Re: [Dev] WSO2 Oxygen Tank > Manage endpoint text responses from proxy (Unexpected character 'some_character' code 45 in prolog expected '<')

[Marcos Tarín Esteve]

Hi Nadeeshaan
Regarding the need to create a custom message formatter / builder. I do not 
have enough knowledge to implement it. And I would like to make a solution as 
simple as possible.
As a solution I propose the following (if you could help me).

Just take the complete response received from the endpoint and wrap it within a 
new SOAP structure that contains all the received response (regardless of the 
transport format used: txt, binary ..
IDEA >>
CREATE NEW SOAP STRUCTURE
-- Embedded Full endpoint response --
END NEW SOAP STRUCTURE
It would be enough solution for me. Since in this way the client, at least, 
could receive the information. Client who subsequently has the ability to shred 
/ process it.
Would it be possible?
Thanks
Marcos

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Select Error Codes section does not work properly when configuring an EndPoint

[Heshitha Hettihewa]

Hi Malaka,

It seems the message(Popup body content) we are passing to the
CARBON.showPopupDialog() function is html encoded inside the function[1].
So the html content we are passing is considered as text and shown as text
content inside the popup window body. So IMO we need to set the html
content directly to the popup dialog body without encoding it as text.

[1].
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.ui/src/main/resources/web/dialog/js/dialog.js#L231

Thanks,
Heshitha.

On Wed, Jan 17, 2018 at 10:14 AM, Malaka Gangananda 
wrote:

> Select Error Codes section does not work properly when configuring advance
> properties of end points.
> When Select Error Codes section is selected while trying to configure
> suspend or timeout error codes in Address Endpoints it just pop up a html
> code rather than showing the actual error codes as shown in below.
>
>
> ​
>
>
>
>
>
> Reason behind this is in endpoint-utils.js code it uses
> the CARBON.showPopupDialog method, and it passes the html code which needs
> to create the pop up menu into this method.
> But in showPopupDialog method it uses the htmlEncode method and convert
> the html content into text and put within a newly created html section.
> So the popup menu shown as text as mentioned above.
> CARBON.showPopupDialog  method has been used to edit inline throttle
> policy as well and that section also shows this error.
> So how to proceed with this ?
>
> Thanks,
> --
> Malaka.
> --
> Malaka Gangananda - Software Engineer | WSO2
> Email : mala...@wso2.com
> Mobile : +94713564340 <+94%2071%20356%204340>
> Web : http://wso2.com
>   
>



-- 
Heshitha Hettihewa
*Software Engineer*
Mobile : +94716866386
<%2B94%20%280%29%20773%20451194>
heshit...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] Access Token revocation in OAuthAdminService

[Indunil Upeksha Rathnayake]

Hi,

Please find the in line comments.

On Wed, Jan 17, 2018 at 10:50 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi All,
>
> In the method [1] which is used to revoke access tokens by resource
> owners, it iterates all ACTIVE or EXPIRED access tokens for the particular
> client authorized by the user.
>
> // retrieve all ACTIVE or EXPIRED access tokens for particular client 
> authorized by this user
>
>
>
> Set accessTokenDOs = OAuthTokenPersistenceFactory.g
> etInstance()
>
> .getAccessTokenDAO().getAccessTokens(appDTO.getOauthConsumerKey(),
>
> user, userStoreDomain, true);
> Inside the foreach the auth cache is cleared for the tokens one by one
> which is fetched from the accessTokenDOs.
>
> for (AccessTokenDO accessTokenDO : accessTokenDOs) { ...
>
> OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());
>
>
> // retrieve latest access token for particular client, user and scope
> combination if its ACTIVE or EXPIRED
> scopedToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().
> getLatestAccessToken(appDTO.getOauthConsumerKey(), user, userStoreDomain,
> Auth2Util.buildScopeString(accessTokenDO.getScope()), true);  //Revoking
> token from database
> OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO()
> .revokeAccessTokens(new String[]{scopedToken.getAccessToken()});
>
>
> ...
> }
>
> Then inside the for each it self it retrieves the latest access token for
> the particular client, user and for the particular scope if the token is
> ACTIVE or EXPIRED. This token is revoked from the db inside the for each.
>
> I have two questions here.
>
> 1. We clear the auth cache based on the access token which is fetched from
> accessTokensDo  and revoke the scopedToken from the db which can be
> different.
>
> 2. As there are multiple db calls are happening here can't we move the
> logic of revoking token from db to out side of the for each as the DAO
> method is supporting for batch operations.
>

No need to get all the access tokens to do cache clean up for the entries
against consumer key + authorize user, which can be done as follows.
*OAuthUtil.clearOAuthCache(appDTO.getOauthConsumerKey(), user);*


Since we remove all the AccessTokenDO entries stored in cache, against all
the access tokens as follows, I think we need to retrieve all ACTIVE or
EXPIRED access tokens for particular client authorized by the user.
*OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());*


If there are multiple access tokens available in the database for
particular client, user and scope combination, actually here we are not
revoking the latest access token (ACTIVE or EXPIRED), but revoking multiple
entries while iterating through all the access tokens. In order to revoke
the latest access token for particular client, user and scope combination,
we can use following approach.

   - Get the scopes for particular client authorized by the user
   - Iterate through the scopes and revoke the latest access token issued
   for client, user and scope combination using database batch operation
   - Remove the corresponding entries in cache for consumer key + authorize
   user + scope as follows.

* OAuthUtil**.clearOAuthCache(appDTO.getOauthConsumerKey(), user,
scope));*



>
> Highly appreciate your feedback on this.
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/master/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth/OAuthAdminService.java#L627
>
> Thanks.
>
> --
>
> Hasanthi Dissanayake
>
> Senior Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com 
>



-- 
Indunil Upeksha Rathnayake
Software Engineer | WSO2 Inc
Emailindu...@wso2.com
Mobile   0772182255
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Image persisting and retrieval mechanism for WSO2 IoT Server

[Nuwan Jayawardene]

Hi Anusha,

That's great to hear!
I was also focusing on per image storage, retrieval and if possible;
processing. Could the same implementation be applied directly to images
without a video stream?

If that's the case it would be awesome!

Thanks and regards.

On Wed, Jan 17, 2018 at 9:40 AM, Anusha Jayasundara 
wrote:

> Hi Nuwan.
>
> Even though I did video processing, In the end, the processing was done by
> per image. In my case, I resized the images into a 480p or 720p(most of the
> time videos was 1080p) and after the processing was done, saved them into
> the main storage in binary format. So you also can check the possibility of
> pre-processing the image before saving, since it can reduce the image size.
>
> Thank You,
> Anusha,
>
> On Tue, Jan 16, 2018 at 7:19 PM, Ramindu De Silva 
> wrote:
>
>> Hi all,
>>
>> [+]Anusha
>> Anusha has implemented a video processing solution. But it is not
>> integrated to the SP. Anusha, can you please explain how you stored and
>> processed the data in your solution? Maybe IoT team can get an idea.
>>
>> Best Regards,
>> Ramindu.
>>
>>
>> On Tue, Jan 16, 2018 at 4:03 AM, Nuwan Jayawardene 
>> wrote:
>>
>>> Hi All,
>>>
>>> Thanks for the feedback.
>>> Based on what everyone has said, I thought it was best to go ahead with
>>> using the *BinaryStream*.
>>>
>>> Will update this thread further along the way! :)
>>>
>>>
>>> On Tue, Jan 16, 2018 at 2:07 PM, Madawa Soysa  wrote:
>>>


 On Tue, Jan 16, 2018 at 1:10 PM, Ruwan Yatawara 
 wrote:

> As to my knowledge, image analysis is not supported, and won't be
> supported in the near future.
>
> @Mohan, @Ramindu, please correct me if I am wrong.
>

 In that case, it is better to go with the BinaryStream approach.

 +1 for retrieving as a BinaryStream.


> Thanks and Regards,
>
> Ruwan Yatawara
>
> Technical Lead,
> WSO2 Inc.
>
> email : ruw...@wso2.com
> mobile : +94 77 9110413
> http://ruwansrants.blogspot.com/
> https://500px.com/ruwan_ace
> https://medium.com/@ruwanyatawara
>
>
> On Tue, Jan 16, 2018 at 1:01 PM, Nuwan Jayawardene 
> wrote:
>
>> Hi Madawa,
>>
>> Have you evaluated this approach? What are the advantages and
>>> drawbacks in terms of storage and retrieval of images by following this
>>> approach?
>>
>>
>> I've yet to look more into this option. I was actually hoping for
>> some feedback on whether or not I should pursue this or stick with the
>> RDBMS approach since I'm not experienced enough with Siddhi to do a
>> knowledgeable assessment.
>> At the moment, for the use case at hand, a simple storage and
>> retrieval would suffice. But if we consider the long run IMO it would be
>> smarter to go with a Siddhi based approach.
>> Then again comes the issue of whether Siddhi streams support image
>> analytics.
>>
>> On Tue, Jan 16, 2018 at 12:50 PM, Madawa Soysa 
>> wrote:
>>
>>> Hi Nuwan,
>>>
>>> One other approach suggested to me was to use a *Siddhi Stream for
 both storage and retrieval* purposes. This would further allow for
 analytics to be performed on the data which not be very much possible 
 with
 the earlier mentioned approaches.
>>>
>>>
>>> Have you evaluated this approach? What are the advantages and
>>> drawbacks in terms of storage and retrieval of images by following this
>>> approach?
>>>
>>> On Tue, Jan 16, 2018 at 12:36 PM, Geeth Munasinghe 
>>> wrote:
>>>


 On Tue, Jan 16, 2018 at 10:52 AM, Nuwan Jayawardene <
 nuw...@wso2.com> wrote:

> Hi all,
>
> I'm currently working on a project to add image storing
> and retrieval capabilities to the WSO2 IoT Server.
>
> To achieve this I have implemented the following;
> 1) Added a separate DAO Table with a field with LONGBLOB data type
> for storing.
> 2) Added storage capabilities in the database for an image sent as
> a *File *in the form of a *BinaryStream*.
>
> As of now, I've written unit tests and the test images are getting
> stored successfully in the database.
>
> The problem lies in how to successfully retrieve the stored data.
> For this, I have come across 2 possible approaches.
> 1) *Retrieve as a File - *The notable downside I realized with
> this solution is that each time a new Image is retrieved, a new file 
> will
> be created. Therefore measures would have to be taken to persist new 
> files
> while purging older obsolete ones.
> 2) *Retrieve as BinaryStream - *Although this requires no
> persistent memory usage and the data will only be retrieved on call 
> and
> issues may come up when represent

Re: [Dev] [IAM] Access Token revocation in OAuthAdminService

[Maduranga Siriwardena]

On Wed, Jan 17, 2018 at 3:54 PM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:

> Hi,
>
> Please find the in line comments.
>
> On Wed, Jan 17, 2018 at 10:50 AM, Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi All,
>>
>> In the method [1] which is used to revoke access tokens by resource
>> owners, it iterates all ACTIVE or EXPIRED access tokens for the particular
>> client authorized by the user.
>>
>> // retrieve all ACTIVE or EXPIRED access tokens for particular client 
>> authorized by this user
>>
>>
>>
>> Set accessTokenDOs = OAuthTokenPersistenceFactory.g
>> etInstance()
>>
>> .getAccessTokenDAO().getAccessTokens(appDTO.getOauthConsumerKey(),
>>
>> user, userStoreDomain, true);
>> Inside the foreach the auth cache is cleared for the tokens one by one
>> which is fetched from the accessTokenDOs.
>>
>> for (AccessTokenDO accessTokenDO : accessTokenDOs) { ...
>>
>> OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());
>>
>>
>> // retrieve latest access token for particular client, user and scope
>> combination if its ACTIVE or EXPIRED
>> scopedToken = OAuthTokenPersistenceFactory.getInstance().
>> getAccessTokenDAO(). getLatestAccessToken(appDTO.getOauthConsumerKey(),
>> user, userStoreDomain, Auth2Util.buildScopeString(accessTokenDO.getScope()),
>> true);  //Revoking token from database
>> OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO()
>> .revokeAccessTokens(new String[]{scopedToken.getAccessToken()});
>>
>>
>> ...
>> }
>>
>> Then inside the for each it self it retrieves the latest access token for
>> the particular client, user and for the particular scope if the token is
>> ACTIVE or EXPIRED. This token is revoked from the db inside the for each.
>>
>> I have two questions here.
>>
>> 1. We clear the auth cache based on the access token which is fetched
>> from accessTokensDo  and revoke the scopedToken from the db which can be
>> different.
>>
>> 2. As there are multiple db calls are happening here can't we move the
>> logic of revoking token from db to out side of the for each as the DAO
>> method is supporting for batch operations.
>>
>
> No need to get all the access tokens to do cache clean up for the entries
> against consumer key + authorize user, which can be done as follows.
> *OAuthUtil.clearOAuthCache(appDTO.getOauthConsumerKey(), user);*
>
>
> Since we remove all the AccessTokenDO entries stored in cache, against all
> the access tokens as follows, I think we need to retrieve all ACTIVE or
> EXPIRED access tokens for particular client authorized by the user.
> *OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());*
>
>
> If there are multiple access tokens available in the database for
> particular client, user and scope combination, actually here we are not
> revoking the latest access token (ACTIVE or EXPIRED), but revoking multiple
> entries while iterating through all the access tokens. In order to revoke
> the latest access token for particular client, user and scope combination,
> we can use following approach.
>
>- Get the scopes for particular client authorized by the user
>- Iterate through the scopes and revoke the latest access token issued
>for client, user and scope combination using database batch operation
>- Remove the corresponding entries in cache for consumer key +
>authorize user + scope as follows.
>
> * OAuthUtil**.clearOAuthCache(appDTO.getOauthConsumerKey(), user,
> scope));*
>

We can revoke access tokens in the database directly without retrieving
them to the application side with a sql query.
If we can clean the cache without retrieving the access tokens from the
database, there is no need to retrieve the tokens to application side
anyway.

Thanks,

>
>
>
>>
>> Highly appreciate your feedback on this.
>>
>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/master/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth/
>> OAuthAdminService.java#L627
>>
>> Thanks.
>>
>> --
>>
>> Hasanthi Dissanayake
>>
>> Senior Software Engineer | WSO2
>>
>> E: hasan...@wso2.com
>> M :0718407133| http://wso2.com 
>>
>
>
>
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Emailindu...@wso2.com
> Mobile   0772182255
>



-- 
Maduranga Siriwardena
Senior Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: *https://madurangasiriwardena.wordpress.com/
*

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Logging in JavaScript used in conditional authentication

[Maduranga Siriwardena]

Hi Devs,

To support logging in the JavaScript used for conditional authentication
(mail thread [1] @ architecture@) we are trying to mimic the
"console.log()" in the JavaScripts.

To achieve this, we have added a binding for a apache commons log object
with key name "console" to nashorn engine. So this support logging with
below syntax withing the JavaScript.

console.log("some test")
console.debug("some test")
console.error("some test")

Above logs will be working as usual when used in Java classes (printed in
wso2carbon.log file and backend console).

Any suggestions?

[1] [Architecture] Conditional Authentication Support on WSO2 Identity
Server

Thanks,
-- 
Maduranga Siriwardena
Senior Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: *https://madurangasiriwardena.wordpress.com/
*

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV][puppet-apim] pre-packed IS as the KM throwing The service cannot be found for the endpoint reference (EPR)

[Pubudu Gunatilaka]

Hi Isuru,

Please create a github issue in [1] with your findings to track this. We
will fix this in the next release.

[1] - https://github.com/wso2/puppet-apim

Thank you!

On Wed, Jan 17, 2018 at 4:15 PM, Isuru Uyanage  wrote:

> I got the same issue when implementing [1].
>
> As I identified the reason for this issue is as below.
> We are downloading wso2is-prepacked-puppet-module-hieradata-5.3.0.zip
> 
>  and
> copying the hieradata folder. The default.yaml inside the folder contains
> following details.
>
> wso2::service_name: wso2is
> wso2::hostname: is.dev.wso2.org
> wso2::mgt_hostname: is.dev.wso2.org
> This profile is referred in /opt/deployment.conf file. The particular
> pattern's common.yaml file refers the hostname as km.dev.wso2.org.
> Therefore we need to change this to is.dev.wso2.org. Further, as per the
> READ.MD file, we can download the wso2is.5.3.0.zip from
> http://product-dist.wso2.com/downloads/api-manager/2.1.
> 0/identity-server/wso2is-5.3.0.zip.
>
>
> [1] - https://docs.wso2.com/display/AM210/Using+Puppet+
> Modules+to+Set+up+WSO2+API-M+with+Pattern+6#5edd67ca3ad54014b6e4e85999c775
> c8
>
>
> Thanks
> Isuru
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Fri, Nov 24, 2017 at 2:31 PM, Nuwan Silva  wrote:
>
>> Checked the /etc/hosts file and it seems to be pointing correctly. Im
>> using the latest wum packs.
>>
>> Cheers,
>> NuwanS.
>>
>> On Fri, Nov 24, 2017 at 1:14 PM, Samitha Chathuranga 
>> wrote:
>>
>>> Hi Nuwan,
>>>
>>> Probably there is a connection issue from store node to is-as-km node.
>>> Can you check whether the host mappings are correct in /etc/hosts file?
>>>
>>> Regards,
>>> Samitha
>>>
>>> On Fri, Nov 24, 2017 at 12:34 PM, Chalitha Waldeniyage <
>>> chali...@wso2.com> wrote:
>>>
 Hi Nuwan,

 I'm working on similar setup and this flow is working for me(using 22nd
 WUM pack). I'm suspecting your WUM updated pack is having some issue
 Can you please check on this.

 Thank you,
 Chalitha


 On Fri, Nov 24, 2017 at 12:21 PM, Nuwan Silva  wrote:

> Hi Team,
>
> While deploying the IS as the KM via puppet I used [1] with the
> pre-packaged IS that is updated through wum "wso2is-km-5.3.0.zip".
> Installation was successful and after deploying I tried to generate keys
> with the Default Application in the store. (please see below logs)
>
> I've notices this happens when the KM feature is not installed. but
> shouldnt the pre-packaged wum downloadable IS instance come with the
> feature installed?
>
> TID: [-1234] [] [2017-11-24 06:17:38,007] ERROR
> {org.apache.axis2.engine.AxisEngine} -  The service cannot be found
> for the endpoint reference (EPR) https://km.dev.wso2.org:9443/s
> ervices/APIKeyMgtSubscriberService
> org.apache.axis2.AxisFault: The service cannot be found for the
> endpoint reference (EPR) https://km.dev.wso2.org:9443/s
> ervices/APIKeyMgtSubscriberService
> at org.apache.axis2.engine.DispatchPhase.checkPostConditions(Di
> spatchPhase.java:78)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:329)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHT
> TPPostRequest(HTTPTransportUtils.java:173)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServl
> et.java:147)
> at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonS
> ervlet.java:231)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
> n.service(ServletRegistration.java:61)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
> ssAlias(ProxyServlet.java:128)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
> ce(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
> (DelegationServlet.java:68)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:303)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte
> r.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>

Re: [Dev] JSON payload being null inside script message context

[Thilini Shanika]

Hi Bhthiya,

We have changed the default json message builder and formatter as
org.apache.synapse.commons.json.JsonStreamBuilder/JsonStreamFormatter.

Further, we have included some fixes to default WorkflowCallbackService
proxy service config, in order to make the workflows work with this
builder/formatter
change.

https://github.com/wso2/product-apim/pull/2432/

Thanks



On Tue, Jan 16, 2018 at 1:16 PM, Bhathiya Jayasekara 
wrote:

> Thilini, shall we make this change soon, so that we find issues early if
> there are any?
>
> Thanks,
> Bhathiya
>
> On Tue, Jan 16, 2018 at 1:06 PM, Thilini Shanika 
> wrote:
>
>> Hi Isuru,
>>
>> We are already tracking this requirement in [1] and will be adding this
>> to APIM 2.2.0.
>>
>> [1] https://wso2.org/jira/browse/APIMANAGER-5529
>>
>> On Tue, Jan 16, 2018 at 12:45 PM, Isuru Haththotuwa 
>> wrote:
>>
>>> Previously there were a few issues with using JsonStreamBuilder and
>>> JsonStreamFormatter in APIM, hence by default APIM used JsonBuilder and
>>> JsonFormatter (up to the release 2.1.0). I think we can move to
>>> JsonStreamBuilder and JsonStreamFormatter in the 2.2.0 release.
>>>
>>> On Tue, Jan 9, 2018 at 8:59 PM, Sameera Gunarathne 
>>> wrote:
>>>
 Hi Milinda,

 I have tried the suggestion and that way I can access the message
 payload. I can see in the axis2.xml in apim 2.2.0 this configuration is
 commented and uses JsonBuilder instead.

 
 >>> class="org.apache.synapse.comm
 ons.json.JsonBuilder"/>
 

 Is there any specific reason to use JsonBuilder and what would be the
 impact of using JsonStreamBuilder?

 Thanks and Regards,

 On Tue, Jan 9, 2018 at 8:49 PM, Milinda Perera 
 wrote:

> Hi Sameera,
>
> Please add JsonStreamBuilder instead of JsonBuilder and try
>
>  class="org.wso2.carbon.integra
> tor.core.json.JsonStreamBuilder"/>
>
> Thanks,
> Milinda
>
> On Tue, Jan 9, 2018 at 8:44 PM, Sameera Gunarathne 
> wrote:
>
>> Hi,
>>
>> I'm using a script mediator to get JSON payload inside an API
>> sequence. I'm using a payload as follows.
>>
>> curl -X POST --header 'Content-Type: application/json' --header 'Accept: 
>> application/xml' --header 'Authorization: Bearer 
>> c4f97c6e-60fc-3c26-97ad-48b9c9fa4566' -d '{ \
>>"PhoneNumbers": ["123456789"] \
>>  }' 'https://10.100.7.133:8243/phoneVerify/1.0.0/checkPhoneNumbers
>>
>> I'm accessing the payload inside the script mediator as follows.
>>
>>  
>>  var payload = mc.getPayloadJSON();
>>  
>>
>> There I get following exception at the script mediator on the
>> json payload being null.
>>
>> [2018-01-09 20:37:55,454] ERROR - ScriptMessageContext JSON object is
>> null.
>> [2018-01-09 20:37:55,458] ERROR - ScriptMediator The script engine
>> returned an error executing the inlined js script function mediate
>>
>> but I have looked into the wirelogs and the json message comes to the
>> sequence.
>>
>> [2018-01-09 20:37:55,445] DEBUG - wire HTTPS-Listener I/O
>> dispatcher-6 >> "Accept-Language: en-US,en;q=0.9,nl;q=0.8[\r][\n]"
>> [2018-01-09 20:37:55,445] DEBUG - wire HTTPS-Listener I/O
>> dispatcher-6 >> "[\r][\n]"
>> [2018-01-09 20:37:55,445] DEBUG - wire HTTPS-Listener I/O
>> dispatcher-6 >> "{[\n]"
>> [2018-01-09 20:37:55,445] DEBUG - wire HTTPS-Listener I/O
>> dispatcher-6 >> "  *"PhoneNumbers": ["123456789"][\n]"*
>> [2018-01-09 20:37:55,445] DEBUG - wire HTTPS-Listener I/O
>> dispatcher-6 >> "}"
>>
>> What could be the reason for this? Any other suggestions to access
>> message context inside a script mediator.
>>
>> Thanks and Regards,
>> Sameera.
>> --
>> Sameera Gunarathne
>> Software Engineer, WSO2 Inc. http://wso2.com
>> 
>> Email: samee...@wso2.com
>> Mobile: +94714155561
>>
>
>
>
> --
> Milinda Perera
> Senior Software Engineer;
> WSO2 Inc. http://wso2.com ,
> Mobile: (+94) 714 115 032 <+94%2071%20411%205032>
>
>


 --
 Sameera Gunarathne
 Software Engineer, WSO2 Inc. http://wso2.com
 
 Email: samee...@wso2.com
 Mobile: +94714155561

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Thanks and Regards,
>>>
>>> Isuru H.
>>> +94 716 358 048 <+94%2071%20635%208048>* *
>>>
>>>
>>>
>>
>>
>> --
>> Thilini Shanika
>> Senior Software Engineer
>> WSO2, Inc.; http://wso2.com
>> 20, Palmgrove Avenue, Colombo 3
>>
>> E-mail: tgtshan...@gmail.com

Re: [Dev] [Architecture][IS 5.5.0] Conditional steps based on HTTP context

[Ruwan Abeykoon]

Hi Sathya,

We can enhance the DefaultRequestCoordinator itself, rather than extending
and creating new coordinator, as there is no functional change done by
adding the "request" and "response" to authentication context.

Cheers,
Ruwan

On Wed, Jan 17, 2018 at 10:40 AM, Sathya Bandara  wrote:

> Hi all,
>
> We are currently working on improving the conditional authentication
> support using JavaScript feature [1] to be able to handle authentication
> conditions based on HTTP context.
>
> Following is the approach taken to achieve this requirement.
>
> In order to store the HTTP request and response I have modified the
> default AuthenticationContext class to have additional state variables for
> the authentication request and response(current request and response).
> These variables are declared as transient such that they will not be used
> for the object state at serialization. Furthermore, an additional variable
> will be used to keep a reference to the initial authentication request
> (initialRequest). When the second request comes, we will only update the
> current request and response variables.
>
> The DefaultRequestCoordinator will be replaced with
> ConditionalRequestCoordinator. In ConditionalRequestCordinator, inside
> initializeFlow() method which gets called for the initial authentication
> request, we instantiate an AuthenticationContext object. To this object, I
> will set the current request, current response and initial request which is
> the same as current request for the initial case. From the second request
> for the ConditionalRequestCoordinator, only the current request and
> response will be updated.
>
> In addition to the changes in the authentication framework, I have
> implemented JavaScript wrapper classes for the HttpServletRequest and
> HttpServletResponse Java classes in order to provide access to the
> request/response state variables within JavaScript. Following are some
> examples.
>
> *Request headers (context.request.headers)*
>
> context.request.headers.Authorization - this will give the value of the
> Authorization header.
>
> *Request parameters (context.request.params)*
>
> context.request.params.redirect_uri - this will give the value of the
> request parameter redirect_uri
>
> *Cookies in request (context.request.cookies)*
>
> context.cookies.commonAuthId - this will create a JavaScript wrapper for
> the Cookie Java Class. We can access individual cookie attributes using
> this wrapper as follows.
>
> context.request.cookies.commonAuthId.domain
> context.request.cookies.commonAuthId.value
>
> In request, we can only query existing attributes (headers and request
> parameters). cannot add or modify existing values.
>
> Similar approach was used for the HttpServletResponse class as well.
> However in HttpServletResponse, we have the capability to add new headers
> to the response.
>
> *Adding headers to the response*
>
> In order to wrap the setHeader() in JavaScript, I used the following
> implementation.
>
> public class JsHeaders extends AbstractJSObject {
>
> private Map wrapped;
> private HttpServletResponse response;
>
> public JsHeaders(Map wrapped, HttpServletResponse response) {
>
> this.wrapped = wrapped;
> this.response = response;
> }
>
> @Override
> public void setMember(String name, Object value) {
>
> if (wrapped == null) {
> super.setMember(name, value);
> } else {
> wrapped.put(name, value);
> response.setHeader(name, (String) value); //replaces the value
> if the name exists.
> }
> }
> }
>
> Here, I keep the existing headers in a map. Whenever
> context.response.headers is called , an instance of the JsHeaders wrapper
> is returned which contains the header map and a reference to the response.
> Once a new header is added as in example 
> context.response.headers.Authorization
> = "sample_value", the setMember() function is called. It will add the
> header (header name and value) to the referenced response.
>
> e.g. context.response.headers["Content-Type"] = 'application/json'
>
>
> *Adding cookies to the response *
>
> Similarly, when adding a new cookie to the response, we will add a new
> header to the response with the header name 'set-cookie'. This is similar
> to the approach used in nodejs [2].
>
> response.headers["set-cookie"] or response.headers.set-cookie can be used.
>
> An example would be as follows.
>
> response.headers.["Set-Cookie"] = ['crsftoken=xssometokenx',
> 'language=javascript']
>
> Highly appreciate your thoughts and suggestions.
>
> [1] [Architecture] Conditional Authentication Support on WSO2 Identity
> Server
> [2] https://nodejs.org/api/http.html#http_response_setheader_name_value
> 
>
> Thanks,
> Sathya
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
___

[Dev] API Manager with Identity Server as Key Manager - IS secondary user store to connect to APIM Store

[Thomas LEGRAND]

Hello,

I configured the Identity Server (IS) to be the Key Manager of the API
Manager (APIM). In the IS, I configured a secondary user store where I will
have my users of my applications. But, I think I missed something because
when I want to generate a OAuth token for a user stored in this secondary
user store, I have an error:

My request:

curl -k -d
"grant_type=password&username=&password=" -H
"Authorization: Basic "   https://apim:8243/token

The response:

{"error_description":"Authentication failed for
@carbon.super","error":"invalid_grant"}.

In the application in the store of the APIM, "Password" is ticked so the
grant_type is right.
And I tried with the following pattern for the :
- 
- /
- \

Can you help me? How can I ensure that the APIM uses all of the user stores
from the IS.

Regards,

Thomas
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV][puppet-apim] pre-packed IS as the KM throwing The service cannot be found for the endpoint reference (EPR)

[Isuru Uyanage]

Hi Pubudu,

I have already reported following issues.

https://github.com/wso2/product-apim/issues/2337
https://github.com/wso2/product-apim/issues/2311
https://github.com/wso2/product-apim/issues/2333
https://github.com/wso2/product-apim/issues/2340
https://github.com/wso2/product-apim/issues/2341
https://github.com/wso2/product-apim/issues/2342
https://github.com/wso2/product-apim/issues/2346
https://github.com/wso2/product-apim/issues/2355
https://github.com/wso2/product-apim/issues/2357
https://github.com/wso2/product-apim/issues/2359
https://github.com/wso2/product-apim/issues/2360
https://github.com/wso2/product-apim/issues/2367
https://github.com/wso2/product-apim/issues/2368
https://github.com/wso2/product-apim/issues/2369
https://github.com/wso2/product-apim/issues/2373
https://github.com/wso2/product-apim/issues/2374
https://github.com/wso2/product-apim/issues/2450
https://github.com/wso2/product-apim/issues/2449
https://github.com/wso2/product-apim/issues/2442
https://github.com/wso2/product-apim/issues/2451
https://github.com/wso2/product-apim/issues/2452


Thanks
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Wed, Jan 17, 2018 at 5:53 PM, Pubudu Gunatilaka  wrote:

> Hi Isuru,
>
> Please create a github issue in [1] with your findings to track this. We
> will fix this in the next release.
>
> [1] - https://github.com/wso2/puppet-apim
>
> Thank you!
>
> On Wed, Jan 17, 2018 at 4:15 PM, Isuru Uyanage  wrote:
>
>> I got the same issue when implementing [1].
>>
>> As I identified the reason for this issue is as below.
>> We are downloading wso2is-prepacked-puppet-module-hieradata-5.3.0.zip
>> 
>>  and
>> copying the hieradata folder. The default.yaml inside the folder contains
>> following details.
>>
>> wso2::service_name: wso2is
>> wso2::hostname: is.dev.wso2.org
>> wso2::mgt_hostname: is.dev.wso2.org
>> This profile is referred in /opt/deployment.conf file. The particular
>> pattern's common.yaml file refers the hostname as km.dev.wso2.org.
>> Therefore we need to change this to is.dev.wso2.org. Further, as per the
>> READ.MD file, we can download the wso2is.5.3.0.zip from
>> http://product-dist.wso2.com/downloads/api-manager/2.1.
>> 0/identity-server/wso2is-5.3.0.zip.
>>
>>
>> [1] - https://docs.wso2.com/display/AM210/Using+Puppet+Modules+
>> to+Set+up+WSO2+API-M+with+Pattern+6#5edd67ca3ad54014b6e4e85999c775c8
>>
>>
>> Thanks
>> Isuru
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Fri, Nov 24, 2017 at 2:31 PM, Nuwan Silva  wrote:
>>
>>> Checked the /etc/hosts file and it seems to be pointing correctly. Im
>>> using the latest wum packs.
>>>
>>> Cheers,
>>> NuwanS.
>>>
>>> On Fri, Nov 24, 2017 at 1:14 PM, Samitha Chathuranga 
>>> wrote:
>>>
 Hi Nuwan,

 Probably there is a connection issue from store node to is-as-km node.
 Can you check whether the host mappings are correct in /etc/hosts file?

 Regards,
 Samitha

 On Fri, Nov 24, 2017 at 12:34 PM, Chalitha Waldeniyage <
 chali...@wso2.com> wrote:

> Hi Nuwan,
>
> I'm working on similar setup and this flow is working for me(using
> 22nd WUM pack). I'm suspecting your WUM updated pack is having some issue
> Can you please check on this.
>
> Thank you,
> Chalitha
>
>
> On Fri, Nov 24, 2017 at 12:21 PM, Nuwan Silva  wrote:
>
>> Hi Team,
>>
>> While deploying the IS as the KM via puppet I used [1] with the
>> pre-packaged IS that is updated through wum "wso2is-km-5.3.0.zip".
>> Installation was successful and after deploying I tried to generate keys
>> with the Default Application in the store. (please see below logs)
>>
>> I've notices this happens when the KM feature is not installed. but
>> shouldnt the pre-packaged wum downloadable IS instance come with the
>> feature installed?
>>
>> TID: [-1234] [] [2017-11-24 06:17:38,007] ERROR
>> {org.apache.axis2.engine.AxisEngine} -  The service cannot be found
>> for the endpoint reference (EPR) https://km.dev.wso2.org:9443/s
>> ervices/APIKeyMgtSubscriberService
>> org.apache.axis2.AxisFault: The service cannot be found for the
>> endpoint reference (EPR) https://km.dev.wso2.org:9443/s
>> ervices/APIKeyMgtSubscriberService
>> at org.apache.axis2.engine.DispatchPhase.checkPostConditions(Di
>> spatchPhase.java:78)
>> at org.apache.axis2.engine.Phase.invoke(Phase.java:329)
>> at org.apach

Re: [Dev] [DEV][puppet-apim] pre-packed IS as the KM throwing The service cannot be found for the endpoint reference (EPR)

[Isuru Uyanage]

I got the same issue when implementing [1].

As I identified the reason for this issue is as below.
We are downloading wso2is-prepacked-puppet-module-hieradata-5.3.0.zip

and
copying the hieradata folder. The default.yaml inside the folder contains
following details.

wso2::service_name: wso2is
wso2::hostname: is.dev.wso2.org
wso2::mgt_hostname: is.dev.wso2.org
This profile is referred in /opt/deployment.conf file. The particular
pattern's common.yaml file refers the hostname as km.dev.wso2.org.
Therefore we need to change this to is.dev.wso2.org. Further, as per the
READ.MD file, we can download the wso2is.5.3.0.zip from
http://product-dist.wso2.com/downloads/api-manager/2.1.0/identity-server/wso2is-5.3.0.zip
.


[1] -
https://docs.wso2.com/display/AM210/Using+Puppet+Modules+to+Set+up+WSO2+API-M+with+Pattern+6#5edd67ca3ad54014b6e4e85999c775c8


Thanks
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Fri, Nov 24, 2017 at 2:31 PM, Nuwan Silva  wrote:

> Checked the /etc/hosts file and it seems to be pointing correctly. Im
> using the latest wum packs.
>
> Cheers,
> NuwanS.
>
> On Fri, Nov 24, 2017 at 1:14 PM, Samitha Chathuranga 
> wrote:
>
>> Hi Nuwan,
>>
>> Probably there is a connection issue from store node to is-as-km node.
>> Can you check whether the host mappings are correct in /etc/hosts file?
>>
>> Regards,
>> Samitha
>>
>> On Fri, Nov 24, 2017 at 12:34 PM, Chalitha Waldeniyage > > wrote:
>>
>>> Hi Nuwan,
>>>
>>> I'm working on similar setup and this flow is working for me(using 22nd
>>> WUM pack). I'm suspecting your WUM updated pack is having some issue
>>> Can you please check on this.
>>>
>>> Thank you,
>>> Chalitha
>>>
>>>
>>> On Fri, Nov 24, 2017 at 12:21 PM, Nuwan Silva  wrote:
>>>
 Hi Team,

 While deploying the IS as the KM via puppet I used [1] with the
 pre-packaged IS that is updated through wum "wso2is-km-5.3.0.zip".
 Installation was successful and after deploying I tried to generate keys
 with the Default Application in the store. (please see below logs)

 I've notices this happens when the KM feature is not installed. but
 shouldnt the pre-packaged wum downloadable IS instance come with the
 feature installed?

 TID: [-1234] [] [2017-11-24 06:17:38,007] ERROR
 {org.apache.axis2.engine.AxisEngine} -  The service cannot be found
 for the endpoint reference (EPR) https://km.dev.wso2.org:9443/s
 ervices/APIKeyMgtSubscriberService
 org.apache.axis2.AxisFault: The service cannot be found for the
 endpoint reference (EPR) https://km.dev.wso2.org:9443/s
 ervices/APIKeyMgtSubscriberService
 at org.apache.axis2.engine.DispatchPhase.checkPostConditions(Di
 spatchPhase.java:78)
 at org.apache.axis2.engine.Phase.invoke(Phase.java:329)
 at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
 at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
 at org.apache.axis2.transport.http.HTTPTransportUtils.processHT
 TPPostRequest(HTTPTransportUtils.java:173)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServl
 et.java:147)
 at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonS
 ervlet.java:231)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
 n.service(ServletRegistration.java:61)
 at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
 ssAlias(ProxyServlet.java:128)
 at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
 ce(ProxyServlet.java:68)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
 (DelegationServlet.java:68)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
 lter(ApplicationFilterChain.java:303)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
 licationFilterChain.java:208)
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte
 r.java:52)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
 lter(ApplicationFilterChain.java:241)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
 licationFilterChain.java:208)
 at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte
 r(HttpHeaderSecurityFilter.java:124)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
 lter(ApplicationFilterChain.java:241)
 at org.apach

Re: [Dev] WSO2 Oxygen Tank > Manage endpoint text responses from proxy (Unexpected character 'some_character' code 45 in prolog expected '<')

[Marcos Tarín Esteve]

For facilitating a simple solution. I suggest only to send to client the SOAP 
part of response:


http://schemas.xmlsoap.org/soap/envelope/"; xmlns: ns1 = 
"https://.es//ws/ws_/1.0/infoEnvi";>


 xa3x2x8xx7 




And remove file’s information:

--urn: uuid: ax7xx36-98xx9-4ex1-bxxc-ax1x8bxc
Content-Type: text / xml; charset = utf-8
Content-Transfer-Encoding: 8bit
Content-ID: 

--urn: uuid: a07xxx6-9xxx9-4xxa1-xx9c-a91dxxbcc
Content-Type: application / octet-stream; charset = utf-8
Content-Transfer-Encoding: binary
Content-ID: 
http://xx.x.x.xxx/Texto_de_prueba.txt
--urn: uuid: a07xxx6-9xxx9-4ea1-bxxc-a9xxx0c8bcc-


Would it be possible?

thanks
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IAM] Access Token revocation in OAuthAdminService

[Hasanthi Purnima Dissanayake]

Hi All,

In the method [1] which is used to revoke access tokens by resource owners,
it iterates all ACTIVE or EXPIRED access tokens for the particular client
authorized by the user.

// retrieve all ACTIVE or EXPIRED access tokens for particular client
authorized by this user


Set accessTokenDOs = OAuthTokenPersistenceFactory.
getInstance()
.getAccessTokenDAO().getAccessTokens(appDTO.getOauthConsumerKey(),
user, userStoreDomain, true);
Inside the foreach the auth cache is cleared for the tokens one by one
which is fetched from the accessTokenDOs.

for (AccessTokenDO accessTokenDO : accessTokenDOs) { ...
OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());


// retrieve latest access token for particular client, user and scope
combination if its ACTIVE or EXPIRED
scopedToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().
getLatestAccessToken(appDTO.getOauthConsumerKey(), user, userStoreDomain,
Auth2Util.buildScopeString(accessTokenDO.getScope()), true);  //Revoking
token from database
OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO()
.revokeAccessTokens(new String[]{scopedToken.getAccessToken()});

...
}

Then inside the for each it self it retrieves the latest access token for
the particular client, user and for the particular scope if the token is
ACTIVE or EXPIRED. This token is revoked from the db inside the for each.

I have two questions here.

1. We clear the auth cache based on the access token which is fetched from
accessTokensDo  and revoke the scopedToken from the db which can be
different.

2. As there are multiple db calls are happening here can't we move the
logic of revoking token from db to out side of the for each as the DAO
method is supporting for batch operations.

Highly appreciate your feedback on this.

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminService.java#L627

Thanks.

-- 

Hasanthi Dissanayake

Senior Software Engineer | WSO2

E: hasan...@wso2.com
M :0718407133| http://wso2.com 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Logging in JavaScript used in conditional authentication

[Thusitha Kalugamage]

Hi Maduranga,

I'm not sure whether we can have a 1 to 1 mapping between Apache commons
logging and all the methods available for console object or not. But
wouldn't it be confusing for the user to support a limited set of methods?
IMHO, We should at least state somewhere in the ui about the supported and
non-supported methods in conditional authentication context.

For instance, some dev might find console.info() [1] as their most used
logging method and will lead to bad scripting experience. What are your
thoughts on this?

[1] https://developer.mozilla.org/en-US/docs/Web/API/Console/info


Regards,

On Wed, Jan 17, 2018 at 11:34 AM, Maduranga Siriwardena 
wrote:

> Hi Devs,
>
> To support logging in the JavaScript used for conditional authentication
> (mail thread [1] @ architecture@) we are trying to mimic the
> "console.log()" in the JavaScripts.
>
> To achieve this, we have added a binding for a apache commons log object
> with key name "console" to nashorn engine. So this support logging with
> below syntax withing the JavaScript.
>
> console.log("some test")
> console.debug("some test")
> console.error("some test")
>
> Above logs will be working as usual when used in Java classes (printed in
> wso2carbon.log file and backend console).
>
> Any suggestions?
>
> [1] [Architecture] Conditional Authentication Support on WSO2 Identity
> Server
>
> Thanks,
> --
> Maduranga Siriwardena
> Senior Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591 <+94%2071%20899%200591>
> Blog: *https://madurangasiriwardena.wordpress.com/
> *
> 
>



-- 
Thusitha Kalugamage
*Software Engineer*
Mobile : +94 (0) 774 074370
Tel   : +94 (0) 112 145 345
thusi...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Select Error Codes section does not work properly when configuring an EndPoint

[Manuri Amaya Perera]

Hi Malaka,

Can't we avoid calling htmlEncode method since the passed content is
already html and hard-coded as well?

Thanks,
Manuri

On Wed, Jan 17, 2018 at 10:14 AM, Malaka Gangananda 
wrote:

> Select Error Codes section does not work properly when configuring advance
> properties of end points.
> When Select Error Codes section is selected while trying to configure
> suspend or timeout error codes in Address Endpoints it just pop up a html
> code rather than showing the actual error codes as shown in below.
>
>
> ​
>
>
>
>
>
> Reason behind this is in endpoint-utils.js code it uses
> the CARBON.showPopupDialog method, and it passes the html code which needs
> to create the pop up menu into this method.
> But in showPopupDialog method it uses the htmlEncode method and convert
> the html content into text and put within a newly created html section.
> So the popup menu shown as text as mentioned above.
> CARBON.showPopupDialog  method has been used to edit inline throttle
> policy as well and that section also shows this error.
> So how to proceed with this ?
>
> Thanks,
> --
> Malaka.
> --
> Malaka Gangananda - Software Engineer | WSO2
> Email : mala...@wso2.com
> Mobile : +94713564340 <+94%2071%20356%204340>
> Web : http://wso2.com
>   
>



-- 

*Manuri Amaya Perera*

*Senior Software Engineer*

*WSO2 Inc.*

*Blog: http://manuriamayaperera.blogspot.com
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Using user association during the federated authentication scenario

[Prakhash Sivakumar]

Hi all,

I'm using the mobile connect as a federated authenticator with WSO2
Identity Server. I'm trying to authenticate using a mobile number which is
corresponding to a user already in the user store.

When I get authenticated through the federation, I get a subject identifier
with *random strings*(it won't change for a particular user)

As per my use case, I want to send the username from the user store to the
application once I got authenticated instead of the subject identifier I
receive.

As the subject identifier is known, I tried to use the user association[1].

I logged in to the particular user account and added an *Associate
Federated User ID* by selecting the Account Type as *Federated, *and
for the User Name value I added the random string

After doing this, I'm still seeing that the random string is being sent to
the application instead of the username

I'm I missing anything here?

[1] https://docs.wso2.com/display/IS530/Associating+User+Accounts

Thanks,
Prakhash
-- 
Prakhash Sivakumar
Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080
Blog : https://medium.com/@PrakhashS
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Using user association during the federated authentication scenario

[Prakhash Sivakumar]

Hi Omindu,

On Thu, Jan 18, 2018 at 12:36 AM, Omindu Rathnaweera 
wrote:

> Hi Prakhash,
>
> In the SPs 'Local & Outbound Authentication Configuration', have you
> enabled 'Assert identity using mapped local subject identifier' ?
>

I missed it :(

 It works now. Thanks for the quick reply.

Regards,
Prakhash



> Regards,
> Omindu.
>
>
>
> On Thu, Jan 18, 2018 at 12:33 AM, Prakhash Sivakumar 
> wrote:
>
>>
>> Hi all,
>>
>> I'm using the mobile connect as a federated authenticator with WSO2
>> Identity Server. I'm trying to authenticate using a mobile number which is
>> corresponding to a user already in the user store.
>>
>> When I get authenticated through the federation, I get a subject
>> identifier with *random strings*(it won't change for a particular user)
>>
>> As per my use case, I want to send the username from the user store to
>> the application once I got authenticated instead of the subject identifier
>> I receive.
>>
>> As the subject identifier is known, I tried to use the user
>> association[1].
>>
>> I logged in to the particular user account and added an *Associate
>> Federated User ID* by selecting the Account Type as *Federated, *and
>> for the User Name value I added the random string
>>
>> After doing this, I'm still seeing that the random string is being sent
>> to the application instead of the username
>>
>> I'm I missing anything here?
>>
>> [1] https://docs.wso2.com/display/IS530/Associating+User+Accounts
>>
>> Thanks,
>> Prakhash
>> --
>> Prakhash Sivakumar
>> Software Engineer | WSO2 Inc
>> Platform Security Team
>> Mobile : +94771510080 <+94%2077%20151%200080>
>> Blog : https://medium.com/@PrakhashS
>>
>
>
>
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>



-- 
Prakhash Sivakumar
Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080
Blog : https://medium.com/@PrakhashS
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Using user association during the federated authentication scenario

[Omindu Rathnaweera]

Hi Prakhash,

In the SPs 'Local & Outbound Authentication Configuration', have you
enabled 'Assert identity using mapped local subject identifier' ?

Regards,
Omindu.



On Thu, Jan 18, 2018 at 12:33 AM, Prakhash Sivakumar 
wrote:

>
> Hi all,
>
> I'm using the mobile connect as a federated authenticator with WSO2
> Identity Server. I'm trying to authenticate using a mobile number which is
> corresponding to a user already in the user store.
>
> When I get authenticated through the federation, I get a subject
> identifier with *random strings*(it won't change for a particular user)
>
> As per my use case, I want to send the username from the user store to the
> application once I got authenticated instead of the subject identifier I
> receive.
>
> As the subject identifier is known, I tried to use the user
> association[1].
>
> I logged in to the particular user account and added an *Associate
> Federated User ID* by selecting the Account Type as *Federated, *and
> for the User Name value I added the random string
>
> After doing this, I'm still seeing that the random string is being sent to
> the application instead of the username
>
> I'm I missing anything here?
>
> [1] https://docs.wso2.com/display/IS530/Associating+User+Accounts
>
> Thanks,
> Prakhash
> --
> Prakhash Sivakumar
> Software Engineer | WSO2 Inc
> Platform Security Team
> Mobile : +94771510080 <+94%2077%20151%200080>
> Blog : https://medium.com/@PrakhashS
>



-- 
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Manager with Identity Server as Key Manager - IS secondary user store to connect to APIM Store

[Sathya Bandara]

Hi Thomas,

Can you try with the following curl command.

curl -v -X POST --basic -u : -H
"Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d
"grant_type=password&username=/sathya1@carbon.super&password=admin"
 https://localhost:8243/token

[1] https://docs.wso2.com/display/AM210/Password+Grant

On Wed, Jan 17, 2018 at 7:11 PM, Thomas LEGRAND <
thomas.legr...@versusmind.eu> wrote:

> Hello,
>
> I configured the Identity Server (IS) to be the Key Manager of the API
> Manager (APIM). In the IS, I configured a secondary user store where I will
> have my users of my applications. But, I think I missed something because
> when I want to generate a OAuth token for a user stored in this secondary
> user store, I have an error:
>
> My request:
>
> curl -k -d "grant_type=password&username=&password="
> -H "Authorization: Basic "
> https://apim:8243/token
>
> The response:
>
> {"error_description":"Authentication failed for @carbon.super","
> error":"invalid_grant"}.
>
> In the application in the store of the APIM, "Password" is ticked so the
> grant_type is right.
> And I tried with the following pattern for the :
> - 
> - /
> - \
>
> Can you help me? How can I ensure that the APIM uses all of the user
> stores from the IS.
>
> Regards,
>
> Thomas
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Manager with Identity Server as Key Manager - IS secondary user store to connect to APIM Store

[Godwin Shrimal]

Hi Sathya,

Ideally, user should get authenticated even you send without user store
domain. right?


Thanks
Godwin


On Thu, Jan 18, 2018 at 1:15 PM, Sathya Bandara  wrote:

> Hi Thomas,
>
> Can you try with the following curl command.
>
> curl -v -X POST --basic -u : -H
> "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d
> "grant_type=password&username=/sathya1@carbon.super&password=admin"
>  https://localhost:8243/token
>
> [1] https://docs.wso2.com/display/AM210/Password+Grant
>
> On Wed, Jan 17, 2018 at 7:11 PM, Thomas LEGRAND <
> thomas.legr...@versusmind.eu> wrote:
>
>> Hello,
>>
>> I configured the Identity Server (IS) to be the Key Manager of the API
>> Manager (APIM). In the IS, I configured a secondary user store where I will
>> have my users of my applications. But, I think I missed something because
>> when I want to generate a OAuth token for a user stored in this secondary
>> user store, I have an error:
>>
>> My request:
>>
>> curl -k -d "grant_type=password&username=&password="
>> -H "Authorization: Basic "
>> https://apim:8243/token
>>
>> The response:
>>
>> {"error_description":"Authentication failed for
>> @carbon.super","error":"invalid_grant"}.
>>
>> In the application in the store of the APIM, "Password" is ticked so the
>> grant_type is right.
>> And I tried with the following pattern for the :
>> - 
>> - /
>> - \
>>
>> Can you help me? How can I ensure that the APIM uses all of the user
>> stores from the IS.
>>
>> Regards,
>>
>> Thomas
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enrich mediator inside for-each not working properly. Please guide

[vikram nayak]

Hi,
Please let me know if I am not clear or any more input is required from my side.
Thanks. 

On Wednesday, 17 January 2018 10:00 AM, vikram nayak 
 wrote:
 

 Hi,
Apologies I am raising the same issue again but this time with improved subject 
and content.Please consider what I have tried so far and Please Guide.
I have to add(suffix) a random number, to the values present in below tags in 
input request xml. 1) _JsonReader_PS_id2) _JsonReader_PS_ref
Input xml, Current Output xml,  Expected Output xml are attached.
After executing the sequences  attached in mail (UpdatingIds.xml, 
Sequence.xml), I expected that the value at line 63 in 
foreach_currentOutput.xml would be modified .
 <_JsonReader_PS_ref>1
It should have got modified to 
 <_JsonReader_PS_ref>16869
Similarly the value at line 27 , should not have been modified.
I also tried modifying other ids, by calling Sequence.xml from inside "For-each 
in Sequence.xml" if xpath=//Children/Children exists . But that also lead to 
many other wrong updations
Thanks


   ___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Logging in JavaScript used in conditional authentication

[Maduranga Siriwardena]

Hi Devs,

Thanks for the inputs.

We already have added "Log" object which have Java like logging options.
Considering the ideas, we will revert back to this "Log" object instead of
introducing a "console" object.

Thanks,
Maduranga

On Thu, Jan 18, 2018 at 9:55 AM, SajithAR Ariyarathna 
wrote:

>
>
> On Wed, Jan 17, 2018 at 10:38 PM, Thusitha Kalugamage 
> wrote:
>
>> Hi Maduranga,
>>
>> I'm not sure whether we can have a 1 to 1 mapping between Apache commons
>> logging and all the methods available for console object or not. But
>> wouldn't it be confusing for the user to support a limited set of methods?
>> IMHO, We should at least state somewhere in the ui about the supported
>> and non-supported methods in conditional authentication context.
>>
>> For instance, some dev might find console.info() [1] as their most used
>> logging method and will lead to bad scripting experience. What are your
>> thoughts on this?
>>
>> [1] https://developer.mozilla.org/en-US/docs/Web/API/Console/info
>>
>>
>> Regards,
>>
>> On Wed, Jan 17, 2018 at 11:34 AM, Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>> Hi Devs,
>>>
>>> To support logging in the JavaScript used for conditional
>>> authentication (mail thread [1] @ architecture@) we are trying to mimic
>>> the "console.log()" in the JavaScripts.
>>>
>>> To achieve this, we have added a binding for a apache commons log object
>>> with key name "console" to nashorn engine. So this support logging with
>>> below syntax withing the JavaScript.
>>>
>>> console.log("some test")
>>> console.debug("some test")
>>> console.error("some test")
>>>
>> -1, Let me explain why.
>
> 1.  Availability of console.log() leads to developers to assume that
> other functions on the console object [1] are also available (e.g.
> colsole.time() ), which is not the case as we are only implementing above
> 3 functions.
> 2. Availability of the console object suggests that other Web APIs [2]
> are also available (e.g. Document), which is a false assumption.
>
> Instead, we can introduce Log or Logger object which will have info, debug,
> error (even trace) functions.
>
> [1] https://developer.mozilla.org/en-US/docs/Web/API/Console
> [2] https://developer.mozilla.org/en-US/docs/Web/API
>
> Thanks.
>
>>
>>> Above logs will be working as usual when used in Java classes (printed
>>> in wso2carbon.log file and backend console).
>>>
>>> Any suggestions?
>>>
>>> [1] [Architecture] Conditional Authentication Support on WSO2 Identity
>>> Server
>>>
>>> Thanks,
>>> --
>>> Maduranga Siriwardena
>>> Senior Software Engineer
>>> WSO2 Inc; http://wso2.com/
>>>
>>> Email: madura...@wso2.com
>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>> Blog: *https://madurangasiriwardena.wordpress.com/
>>> *
>>> 
>>>
>>
>>
>>
>> --
>> Thusitha Kalugamage
>> *Software Engineer*
>> Mobile : +94 (0) 774 074370
>> Tel   : +94 (0) 112 145 345
>> thusi...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sajith Janaprasad Ariyarathna
> Senior Software Engineer; WSO2, Inc.;  http://wso2.com/
> 
>



-- 
Maduranga Siriwardena
Senior Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: *https://madurangasiriwardena.wordpress.com/
*

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Manager with Identity Server as Key Manager - IS secondary user store to connect to APIM Store

[Sathya Bandara]

Hi,

On Thu, Jan 18, 2018 at 12:20 PM, Godwin Shrimal  wrote:

> Hi Sathya,
>
> Ideally, user should get authenticated even you send without user store
> domain. right?
>

Yes. user gets authenticated without the user store domain. If the user is
in super tenant domain(carbon.super), we can discard the tenant domain as
well.

>
>
> Thanks
> Godwin
>
>
> On Thu, Jan 18, 2018 at 1:15 PM, Sathya Bandara  wrote:
>
>> Hi Thomas,
>>
>> Can you try with the following curl command.
>>
>> curl -v -X POST --basic -u : -H
>> "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d
>> "grant_type=password&username=/sathya1@carbon.super&password=admin"
>>  https://localhost:8243/token
>>
>> [1] https://docs.wso2.com/display/AM210/Password+Grant
>>
>> On Wed, Jan 17, 2018 at 7:11 PM, Thomas LEGRAND <
>> thomas.legr...@versusmind.eu> wrote:
>>
>>> Hello,
>>>
>>> I configured the Identity Server (IS) to be the Key Manager of the API
>>> Manager (APIM). In the IS, I configured a secondary user store where I will
>>> have my users of my applications. But, I think I missed something because
>>> when I want to generate a OAuth token for a user stored in this secondary
>>> user store, I have an error:
>>>
>>> My request:
>>>
>>> curl -k -d "grant_type=password&username=&password="
>>> -H "Authorization: Basic "
>>> https://apim:8243/token
>>>
>>> The response:
>>>
>>> {"error_description":"Authentication failed for
>>> @carbon.super","error":"invalid_grant"}.
>>>
>>> In the application in the store of the APIM, "Password" is ticked so the
>>> grant_type is right.
>>> And I tried with the following pattern for the :
>>> - 
>>> - /
>>> - \
>>>
>>> Can you help me? How can I ensure that the APIM uses all of the user
>>> stores from the IS.
>>>
>>> Regards,
>>>
>>> Thomas
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Manager with Identity Server as Key Manager - IS secondary user store to connect to APIM Store

[Godwin Shrimal]

Yes, So Thomas's issue should be something different since he has used
correct format of a request(Without using user store domain).

@Thomas: Can you login to IS Management console and check secondary user
store's users are listing under Users & Roles->List-> Users?

Thanks
Godwin

On Thu, Jan 18, 2018 at 2:05 PM, Sathya Bandara  wrote:

> Hi,
>
> On Thu, Jan 18, 2018 at 12:20 PM, Godwin Shrimal  wrote:
>
>> Hi Sathya,
>>
>> Ideally, user should get authenticated even you send without user store
>> domain. right?
>>
>
> Yes. user gets authenticated without the user store domain. If the user is
> in super tenant domain(carbon.super), we can discard the tenant domain as
> well.
>
>>
>>
>> Thanks
>> Godwin
>>
>>
>> On Thu, Jan 18, 2018 at 1:15 PM, Sathya Bandara  wrote:
>>
>>> Hi Thomas,
>>>
>>> Can you try with the following curl command.
>>>
>>> curl -v -X POST --basic -u : -H
>>> "Content-Type:application/x-www-form-urlencoded;charset=UTF-8" -k -d
>>> "grant_type=password&username=/sathya1@carbon.super&password=admin"
>>>  https://localhost:8243/token
>>>
>>> [1] https://docs.wso2.com/display/AM210/Password+Grant
>>>
>>> On Wed, Jan 17, 2018 at 7:11 PM, Thomas LEGRAND <
>>> thomas.legr...@versusmind.eu> wrote:
>>>
 Hello,

 I configured the Identity Server (IS) to be the Key Manager of the API
 Manager (APIM). In the IS, I configured a secondary user store where I will
 have my users of my applications. But, I think I missed something because
 when I want to generate a OAuth token for a user stored in this secondary
 user store, I have an error:

 My request:

 curl -k -d "grant_type=password&username=&password="
 -H "Authorization: Basic "
 https://apim:8243/token

 The response:

 {"error_description":"Authentication failed for
 @carbon.super","error":"invalid_grant"}.

 In the application in the store of the APIM, "Password" is ticked so
 the grant_type is right.
 And I tried with the following pattern for the :
 - 
 - /
 - \

 Can you help me? How can I ensure that the APIM uses all of the user
 stores from the IS.

 Regards,

 Thomas

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Sathya Bandara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com
>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>
>>> <+94%2071%20411%205032>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> Sathya Bandara
> Software Engineer
> WSO2 Inc. http://wso2.com
> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>
> <+94%2071%20411%205032>
>



-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [DEV][IoT] Device view has inconsistent values for storage

[Inosh Perera]

Hi all,

Currently, in iOS and Android device views, the values displayed seems to
be inconsistent and wrong(Refer images). What would be the most
understandable format here,
option 1 - Available space / Total space
option 2 - Total usage space / Total space

*Android*




*iOS*


​
​Regards,
Inosh

-- 
Inosh Perera
Senior Software Engineer, WSO2 Inc.
Tel: 077813 7285, 0785293686
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev