[Dev] Mapping a local claim URI to multiple external claim URIs

[Madawa Soysa]

Hi All,

$subject is not allowed when creating an external claim from the UI.
However, it is possible to map the same claim URI to multiple external
claims by adding the claim entry to claim-config.xml

Have we restricted this from the UI due to a specific reason? What is the
correct method to achieve $subject.

Regards,
Madawa
-- 

Madawa Soysa / Software Engineer
mada...@wso2.com / +94714616050

*WSO2 Inc.*
lean.enterprise.middleware

  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Add support to map SCIM claims to WSO2 Identity Claims in Identity Server

[Sathya Bandara]

Hi,

Currently in Identity Server when the local mapped claims of SCIM claims
are WSO2 identity claims, those claims are not getting updated in SCIM
related operations.

In IdentityStoreEventListener, most of the user related operations are
intercepted such that identity claims can be handled separately. It
validates the claim URI to be of the type of an identity claim URI before
storing the claims in IdentityDataStore [2].

In the claim maps we pass to the user-store manager from SCIM operations,
the claim URIs belong to the SCIM claim dialect [1]. When the claim URI is
of SCIM dialect, it will get skipped from IdentityStoreEventListener
validations. Hence we cannot map SCIM claims to identity claims internally.
As a solution to this, before passing the claim values to user-store
manager for user related operations (e.g. add user, update user) we can
convert the claims URIs to the mapped claims in local dialect.

In SCIM PUT operation, we delete each user claim separately before updating
user claim values [3]. However  intercepting delete user claim values (
doPreDeleteUserClaimValue
/doPostDeleteUserClaimValue) are not supported in
IdentityStoreEventListener currently. Therefore it is not possible to
update Identity claims via SCIM PUT operation.

As possible solutions to this issue we have following two options.


   1. Implement doPreDeleteUserClaimValue/doPostDeleteUserClaimValue
   methods in IdentityStoreEventListener.
   2. Skip Identity Claims when deleting existing claims before setting the
   new claims in SCIM PUT operation as the doPreSetUserClaimValues() in
   IdentityStoreEventListener will replace the existing claims with the new
   claims.


Appreciate your suggestions on this.


[1]
https://github.com/wso2-extensions/identity-inbound-provisioning-scim/blob/master/components/org.wso2.carbon.identity.scim.provider/src/main/java/org/wso2/carbon/identity/scim/provider/impl/SCIMUserManager.java#L191

[2]
https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/listener/IdentityStoreEventListener.java#L107

[3]
https://github.com/wso2-extensions/identity-inbound-provisioning-scim/blob/master/components/org.wso2.carbon.identity.scim.provider/src/main/java/org/wso2/carbon/identity/scim/provider/impl/SCIMUserManager.java#L510

[4]
https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/listener/IdentityStoreEventListener.java#L203

Thanks.
Sathya

-- 
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>

<+94%2071%20411%205032>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Identity Server 5.5.0 Released!

[Sathya Bandara]

WSO2 Identity Server 5.5.0 Released!

The WSO2 Identity Server team is pleased to announce the release of WSO2
Identity Server version 5.5.0.

WSO2 Identity Server is an open source identity and access management
server. It supports a wide array of authentication protocols such as SAML
2.0 Web SSO, OAuth 2.0/1.0a, OpenID Connect, and WS-Federation Passive. It
supports role based authorization and fine grained authorization with XACML
2.0/3.0 while inbound/outbound provisioning is supported through SCIM and
SPML.

WSO2 Identity Server is developed on top of the revolutionary WSO2 Carbon
platform, an OSGi based framework that provides seamless modularity to your
SOA solution via componentization.


All the major features have been developed as pluggable Carbon components.

You can download this distribution from
https://wso2.com/identity-and-access-management/install

Online documentation is available at
http://docs.wso2.org/wiki/display/IS550/WSO2+Identity+Server+Documentation.
How to Run

1. Extract the downloaded zip

2. Go to the bin directory in the extracted folder

3. Run the wso2server.sh or wso2server.bat files as appropriate

4. If you need to start the OSGi console with the server, use the property
-DosgiConsole when starting the server.
New Features in this Release

WSO2 Identity Server version 5.5.0 is part of WSO2’s Spring 2018 Release

which includes new features and updates across all products, solutions, and
services, that together empower organizations to rapidly comply with GDPR
.

The following includes major GDPR related features provided in WSO2 IS 5.5.0


   -

   Privacy Tool Kit - Supports removing references to a deleted user's
   identity as and when required.
   -

   Personal Information Export Capability - End users can retrieve personal
   information stored in WSO2 Identity Server.
   -

   Request Object Support - Ability to send authentication request
   parameters in a self-contained JWT.
   -

   User Consent for Single-Sign-On - Provides users with choice and control
   over sharing their personal data.
   -

   User Consent for Self Sign Up - Capability to provide consent during
   user self registration.
   -

   Consent  Management API - Manage user consents for collecting and
   sharing user's personal information.
   -

   Consent Purposes Management - An interactive UI to manage consent
   purposes/PII categories.
   -

   Private Key JWT Client Authentication - Facilitating OAuth2 client
   authentication using a signed JWT.


This release includes functional improvements and fixes to the product. The
complete list of improvements and bug fixes available with the release can
be found at the following locations:


   -

   5.5.0-RC2 fixes
   

   -

   5.5.0-RC1 fixes
   

   -

   5.5.0-Beta fixes
   

   -

   5.5.0-Alpha3 fixes
   

   -

   5.5.0-Alpha2 fixes
   

   -

   5.5.0-Alpha fixes
   

   -

   5.5.0-M4 fixes
   

   -

   5.5.0-M3 fixes
   

   -

   5.5.0-M2 fixes
   

   -

   5.5.0-M1 fixes
   


Known Issues

All the open issues pertaining to WSO2 Identity Server are reported at the
following locations:

IS Runtime 

IS Analytics 
How You Can ContributeMailing Lists

Join our mailing list and correspond with the developers directly.

Developer list: dev@wso2.org | Subscribe | Mail Archive


User forum: StackOverflow 
Reporting Issues

We encourage you to report issues, documentation faults, and feature
requests regarding WSO2 Identity Server or in the Carbon base framework
through the public WSO2 Identity Server JIRA.
Support

We are committed to ensure your enterprise middleware deployment is
completely supported from evaluation to production through a WSO2
Subscription. Our unique approach ensures that all support leverages our
open development methodology and is provided by the very same engineers who
build the technology. For more d

Re: [Dev] Mapping a local claim URI to multiple external claim URIs

[Maduranga Siriwardena]

Hi Madawa,

This should be restricted from UI, admin service and claim-config.xml file.
If you can do this from file, please create a git issue to track the issue.

Can you please explain the use case behind mapping a local claim URI to
multiple external claim URIs.

Thanks,
Maduranga.

On Wed, Apr 11, 2018 at 2:25 PM, Madawa Soysa  wrote:

> Hi All,
>
> $subject is not allowed when creating an external claim from the UI.
> However, it is possible to map the same claim URI to multiple external
> claims by adding the claim entry to claim-config.xml
>
> Have we restricted this from the UI due to a specific reason? What is the
> correct method to achieve $subject.
>
> Regards,
> Madawa
> --
>
> Madawa Soysa / Software Engineer
> mada...@wso2.com / +94714616050
>
> *WSO2 Inc.*
> lean.enterprise.middleware
>
>   
>
>
>
>


-- 
Maduranga Siriwardena
Senior Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: *https://madurangasiriwardena.wordpress.com/
*

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Stream Processor 4.1.0 Released !

[Chiran Fernando]

*WSO2 Stream Processor 4.1.0 Released!WSO2 Stream Processor team is pleased
to announce the release of version 4.1.0 of the WSO2 Stream Processor.WSO2
Stream Processor is an open source embodiment of the WSO2 Analytics
platform, of which the real-time, incremental & intelligent data processing
capabilities let digital businesses create actionable business insights and
data products.You can download this distribution from
https://wso2.com/analytics/install
Online documentation is available at
https://docs.wso2.com/display/SP410/Stream+Processor+Documentation
.How to
Run1. Extract the downloaded zip. 2. Navigate to the /bin
directory ( is the extracted directory).3. Issue one of the
following commands to start the WSO2 Stream Processor Studio. - For
Windows: editor.bat- For Linux: ./editor.shBy default, the OSGi console
starts with the server.New Features in this Release 1. WSO2 Stream
Processor version 4.1.0 is part of WSO2’s Spring 2018 Release

which includes new features and updates across all products, solutions, and
services, that together empower organizations to rapidly comply with GDPR.
Following includes major GDPR related features provided in WSO2 SP 4.1.0. -
Privacy Tool Kit - Removing personally identifiable information and
references to deleted user identities as and when required.- Privacy policy
reference to describe how WSO2 SP 4.1.0 captures your personal information,
the purposes of collecting that information, and details about the
retention of your personal information.- Cookie Policy reference to
describe how WSO2 SP 4.1.0 uses cookies so that it can provide the best
user experience for you, and identify you for security purposes. 1.
Siddhi-store-cassandra extension to persist events to a Cassandra instance
of the users choice.2. Stream Processor Design View to visualize the event
flow in WSO2 SP.This release includes functional improvements, and fixes to
the product. You can find the complete list of improvements and bug fixes
available with the release under 4.1.0-fixes
.Known IssuesAll
the open issues pertaining to WSO2 Stream Processor are reported at the
following location:Stream Processor Issues
How You Can ContributeMailing
ListsJoin our mailing list and correspond with the developers
directly.Developer list : dev@wso2.org  | Subscribe | Mail
Archive User forum : StackOverflow
Reporting IssuesWe
encourage you to report issues, documentation faults and feature requests
regarding WSO2 Stream Processor or in the Carbon base framework through the
public WSO2 Stream Processor JIRA.SupportWe are committed to ensure your
enterprise middleware deployment is completely supported from evaluation to
production. Our unique approach ensures that all support leverages our open
development methodology and is provided by the very same engineers who
build the technology. For more details and to take advantage of this unique
opportunity, visit http://wso2.com/support/ For
more information about WSO2 Stream Processor, please see
https://wso2.com/analytics  or visit the WSO2
Oxygen Tank developer portal for additional resources.Thank you for your
interest in WSO2 Stream Processor.-The WSO2 Stream Processor Team-*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Pre-populate dynamically provisioned Kubernetes persistent storage

[Imesh Gunaratne]

Hi Chiranga,

I agree with Pubudu on using ConfigMaps for providing configuration files.

On Tue, Apr 10, 2018 at 8:18 AM, Chiranga Alwis  wrote:

> ​...
>
> But how can we pre-populate the dynamically provisioned persistent volume
> with the files with configuration changes?
>

​This would be possible with static PVs but might be difficult to handle
with dynamic PVs.

If the user is using static PVs instructions can be provided to copy the
required files to the PVs before starting the pods.​ If dynamic PVs are
used PVCs might need to be deployed once for making the connection between
the PV and PVCs and then do the same.

Thanks
Imesh

>
>
> Your help, suggestions and concerns on this matter are highly appreciated.
>
> *Note*: Please find this [6] forum discussion I've initiated at
> Kubernetes Storage Special Interest Group [7].
>
> [1]: https://github.com/wso2/kubernetes-ei
> [2]: Mail thread with subject "[Architecture] [Deployment] [Containers] An
> update to WSO2 product Dockerfile generalization"
> [3]: https://kubernetes-v1-4.github.io/docs/user-guide/configmap/
> [4]: https://groups.google.com/forum/#!topic/kubernetes-users/h_FRSr5wW00
> [5]: https://kubernetes.io/blog/2017/03/dynamic-provisioning-
> and-storage-classes-kubernetes
> [6]: https://groups.google.com/forum/#!topic/kubernetes-sig-
> storage/qhd2HFd7nbg
> [7]: https://github.com/kubernetes/community/tree/master/sig-storage
>
> --
> Yours sincerely,
>
> *Chiranga Alwis*
> Software Engineer | WSO2
>
> *Mobile : *+94775930497
> *Email: *chirangaal...@gmail.com
> *LinkedIn: *https://lk.linkedin.com/in/chiranga-alwis-391342a9
> *Medium:* https://medium.com/@chirangaalwis
>
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Imesh Gunaratne*
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
lean. enterprise. middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [ESB] File Connector using SSH private key located in a custom location

[Gayan Dhanushka]

Hi all,

I have used the file connector in a scenario where the authentication to at
the back end file share has to happen through the ssh public key/ private
key pair of the ESB host. Currently I have the id_rsa key under the
/.ssh folder which is the default folder in which the file
connector / vfs trasnport looks for the private key.

Is there any possibility where we can copy the id_rsa key to one of the
locations inside the product (e.g repository/conf/keys) and refer to it in
the code rather than allowing file connector to look for it in the default
location ? ESB version is 5.0.0.

Regards
Gayan

-- 
Gayan Dhanushka
Associate Technical Lead
http://wso2.com/
Lean Enterprise Middleware

Mobile - LK- 071 666 2327
Mobile USA - 612-244-4873


Office
Tel   : 94 11 214 5345
Fax  : 94 11 214 5300
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Mapping a local claim URI to multiple external claim URIs

[Madawa Soysa]

Hi Maduranga,

I have created the issue [1] to track the mentioned issue.

I am trying to implement the MP-JWT 1.0 spec [2] and they have introduced a
new claim named 'upn' which should be mapped to the user principal which is
similar to the 'sub' claim which already exists in the OIDC dialect.

'sub' claim is already mapped to the local claim 'username' and the 'upn'
also should be the 'username' since it is the user principal. I am trying
to understand the correct way to map these two claims.

[1] - https://github.com/wso2/product-is/issues/3069
[2] -
https://www.eclipse.org/community/eclipse_newsletter/2017/september/article2.php

Regards,
Madawa

On Wed, Apr 11, 2018 at 9:20 PM, Maduranga Siriwardena 
wrote:

> Hi Madawa,
>
> This should be restricted from UI, admin service and claim-config.xml
> file. If you can do this from file, please create a git issue to track the
> issue.
>
> Can you please explain the use case behind mapping a local claim URI to
> multiple external claim URIs.
>
> Thanks,
> Maduranga.
>
> On Wed, Apr 11, 2018 at 2:25 PM, Madawa Soysa  wrote:
>
>> Hi All,
>>
>> $subject is not allowed when creating an external claim from the UI.
>> However, it is possible to map the same claim URI to multiple external
>> claims by adding the claim entry to claim-config.xml
>>
>> Have we restricted this from the UI due to a specific reason? What is the
>> correct method to achieve $subject.
>>
>> Regards,
>> Madawa
>> --
>>
>> Madawa Soysa / Software Engineer
>> mada...@wso2.com / +94714616050
>>
>> *WSO2 Inc.*
>> lean.enterprise.middleware
>>
>>   
>>
>>
>>
>>
>
>
> --
> Maduranga Siriwardena
> Senior Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591
> Blog: *https://madurangasiriwardena.wordpress.com/
> *
> 
>



-- 

Madawa Soysa / Software Engineer
mada...@wso2.com / +94714616050

*WSO2 Inc.*
lean.enterprise.middleware

  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev