github.com/wso2/siddhi
[4] https://github.com/wso2-extensions?utf8=%E2%9C%93=siddhi==

[5] https://github.com/wso2/siddhi/issues

BR


On Mon, Sep 4, 2017 at 11:22 AM, Hasara Maithree <
hasaramaithreedesi...@gmail.com> wrote:

> Hi all,
>
> I'm Hasara Maithree De Silva and I'm a 2nd year undergraduate of
> department of computer science and engineering in University of Moratuwa. I
> would really like to contribute myself to open source projects. I thought
> of initiating it with siddhi since I found the project is quite
> interesting. It would be great if you can guide me through the project in
> order to get an idea of how to contribute myself.
>
> Thank you
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Minudika Gammanpila*
Software Engineer - WSO2

Email   :  minud...@wso2.com

Web :  http://wso2.com 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev