Re: [Dev] API-Proxy for Single Page Application

[Thilina Madumal]

Hi all,

Since we are clear with the concept behind the Proxy let's get back to the
discussion of APIProxy implementation.

While researching I found that Yahoo provides an API proxy service and it
adopts SQL like language. Please see [1].

In our implementation, we also can adopt the same. For an example from the
SPA it just need to send a query parameter like [2]

If so a request from SPA to our APIProxy will look like [3]

WDYT?

[1] https://developer.yahoo.com/yql/guide/overview.html
[2] get name:name,age:18,city:colombo from https://some.third.party.api.com
[3] https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"="get
name:name,age:18,city:colombo from https://some.third.party.api.com;

Thanks,
Thilina

On Mon, Nov 20, 2017 at 1:29 PM, roshan wijesena 
wrote:

> Thanks Prabath.
>
> It is clear now.
>
> Regards
> Roshan
>
>
> On Mon, Nov 20, 2017 at 6:11 PM Prabath Siriwardena 
> wrote:
>
>> Let me clarify what is solved by the encryption here..
>>
>> Here the proxy uses the code grant type - and it gets access token +
>> refresh token. Proxy can either store that at server side and replicate it
>> across all the nodes - or store them in an encrypted cookie, and make
>> things stateless..
>>
>> Encryption is used here to make the application stateless - and the end
>> user will not get access to the access token or the refresh token.
>>
>> Then again, if someone finds the value stored in the session storage and
>> then talk to the proxy API passing that along with all the encrypted
>> cookies through its own app (say cURL).. it will not work...
>>
>> To make the above blocked - you need to have TLS channel binding between
>> the browser and the proxy - and you need not to worry about APIs (whether
>> they support channel binding or not)...
>>
>> The other benefit proxy gives is support for CORS - you need not to worry
>> whether the external APIs support CORS or not...
>>
>> Thanks & regards,
>> -Prabath
>>
>>
>> On Sun, Nov 19, 2017 at 11:44 PM, Thilina Madumal 
>> wrote:
>>
>>> +Dev list
>>>
>>> On Mon, Nov 20, 2017 at 11:01 AM, Thilina Madumal 
>>> wrote:
>>>
 Hi Roshan,


 On Mon, Nov 20, 2017 at 10:43 AM, roshan wijesena <
 roshan86...@gmail.com> wrote:

> Hi Thilina,
>
> How do you create this encrypted token? I agree with  NuwanD,  if you
> store that encrypted token in the browser, and if some one got that token
> he can
>

 For now I'm using symetric encryption. Encrypted tokens are stored in a
 cookie and sent to the browser.


> access your protected backed via proxy call. The point is encrypted
> token seems not fixing the problem, which you trying to achieve.
>

 So what do you suggest?
 You are suggesting to store the tokens at the Proxy against some key
 (say sessionID), and send this sessionID as a cookie to the browser-client?
 If so, what if this cookie is stolen? It is the same case right?


>
> Regards
> Roshan
>
> On Mon, Nov 20, 2017 at 4:01 PM, Thilina Madumal 
> wrote:
>
>> Hi Nuwan,
>>
>>
>> On Mon, Nov 20, 2017 at 1:54 AM, Nuwan Dias  wrote:
>>
>>> Hi Thilina,
>>>
>>> I still don't understand how encrypting this information makes the
>>> proxy stateless. What state would the proxy have to bear if this
>>> information was in plain text? Also why would you need to store the
>>> id_token on client side?
>>>
>>
>> If the access_token is not stored at the browser side, then the proxy
>> need to store the access_token against some key at the proxy side. It is
>> same with the id_token. We need the id_token to understand the context of
>> the access_token.
>>
>> In order to avoid storing tokens at the Proxy, we need to send those
>> to the browser client. Sending them as plain text is not a wise thing to
>> do. That's where the encryption comes in handy.
>>
>> However the important thing to note here is, there is no server-side
>> for these SPAs. We don't target the web-applications with a server-side.
>> Our focus is only pure SPAs where there is no corresponding server side.
>>
>>
>>>
>>> Yes, encrypting the token and other info would prevent an attacker
>>> calling the APIs directly. But an attacker wouldn't be worried about
>>> calling the APIs directly. He would just call through the proxy, just 
>>> like
>>> the SPA itself does.
>>>
>>
>> If the attacker can get hold of the cookies, yes this can happen.
>> However given that if we have secured the cookies and make them HTTPOnly 
>> we
>> can ensure security up to some level, can't we?
>>
>> However if an attacker got hold of your facebook, google, or whatever
>> cookies then he will be able to forge 

[Dev] [EI] Error while running ciphertool

[Godwin Shrimal]

Hi Devs,

I am getting an error when running ciphertool from /bin directory.
It works when running from . Please see the error below. I think
this is a bug.

Exception in thread "main"
org.wso2.ciphertool.exception.CipherToolException: File,
cipher-standalone-config.properties does not exist.
at
org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.java:247)
at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)

Thanks
Godwin

-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI] Error while running ciphertool

[Godwin Shrimal]

Ok, Thanks for the response Vinod.


Thanks
Godwin

On Tue, Nov 21, 2017 at 1:54 PM, Vinod Kavinda  wrote:

> Hi Godwin,
> This is a known issue. It is already fixed in master branches.
>
> Regards,
> Vinod
>
> On Tue, Nov 21, 2017 at 12:22 PM, Godwin Shrimal  wrote:
>
>> Hi Devs,
>>
>> I am getting an error when running ciphertool from /bin
>> directory. It works when running from . Please see the error
>> below. I think this is a bug.
>>
>> Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException:
>> File, cipher-standalone-config.properties does not exist.
>> at org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.
>> java:247)
>> at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93)
>> at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)
>>
>> Thanks
>> Godwin
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> Vinod Kavinda
> Senior Software Engineer
> *WSO2 Inc. - lean . enterprise . middleware .*
> Mobile : +94 (0) 712 415544
> Blog : http://soatechflicks.blogspot.com/
> [image: http://wso2.com/signature]
> 
>
>


-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI Analytics] Change port offset

[Fazlan Nazeem]

Hi Godwin,

According to this[1] you need to configure the ports in
MessageFlowConfigurationPublisher.xml and
MessageFlowStatisticsPublisher.xml from 7612 to 7611.

[1] https://docs.wso2.com/display/EI611/Prerequisites+to+Publish+Statistics

On Tue, Nov 21, 2017 at 9:39 AM, Godwin Shrimal  wrote:

> Hi All,
>
> Can't we change the port offset of the EI analytics? By default, it's 1
> and I set it to 0 and run and got below error in EI nodes. IS there any
> place to configure 7712 port complaining below? I couldn't find any
> configs.
>
> TID: [-1] [] [2017-11-21 11:05:32,476] ERROR {org.wso2.carbon.databridge.
> agent.endpoint.DataEndpointConnectionWorker} -  Error while trying to
> connect to the endpoint. Cannot borrow client for ssl://10.50.139.12:7712
> {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker}
> org.wso2.carbon.databridge.agent.exception.DataEndpointAuthenticationException:
> Cannot borrow client for ssl://10.50.139.12:7712
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:99)
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:42)
> at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: 
> org.wso2.carbon.databridge.agent.exception.DataEndpointSecurityException:
> Error while trying to connect to ssl://10.50.139.12:7712
> at org.wso2.carbon.databridge.agent.endpoint.thrift.
> ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.
> java:81)
> at org.wso2.carbon.databridge.agent.client.
> AbstractClientPoolFactory.makeObject(AbstractClientPoolFactory.java:39)
> at org.apache.commons.pool.impl.GenericKeyedObjectPool.
> borrowObject(GenericKeyedObjectPool.java:1212)
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:91)
> ... 6 more
> Caused by: org.apache.thrift.transport.TTransportException: Could not
> connect to 10.50.139.12 on port 7712
> at org.apache.thrift.transport.TSSLTransportFactory.createClient(
> TSSLTransportFactory.java:237)
> at org.apache.thrift.transport.TSSLTransportFactory.
> getClientSocket(TSSLTransportFactory.java:169)
> at org.wso2.carbon.databridge.agent.endpoint.thrift.
> ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.
> java:63)
> ... 9 more
> Caused by: java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.AbstractPlainSocketImpl.doConnect(
> AbstractPlainSocketImpl.java:350)
> at java.net.AbstractPlainSocketImpl.connectToAddress(
> AbstractPlainSocketImpl.java:206)
> at java.net.AbstractPlainSocketImpl.connect(
> AbstractPlainSocketImpl.java:188)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:589)
> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
> at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:427)
> at sun.security.ssl.SSLSocketFactoryImpl.createSocket(
> SSLSocketFactoryImpl.java:88)
> at org.apache.thrift.transport.TSSLTransportFactory.createClient(
> TSSLTransportFactory.java:233)
> ... 11 more
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
Thanks & Regards,

*Fazlan Nazeem*
Senior Software Engineer
WSO2 Inc
Mobile : +94772338839
<%2B94%20%280%29%20773%20451194>
fazl...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] 'Input too long' error occurred while executing Siddhi.bat file

[Rasika Perera]

Hi Raveen,

Glad to hear that you were able to solve the issue.

On Mon, Nov 20, 2017 at 12:14 AM, Raveen Rathnayake  wrote:

> Hi Rasika,
>
> I used the following set clause and was able to solve the issue.
>
> set SIDDHI_CLASSPATH="%SIDDHI_HOME%\lib\*"
>
> Thanks for the help.
>
>
> 
>  Virus-free.
> www.avg.com
> 
> <#m_8946655889796611165_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> On Wed, Nov 15, 2017 at 9:10 PM, Raveen Rathnayake 
> wrote:
>
>> HI Rasika,
>>
>> Thanks for the suggestion. I will check this.
>>
>>
>> On Wed, Nov 15, 2017 at 6:07 PM, Rasika Perera  wrote:
>>
>>> Hi Raveen,
>>>
>>> Yes issue might be because of JAR files list of 279 makes the windows
>>> 'java' command hits the O/S limit. In your script, below loop is adding the
>>> fully qualified paths for the each jar file into the "classpath" of the
>>> java command.
>>>
>>> FOR %%D in ("%SIDDHI_HOME%\lib\*.jar") DO set 
>>> SIDDHI_CLASSPATH=!SIDDHI_CLASSPATH!;
>>> "%SIDDHI_HOME%\lib\%%~nD%%~xD"
>>>
>>> As per this SO answer[1]; did you try adding wild card imports instead of 
>>> the for-loop? For example;
>>>
>>> set SIDDHI_CLASSPATH=!SIDDHI_CLASSPATH!;"SIDDHI_HOME%\lib\*"
>>>
>>> [1] https://stackoverflow.com/a/219801/1560536
>>>
>>>
>>> On Tue, Nov 14, 2017 at 5:00 PM, Raveen Rathnayake 
>>> wrote:
>>>
 Hi all,

 Currently I am in the process of developing a SDK for Siddhi. In this
 SDK I am packing all the Siddhi Extensions with it. All the jars(*all
 together 279*) related to these extensions are located in the*
 {siddhi.home}/lib* folder. Executable files(*siddhi.sh* and
 *siddhi.bat*) are located in the *{siddhi.home}/bin* folder. In the*
 siddhi.bat* file I am adding all the jar files in the
 *{siddhi.home}/lib* folder to the *classpath*. When I tried to execute
 the* siddhi.bat* file I am getting an error  saying "*The input line
 is too long*." After googling about the error, I found that this error
 was caused because in windows a single command has a limit of ~250
 characters. Since this 250 limit is exceeded by classpath setting command,
 I got the error.(when adding all the names of jars inside the lib the 250
 limit is exceeded.) I have tried few methods to overcome this issue, but
 failed.  I have attached the *siddhi.bat* file here with.

 It will be great if any of you can suggest a solution for this.

 Thank you.
 --
 Raveen Savinda Rathnayake,
 Software Engineering Intern,
 WSO2 Inc.

 *lean. enterprise. middleware  *
 Web: www.WSO2.com Mobile : +94771144549  Blog : https://blog.raveen.me

 

 

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> With Regards,
>>>
>>> *Rasika Perera*
>>> Senior Software Engineer
>>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>>
>>> 
>>>
>>> WSO2 Inc. www.wso2.com
>>> lean.enterprise.middleware
>>>
>>
>>
>>
>> --
>> Raveen Savinda Rathnayake,
>> Software Engineering Intern,
>> WSO2 Inc.
>>
>> *lean. enterprise. middleware  *
>> Web: www.WSO2.com Mobile : +94771144549  Blog : https://blog.raveen.me
>>
>> 
>>
>> 
>>
>
>
>
> --
> Raveen Savinda Rathnayake,
> Software Engineering Intern,
> WSO2 Inc.
>
> *lean. enterprise. middleware  *
> Web: www.WSO2.com Mobile : +94771144549  Blog : https://blog.raveen.me
>
> 
>
> 
>



-- 
With Regards,

*Rasika Perera*
Senior Software Engineer
LinkedIn: http://lk.linkedin.com/in/rasika90



WSO2 Inc. www.wso2.com
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: Anomaly Detection in JIra Using CEP

[Inthirakumaaran Tharmakulasingham]

Hi isham,

Yep, kind of, I think what you need is an SSL certificate and it contains
the public key.If put that in your key store you won't get a validator
exception... :)

On Tue, Nov 21, 2017 at 10:15 AM, Isham Mohamed  wrote:

> Hi Kumar,
>
> Thanks for the response. That's the problem. if I was able to get access
> to the public key of the mail server I would  have done it straightforward.
> but dev_ops has some difficulty getting me the public key.
> is that what u suggested??
>
>
> On Tue, Nov 21, 2017 at 9:46 AM, Inthirakumaaran Tharmakulasingham <
> inthirakumaa...@wso2.com> wrote:
>
>> +Dev
>>
>> On Mon, Nov 20, 2017 at 11:07 PM, Inthirakumaaran Tharmakulasingham <
>> inthirakumaa...@wso2.com> wrote:
>>
>>> Hi Isham,
>>>
>>> Did you add proper certificates to Java keystore? ( $JAVA_HOME/
>>> jre/lib/security/cacerts).If you want you can run your server with
>>> "-Djavax.net.debug=all" see more about your problem.Hope this could help :)
>>>
>>> regards,
>>> kumar
>>>
>>>
>>> On Mon, Nov 20, 2017 at 5:50 PM, Isham Mohamed  wrote:
>>>
 Hi All,
 This is regarding configuring email publisher of the wso2das3.1.0
 I configured output-event-adapter.xml as bellow

 * *
 **
 *no-re...@wso2.com
 *
 *[username]*
 *[password]*
 *tygra.wso2.com
 *
 *25*
 *true*
 *true*
 **
 *8*
 *100*
 *2*
 *1*
 **

 when I tried to send a mail there was an error saying,

 javax.net.ssl.SSLHandshakeException: 
 sun.security.validator.ValidatorException:
 PKIX path building failed: 
 sun.security.provider.certpath.SunCertPathBuilderException:
 unable to find valid certification path to requested target

 so we did a workaround by disabling "mail.smtp.starttls" .
 The mails are used only for internal purpose.
 is this recommended??

 Thanks

 On Mon, Nov 20, 2017 at 5:38 PM, Isham Mohamed  wrote:

> adding Srinath,Suho,Sajith,Isuru
>



 --

 Isham Mohamed
 *Trainee Software Engineer*
 WSO2

 p: +94778696585 <+94%2077%20869%206585>

 .

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Inthirakumaaran
>>> Software Engineering - Intern | WSO2
>>>
>>> Email: inthirakumaa...@wso2.com
>>> Mobile:0766598050
>>>
>>>
>>
>>
>> --
>> Inthirakumaaran
>> Software Engineering - Intern | WSO2
>>
>> Email: inthirakumaa...@wso2.com
>> Mobile:0766598050
>>
>>
>
>
> --
>
> Isham Mohamed
> *Trainee Software Engineer*
> WSO2
>
> p: +94778696585 <+94%2077%20869%206585>
>
> .
>



-- 
Inthirakumaaran
Software Engineering - Intern | WSO2

Email: inthirakumaa...@wso2.com
Mobile:0766598050
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI Analytics] Change port offset

[Vijitha Ekanayake]

Hi Godwin,

You can change the portOffset of the EI analytics distribution by changing
the carbon.xml file resides in (EI_HOME)/wso2/analytics/conf directory.
Once you change the port of the EI analytics, please make sure to change
the MessageFlowConfigurationPublisher and MessageFlowStatisticsPublisher to
point to the correct EI analytics server. you can find relevant files
inside (EI_HOME)/repository/deployment/server/eventpublishers/ directory.
Further, refer[1] for more details.


[1]. https://docs.wso2.com/display/EI611/Prerequisites+to+Publish+Statistics

Thanks.

On Tue, Nov 21, 2017 at 9:39 AM, Godwin Shrimal  wrote:

> Hi All,
>
> Can't we change the port offset of the EI analytics? By default, it's 1
> and I set it to 0 and run and got below error in EI nodes. IS there any
> place to configure 7712 port complaining below? I couldn't find any
> configs.
>
> TID: [-1] [] [2017-11-21 11:05:32,476] ERROR {org.wso2.carbon.databridge.
> agent.endpoint.DataEndpointConnectionWorker} -  Error while trying to
> connect to the endpoint. Cannot borrow client for ssl://10.50.139.12:7712
> {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker}
> org.wso2.carbon.databridge.agent.exception.DataEndpointAuthenticationException:
> Cannot borrow client for ssl://10.50.139.12:7712
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:99)
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:42)
> at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: 
> org.wso2.carbon.databridge.agent.exception.DataEndpointSecurityException:
> Error while trying to connect to ssl://10.50.139.12:7712
> at org.wso2.carbon.databridge.agent.endpoint.thrift.
> ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.
> java:81)
> at org.wso2.carbon.databridge.agent.client.
> AbstractClientPoolFactory.makeObject(AbstractClientPoolFactory.java:39)
> at org.apache.commons.pool.impl.GenericKeyedObjectPool.
> borrowObject(GenericKeyedObjectPool.java:1212)
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:91)
> ... 6 more
> Caused by: org.apache.thrift.transport.TTransportException: Could not
> connect to 10.50.139.12 on port 7712
> at org.apache.thrift.transport.TSSLTransportFactory.createClient(
> TSSLTransportFactory.java:237)
> at org.apache.thrift.transport.TSSLTransportFactory.
> getClientSocket(TSSLTransportFactory.java:169)
> at org.wso2.carbon.databridge.agent.endpoint.thrift.
> ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.
> java:63)
> ... 9 more
> Caused by: java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.AbstractPlainSocketImpl.doConnect(
> AbstractPlainSocketImpl.java:350)
> at java.net.AbstractPlainSocketImpl.connectToAddress(
> AbstractPlainSocketImpl.java:206)
> at java.net.AbstractPlainSocketImpl.connect(
> AbstractPlainSocketImpl.java:188)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:589)
> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
> at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:427)
> at sun.security.ssl.SSLSocketFactoryImpl.createSocket(
> SSLSocketFactoryImpl.java:88)
> at org.apache.thrift.transport.TSSLTransportFactory.createClient(
> TSSLTransportFactory.java:233)
> ... 11 more
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
Vijitha Ekanayake
Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
Mobile : +94 777 24 73 39 | +94 718 74 44 08
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI] Pass argument to profile creator

[Vinod Kavinda]

+1 for the change.

/Vinod

On Tue, Nov 21, 2017 at 10:45 AM, Vijitha Ekanayake 
wrote:

> Hi Godwin,
>
> Agree with you. At the moment we don't have an option of passing a command
> line argument to create the required profile. We need to change existing
> profile creator script to take command line arguments and generate the
> distribution accordingly. I've reported an issue[1] to introduce system
> argument to the profile creator script. We'll include the changes in an
> upcoming release. Thanks a lot for raising the concern.
>
> [1]. https://github.com/wso2/product-ei/issues/1361
>
> Thanks.
>
> On Mon, Nov 20, 2017 at 3:49 PM, Godwin Shrimal  wrote:
>
>> Hi Integration Team,
>>
>> Can we pass required profile as command line argument and run
>> *profile-creator.sh* ?  If not its something necessary feature when we
>> are automating deployment. We can't ask users input.
>>
>> Thanks
>> Godwin
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> Vijitha Ekanayake
> Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
> Mobile : +94 777 24 73 39 | +94 718 74 44 08
> lean.enterprise.middleware
>



-- 
Vinod Kavinda
Senior Software Engineer
*WSO2 Inc. - lean . enterprise . middleware .*
Mobile : +94 (0) 712 415544
Blog : http://soatechflicks.blogspot.com/
[image: http://wso2.com/signature]

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI] Pass argument to profile creator

[Vijitha Ekanayake]

Hi Godwin,

Agree with you. At the moment we don't have an option of passing a command
line argument to create the required profile. We need to change existing
profile creator script to take command line arguments and generate the
distribution accordingly. I've reported an issue[1] to introduce system
argument to the profile creator script. We'll include the changes in an
upcoming release. Thanks a lot for raising the concern.

[1]. https://github.com/wso2/product-ei/issues/1361

Thanks.

On Mon, Nov 20, 2017 at 3:49 PM, Godwin Shrimal  wrote:

> Hi Integration Team,
>
> Can we pass required profile as command line argument and run
> *profile-creator.sh* ?  If not its something necessary feature when we
> are automating deployment. We can't ask users input.
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
Vijitha Ekanayake
Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
Mobile : +94 777 24 73 39 | +94 718 74 44 08
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [EI Analytics] Change port offset

[Sashika Wijesinghe]

Hi Godwin,

AFAIK if you change the analytics port offset, you need to configure the
"receiverURL" in "MessageFlowConfigurationPublisher.xml" and
"MessageFlowStatisticsPublisher.xml" to "7611" at
/repository/deployment/server/eventpublishers location.

Regards,
Sashika

On Tue, Nov 21, 2017 at 9:39 AM, Godwin Shrimal  wrote:

> Hi All,
>
> Can't we change the port offset of the EI analytics? By default, it's 1
> and I set it to 0 and run and got below error in EI nodes. IS there any
> place to configure 7712 port complaining below? I couldn't find any
> configs.
>
> TID: [-1] [] [2017-11-21 11:05:32,476] ERROR {org.wso2.carbon.databridge.
> agent.endpoint.DataEndpointConnectionWorker} -  Error while trying to
> connect to the endpoint. Cannot borrow client for ssl://10.50.139.12:7712
> {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker}
> org.wso2.carbon.databridge.agent.exception.DataEndpointAuthenticationException:
> Cannot borrow client for ssl://10.50.139.12:7712
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:99)
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:42)
> at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: 
> org.wso2.carbon.databridge.agent.exception.DataEndpointSecurityException:
> Error while trying to connect to ssl://10.50.139.12:7712
> at org.wso2.carbon.databridge.agent.endpoint.thrift.
> ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.
> java:81)
> at org.wso2.carbon.databridge.agent.client.
> AbstractClientPoolFactory.makeObject(AbstractClientPoolFactory.java:39)
> at org.apache.commons.pool.impl.GenericKeyedObjectPool.
> borrowObject(GenericKeyedObjectPool.java:1212)
> at org.wso2.carbon.databridge.agent.endpoint.
> DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:91)
> ... 6 more
> Caused by: org.apache.thrift.transport.TTransportException: Could not
> connect to 10.50.139.12 on port 7712
> at org.apache.thrift.transport.TSSLTransportFactory.createClient(
> TSSLTransportFactory.java:237)
> at org.apache.thrift.transport.TSSLTransportFactory.
> getClientSocket(TSSLTransportFactory.java:169)
> at org.wso2.carbon.databridge.agent.endpoint.thrift.
> ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.
> java:63)
> ... 9 more
> Caused by: java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.AbstractPlainSocketImpl.doConnect(
> AbstractPlainSocketImpl.java:350)
> at java.net.AbstractPlainSocketImpl.connectToAddress(
> AbstractPlainSocketImpl.java:206)
> at java.net.AbstractPlainSocketImpl.connect(
> AbstractPlainSocketImpl.java:188)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> at java.net.Socket.connect(Socket.java:589)
> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
> at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:427)
> at sun.security.ssl.SSLSocketFactoryImpl.createSocket(
> SSLSocketFactoryImpl.java:88)
> at org.apache.thrift.transport.TSSLTransportFactory.createClient(
> TSSLTransportFactory.java:233)
> ... 11 more
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 

*Sashika WijesingheSoftware Engineer - QA Team*
Mobile : +94 (0) 774537487
sash...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [OAuth2.0] [Token Binding] Need delimiter for security tokens

[KasunG Gajasinghe]

+dev

On Tue, Nov 21, 2017 at 9:14 AM, Inthirakumaaran Tharmakulasingham <
inthirakumaa...@wso2.com> wrote:

> ya with bas64 it will look like
>
> Access-Token = BASE64ENCODE(SHA256-Hash(TokenBindingID) + 

Re: [Dev] [TokenBinding][OAuth] Need to add a sample application to IS

[Thanuja Jayasinghe]

Hi Inthirakumaaran,

You need to add your sample to
https://github.com/wso2/product-is/tree/5.x.x/modules/samples/oauth2.
Please send a pull request.

Thanks,
Thanuja

On Mon, Nov 20, 2017 at 3:17 PM, Inthirakumaaran Tharmakulasingham <
inthirakumaa...@wso2.com> wrote:

> Hi all,
> I developed a sample application to send OAuth requests to IS server with
> token binding support.Need to add that to product IS samples.
>
> git hub link for that application: https://github.com/inthirakumaaran/
> TokenBindingSample
>
> Thank you,
>
> Regards,
> kumar
>
> --
> Inthirakumaaran
> Software Engineering - Intern | WSO2
>
> Email: inthirakumaa...@wso2.com
> Mobile:0766598050
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: Anomaly Detection in JIra Using CEP

[Inthirakumaaran Tharmakulasingham]

+Dev

On Mon, Nov 20, 2017 at 11:07 PM, Inthirakumaaran Tharmakulasingham <
inthirakumaa...@wso2.com> wrote:

> Hi Isham,
>
> Did you add proper certificates to Java keystore? ( $JAVA_HOME/
> jre/lib/security/cacerts).If you want you can run your server with
> "-Djavax.net.debug=all" see more about your problem.Hope this could help :)
>
> regards,
> kumar
>
>
> On Mon, Nov 20, 2017 at 5:50 PM, Isham Mohamed  wrote:
>
>> Hi All,
>> This is regarding configuring email publisher of the wso2das3.1.0
>> I configured output-event-adapter.xml as bellow
>>
>> * *
>> **
>> *no-re...@wso2.com
>> *
>> *[username]*
>> *[password]*
>> *tygra.wso2.com
>> *
>> *25*
>> *true*
>> *true*
>> **
>> *8*
>> *100*
>> *2*
>> *1*
>> **
>>
>> when I tried to send a mail there was an error saying,
>>
>> javax.net.ssl.SSLHandshakeException: 
>> sun.security.validator.ValidatorException:
>> PKIX path building failed: 
>> sun.security.provider.certpath.SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>>
>> so we did a workaround by disabling "mail.smtp.starttls" .
>> The mails are used only for internal purpose.
>> is this recommended??
>>
>> Thanks
>>
>> On Mon, Nov 20, 2017 at 5:38 PM, Isham Mohamed  wrote:
>>
>>> adding Srinath,Suho,Sajith,Isuru
>>>
>>
>>
>>
>> --
>>
>> Isham Mohamed
>> *Trainee Software Engineer*
>> WSO2
>>
>> p: +94778696585 <+94%2077%20869%206585>
>>
>> .
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Inthirakumaaran
> Software Engineering - Intern | WSO2
>
> Email: inthirakumaa...@wso2.com
> Mobile:0766598050
>
>


-- 
Inthirakumaaran
Software Engineering - Intern | WSO2

Email: inthirakumaa...@wso2.com
Mobile:0766598050
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [EI Analytics] Change port offset

[Godwin Shrimal]

Hi All,

Can't we change the port offset of the EI analytics? By default, it's 1 and
I set it to 0 and run and got below error in EI nodes. IS there any place
to configure 7712 port complaining below? I couldn't find any configs.

TID: [-1] [] [2017-11-21 11:05:32,476] ERROR
{org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker} -
 Error while trying to connect to the endpoint. Cannot borrow client for
ssl://10.50.139.12:7712
{org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker}
org.wso2.carbon.databridge.agent.exception.DataEndpointAuthenticationException:
Cannot borrow client for ssl://10.50.139.12:7712
at
org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:99)
at
org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:42)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by:
org.wso2.carbon.databridge.agent.exception.DataEndpointSecurityException:
Error while trying to connect to ssl://10.50.139.12:7712
at
org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.java:81)
at
org.wso2.carbon.databridge.agent.client.AbstractClientPoolFactory.makeObject(AbstractClientPoolFactory.java:39)
at
org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1212)
at
org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:91)
... 6 more
Caused by: org.apache.thrift.transport.TTransportException: Could not
connect to 10.50.139.12 on port 7712
at
org.apache.thrift.transport.TSSLTransportFactory.createClient(TSSLTransportFactory.java:237)
at
org.apache.thrift.transport.TSSLTransportFactory.getClientSocket(TSSLTransportFactory.java:169)
at
org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftSecureClientPoolFactory.createClient(ThriftSecureClientPoolFactory.java:63)
... 9 more
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:427)
at
sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:88)
at
org.apache.thrift.transport.TSSLTransportFactory.createClient(TSSLTransportFactory.java:233)
... 11 more


Thanks
Godwin

-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [OAuth2.0] [Token Binding] Need delimiter for security tokens

[KasunG Gajasinghe]

OK... So, following is the syntax right? I take it you base64 encode this
as well?

Access-Token = SHA256-Hash(TokenBindingID) + 

[Dev] [EI] Pass argument to profile creator

[Godwin Shrimal]

Hi Integration Team,

Can we pass required profile as command line argument and run
*profile-creator.sh* ?  If not its something necessary feature when we are
automating deployment. We can't ask users input.

Thanks
Godwin

-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [OAuth2.0] [Token Binding] Need delimiter for security tokens

[Inthirakumaaran Tharmakulasingham]

Hi all,

In my project token binding, I need to append the hash value of token
binding Id to access token, refresh token and authorization code.For that,
I need a magic String as a delimiter to separate token binding id and
security tokens.

Eg: if you take access token with token binding support then

new access token = hash(tokenBindingID)+delimieter+normalAccessToken.

Later on, this delimiter will be used in Introspection endpoint to extract
the token binding hash value.The problem is user can configure his token
generator in IS and that generator could use special characters.So I need a
proper delimiter

Currently, I am using 

Re: [Dev] How to include user profile email in JWT token

[Dushantha Batuwita]

Hi Dev
I'm sorry I have missed the following details in the above email

please consider the APIM 2.10 and IS 5.3.0 as Km

regards


On Mon, Nov 20, 2017 at 5:18 PM, Dushantha Batuwita 
wrote:

>
> Hi Dev
>
> I’m involved in a task which is having API-M and IS as KM cluster,
> There I generate a JWT token by going through [1]document.
>
> When I retrieve the jwt token and check by decoding I can’t find the users
> email which I have already set at user profile level.
>
> *Sample decoded JWT payload*
>
> {
>
>  "http://wso2.org/claims/userid": "0a6eb289-9e02-4fd6-b8a6-26ea9c7ed360",
>
>  "http://wso2.org/claims/username": "patient1",
>
>  "http://wso2.org/claims/role": [
>
>"patient",
>
>"Internal/everyone"
>
>  ],
>
>  "http://wso2.org/claims/applicationtier": "Unlimited",
>
>  "http://wso2.org/claims/keytype": "PRODUCTION",
>
>  "http://wso2.org/claims/version": "v1.0",
>
>  "iss": "wso2.org/products/am",
>
>  "http://wso2.org/claims/applicationname": "patientApplication",
>
>  "http://wso2.org/claims/enduser": "patient1@carbon.super",
>
>  "http://wso2.org/claims/enduserTenantId": "-1234",
>
>  "http://wso2.org/claims/givenname": "Saman",
>
>  "http://wso2.org/claims/created": "2017-11-20T13:43:39",
>
>  "http://wso2.org/claims/fullname": "patient1",
>
>  "http://wso2.org/claims/modified": "2017-11-20T15:00:58",
>
>  "http://wso2.org/claims/subscriber": "patient1",
>
>  "http://wso2.org/claims/tier": "Unlimited",
>
>  "http://wso2.org/claims/emailaddress": "saman...@tahoo.com",
>
>  "http://wso2.org/claims/lastname": "patient1",
>
>  "http://wso2.org/claims/applicationid": "5",
>
>  "http://wso2.org/claims/usertype": "APPLICATION",
>
>  "exp": 1511176687,
>
>  "http://wso2.org/claims/apicontext": "/patientInfo/v1.0"
>
> }
>
>
> Please advise If I’m missing out something when I configure to include
> user email
>
> [1]https://docs.wso2.com/display/AM200/Passing+Enduser+
> Attributes+to+the+Backend+Using+JWT
>
>
>
> Many thanks
>
>
>
>
>
> --
> *Dushantha Nayanajith Chandima Batuwita*
> Software Engineer Support | WSO2
> dushan...@wso2.com
> mobile : 0094777453010
>



-- 
*Dushantha Nayanajith Chandima Batuwita*
Software Engineer Support | WSO2
dushan...@wso2.com
mobile : 0094777453010
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to include user profile email in JWT token

[Maneesha Wijesekara]

Hi Dushantha,

>From what you've attached as sample decoded payload, I can see the email
address as '*saman...@tahoo.com *' retrive for the
claim 'http://wso2.org/claims/emailaddress'

Regards
Maneesha

On Mon, Nov 20, 2017 at 7:07 PM, Thivya Mahenthirarasa 
wrote:

> Hi Dushantha,
>
> Try creating a new user profile on your key manager with the email
> attribute and try the scenario again.  The browser might have kept the
> cache due to which you couldn't be able to find the email.
>
>
> Regards,
> Thivya
>
> On Mon, Nov 20, 2017 at 5:18 PM, Dushantha Batuwita 
> wrote:
>
>>
>> Hi Dev
>>
>> I’m involved in a task which is having API-M and IS as KM cluster,
>> There I generate a JWT token by going through [1]document.
>>
>> When I retrieve the jwt token and check by decoding I can’t find the
>> users email which I have already set at user profile level.
>>
>> *Sample decoded JWT payload*
>>
>> {
>>
>>  "http://wso2.org/claims/userid": "0a6eb289-9e02-4fd6-b8a6-26ea9c7ed360",
>>
>>  "http://wso2.org/claims/username": "patient1",
>>
>>  "http://wso2.org/claims/role": [
>>
>>"patient",
>>
>>"Internal/everyone"
>>
>>  ],
>>
>>  "http://wso2.org/claims/applicationtier": "Unlimited",
>>
>>  "http://wso2.org/claims/keytype": "PRODUCTION",
>>
>>  "http://wso2.org/claims/version": "v1.0",
>>
>>  "iss": "wso2.org/products/am",
>>
>>  "http://wso2.org/claims/applicationname": "patientApplication",
>>
>>  "http://wso2.org/claims/enduser": "patient1@carbon.super",
>>
>>  "http://wso2.org/claims/enduserTenantId": "-1234",
>>
>>  "http://wso2.org/claims/givenname": "Saman",
>>
>>  "http://wso2.org/claims/created": "2017-11-20T13:43:39",
>>
>>  "http://wso2.org/claims/fullname": "patient1",
>>
>>  "http://wso2.org/claims/modified": "2017-11-20T15:00:58",
>>
>>  "http://wso2.org/claims/subscriber": "patient1",
>>
>>  "http://wso2.org/claims/tier": "Unlimited",
>>
>>  "http://wso2.org/claims/emailaddress": "saman...@tahoo.com",
>>
>>  "http://wso2.org/claims/lastname": "patient1",
>>
>>  "http://wso2.org/claims/applicationid": "5",
>>
>>  "http://wso2.org/claims/usertype": "APPLICATION",
>>
>>  "exp": 1511176687,
>>
>>  "http://wso2.org/claims/apicontext": "/patientInfo/v1.0"
>>
>> }
>>
>>
>> Please advise If I’m missing out something when I configure to include
>> user email
>>
>> [1]https://docs.wso2.com/display/AM200/Passing+Enduser+Attri
>> butes+to+the+Backend+Using+JWT
>>
>>
>>
>> Many thanks
>>
>>
>>
>>
>>
>> --
>> *Dushantha Nayanajith Chandima Batuwita*
>> Software Engineer Support | WSO2
>> dushan...@wso2.com
>> mobile : 0094777453010
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Thivya Mahenthirarasa*
>
> *Software Engineer -Support Team | WSO2*
>
>
> *Email: thi...@wso2.com *
>
> *Mobile: +94766461966 <+94%2076%20646%201966> *
> *Web: http://wso2.com *
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Maneesha Wijesekara
Software Engineer - QA Team
WSO2 Inc.

Email: manee...@wso2.com
Linkedin: http://linkedin.com/in/maneeshawijesekara
Mobile: +94712443119
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Not able to access xslt from inside wso2 xslt mediator. Please guide.

[Gayan Dhanushka]

Hi Aditya,

You have to provide the correct key to access the registry path in your
code.

e.g if you have stored your xslt in configuration registry, use 

[1] https://docs.wso2.com/display/ESB481/XSLT+Mediator
[2]
http://rangasiriwardena.blogspot.com/2011/07/how-to-use-dynamic-registry-keys-with.html

Regards

On Mon, Nov 20, 2017 at 10:25 AM, aditya shivankar <
shivankar.adit...@gmail.com> wrote:

> Respected Sir,
>
> Now I tried  putting xsl file  under registry, still not able to use it.
> Please check  the screenshot attached.
> Could you please send the screenshot of your workspace in eclipse (similar
> to the attached screenshot), showing where to keep the xslt in project
> structure and also project xml file showing how you access it.
>
> With Regards,
> Aditya
>
>
> On Mon, Nov 20, 2017 at 11:42 AM, aditya shivankar <
> shivankar.adit...@gmail.com> wrote:
>
>> Respected Sir/Madam,
>>
>> Now I tried  putting xsl file  under registry, still not able to use it.
>> Please check  the screenshot attached.
>> Could you please send the screenshot of your workspace in eclipse
>> (similar to the attached screenshot), showing where to keep the xslt in
>> project structure and also project xml file showing how you access it.
>>
>> With Regards,
>> Aditya
>>
>> On Wed, Nov 15, 2017 at 7:41 PM, Saneth Dharmakeerthi 
>> wrote:
>>
>>> Hi Aditya,
>>>
>>> It seems you have put the XSLT in API folder and try to access it in
>>> incorrect way.
>>>
>>> You can do this by either one of following ways and the first one is the
>>> recommended.
>>>
>>>
>>>1.  Put the XSLT to the registry. you can find more information
>>>in[1][3]. If you change the xslt in registry it will effect imidiatly.
>>>2. Put it as local entry[1][2], XSLT change exffect only after next
>>>API or peoxy deployment.
>>>   - 
>>>
>>> 
>>>
>>>
>>> [1]https://docs.wso2.com/display/ESB500/Sample+8%3A+Introduc
>>> tion+to+Static+and+Dynamic+Registry+Resources+and+Using+XSLT
>>> +Transformations
>>> [2] http://mytecheye.blogspot.com/2013/12/wso2-esb-xslt-medi
>>> ator-xslt-imports.html
>>> [3] https://www.linkedin.com/pulse/wso2-esb-message-transfor
>>> mation-mapping-using-xslt-isuru-jayakantha
>>>
>>>
>>>
>>> Thanks and Best Regards,
>>>
>>> Saneth Dharmakeerthi
>>> *Associate Technical Lead*
>>> WSO2, Inc.
>>> Mobile: +94772325511 <+94%2077%20232%205511>
>>>
>>> 
>>>
>>> On Wed, Nov 15, 2017 at 6:40 PM, aditya shivankar <
>>> shivankar.adit...@gmail.com> wrote:
>>>
 Respected Sir,

 I have one xslt .
 I have saved it inside api(src/main/synapse-config/api) folder in my
 project.
 I am trying to access it using xslt mediator like below.

 

 But getting below error.Full logs can be found in attachment .

 [2017-11-15 18:11:39,128] [EI-Core]  INFO - DependencyTracker Local
 entry : api/test.xsl was added to the Synapse configuration successfully
 [2017-11-15 18:11:39,129] [EI-Core]  WARN - SynapseConfigUtils Cannot
 convert null to a StreamSource
 [2017-11-15 18:11:39,131] [EI-Core] ERROR - XSLTMediator Error creating
 XSLT transformer using : Value {name ='null', keyValue ='api/test.xsl'}
 org.apache.synapse.SynapseException: Cannot convert null to a
 StreamSource
 at org.apache.synapse.config.SynapseConfigUtils.handleException
 (SynapseConfigUtils.java:580)
 at org.apache.synapse.config.SynapseConfigUtils.getStreamSource
 (SynapseConfigUtils.java:81)
 at org.apache.synapse.mediators.transform.XSLTMediator.createTe
 mplate(XSLTMediator.java:420)
 at org.apache.synapse.mediators.transform.XSLTMediator.performX
 SLT(XSLTMediator.java:268)
 at org.apache.synapse.mediators.transform.XSLTMediator.mediate(
 XSLTMediator.java:227)
 ---
 I tried printing body/jsonObject just one line before call to xslt. And
 it printed full payload, somewhat like below. So the payload is not empty.

 .

 
 
 

 Please Guide.

 With Regards,
 Aditya


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Gayan Dhanuska
Senior Software Engineer
http://wso2.com/
Lean Enterprise Middleware

Mobile - LK- 071 666 2327
Mobile USA - 612-244-4873


Office
Tel   : 94 11 214 5345
Fax  : 94 11 214 5300
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Roles and Groups in IS

[Nilasini Thirunavukkarasu]

Thanks Thanuja for the explanation.

On Mon, Nov 20, 2017 at 6:50 AM, Thanuja Jayasinghe 
wrote:

> Hi Nila,
>
> In C4, we consider roles and groups are the same. That's why when you add
> groups to a user, IS set those values as roles to that user.
>
> But in C5, we will have two separate concepts for Group and Role.
> Group - Collection of users
> Role - Collection of permissions
> We can assign roles to a group.
>
> Thanks,
> Thanuja
>
> On Sun, Nov 19, 2017 at 6:06 PM, Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Hi,
>>
>> I have added a group with a user by invoking scim group endpoint. It has
>> been added under roles and shown as below in user profile (As we expected).
>>
>> ​
>> Here
>> 1) What is the use case of 'Groups' attribute in the above user profile?
>> 2) Why we are having two local claims (groups & role)?
>> 3) Why we are having two claims (groups & roles) for scim as follows:-
>> 1.
>> Claim URI urn:scim:schemas:core:1.0:groups
>> Mapped Local Claim http://wso2.org/claims/groups
>>
>> 2.
>> Claim URI urn:scim:schemas:core:1.0:roles
>> Mapped Local Claim http://wso2.org/claims/role
>>
>>
>> 4) How can we give values for Groups through SCIM?
>>
>> Tried the scenario with both LDAP and JDBC in IS 5.3.0.
>>
>> Please correct me If I have misunderstood. Any help on this would be
>> highly appreciated.
>>
>> Thanks,
>> Nila.
>>
>>
>> --
>> Nilasini Thirunavukkarasu
>> Software Engineer - WSO2
>>
>> Email : nilas...@wso2.com
>> Mobile : +94775241823 <+94%2077%20524%201823>
>> Web : http://wso2.com/
>>
>>
>> 
>> ​
>>
>
>
>
> --
> *Thanuja Lakmal*
> Associate Technical Lead
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891
>



-- 
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [TokenBinding][OAuth] Need to add a sample application to IS

[Inthirakumaaran Tharmakulasingham]

Hi all,
I developed a sample application to send OAuth requests to IS server with
token binding support.Need to add that to product IS samples.

git hub link for that application:
https://github.com/inthirakumaaran/TokenBindingSample

Thank you,

Regards,
kumar

-- 
Inthirakumaaran
Software Engineering - Intern | WSO2

Email: inthirakumaa...@wso2.com
Mobile:0766598050
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] API Manager 3.0 schedule

[Nathan Jensen]

WSO2 API Manager 3.0,  is there a time frame or release date for the this 
component? and for the next version of the overall product?
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Not able to access xslt from inside wso2 xslt mediator. Please guide.

[Vijitha Ekanayake]

Hi Aditya,

It seems that the reason for xsl file not picking up from the registry is,
you are not referring the registry entry in the correct way inside XSLT
mediator configurations. You need to point the relevant registry entry with
XSLT mediator as below.




Also make sure to provide correct registry (whether config or
govanance registry) as key to XSLT mediator.


Thanks.

On Mon, Nov 20, 2017 at 9:55 PM, aditya shivankar <
shivankar.adit...@gmail.com> wrote:

> Respected Sir,
>
> Now I tried  putting xsl file  under registry, still not able to use it.
> Please check  the screenshot attached.
> Could you please send the screenshot of your workspace in eclipse (similar
> to the attached screenshot), showing where to keep the xslt in project
> structure and also project xml file showing how you access it.
>
> With Regards,
> Aditya
>
>
> On Mon, Nov 20, 2017 at 11:42 AM, aditya shivankar <
> shivankar.adit...@gmail.com> wrote:
>
>> Respected Sir/Madam,
>>
>> Now I tried  putting xsl file  under registry, still not able to use it.
>> Please check  the screenshot attached.
>> Could you please send the screenshot of your workspace in eclipse
>> (similar to the attached screenshot), showing where to keep the xslt in
>> project structure and also project xml file showing how you access it.
>>
>> With Regards,
>> Aditya
>>
>> On Wed, Nov 15, 2017 at 7:41 PM, Saneth Dharmakeerthi 
>> wrote:
>>
>>> Hi Aditya,
>>>
>>> It seems you have put the XSLT in API folder and try to access it in
>>> incorrect way.
>>>
>>> You can do this by either one of following ways and the first one is the
>>> recommended.
>>>
>>>
>>>1.  Put the XSLT to the registry. you can find more information
>>>in[1][3]. If you change the xslt in registry it will effect imidiatly.
>>>2. Put it as local entry[1][2], XSLT change exffect only after next
>>>API or peoxy deployment.
>>>   - 
>>>
>>> 
>>>
>>>
>>> [1]https://docs.wso2.com/display/ESB500/Sample+8%3A+Introduc
>>> tion+to+Static+and+Dynamic+Registry+Resources+and+Using+XSLT
>>> +Transformations
>>> [2] http://mytecheye.blogspot.com/2013/12/wso2-esb-xslt-medi
>>> ator-xslt-imports.html
>>> [3] https://www.linkedin.com/pulse/wso2-esb-message-transfor
>>> mation-mapping-using-xslt-isuru-jayakantha
>>>
>>>
>>>
>>> Thanks and Best Regards,
>>>
>>> Saneth Dharmakeerthi
>>> *Associate Technical Lead*
>>> WSO2, Inc.
>>> Mobile: +94772325511 <+94%2077%20232%205511>
>>>
>>> 
>>>
>>> On Wed, Nov 15, 2017 at 6:40 PM, aditya shivankar <
>>> shivankar.adit...@gmail.com> wrote:
>>>
 Respected Sir,

 I have one xslt .
 I have saved it inside api(src/main/synapse-config/api) folder in my
 project.
 I am trying to access it using xslt mediator like below.

 

 But getting below error.Full logs can be found in attachment .

 [2017-11-15 18:11:39,128] [EI-Core]  INFO - DependencyTracker Local
 entry : api/test.xsl was added to the Synapse configuration successfully
 [2017-11-15 18:11:39,129] [EI-Core]  WARN - SynapseConfigUtils Cannot
 convert null to a StreamSource
 [2017-11-15 18:11:39,131] [EI-Core] ERROR - XSLTMediator Error creating
 XSLT transformer using : Value {name ='null', keyValue ='api/test.xsl'}
 org.apache.synapse.SynapseException: Cannot convert null to a
 StreamSource
 at org.apache.synapse.config.SynapseConfigUtils.handleException
 (SynapseConfigUtils.java:580)
 at org.apache.synapse.config.SynapseConfigUtils.getStreamSource
 (SynapseConfigUtils.java:81)
 at org.apache.synapse.mediators.transform.XSLTMediator.createTe
 mplate(XSLTMediator.java:420)
 at org.apache.synapse.mediators.transform.XSLTMediator.performX
 SLT(XSLTMediator.java:268)
 at org.apache.synapse.mediators.transform.XSLTMediator.mediate(
 XSLTMediator.java:227)
 ---
 I tried printing body/jsonObject just one line before call to xslt. And
 it printed full payload, somewhat like below. So the payload is not empty.

 .

 
 
 

 Please Guide.

 With Regards,
 Aditya


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Vijitha Ekanayake
Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
Mobile : +94 777 24 73 39 | +94 718 74 44 08
lean.enterprise.middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Not able to access xslt from inside wso2 xslt mediator. Please guide.

[aditya shivankar]

Respected Sir,

Now I tried  putting xsl file  under registry, still not able to use it.
Please check  the screenshot attached.
Could you please send the screenshot of your workspace in eclipse (similar
to the attached screenshot), showing where to keep the xslt in project
structure and also project xml file showing how you access it.

With Regards,
Aditya


On Mon, Nov 20, 2017 at 11:42 AM, aditya shivankar <
shivankar.adit...@gmail.com> wrote:

> Respected Sir/Madam,
>
> Now I tried  putting xsl file  under registry, still not able to use it.
> Please check  the screenshot attached.
> Could you please send the screenshot of your workspace in eclipse (similar
> to the attached screenshot), showing where to keep the xslt in project
> structure and also project xml file showing how you access it.
>
> With Regards,
> Aditya
>
> On Wed, Nov 15, 2017 at 7:41 PM, Saneth Dharmakeerthi 
> wrote:
>
>> Hi Aditya,
>>
>> It seems you have put the XSLT in API folder and try to access it in
>> incorrect way.
>>
>> You can do this by either one of following ways and the first one is the
>> recommended.
>>
>>
>>1.  Put the XSLT to the registry. you can find more information
>>in[1][3]. If you change the xslt in registry it will effect imidiatly.
>>2. Put it as local entry[1][2], XSLT change exffect only after next
>>API or peoxy deployment.
>>   - 
>>
>> 
>>
>>
>> [1]https://docs.wso2.com/display/ESB500/Sample+8%3A+Introduc
>> tion+to+Static+and+Dynamic+Registry+Resources+and+Using+XSLT
>> +Transformations
>> [2] http://mytecheye.blogspot.com/2013/12/wso2-esb-xslt-medi
>> ator-xslt-imports.html
>> [3] https://www.linkedin.com/pulse/wso2-esb-message-transfor
>> mation-mapping-using-xslt-isuru-jayakantha
>>
>>
>>
>> Thanks and Best Regards,
>>
>> Saneth Dharmakeerthi
>> *Associate Technical Lead*
>> WSO2, Inc.
>> Mobile: +94772325511
>>
>> 
>>
>> On Wed, Nov 15, 2017 at 6:40 PM, aditya shivankar <
>> shivankar.adit...@gmail.com> wrote:
>>
>>> Respected Sir,
>>>
>>> I have one xslt .
>>> I have saved it inside api(src/main/synapse-config/api) folder in my
>>> project.
>>> I am trying to access it using xslt mediator like below.
>>>
>>> 
>>>
>>> But getting below error.Full logs can be found in attachment .
>>>
>>> [2017-11-15 18:11:39,128] [EI-Core]  INFO - DependencyTracker Local
>>> entry : api/test.xsl was added to the Synapse configuration successfully
>>> [2017-11-15 18:11:39,129] [EI-Core]  WARN - SynapseConfigUtils Cannot
>>> convert null to a StreamSource
>>> [2017-11-15 18:11:39,131] [EI-Core] ERROR - XSLTMediator Error creating
>>> XSLT transformer using : Value {name ='null', keyValue ='api/test.xsl'}
>>> org.apache.synapse.SynapseException: Cannot convert null to a
>>> StreamSource
>>> at org.apache.synapse.config.SynapseConfigUtils.handleException
>>> (SynapseConfigUtils.java:580)
>>> at org.apache.synapse.config.SynapseConfigUtils.getStreamSource
>>> (SynapseConfigUtils.java:81)
>>> at org.apache.synapse.mediators.transform.XSLTMediator.createTe
>>> mplate(XSLTMediator.java:420)
>>> at org.apache.synapse.mediators.transform.XSLTMediator.performX
>>> SLT(XSLTMediator.java:268)
>>> at org.apache.synapse.mediators.transform.XSLTMediator.mediate(
>>> XSLTMediator.java:227)
>>> ---
>>> I tried printing body/jsonObject just one line before call to xslt. And
>>> it printed full payload, somewhat like below. So the payload is not empty.
>>>
>>> .
>>>
>>> 
>>> 
>>> 
>>>
>>> Please Guide.
>>>
>>> With Regards,
>>> Aditya
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.4.0 Alpha 9 Released !!!

[Prabath Siriwardena]

On Thu, Nov 16, 2017 at 12:27 PM, Farasath Ahamed 
wrote:

> The WSO2 Identity and Access Management team is pleased to announce the
> release of WSO2 Identity Server 5.4.0 Alpha 9.
>
> You can build the distribution from the source tag
> https://github.com/wso2/product-is/releases/tag/v5.4.0-alpha9 following
> the steps below.
>

Are we not hosting the binaries...?

Thanks & regards,
-Prabath


>
>
> *Building from the source*
>
>1. Install Java8 or above
>2. Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#)
>3. Get a clone from https://github.com/wso2/product-is.git and
>checkout to v5.4.0-alpha9 tag or you can directly download the source for
>the tag from https://github.com/wso2/product-is/releases/tag/v5.4.0-
>alpha9
>4. Run the one of the below maven commands from product-is directory,
>   - *mvn** clean install* (To build the binary and source
>   distributions with the tests)
>   - *mvn** clean install -Dmaven.test.skip=true* (To build the binary
>   and source distributions, without running any of the unit/integration 
> tests)
>5. You can find the wso2is-5.4.0-alpha9.zip binary distribution in
>product-is/modules/distribution/target directory.
>
> Please note that you need to have Java SE Development Kit *1.8 *to run
> the binary distribution.
>
> The following list contains all the features, improvements, and bug fixes
> available with the WSO2 Identity Server 5.4.0 Alpha 9 release.
> Patch
>
>- [IDENTITY-6488 ] - SAML
>Error when IDP init login, ACS not sent to notification.do
>
> Bug
>
>- [IDENTITY-3355 ] -
>Better if only warning is shown for siganture varification failures (not
>the whole exception)
>- [IDENTITY-4956 ] -
>Inconsistency in displaying the subject claim when a domain is set
>- [IDENTITY-4995 ] -
>Cannot change the certificate alias for a service provider when there's
>more than one certificate
>- [IDENTITY-5866 ] - KeyId
>hard-coded in DefaultIDTokenBuilder
>- [IDENTITY-5922 ] - When
>invoking OAuth2TokenValidationService, updated user roles are not reflected
>in retrieved claims of the JWT token, till cache timeout or server restart
>- [IDENTITY-5994 ] - NPE
>thrown when testing cause of exception in OAuth2Service.issueAccessToken
>()
>- [IDENTITY-6075 ] -
>Receives the Primary-IS admin user info, when calling userinfo endpoint
>with SAML2 Bearer grant type with SAML federated scenario
>- [IDENTITY-6288 ] - Move
>the common code in id token and userinfo, to util
>- [IDENTITY-6327 ] - List
>of claims returned in IDToken and Userinfo don't get updated when we update
>requested claims configuration
>- [IDENTITY-6331 ] - alg
>header in JWT token is not valid for IS 5.0.0
>- [IDENTITY-6332 ] - The
>“exp” value in the JWT tokens must in RFC7519 compliant format
>- [IDENTITY-6354 ] - Two
>confirmation windows coming when updating the user with all existing roles
>- [IDENTITY-6358 ] - Error
>when adding workflows in tenant mode for external BPS profiles
>- [IDENTITY-6376 ] - SAML2
>Web SSO Configuration (Federated Authenticator) default Signature Algorithm
>is set to DSA with SHA1
>- [IDENTITY-6385 ] -
>Internal Server Error for Client Credential Grant with openid scope OOB
>- [IDENTITY-6386 ] - self
>sign up not working in tenant mode
>- [IDENTITY-6391 ] -
>[Service Provider SAML2 Web SSO configuration] Default Value of Certificate
>Alias should be wso2carbon
>- [IDENTITY-6404 ] - Error
>in SAML2 Bear token grant validation for tenant users when "Use tenant
>domain in local subject identifier" option is unchecked
>- [IDENTITY-6480 ] -
>Calling OAuth2ValidationService with a valid token when
>AuthorizationContextTokenGeneration is enabled throws a back end error
>- [IDENTITY-6496 ] - A
>white-space in-between Authorization: Basic and
> leads 

Re: [Dev] Enable JWT in gateway node

[Pubudu Gunatilaka]

Hi Harsha,

I just checked the JWTHeader scenario. If you want to change the JWT
header, then you need to change that in gateway node [1]. You only need to
change this property in the gateway and even you don't need to enable jwt
in the gateway.

[1] -
https://github.com/wso2/carbon-apimgt/blob/v6.1.66/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/oauth/OAuthAuthenticator.java#L310

Thank you!

On Mon, Nov 20, 2017 at 1:26 PM, Harsha Kumara  wrote:

>
>
> On Mon, Nov 20, 2017 at 10:43 AM, Pubudu Gunatilaka 
> wrote:
>
>> Hi,
>>
>> I checked this locally using a separate gateway node and another node for
>> other profiles. I did not enable JWT and I could see the jwt header when I
>> enabled the debug logs.
>>
>> APIKeyMgtDataHolder is the only reference I could find as well. If there
>> isn't any use case in the gateway, we can remove configuring jwt in gateway
>> [1].
>>
>> [1] - https://docs.wso2.com/display/AM210/Distributed+Deployment
>> +of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-Co
>> nfiguretheGateway
>>
> In previous versions, there was a issue that we include this property in
> the gateway configurations. I can't recall the exact reason. Lakmali should
> know the exact reason. Also check the sysnapse API config and see whether
> there are any properties getting added when we deploy the API in the
> gateway. This might have fixed in latest versions. But needs to verify and
> update the document accordingly. If someone wants to change the Assertion
> header name, do they need to change it in KM or Gateway? Please check that
> as well. There is a property called JWTHeader in api-manager.xml.
>
>>
>> Thank you!
>>
>> On Mon, Nov 20, 2017 at 1:07 PM, Sam Sivayogam  wrote:
>>
>>> It seems like we are reading this config only in APIKeyMgt service [1]
>>> hence I think we don't need this configuration in Gateway node
>>>
>>> [1] https://github.com/wso2/carbon-apimgt/blob/v6.1.66/component
>>> s/apimgt/org.wso2.carbon.apimgt.keymgt/src/main/java/org/
>>> wso2/carbon/apimgt/keymgt/util/APIKeyMgtDataHolder.java#L107
>>>
>>> Thanks,
>>> Sam
>>>
>>> On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka 
>>> wrote:
>>>
 Hi,

 Do we need to enable JWT in gateway node [1] in a fully distributed
 deployment where KM/IS is hosted separately?

 I can see the JWT is passed to the backend.

 *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG
> {org.apache.synapse.transport.http.headers} -  http-outgoing-1 >>
> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod
> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd
> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY
> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb
> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia
> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV
> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ
> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z
> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia
> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR
> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc
> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb
> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c
> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia
> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI
> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI
> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS
> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL
> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa
> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK
> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ
> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=
> {org.apache.synapse.transport.http.headers}
> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG
> {org.apache.synapse.transport.http.wire} -  HTTP-Sender I/O dispatcher-1 
> <<
> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod
> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd
> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY
> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb
> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia
> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV
> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ
> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z
> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia
> 

Re: [Dev] Fwd: Anomaly Detection in JIra Using CEP

[Isham Mohamed]

adding Srinath,Suho,Sajith,Isuru
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to include user profile email in JWT token

[Thivya Mahenthirarasa]

Hi Dushantha,

Try creating a new user profile on your key manager with the email
attribute and try the scenario again.  The browser might have kept the
cache due to which you couldn't be able to find the email.


Regards,
Thivya

On Mon, Nov 20, 2017 at 5:18 PM, Dushantha Batuwita 
wrote:

>
> Hi Dev
>
> I’m involved in a task which is having API-M and IS as KM cluster,
> There I generate a JWT token by going through [1]document.
>
> When I retrieve the jwt token and check by decoding I can’t find the users
> email which I have already set at user profile level.
>
> *Sample decoded JWT payload*
>
> {
>
>  "http://wso2.org/claims/userid": "0a6eb289-9e02-4fd6-b8a6-26ea9c7ed360",
>
>  "http://wso2.org/claims/username": "patient1",
>
>  "http://wso2.org/claims/role": [
>
>"patient",
>
>"Internal/everyone"
>
>  ],
>
>  "http://wso2.org/claims/applicationtier": "Unlimited",
>
>  "http://wso2.org/claims/keytype": "PRODUCTION",
>
>  "http://wso2.org/claims/version": "v1.0",
>
>  "iss": "wso2.org/products/am",
>
>  "http://wso2.org/claims/applicationname": "patientApplication",
>
>  "http://wso2.org/claims/enduser": "patient1@carbon.super",
>
>  "http://wso2.org/claims/enduserTenantId": "-1234",
>
>  "http://wso2.org/claims/givenname": "Saman",
>
>  "http://wso2.org/claims/created": "2017-11-20T13:43:39",
>
>  "http://wso2.org/claims/fullname": "patient1",
>
>  "http://wso2.org/claims/modified": "2017-11-20T15:00:58",
>
>  "http://wso2.org/claims/subscriber": "patient1",
>
>  "http://wso2.org/claims/tier": "Unlimited",
>
>  "http://wso2.org/claims/emailaddress": "saman...@tahoo.com",
>
>  "http://wso2.org/claims/lastname": "patient1",
>
>  "http://wso2.org/claims/applicationid": "5",
>
>  "http://wso2.org/claims/usertype": "APPLICATION",
>
>  "exp": 1511176687,
>
>  "http://wso2.org/claims/apicontext": "/patientInfo/v1.0"
>
> }
>
>
> Please advise If I’m missing out something when I configure to include
> user email
>
> [1]https://docs.wso2.com/display/AM200/Passing+Enduser+
> Attributes+to+the+Backend+Using+JWT
>
>
>
> Many thanks
>
>
>
>
>
> --
> *Dushantha Nayanajith Chandima Batuwita*
> Software Engineer Support | WSO2
> dushan...@wso2.com
> mobile : 0094777453010
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

*Thivya Mahenthirarasa*

*Software Engineer -Support Team | WSO2*


*Email: thi...@wso2.com *

*Mobile: +94766461966 *
*Web: http://wso2.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] How to include user profile email in JWT token

[Dushantha Batuwita]

Hi Dev

I’m involved in a task which is having API-M and IS as KM cluster,
There I generate a JWT token by going through [1]document.

When I retrieve the jwt token and check by decoding I can’t find the users
email which I have already set at user profile level.

*Sample decoded JWT payload*

{

 "http://wso2.org/claims/userid": "0a6eb289-9e02-4fd6-b8a6-26ea9c7ed360",

 "http://wso2.org/claims/username": "patient1",

 "http://wso2.org/claims/role": [

   "patient",

   "Internal/everyone"

 ],

 "http://wso2.org/claims/applicationtier": "Unlimited",

 "http://wso2.org/claims/keytype": "PRODUCTION",

 "http://wso2.org/claims/version": "v1.0",

 "iss": "wso2.org/products/am",

 "http://wso2.org/claims/applicationname": "patientApplication",

 "http://wso2.org/claims/enduser": "patient1@carbon.super",

 "http://wso2.org/claims/enduserTenantId": "-1234",

 "http://wso2.org/claims/givenname": "Saman",

 "http://wso2.org/claims/created": "2017-11-20T13:43:39",

 "http://wso2.org/claims/fullname": "patient1",

 "http://wso2.org/claims/modified": "2017-11-20T15:00:58",

 "http://wso2.org/claims/subscriber": "patient1",

 "http://wso2.org/claims/tier": "Unlimited",

 "http://wso2.org/claims/emailaddress": "saman...@tahoo.com",

 "http://wso2.org/claims/lastname": "patient1",

 "http://wso2.org/claims/applicationid": "5",

 "http://wso2.org/claims/usertype": "APPLICATION",

 "exp": 1511176687,

 "http://wso2.org/claims/apicontext": "/patientInfo/v1.0"

}


Please advise If I’m missing out something when I configure to include user
email

[1]
https://docs.wso2.com/display/AM200/Passing+Enduser+Attributes+to+the+Backend+Using+JWT



Many thanks





-- 
*Dushantha Nayanajith Chandima Batuwita*
Software Engineer Support | WSO2
dushan...@wso2.com
mobile : 0094777453010
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: Anomaly Detection in JIra Using CEP

[Isham Mohamed]

Hi All,
This is regarding configuring email publisher of the wso2das3.1.0
I configured output-event-adapter.xml as bellow

* *
**
*no-re...@wso2.com
*
*[username]*
*[password]*
*tygra.wso2.com
*
*25*
*true*
*true*
**
*8*
*100*
*2*
*1*
**

when I tried to send a mail there was an error saying,

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

so we did a workaround by disabling "mail.smtp.starttls" .
The mails are used only for internal purpose.
is this recommended??

Thanks

On Mon, Nov 20, 2017 at 5:38 PM, Isham Mohamed  wrote:

> adding Srinath,Suho,Sajith,Isuru
>



-- 

Isham Mohamed
*Trainee Software Engineer*
WSO2

p: +94778696585

.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Does WSO2 Identity Server support IDP initiated logout from federated IDP?

[Thanuja Jayasinghe]

Hi Roman,

On Thu, Nov 16, 2017 at 5:56 PM, Roman CHRENKO 
wrote:

> Hello.
>
> We are using WSO2 Identity Server 5.3.0.
>
> I configured trust between WSO2 IDP (symbolic name "IDP1") and the Service
> Provider (Shibboleth, symbolic name "SP1").
>
> Then I configured second trust between WSO2 acting as a service provider
> ("SP2") and federated IDP (symbolic name "IDP2", some public/gov service).
>
> I followed instructions at https://docs.wso2.com/display/
> IS530/Configuring+Shibboleth+IdP+as+a+Trusted+Identity+Provider.
>
> SP1 protects some resources, access to them is granted only when users are
> authenticated to IDP2. Everything is based on SAML protocol.
>
> Login works fine - login requests are redirected from WSO2(=IDP1) to IDP2.
>
> IDP1 initiated logout works fine too (user is sending GET to
> https://idp1.mydomain.com/samlsso?slo=true=
> https://sp1.mydomain.com/shibboleth ).
>
> But IDP2 initiated logout fails with message (in a browser): "Attention:
> Something went wrong during the authentication process. Please try signing
> in again."
>
> It generates record to the WSO2 log: "{...DefaultRequestCoordinator}
> Context does not exist. Probably due to invalidated cache".
>
> During the IDP2 initiated logout correct LogoutRequest is sent from IDP2
> to WSO2 (to https://amsrv.mydomain.com:9443/commonauth).
>
> (Our WSO2 is only one of many Service Providers which trust IDP2. IDP2 is
> central identity provider for government institutions.
>
> IDP2 supports SSO, so logout can be initiated from many independent
> applications (Service providers). But from out point of view it is
> initiated from IDP2.)
>
> Does WSO2 support such scenario (IDP2 initiated logout)?
>

No. This is not supported.


> If not, when will it be supported?
>

Created JIRA [1] to track this feature.


> If yes, where is it documented?
>
>
>
> Best regards,
>
> Roman
>
>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
As a workaround can you try sending modified IdP initiated logout request
to the /samlsso endpoint from the IDP2?
- In this case, WSO2 IS(IDP1) will send a logout request to IDP2 and IDP2
need to handle it and send back a successful response.
- In the SP1 configuration of WSO2 IS(IDP1), you need to configure a
landing URL in IDP2 as a "Return to URL" after the single logout.
  Ex:
https://idp1.mydomain.com/samlsso?slo=true=https://sp1.mydomain.com/shibboleth=https://idp2/logout-success
(IDP2 can't send an SP initiated logout request since the session index
will not be available at /samlsso endpoint (inbound) side)

[1] - https://wso2.org/jira/browse/IDENTITY-6929

Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API-Proxy for Single Page Application

[roshan wijesena]

Thanks Prabath.

It is clear now.

Regards
Roshan


On Mon, Nov 20, 2017 at 6:11 PM Prabath Siriwardena 
wrote:

> Let me clarify what is solved by the encryption here..
>
> Here the proxy uses the code grant type - and it gets access token +
> refresh token. Proxy can either store that at server side and replicate it
> across all the nodes - or store them in an encrypted cookie, and make
> things stateless..
>
> Encryption is used here to make the application stateless - and the end
> user will not get access to the access token or the refresh token.
>
> Then again, if someone finds the value stored in the session storage and
> then talk to the proxy API passing that along with all the encrypted
> cookies through its own app (say cURL).. it will not work...
>
> To make the above blocked - you need to have TLS channel binding between
> the browser and the proxy - and you need not to worry about APIs (whether
> they support channel binding or not)...
>
> The other benefit proxy gives is support for CORS - you need not to worry
> whether the external APIs support CORS or not...
>
> Thanks & regards,
> -Prabath
>
>
> On Sun, Nov 19, 2017 at 11:44 PM, Thilina Madumal 
> wrote:
>
>> +Dev list
>>
>> On Mon, Nov 20, 2017 at 11:01 AM, Thilina Madumal 
>> wrote:
>>
>>> Hi Roshan,
>>>
>>>
>>> On Mon, Nov 20, 2017 at 10:43 AM, roshan wijesena >> > wrote:
>>>
 Hi Thilina,

 How do you create this encrypted token? I agree with  NuwanD,  if you
 store that encrypted token in the browser, and if some one got that token
 he can

>>>
>>> For now I'm using symetric encryption. Encrypted tokens are stored in a
>>> cookie and sent to the browser.
>>>
>>>
 access your protected backed via proxy call. The point is encrypted
 token seems not fixing the problem, which you trying to achieve.

>>>
>>> So what do you suggest?
>>> You are suggesting to store the tokens at the Proxy against some key
>>> (say sessionID), and send this sessionID as a cookie to the browser-client?
>>> If so, what if this cookie is stolen? It is the same case right?
>>>
>>>

 Regards
 Roshan

 On Mon, Nov 20, 2017 at 4:01 PM, Thilina Madumal 
 wrote:

> Hi Nuwan,
>
>
> On Mon, Nov 20, 2017 at 1:54 AM, Nuwan Dias  wrote:
>
>> Hi Thilina,
>>
>> I still don't understand how encrypting this information makes the
>> proxy stateless. What state would the proxy have to bear if this
>> information was in plain text? Also why would you need to store the
>> id_token on client side?
>>
>
> If the access_token is not stored at the browser side, then the proxy
> need to store the access_token against some key at the proxy side. It is
> same with the id_token. We need the id_token to understand the context of
> the access_token.
>
> In order to avoid storing tokens at the Proxy, we need to send those
> to the browser client. Sending them as plain text is not a wise thing to
> do. That's where the encryption comes in handy.
>
> However the important thing to note here is, there is no server-side
> for these SPAs. We don't target the web-applications with a server-side.
> Our focus is only pure SPAs where there is no corresponding server side.
>
>
>>
>> Yes, encrypting the token and other info would prevent an attacker
>> calling the APIs directly. But an attacker wouldn't be worried about
>> calling the APIs directly. He would just call through the proxy, just 
>> like
>> the SPA itself does.
>>
>
> If the attacker can get hold of the cookies, yes this can happen.
> However given that if we have secured the cookies and make them HTTPOnly 
> we
> can ensure security up to some level, can't we?
>
> However if an attacker got hold of your facebook, google, or whatever
> cookies then he will be able to forge your identity. IMO this to happen,
> the attacker should either hack your machine or you should hand over the
> cookies willingly. Given that cookies are secured and HttpOnly, man in the
> middle attack or, cross-site scripts will not be able to exploit the
> cookies.
>
>
>>
>> Thanks,
>> NuwanD.
>>
>> On Sun, 19 Nov 2017 at 9:05 pm, Thilina Madumal 
>> wrote:
>>
>>> Hi Nuwan,
>>>
>>>
>>> On Sun, Nov 19, 2017 at 8:48 PM, Nuwan Dias  wrote:
>>>
 Hi Thilina,

 What do you gain by encrypting the token that is to be stored on
 the client side? Since the client does not seem to be doing any 
 decryption
 before using the

>>>
>>> FYI here it is not only just the access_token. It is access_token +
>>> refresh_token + id_token altogether.
>>> Token 

Re: [Dev] Exception while start the Keymanager

[Dilusha Alphonso]

Hi All,

I followed the above document. It was able to resolve this issue.

Thanks for your help.

Thanks
Dilusha

On Sun, Nov 19, 2017 at 2:40 PM, Samitha Chathuranga 
wrote:

> Hi Dilusha,
>
> And also other than what Rajith supposed you have also to delete the
> WebSocketInboundEndpoint.xml file from the /repository/
> deployment/server/synapse-configs/default/inbound-endpoints directory.
>
> Regards,
> Samitha
>
> On Sun, Nov 19, 2017 at 2:37 PM, Rajith Roshan  wrote:
>
>> Hi Dilusha,
>> When start using key manager profile did you remove the configuration
>> section that starts with > class="org.wso2.carbon.websocket.transport.WebsocketTransportSender"> in
>> axis2.xml
>> Please follow doc[1] for more info on how to start with different
>> profiles.
>>
>> [1] - https://docs.wso2.com/display/AM210/Product+Profiles#b5a26
>> 6176df84a2d82f8f4900785231c
>>
>> Thanks!
>> Rajith
>>
>>
>> On Sun, Nov 19, 2017 at 2:07 PM, Dilusha Alphonso 
>> wrote:
>>
>>> Hi All,
>>>
>>> I am trying to do a distributed system in APIM 2.1.0. In my setup, 2
>>> gateway nodes (worker, worker + manager),  a key manager and
>>> publisher, store, and Traffic manager together.
>>>
>>> After configuring the system when I start the key manager node it is
>>> working fine. But when I start with -Dprofile I am getting the below
>>> error.
>>>
>>> at org.wso2.carbon.core.CarbonAxisConfigurator.getAxisConfigura
>>> tion(CarbonAxisConfigurator.java:194)
>>> at org.apache.axis2.context.ConfigurationContextFactory.createC
>>> onfigurationContext(ConfigurationContextFactory.java:64)
>>> at org.wso2.carbon.core.CarbonConfigurationContextFactory.creat
>>> eNewConfigurationContext(CarbonConfigurationContextFactory.java:65)
>>> at org.wso2.carbon.core.init.CarbonServerManager.initializeCarb
>>> on(CarbonServerManager.java:398)
>>> at org.wso2.carbon.core.init.CarbonServerManager.start(CarbonSe
>>> rverManager.java:219)
>>> at org.wso2.carbon.core.internal.CarbonCoreServiceComponent.act
>>> ivate(CarbonCoreServiceComponent.java:94)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.java:62)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> at org.eclipse.equinox.internal.ds.model.ServiceComponent.activ
>>> ate(ServiceComponent.java:260)
>>> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.a
>>> ctivate(ServiceComponentProp.java:146)
>>> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.b
>>> uild(ServiceComponentProp.java:345)
>>> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone
>>> nt(InstanceProcess.java:620)
>>> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone
>>> nts(InstanceProcess.java:197)
>>> at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolve
>>> r.java:343)
>>> at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SC
>>> RManager.java:222)
>>> at org.eclipse.osgi.internal.serviceregistry.FilteredServiceLis
>>> tener.serviceChanged(FilteredServiceListener.java:107)
>>> at org.eclipse.osgi.framework.internal.core.BundleContextImpl.d
>>> ispatchEvent(BundleContextImpl.java:861)
>>> at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEve
>>> nt(EventManager.java:230)
>>> at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEv
>>> entSynchronous(ListenerQueue.java:148)
>>> at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.pu
>>> blishServiceEventPrivileged(ServiceRegistry.java:819)
>>> at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.pu
>>> blishServiceEvent(ServiceRegistry.java:771)
>>> at org.eclipse.osgi.internal.serviceregistry.ServiceRegistratio
>>> nImpl.register(ServiceRegistrationImpl.java:130)
>>> at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.re
>>> gisterService(ServiceRegistry.java:214)
>>> at org.eclipse.osgi.framework.internal.core.BundleContextImpl.r
>>> egisterService(BundleContextImpl.java:433)
>>> at org.eclipse.equinox.http.servlet.internal.Activator.register
>>> HttpService(Activator.java:81)
>>> at org.eclipse.equinox.http.servlet.internal.Activator.addProxy
>>> Servlet(Activator.java:60)
>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.init(
>>> ProxyServlet.java:40)
>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.init(De
>>> legationServlet.java:38)
>>> at org.apache.catalina.core.StandardWrapper.initServlet(Standar
>>> dWrapper.java:1269)
>>> at org.apache.catalina.core.StandardWrapper.loadServlet(Standar
>>> dWrapper.java:1182)
>>> at org.apache.catalina.core.StandardWrapper.load(StandardWrappe
>>> r.java:1072)
>>> at org.apache.catalina.core.StandardContext.loadOnStartup(Stand
>>> ardContext.java:5368)
>>> at org.apache.catalina.core.StandardContext.startInternal(Stand
>>> ardContext.java:5660)
>>> at 

Re: [Dev] Enable JWT in gateway node

[Chamalee De Silva]

Hi Pubudu,

In a fully distributed set up we can decide in which component (Key Manager
or  Gateway) we need to keep key validation information cache.
Therefore having JWT enabled in Key Manager node only is enough IMO.

To check the values passing to the backend we can use debug logs.



Thanks,
Chamalee

On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka  wrote:

> Hi,
>
> Do we need to enable JWT in gateway node [1] in a fully distributed
> deployment where KM/IS is hosted separately?
>
> I can see the JWT is passed to the backend.
>
> *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG
>> {org.apache.synapse.transport.http.headers} -  http-outgoing-1 >>
>> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.
>> eyJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFs
>> XC9zdWJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlv
>> blwvYWRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRl
>> cm5hbFwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4i
>> XSwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVy
>> IjoiVW5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5
>> dHlwZSI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1z
>> XC92ZXJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2Ft
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1l
>> IjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2Ns
>> YWltc1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9c
>> L3dzbzIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0Iiwi
>> aHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWlu
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRl
>> ZCIsImh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQi
>> OiIxIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJB
>> UFBMSUNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5v
>> cmdcL2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.
>> ADG30dcwlxBaN7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+
>> CvK07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/
>> 7FTpnFRfyZ7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=
>> {org.apache.synapse.transport.http.headers}
>> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG
>> {org.apache.synapse.transport.http.wire} -  HTTP-Sender I/O dispatcher-1 <<
>> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.
>> eyJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFs
>> XC9zdWJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlv
>> blwvYWRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRl
>> cm5hbFwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4i
>> XSwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVy
>> IjoiVW5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5
>> dHlwZSI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1z
>> XC92ZXJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2Ft
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1l
>> IjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2Ns
>> YWltc1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9c
>> L3dzbzIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0Iiwi
>> aHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWlu
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRl
>> ZCIsImh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQi
>> OiIxIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJB
>> UFBMSUNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5v
>> cmdcL2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.
>> ADG30dcwlxBaN7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+
>> CvK07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/
>> 7FTpnFRfyZ7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=[\r][\n]"
>> {org.apache.synapse.transport.http.wire}
>
>
>
> What is the need to enable JWT in gateway node?
>
> [1] - https://docs.wso2.com/display/AM210/Distributed+
> Deployment+of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-
> ConfiguretheGateway
>
> Thank you!
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,

*Chamalee De Silva*
Software Engineer
*WS**O2* Inc. :http://wso2.com/

Office   :- *+94 11 2145345 <%2B94%2011%202145345>*
mobile  :- *+94 7 <%2B94%2077%202782039>1 4315942*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enable JWT in gateway node

[Rukshan Premathunga]

Hi pubudu,

This depends on the backend right? if it need such a authorization, cluster
or Single AM setup we need to generate the JWT and pass to the backend. So
it is upto the backend implementation i think.

Thanks and Regards

On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka  wrote:

> Hi,
>
> Do we need to enable JWT in gateway node [1] in a fully distributed
> deployment where KM/IS is hosted separately?
>
> I can see the JWT is passed to the backend.
>
> *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG
>> {org.apache.synapse.transport.http.headers} -  http-outgoing-1 >>
>> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.
>> eyJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFs
>> XC9zdWJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlv
>> blwvYWRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRl
>> cm5hbFwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4i
>> XSwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVy
>> IjoiVW5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5
>> dHlwZSI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1z
>> XC92ZXJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2Ft
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1l
>> IjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2Ns
>> YWltc1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9c
>> L3dzbzIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0Iiwi
>> aHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWlu
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRl
>> ZCIsImh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQi
>> OiIxIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJB
>> UFBMSUNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5v
>> cmdcL2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.
>> ADG30dcwlxBaN7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+
>> CvK07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/
>> 7FTpnFRfyZ7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=
>> {org.apache.synapse.transport.http.headers}
>> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG
>> {org.apache.synapse.transport.http.wire} -  HTTP-Sender I/O dispatcher-1 <<
>> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.
>> eyJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFs
>> XC9zdWJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlv
>> blwvYWRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRl
>> cm5hbFwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4i
>> XSwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVy
>> IjoiVW5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5
>> dHlwZSI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1z
>> XC92ZXJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2Ft
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1l
>> IjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2Ns
>> YWltc1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9c
>> L3dzbzIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0Iiwi
>> aHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWlu
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRl
>> ZCIsImh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQi
>> OiIxIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJB
>> UFBMSUNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5v
>> cmdcL2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.
>> ADG30dcwlxBaN7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+
>> CvK07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/
>> 7FTpnFRfyZ7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=[\r][\n]"
>> {org.apache.synapse.transport.http.wire}
>
>
>
> What is the need to enable JWT in gateway node?
>
> [1] - https://docs.wso2.com/display/AM210/Distributed+
> Deployment+of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-
> ConfiguretheGateway
>
> Thank you!
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Rukshan Chathuranga.
Software Engineer.
WSO2, Inc.
+94711822074
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev