Re: [Dev] Encryption and decryption in file transfer

2018-10-08 Thread Shammi Jayasinghe 
Hi Aman,

I believe you are looking for something like following [1]

[1]
https://ajanthane.blogspot.com/2016/10/client-certificate-authentication-sftp.html

Thanks
shammi

On Wed, Oct 3, 2018 at 1:56 AM, Aman Singh  wrote:

> Hi All,
>
> I am using SFTP to transfer a file placed on my server to my local
> machine. I am successfully able to transfer it. I want to use encryption
> and decryption to transfer my securely, like using some public/private key
> to do that.  Is this possible?
> How can I achieve this?
>
> Thank you,
> Aman.
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Best Regards,

*  Shammi Jayasinghe*


*Senior Technical Lead*
*WSO2, Inc.*
*+1-812-391-7730*
*+1-812-327-3505*

*http://shammijayasinghe.blogspot.com
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

2018-10-08 Thread Waqas Ali Razzaq 
Hi Nuwan,

Thanks for the help. I am able to log in and execute the scenario. let's
hope with Azure AD it will work seamlessly. :)

Thanks & Kind regards,
*Waqas Ali Razzaq*




On Mon, Oct 8, 2018 at 8:04 PM Waqas Ali Razzaq 
wrote:

> Hi Nuwan,
>
> Thanks for the quick reply.
>
> For testing the scenario, I have configured WSO2 IS embedded LDAP with
> WSO2 APIM as a secondary user store. I can see the users and role from
> LDAP. But I can't log in with that user credentials. e.g. my domain is 
> *azure.com
>  *and user is *read. *it looks like *AZURE.COM/read
>  *as the username in the list.
>
> What is the format to use the secondary user credentials to log in on the
> store/Publisher? I am trying to use azure.com/read as username.
>
> Thanks & Kind regards,
> *Waqas Ali Razzaq*
>
>
>
>
> On Mon, Oct 8, 2018 at 7:17 PM Nuwan Dias  wrote:
>
>> You should be able to achieve this by having AD as secondary user store.
>>
>> On Mon, 8 Oct 2018 at 9:59 pm, Waqas Ali Razzaq 
>> wrote:
>>
>>> Hi Nuwan,
>>>
>>> Basically, the scenario is we have configured WSO2 API store SSO with
>>> Azure AD. But Publisher and Carbon console are using default JDBC user
>>> store. Now we want to define
>>> API resource scope validation in Publisher.
>>>
>>> Is it mandatory to have Azure AD as the primary user store or we can
>>> achieve this using Azure AD as secondary user store?
>>>
>>> Thanks & Kind regards,
>>> *Waqas Ali Razzaq*
>>>
>>>
>>>
>>>
>>> On Mon, Oct 8, 2018 at 5:23 PM Nuwan Dias  wrote:
>>>
 Hi Hasitha,

 Have you connected Azure AD as a user store in the API Manager?

 If yes, this should just work OOTB. Do you see the user to role mapping
 when you try to view the users via the Management Console of API Manager?

 If no, can you explain the user login flow? Basically what you mean
 exactly by federation.

 Thanks,
 NuwanD.

 On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
 wrote:

> We have WSO2 API Manager federated setup with Azure AD. I can use the
> implicit and code grant type to generate the access tokens.
>
> Now I want to use the WSO2 API Manager scope functionality to limit
> the access on certain API resources. I have created the role in API 
> manager
> and added the scope on API publisher for the API resource. But when I
> generate the access token using scope value, it doesn't return the token
> with correct scope. But if I assign the local user to that role and
> generate the access token it works fine.
>
> I wonder if WSO2 API manager support scope management for Federated
> users.
>
> Any help would be appreciated.
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


 --
 *Nuwan Dias* | Director | WSO2 Inc.
 (m) +94 777 775 729 | (e) nuw...@wso2.com
 [image: Signature.jpg]
 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev

>>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

2018-10-08 Thread Waqas Ali Razzaq 
Hi Nuwan,

Thanks for the quick reply.

For testing the scenario, I have configured WSO2 IS embedded LDAP with WSO2
APIM as a secondary user store. I can see the users and role from LDAP. But
I can't log in with that user credentials. e.g. my domain is *azure.com
 *and user is *read. *it looks like *AZURE.COM/read
 *as the username in the list.

What is the format to use the secondary user credentials to log in on the
store/Publisher? I am trying to use azure.com/read as username.

Thanks & Kind regards,
*Waqas Ali Razzaq*




On Mon, Oct 8, 2018 at 7:17 PM Nuwan Dias  wrote:

> You should be able to achieve this by having AD as secondary user store.
>
> On Mon, 8 Oct 2018 at 9:59 pm, Waqas Ali Razzaq 
> wrote:
>
>> Hi Nuwan,
>>
>> Basically, the scenario is we have configured WSO2 API store SSO with
>> Azure AD. But Publisher and Carbon console are using default JDBC user
>> store. Now we want to define
>> API resource scope validation in Publisher.
>>
>> Is it mandatory to have Azure AD as the primary user store or we can
>> achieve this using Azure AD as secondary user store?
>>
>> Thanks & Kind regards,
>> *Waqas Ali Razzaq*
>>
>>
>>
>>
>> On Mon, Oct 8, 2018 at 5:23 PM Nuwan Dias  wrote:
>>
>>> Hi Hasitha,
>>>
>>> Have you connected Azure AD as a user store in the API Manager?
>>>
>>> If yes, this should just work OOTB. Do you see the user to role mapping
>>> when you try to view the users via the Management Console of API Manager?
>>>
>>> If no, can you explain the user login flow? Basically what you mean
>>> exactly by federation.
>>>
>>> Thanks,
>>> NuwanD.
>>>
>>> On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
>>> wrote:
>>>
 We have WSO2 API Manager federated setup with Azure AD. I can use the
 implicit and code grant type to generate the access tokens.

 Now I want to use the WSO2 API Manager scope functionality to limit the
 access on certain API resources. I have created the role in API manager and
 added the scope on API publisher for the API resource. But when I generate
 the access token using scope value, it doesn't return the token with
 correct scope. But if I assign the local user to that role and generate the
 access token it works fine.

 I wonder if WSO2 API manager support scope management for Federated
 users.

 Any help would be appreciated.
 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev

>>>
>>>
>>> --
>>> *Nuwan Dias* | Director | WSO2 Inc.
>>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>>> [image: Signature.jpg]
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

2018-10-08 Thread Nuwan Dias 
You should be able to achieve this by having AD as secondary user store.

On Mon, 8 Oct 2018 at 9:59 pm, Waqas Ali Razzaq 
wrote:

> Hi Nuwan,
>
> Basically, the scenario is we have configured WSO2 API store SSO with
> Azure AD. But Publisher and Carbon console are using default JDBC user
> store. Now we want to define
> API resource scope validation in Publisher.
>
> Is it mandatory to have Azure AD as the primary user store or we can
> achieve this using Azure AD as secondary user store?
>
> Thanks & Kind regards,
> *Waqas Ali Razzaq*
>
>
>
>
> On Mon, Oct 8, 2018 at 5:23 PM Nuwan Dias  wrote:
>
>> Hi Hasitha,
>>
>> Have you connected Azure AD as a user store in the API Manager?
>>
>> If yes, this should just work OOTB. Do you see the user to role mapping
>> when you try to view the users via the Management Console of API Manager?
>>
>> If no, can you explain the user login flow? Basically what you mean
>> exactly by federation.
>>
>> Thanks,
>> NuwanD.
>>
>> On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
>> wrote:
>>
>>> We have WSO2 API Manager federated setup with Azure AD. I can use the
>>> implicit and code grant type to generate the access tokens.
>>>
>>> Now I want to use the WSO2 API Manager scope functionality to limit the
>>> access on certain API resources. I have created the role in API manager and
>>> added the scope on API publisher for the API resource. But when I generate
>>> the access token using scope value, it doesn't return the token with
>>> correct scope. But if I assign the local user to that role and generate the
>>> access token it works fine.
>>>
>>> I wonder if WSO2 API manager support scope management for Federated
>>> users.
>>>
>>> Any help would be appreciated.
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
> --
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server KM 5.7.0 RC3 Problem - XACML Scope Validator can't be configured

2018-10-08 Thread Juan Pablo Vadell 
Hi,

Applying the solution from [1] solve the issue.

Thanks,

[1] https://github.com/wso2/product-apim/issues/3777

Juan Pablo Vadell | *VATROX*


On Mon, Oct 8, 2018 at 12:25 PM Juan Pablo Vadell 
wrote:

> Hi,
>
> Anyone could give me some help on this?
>
> Thanks,
>
> Juan Pablo Vadell | *VATROX*
>
>
>
> On Sun, Sep 16, 2018 at 2:08 PM Juan Pablo Vadell 
> wrote:
>
>> Hi,
>>
>> As happens with IS KM 5.6.0, XACML Scope Valitador is not appearing on
>> the UI when IS is configured as Key Manager.
>>
>> There is a workaround for this?
>>
>> Thanks
>>
>> Juan Pablo Vadell | *VATROX*
>> *CTO*
>>
>> Cel: +54 9 351 678-1414
>> Work: +54 351 485-6602
>> skype: jpvadell
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS KM 5.6 - XACML Scope Validator

2018-10-08 Thread Juan Pablo Vadell 
Hi Nilasini,

Removing the OAuthScopeValidator from identity.xml solve the issue.

Thank you,

Juan Pablo Vadell | *VATROX*



On Mon, Oct 8, 2018 at 1:01 PM Nilasini Thirunavukkarasu 
wrote:

> Hi Juan,
>
> Could you please remove the following property from the
> /repository/conf/identity/identity.xml file and restart the server.
> A git issue has been reported to solve the issue [1].
>
> OAuthScopeValidator class=
> "org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator
>
> [1] https://github.com/wso2/product-apim/issues/3777
>
> Thanks,
> Nila.
>
> On Mon, Oct 8, 2018 at 8:55 PM Juan Pablo Vadell 
> wrote:
>
>> Hi,
>>
>> Anyone could give me somo help on this?
>>
>> Thanks,
>>
>> Juan Pablo Vadell | *VATROX*
>>
>>
>>
>> On Tue, Sep 11, 2018 at 6:30 PM Juan Pablo Vadell 
>> wrote:
>>
>>> Hi,
>>>
>>> The  element has the same elements that you mention in
>>> both versions (IS 5.6 and IS KM 5.6).
>>>
>>> I was looking if there are differences at the features installed and
>>> looks the same.
>>>
>>> IMO, It's just a problem at the UI part, but can't find where.
>>>
>>> Thank you,
>>>
>>> Juan Pablo Vadell | *VATROX*
>>> *CTO*
>>>
>>> Cel: +54 9 351 678-1414
>>> Work: +54 351 485-6602
>>> skype: jpvadell
>>>
>>>
>>> On Tue, Sep 11, 2018 at 5:04 PM Farasath Ahamed 
>>> wrote:
>>>
 Can you check the   section in
 KM_HOME/repository/conf/identity/identity.xml of WSO2 IS KM 5.6.0?

 It should be as below.
 
 >>> class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" />
 >>> class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
 

 If it is not the case you can change it as above and do a restart.


 Thanks,
 Farasath

 On Tue, Sep 11, 2018 at 4:47 PM, Juan Pablo Vadell >>> > wrote:

> Hi Devs,
>
> There is a problem when I try to create a Service Provider, access to
> Inbound Authentication Configuration -> OAuth/OpenID Connect
> Configuration -> Configure -> and try to choose *XACML Scope
> Validator*, because this option is not available, I only can see the *Role
> based scope validator *
> If I try to do the same with the standard distribution of WSO2 IS 5.6,
> XACML Scope Validator appears as an option.
>
> There is a way to do this?
>
> Thank you,
>
> Juan Pablo Vadell | *VATROX*
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Farasath Ahamed
 Senior Software Engineer, WSO2 Inc.; http://wso2.com
 Mobile: +94777603866
 Blog: blog.farazath.com
 Twitter: @farazath619 
 



 ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823
> Web : http://wso2.com/
>
>
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

2018-10-08 Thread Waqas Ali Razzaq 
Hi Nuwan,

Basically, the scenario is we have configured WSO2 API store SSO with Azure
AD. But Publisher and Carbon console are using default JDBC user store. Now
we want to define
API resource scope validation in Publisher.

Is it mandatory to have Azure AD as the primary user store or we can
achieve this using Azure AD as secondary user store?

Thanks & Kind regards,
*Waqas Ali Razzaq*




On Mon, Oct 8, 2018 at 5:23 PM Nuwan Dias  wrote:

> Hi Hasitha,
>
> Have you connected Azure AD as a user store in the API Manager?
>
> If yes, this should just work OOTB. Do you see the user to role mapping
> when you try to view the users via the Management Console of API Manager?
>
> If no, can you explain the user login flow? Basically what you mean
> exactly by federation.
>
> Thanks,
> NuwanD.
>
> On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
> wrote:
>
>> We have WSO2 API Manager federated setup with Azure AD. I can use the
>> implicit and code grant type to generate the access tokens.
>>
>> Now I want to use the WSO2 API Manager scope functionality to limit the
>> access on certain API resources. I have created the role in API manager and
>> added the scope on API publisher for the API resource. But when I generate
>> the access token using scope value, it doesn't return the token with
>> correct scope. But if I assign the local user to that role and generate the
>> access token it works fine.
>>
>> I wonder if WSO2 API manager support scope management for Federated users.
>>
>> Any help would be appreciated.
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS KM 5.6 - XACML Scope Validator

2018-10-08 Thread Nilasini Thirunavukkarasu 
Hi Juan,

Could you please remove the following property from the
/repository/conf/identity/identity.xml file and restart the server.
A git issue has been reported to solve the issue [1].

OAuthScopeValidator class=
"org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator

[1] https://github.com/wso2/product-apim/issues/3777

Thanks,
Nila.

On Mon, Oct 8, 2018 at 8:55 PM Juan Pablo Vadell 
wrote:

> Hi,
>
> Anyone could give me somo help on this?
>
> Thanks,
>
> Juan Pablo Vadell | *VATROX*
>
>
>
> On Tue, Sep 11, 2018 at 6:30 PM Juan Pablo Vadell 
> wrote:
>
>> Hi,
>>
>> The  element has the same elements that you mention in
>> both versions (IS 5.6 and IS KM 5.6).
>>
>> I was looking if there are differences at the features installed and
>> looks the same.
>>
>> IMO, It's just a problem at the UI part, but can't find where.
>>
>> Thank you,
>>
>> Juan Pablo Vadell | *VATROX*
>> *CTO*
>>
>> Cel: +54 9 351 678-1414
>> Work: +54 351 485-6602
>> skype: jpvadell
>>
>>
>> On Tue, Sep 11, 2018 at 5:04 PM Farasath Ahamed 
>> wrote:
>>
>>> Can you check the   section in
>>> KM_HOME/repository/conf/identity/identity.xml of WSO2 IS KM 5.6.0?
>>>
>>> It should be as below.
>>> 
>>> >> class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" />
>>> >> class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
>>> 
>>>
>>> If it is not the case you can change it as above and do a restart.
>>>
>>>
>>> Thanks,
>>> Farasath
>>>
>>> On Tue, Sep 11, 2018 at 4:47 PM, Juan Pablo Vadell 
>>> wrote:
>>>
 Hi Devs,

 There is a problem when I try to create a Service Provider, access to
 Inbound Authentication Configuration -> OAuth/OpenID Connect
 Configuration -> Configure -> and try to choose *XACML Scope Validator*,
 because this option is not available, I only can see the *Role based
 scope validator *
 If I try to do the same with the standard distribution of WSO2 IS 5.6,
 XACML Scope Validator appears as an option.

 There is a way to do this?

 Thank you,

 Juan Pablo Vadell | *VATROX*


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Farasath Ahamed
>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>> Mobile: +94777603866
>>> Blog: blog.farazath.com
>>> Twitter: @farazath619 
>>> 
>>>
>>>
>>>
>>> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server KM 5.7.0 RC3 Problem - XACML Scope Validator can't be configured

2018-10-08 Thread Juan Pablo Vadell 
Hi,

Anyone could give me some help on this?

Thanks,

Juan Pablo Vadell | *VATROX*



On Sun, Sep 16, 2018 at 2:08 PM Juan Pablo Vadell 
wrote:

> Hi,
>
> As happens with IS KM 5.6.0, XACML Scope Valitador is not appearing on the
> UI when IS is configured as Key Manager.
>
> There is a workaround for this?
>
> Thanks
>
> Juan Pablo Vadell | *VATROX*
> *CTO*
>
> Cel: +54 9 351 678-1414
> Work: +54 351 485-6602
> skype: jpvadell
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS 5.6 - XACML Attribute Value Array Support

2018-10-08 Thread Juan Pablo Vadell 
Hi,

Anyone could give me somo help on this?

Thanks,

Juan Pablo Vadell | *VATROX*



On Fri, Sep 14, 2018 at 12:12 AM Juan Pablo Vadell 
wrote:

> Hi,
>
> I can't user Array values on Attributes in a XACML.
>
> This works.
> {
> "Request": {
> "AccessSubject": {
> "Attribute": [
> {
> "AttributeId":
> "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
> *"Value": "pdp-user"*
> }
> ]
> },
> "Action": {
> "Attribute": []
> },
> "Resource": {
> "Attribute": [
> {
> "AttributeId": "resource-id",
> *"Value": "helloWorld"*
> }
> ]
> },
> "Environment": {
> "Attribute": []
> }
> }
> }
>
> Response:
> {
> "Response": [
> {
> "Decision": "Permit",
> "Status": {
> "StatusCode": {
> "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
> }
> }
> }
> ]
> }
>
> This doesn't work.
>
> {
> "Request": {
> "AccessSubject": {
> "Attribute": [
> {
> "AttributeId":
> "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
> *"Value": ["pdp-user"]*
> }
> ]
> },
> "Action": {
> "Attribute": []
> },
> "Resource": {
> "Attribute": [
> {
> "AttributeId": "resource-id",
> *"Value": ["helloWorld"]*
> }
> ]
> },
> "Environment": {
> "Attribute": []
> }
> }
> }
>
> Response:
> {
> "code": 40020,
> "message": "Request Parse Exception."
> }
>
> There is a way to fix this?
>
> Thank you,
>
> Juan Pablo Vadell | *VATROX*
> *CTO*
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS KM 5.6 - XACML Scope Validator

2018-10-08 Thread Juan Pablo Vadell 
Hi,

Anyone could give me somo help on this?

Thanks,

Juan Pablo Vadell | *VATROX*



On Tue, Sep 11, 2018 at 6:30 PM Juan Pablo Vadell 
wrote:

> Hi,
>
> The  element has the same elements that you mention in
> both versions (IS 5.6 and IS KM 5.6).
>
> I was looking if there are differences at the features installed and looks
> the same.
>
> IMO, It's just a problem at the UI part, but can't find where.
>
> Thank you,
>
> Juan Pablo Vadell | *VATROX*
> *CTO*
>
> Cel: +54 9 351 678-1414
> Work: +54 351 485-6602
> skype: jpvadell
>
>
> On Tue, Sep 11, 2018 at 5:04 PM Farasath Ahamed 
> wrote:
>
>> Can you check the   section in
>> KM_HOME/repository/conf/identity/identity.xml of WSO2 IS KM 5.6.0?
>>
>> It should be as below.
>> 
>> > class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" />
>> > class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
>> 
>>
>> If it is not the case you can change it as above and do a restart.
>>
>>
>> Thanks,
>> Farasath
>>
>> On Tue, Sep 11, 2018 at 4:47 PM, Juan Pablo Vadell 
>> wrote:
>>
>>> Hi Devs,
>>>
>>> There is a problem when I try to create a Service Provider, access to
>>> Inbound Authentication Configuration -> OAuth/OpenID Connect
>>> Configuration -> Configure -> and try to choose *XACML Scope Validator*,
>>> because this option is not available, I only can see the *Role based
>>> scope validator *
>>> If I try to do the same with the standard distribution of WSO2 IS 5.6,
>>> XACML Scope Validator appears as an option.
>>>
>>> There is a way to do this?
>>>
>>> Thank you,
>>>
>>> Juan Pablo Vadell | *VATROX*
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Farasath Ahamed
>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

2018-10-08 Thread Nuwan Dias 
Hi Hasitha,

Have you connected Azure AD as a user store in the API Manager?

If yes, this should just work OOTB. Do you see the user to role mapping
when you try to view the users via the Management Console of API Manager?

If no, can you explain the user login flow? Basically what you mean exactly
by federation.

Thanks,
NuwanD.

On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
wrote:

> We have WSO2 API Manager federated setup with Azure AD. I can use the
> implicit and code grant type to generate the access tokens.
>
> Now I want to use the WSO2 API Manager scope functionality to limit the
> access on certain API resources. I have created the role in API manager and
> added the scope on API publisher for the API resource. But when I generate
> the access token using scope value, it doesn't return the token with
> correct scope. But if I assign the local user to that role and generate the
> access token it works fine.
>
> I wonder if WSO2 API manager support scope management for Federated users.
>
> Any help would be appreciated.
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

2018-10-08 Thread Hasitha De Silva 
We have WSO2 API Manager federated setup with Azure AD. I can use the
implicit and code grant type to generate the access tokens.

Now I want to use the WSO2 API Manager scope functionality to limit the
access on certain API resources. I have created the role in API manager and
added the scope on API publisher for the API resource. But when I generate
the access token using scope value, it doesn't return the token with
correct scope. But if I assign the local user to that role and generate the
access token it works fine.

I wonder if WSO2 API manager support scope management for Federated users.

Any help would be appreciated.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] Deprecating data publishing implementations of identity-data-publisher-authentication

2018-10-08 Thread Sachini Wettasinghe 
Sure, will start working on it.

Regards,

On Mon, Oct 8, 2018 at 2:07 PM Hasintha Indrajee  wrote:

>
>
> On Mon, Oct 8, 2018 at 11:07 AM Farasath Ahamed 
> wrote:
>
>> Hi,
>>
>> We could have many extensions written extending the deprecated classes.
>> So let's make sure this change is captured in migration docs so that any
>> extension written using the deprecated classes are refactored to use the
>> newly introduced classes.
>>
>
> +1. @Sachini Wettasinghe   Can you draft a guide on
> migrating an existing data publisher to an event publisher so that we can
> include it as a migration guide.
>
>>
>>
> Thanks,
>> Farasath
>>
>> On Mon, Oct 8, 2018 at 9:46 AM Sachini Wettasinghe 
>> wrote:
>>
>>> Hi,
>>>
>>> Currently, I am working on a feature to support cross-protocol logout
>>> for IS. According to the design approach of this project, the data
>>> publishing implementations are now changed to act as event handlers. For
>>> this reason, the following classes of
>>> identity-data-publisher-authentication component are *deprecated* so
>>> that they can be removed in a later release.
>>>
>>>-
>>>
>>> org.wso2.carbon.identity.data.publisher.application.authentication.AbstractAuthenticationDataPublisher
>>>-
>>>
>>> org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl
>>>-
>>>
>>> org.wso2.carbon.identity.data.publisher.application.authentication.impl.AuthenticationAuditLogger
>>>-
>>>
>>> org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl
>>>
>>> Regards,
>>> --
>>> *Sachini Wettasinghe*
>>> Software Engineer | WSO2
>>>
>>> 
>>>
>>
>>
>> --
>> Farasath Ahamed
>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
>>
>>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453
>
>

-- 
*Sachini Wettasinghe*
Software Engineer | WSO2


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] Deprecating data publishing implementations of identity-data-publisher-authentication

2018-10-08 Thread Hasintha Indrajee 
On Mon, Oct 8, 2018 at 11:07 AM Farasath Ahamed  wrote:

> Hi,
>
> We could have many extensions written extending the deprecated classes. So
> let's make sure this change is captured in migration docs so that any
> extension written using the deprecated classes are refactored to use the
> newly introduced classes.
>

+1. @Sachini Wettasinghe   Can you draft a guide on
migrating an existing data publisher to an event publisher so that we can
include it as a migration guide.

>
>
Thanks,
> Farasath
>
> On Mon, Oct 8, 2018 at 9:46 AM Sachini Wettasinghe 
> wrote:
>
>> Hi,
>>
>> Currently, I am working on a feature to support cross-protocol logout for
>> IS. According to the design approach of this project, the data publishing
>> implementations are now changed to act as event handlers. For this reason,
>> the following classes of identity-data-publisher-authentication component
>> are *deprecated* so that they can be removed in a later release.
>>
>>-
>>
>> org.wso2.carbon.identity.data.publisher.application.authentication.AbstractAuthenticationDataPublisher
>>-
>>
>> org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl
>>-
>>
>> org.wso2.carbon.identity.data.publisher.application.authentication.impl.AuthenticationAuditLogger
>>-
>>
>> org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl
>>
>> Regards,
>> --
>> *Sachini Wettasinghe*
>> Software Engineer | WSO2
>>
>> 
>>
>
>
> --
> Farasath Ahamed
> Senior Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
>

-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Getting "SignatureDoesNotMatch" error with deleteBucketReplication operation in Amazon s3 connector

2018-10-08 Thread Shakila Sasikaran 
Hi Biruntha,

As per the API documentation [1], I think the bucket URL should be like
/. Could you please try with
*http://testbuckkkbiru.s3-us-east-2.amazonaws.com
*?

[1]
https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketDELETEreplication.html

Thanks

On Fri, Oct 5, 2018 at 3:00 PM Biruntha Gnaneswaran 
wrote:

> Hi All,
>
> I'm trying to use deleteBucketReplication operation in amazon s3 connector
> [1] & [2]. But I'm getting "SignatureDoesNotMatch" error with the sample
> request [3] & [4].  When I try this method with host and bucketUrl as in
> [5], I'm getting error as in [6]. Am I missed anything? Appreciate your
> input on this.
>
>
> [1]
> https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketDELETEreplication.html
> [2]
> https://docs.wso2.com/display/ESBCONNECTORS/Working+with+Buckets+in+Amazon+S3#WorkingwithBucketsinAmazonS3-deleteBucketReplication
> [3]
> 
> xx
> xx
> DELETE
> application/xml
> true
> http://testbuckkkbiru.s3.amazonaws.com
> 
> 
> us-east-2
> testbuckkkbiru
> s3.amazonaws.com
> 
> 
> public-read
> 
> [4]
> 
> http://ws.apache.org/ns/synapse;
>name="amazons3_deleteBucketReplication"
>startOnLoad="true"
>statistics="disable"
>trace="disable"
>transports="http,https">
>
>   
>  
>   name="secretAccessKey"/>
>  
>  
>  
>  
>  
>  
>   name="xAmzSecurityToken"/>
>  
>  
>   name="contentLength"/>
>  
>  
>  
> {$ctx:accessKeyId}
> {$ctx:secretAccessKey}
> {$ctx:methodType}
> {$ctx:contentType}
> {$ctx:bucketName}
> {$ctx:isXAmzDate}
> {$ctx:contentMD5}
> {$ctx:xAmzSecurityToken}
> {$ctx:region}
> {$ctx:host}
> {$ctx:expect}
> {$ctx:contentLength}
> {$ctx:xAmzMfa}
>  
>  
> {$ctx:bucketUrl}
>  
>  
>   
>   
>  
>   
>
>
> 
>
> [5]
> s3-us-east-2.amazonaws.com
> http://s3-us-east-2.amazonaws.com/testbuckkkbiru
>
> [6]
> RequestTimeoutYour socket connection to the
> server was not read from or written to within the timeout period. Idle
> connections will be
> closed.DEEACD868FB28742zVKD6i4XzrWD7Dh8htoqPrlDypGClgB4SjdCD+4IQz7IkrqP1D7Xt4l+R9DhfsUSEefqZzlZoXo=
>
> Thanks,
> --
> Biruntha
>
> Software Engineer
> WSO2
> Email: birun...@wso2.com
> LinkedIn: https://lk.linkedin.com/in/biruntha
> Mobile : +94773718986
>


-- 
Shakila Sasikaran
Software Engineer
Mobile :+94 (0) 77 526 6848
shak...@wso2.com
WSO2, Inc.
lean . enterprise . middleware
http://www.wso2.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Encrypting and decrypting files in WSO2

2018-10-08 Thread Aman Singh 
Hi Shakila,

Thanks a lot.

On Mon, Oct 8, 2018 at 12:06 PM Shakila Sasikaran  wrote:

> Hi Aman,
>
> You can implement the class mediator with your java logic and use that in
> your mediation flow. Please find the documentation [1]. Once you implement
> & build the mediator, you can follow the *Basic approach* in the
> documentation [1] to deploy the mediator.
>
> [1] *https://docs.wso2.com/display/EI620/Writing+an+ESB+Mediator
> *
>
> Thanks
>
> On Mon, Oct 8, 2018 at 11:22 AM Aman Singh 
> wrote:
>
>> Hi Shakila,
>>
>> I tried doing encryption-decryption of a sample String using Java program
>> successfully. Is there any way in WSO2 to do the same without Java program?
>> Like some connector of mediator that can do this in WSO2?
>>
>> Thank you,
>> Aman.
>>
>> On Fri, Oct 5, 2018 at 10:11 AM Shakila Sasikaran 
>> wrote:
>>
>>> Hi aman,
>>>
>>> There is no way to do the encryption with file connector.
>>>
>>> Thanks
>>>
>>> On Fri, Oct 5, 2018 at 9:17 AM Aman Singh 
>>> wrote:
>>>
 Dear Shakila,

 Below code of mine copies a simple JSON file "Person.json", from my
 server location to my local windows machine:-

 >>> xmlns="http://ws.apache.org/ns/synapse;>
 
 
 
 sftp://{username}:{password}@
 {hostname}/home/myfolder/input/Person.json
 file:///D:/destination
 10
 true
 10
 
 
 
 
 
 

 I already have "public" and "private" keys with me.

 How can I do/use encryption and decryption to securely transfer my file
 between server and local machine?

 I searched on net but not able to find much information.

 Thank you,
 Aman

 On Fri, Oct 5, 2018 at 8:54 AM Shakila Sasikaran 
 wrote:

> Hi Aman,
>
> Could you please share the sample to understand the use-case?
>
> Thanks
>
> On Thu, Oct 4, 2018 at 9:32 AM Aman Singh 
> wrote:
>
>> Dear Shakila,
>>
>> I am using SFTP to transfer a file placed on my server to my local
>> machine and vice-versa. I am successfully able to transfer it. I want to
>> use encryption and decryption to transfer my files securely, like using
>> some public/private key concept to do that.  Is this possible?
>> How can I achieve this?
>>
>> Your help would be much appreciated.
>>
>> Thank you,
>> Aman.
>>
>
>
> --
> Shakila Sasikaran
> Software Engineer
> Mobile :+94 (0) 77 526 6848
> shak...@wso2.com
> WSO2, Inc.
> lean . enterprise . middleware
> http://www.wso2.com/
>

>>>
>>> --
>>> Shakila Sasikaran
>>> Software Engineer
>>> Mobile :+94 (0) 77 526 6848
>>> shak...@wso2.com
>>> WSO2, Inc.
>>> lean . enterprise . middleware
>>> http://www.wso2.com/
>>>
>>
>
> --
> Shakila Sasikaran
> Software Engineer
> Mobile :+94 (0) 77 526 6848
> shak...@wso2.com
> WSO2, Inc.
> lean . enterprise . middleware
> http://www.wso2.com/
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Encrypting and decrypting files in WSO2

2018-10-08 Thread Shakila Sasikaran 
Hi Aman,

You can implement the class mediator with your java logic and use that in
your mediation flow. Please find the documentation [1]. Once you implement
& build the mediator, you can follow the *Basic approach* in the
documentation [1] to deploy the mediator.

[1] *https://docs.wso2.com/display/EI620/Writing+an+ESB+Mediator
*

Thanks

On Mon, Oct 8, 2018 at 11:22 AM Aman Singh  wrote:

> Hi Shakila,
>
> I tried doing encryption-decryption of a sample String using Java program
> successfully. Is there any way in WSO2 to do the same without Java program?
> Like some connector of mediator that can do this in WSO2?
>
> Thank you,
> Aman.
>
> On Fri, Oct 5, 2018 at 10:11 AM Shakila Sasikaran 
> wrote:
>
>> Hi aman,
>>
>> There is no way to do the encryption with file connector.
>>
>> Thanks
>>
>> On Fri, Oct 5, 2018 at 9:17 AM Aman Singh 
>> wrote:
>>
>>> Dear Shakila,
>>>
>>> Below code of mine copies a simple JSON file "Person.json", from my
>>> server location to my local windows machine:-
>>>
>>> >> xmlns="http://ws.apache.org/ns/synapse;>
>>> 
>>> 
>>> 
>>> sftp://{username}:{password}@
>>> {hostname}/home/myfolder/input/Person.json
>>> file:///D:/destination
>>> 10
>>> true
>>> 10
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>
>>> I already have "public" and "private" keys with me.
>>>
>>> How can I do/use encryption and decryption to securely transfer my file
>>> between server and local machine?
>>>
>>> I searched on net but not able to find much information.
>>>
>>> Thank you,
>>> Aman
>>>
>>> On Fri, Oct 5, 2018 at 8:54 AM Shakila Sasikaran 
>>> wrote:
>>>
 Hi Aman,

 Could you please share the sample to understand the use-case?

 Thanks

 On Thu, Oct 4, 2018 at 9:32 AM Aman Singh 
 wrote:

> Dear Shakila,
>
> I am using SFTP to transfer a file placed on my server to my local
> machine and vice-versa. I am successfully able to transfer it. I want to
> use encryption and decryption to transfer my files securely, like using
> some public/private key concept to do that.  Is this possible?
> How can I achieve this?
>
> Your help would be much appreciated.
>
> Thank you,
> Aman.
>


 --
 Shakila Sasikaran
 Software Engineer
 Mobile :+94 (0) 77 526 6848
 shak...@wso2.com
 WSO2, Inc.
 lean . enterprise . middleware
 http://www.wso2.com/

>>>
>>
>> --
>> Shakila Sasikaran
>> Software Engineer
>> Mobile :+94 (0) 77 526 6848
>> shak...@wso2.com
>> WSO2, Inc.
>> lean . enterprise . middleware
>> http://www.wso2.com/
>>
>

-- 
Shakila Sasikaran
Software Engineer
Mobile :+94 (0) 77 526 6848
shak...@wso2.com
WSO2, Inc.
lean . enterprise . middleware
http://www.wso2.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IAM] Extending OAuth to use Carbon Crypto Service for JWT sign/verify operations

2018-10-08 Thread Mevan Karunanayake 
Hi all,

I’m working on a project to integrate HSM support for WOS2 IS[1]. I have
implemented a component[2] conforming to Carbon Crypto Service API
specification, to provide cryptographic operations using a HSM. Currently
I’m exploring possible extension points in the WSO2 IS to use Carbon Crypto
Service[3]. I’m mainly focusing on ways to extend SAML and OAuth
implementations.


At the moment I’m researching on possible ways to extend OAuth JWT
sign/verification operations to use Carbon Crypto Service. In WSO2 IS,
OAuth’s cryptographic operations are handled by an open source library Nimbus
JOSE + JWT[4].


Following is the normal flow of an OAuth JWT signing operation[5] request
handled by Nimbus.


There are two possible extensions to use Carbon Crypto Service to support
OAuth’s cryptographic requirements as marked in the figure.


   1.

   Use carbon crypto service only to retrieve keys and certificates.
   2.

   Extend Nimbus Crypto Interface to use Crypto Service for cryptographic
   operations.


But issue associated with option 1 is that, primary purpose of a HSM is to
protect sensitive materials(private keys etc.) and it’s a bad practice to
retrieve private keys from a HSM. Standard practice is to delegate the
cryptographic operation to HSM with a key alias related to the operation.

Nimbus Crypto Interface has a default implementation which uses JCE
providers to carry out cryptographic operations. But default implementation
requires to provide private keys as inputs. So extending the default
implementation has the same issue I discussed above.

Since WSO2 IS uses RSA for sign/verification for OAuth, I have designed an
extension of Nimbus Crypto Interface to carry out RSA sign/verification
operations using the Carbon Crypto Service.

Following is the class diagram of the design.




If you have any other possible solutions or suggestions regarding above
scenario, feel free to discuss.

References

[1] [IAM] Introducing HSM support for Identity Server

[2] HSM based crypto provider component -
https://github.com/karu95/carbon-crypto-service/tree/HSMProvider/components/org.wso2.carbon.crypto.hsmbasedcryptoprovider

[3] Carbon Crypto Service - https://github.com/wso2/carbon-crypto-service

[4] Nimbus JOSE + JWT - https://connect2id.com/products/nimbus-jose-jwt
[5] OAuth JWT sign operation implementation -

https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/9b666e0320ab6639c4bdccb1675d111ad3e4ec45/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L1986
[6] OAuth JWT validation operation implementation -
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/9b666e0320ab6639c4bdccb1675d111ad3e4ec45/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L1812

Regards,
*Mevan Karunanayake*
Trainee Software Engineer | WSO2
Email : me...@wso2.com
Mobile : +94 71 202 8954
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev