Re: [Dev] [Iam-dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.10.0 RC2
Hi All, I have tested the following REST API implementations. - Email Template Management API - XACML API No blocking issues are found. [+] Stable - go ahead and release. Thanks, Dewni Weeraman On Wed, Mar 11, 2020 at 10:40 PM Dinika Senarath wrote: > Hi all, > > I have tested the following scenarios with RC2. > >- Self-registration and account confirmation >- Multi-factor authentication with SMS OTP >- Multi-factor authentication with Email OTP >- Multi-factor authentication with TOTP >- Username recovery >- Password recovery with Email >- Password recovery with challenge questions > > No blockers found > [+] Stable - go ahead and release > > On Wed, Mar 11, 2020 at 5:23 PM Gangani Chamika wrote: > >> Hi all, >> >> I have tested the following in RC2 pack. >> >>- Configuring a Service Provider for Adaptive Authentication >>- Role-Based Adaptive Authentication Scenario >>- User-Age-Based Adaptive Authentication Scenario >>- IP-Based Adaptive Authentication Scenario >>- New-Device-Based Adaptive Authentication >> >> [+] Stable - Go ahead and release >> >> Best Regards, >> >> On Wed, Mar 11, 2020 at 5:11 PM Nilasini Thirunavukkarasu < >> nilas...@wso2.com> wrote: >> >>> Hi, >>> >>> I have tested the following scenarios and no blocking issues found. >>> >>>- Scope based authorization for User Account Associations rest APIs >>> >>> [+] Stable - go ahead and release >>> >>> On Wed, Mar 11, 2020 at 3:48 PM Ashen Weerathunga >>> wrote: >>> >>>> Hi All, >>>> >>>> I have tested the following scenarios and no blocking issues found. >>>> >>>>- Unique User ID based usercore APIs via SCIM 2.0 >>>>with UniqueIDReadWriteLDAPUserStoreManager. >>>> >>>> [+] Stable - go ahead and release >>>> >>>> Thanks, >>>> Ashen >>>> >>>> >>>> On Wed, Mar 11, 2020 at 3:33 PM Tharindu Bandara >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> Tested the following. >>>>> >>>>> OAuth grant flows >>>>> - Implicit grant >>>>> >>>>> [+] Stable - go ahead and release >>>>> >>>>> Thanks, >>>>> Tharindu. >>>>> >>>>> On Wed, Mar 11, 2020 at 3:29 PM Sathya Bandara >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Tested the following. >>>>>> >>>>>> 1. Oauth grant flows >>>>>> - client credentials >>>>>> - Authorization code >>>>>> - Password >>>>>> - OIDC Hybrid flow >>>>>> 2. Oauth Client Authenticators >>>>>> - Mutual TLS >>>>>> >>>>>> [+] Stable - go ahead and release >>>>>> >>>>>> Thanks, >>>>>> Sathya >>>>>> >>>>>> On Wed, Mar 11, 2020 at 2:54 PM Buddhima Udaranga >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> Tested the following features >>>>>>> >>>>>>>- Login by a user with an admin role to an application where a >>>>>>>policy applied for 'allow access' for user's role admin Using the >>>>>>> sample >>>>>>>XACML template - authn_role_based_policy_template. >>>>>>>- Login by a user with an admin role to an application >>>>>>>where policy applied for 'allow access' for user's role admin and by >>>>>>>validating the time of the day >>>>>>>- Login by a user with a nonadmin role to an application where a >>>>>>>policy applied for 'allow access' for user's role admin Using the >>>>>>> sample >>>>>>>XACML template - authn_role_based_policy_template.(N) >>>>>>>- Log in with a user on a different user store to an application >>>>>>>where policy applied for 'allow access' for user store primary. >>>>>>> using the >>>>>>>template authn_user_store_based_policy_template >>>>>>&
Re: [Dev] [VOTE] Release WSO2 Identity Server 5.9.0 RC2
Hi, I've tested following scenarios with default database setup. Using REST APIs via XACML to manage entitlement. UMA 2.0 flow - Obtain PAT using password grant. - Create, delete, update, list resources and read resource description of a resource by invoking UMA resource registration endpoint. - Entitlement policy creation using write policy in xacml and publishing. - Obtain permission ticket by invoking UMA permission endpoint. - Configure a service provider with OpenID Connect and obtain RPT using UMA grant. - Introspect RPT with additional UMA related details by invoking OAuth Introspection Endpoint. Password History Validation Password Patterns Validation No blocking issues are found. [+] Stable - go ahead and release. Thanks, Dewni Weeraman On Thu, Oct 3, 2019 at 7:19 PM Thanuja Jayasinghe wrote: > Hi All, > > I have tested the following API implementations and no blocking issues > found. > > - Session management API > - User Account Association API > - Export User profile > - Consent Management API > > [+] Stable - go ahead and release > > Thanks, > Thanuja > > > On Thu, Oct 3, 2019 at 6:16 PM Piraveena Paralogarajah > wrote: > > > > Hi all. > > > > I have tested the following scenarios: > > > > > > Scope Management REST API > > XACML based scope validation for token issuing phase in the following > OAuth grant types > > > > Authorization code flow > > password grant > > client_credentials > > Implicit flow > > > > XACML based authorization > > > > No blocker issues found > > [+] Stable - go ahead and release > > > > Thanks, > > Piraveena > > > > Piraveena Paralogarajah > > Software Engineer | WSO2 Inc. > > (m) +94776099594 | (e) pirave...@wso2.com > > > > > > > > On Thu, Oct 3, 2019 at 3:45 PM Ashen Weerathunga wrote: > >> > >> Hi All, > >> > >> I have tested the following scenarios and no blocking issues found. > >> > >> SSO with SAML > >> Federated authentication with Google > >> Federated authentication with Facebook > >> SSO with multi-option and multi-step authentication > >> Role-based Adaptive authentication > >> > >> [+] Stable - go ahead and release > >> > >> Thanks, > >> Ashen > >> > >> > >> On Thu, Oct 3, 2019 at 2:34 PM Shanika Wickramasinghe < > shani...@wso2.com> wrote: > >>> > >>> Hi All, > >>> > >>> > >>> I have tested the following features and no issues found > >>> > >>> > >>> Ubuntu 16.04 | MSSQL | Embedded Ldap Primary User Store | Super Tenant > >>> > >>> > >>> Manage roles with SCIM 2.0 Create Group, Delete Group, Filter Groups, > Search Groups, Update Group - PATCH, Update Group - PUT > >>> > >>> Manage users with SCIM 2.0 Create User Delete User by ID Filter Users > Search Users Update User - PATCH Update User - PUT > >>> > >>> Recover Username with dashboard > >>> > >>> Recover Password with dashboard > >>> > >>> > >>> Ubuntu 16.04 | MSSQL | SecondaryUser Store | Super Tenant > >>> > >>> > >>> SP pagination with UI > >>> > >>> SP pagination with Admin Services > >>> > >>> Account Lock > >>> > >>> Recaptcha with Single Sign On > >>> > >>> > >>> Ubuntu 16.04 | H2/MSSQL | Embedded Ldap Primary User Store | Super > Tenant > >>> > >>> > >>> Manage Workflows > >>> > >>> > >>> Ubuntu 16.04 | H2 | Embedded Ldap Primary User Store | Super Tenant > >>> > >>> > >>> Manage Workflows with QSG sample > >>> > >>> User self-registration via REST APIs > >>> > >>> User self-registration via user portal > >>> > >>> User manage his own user account, Update user profile > >>> > >>> OAuth 1.0 SP Creation/ Update > >>> > >>> > >>> +1 Go ahead and release. > >>> > >>> > >>> Thanks, > >>> > >>> Shanika > >>> > >>> > >>> On Thu, Oct 3, 2019 at 9:16 AM Achini Jayasena > wrote: > >>>> > >>>> Hi All, > >>>> > >>>> Tested and verified with performance test and long running test. Test > result match wit
[Dev] Office365 Federation for Dual Domain with WSO2 Identity Server
Hi All, Currently, I am working on the $subject. Please find the detailed description of the tasks below. Step 01 - Configuring of WSO2 IS to handle Office 365 with single domain. Step 02 - Testing out how WSO2 IS can handle Office 365 Federation with multiple domains in multiple IS instances (a single IS instance dedicated to a single domain). Step 03 - Integrating IS to tackle the issue of Office 365 federation for dual domain in a single IS tenant instance. Step 01 and Step 02 has been completed. Please find [1] and [2] for the instructions on how to carry out Step 01. While carrying out Step 02, following limitations were identified. 1. Two domains in Office 365 use the same Service Provider entity id (SP issuer name). In IS two domains are represented as two service providers. Each service provider (in the same tenant instance) should have unique issuer name. 2. Office 365 requires to have a unique IDP entity ID for each domain. In IS the same IDP entity ID is utilized for all service providers available in a given tenant. Therefore by considering the aforementioned points, the current solution to tackle with $subject is to have a IS tenant configured per domain. However in a requirement where this needs to be done in a single IS instance, the current release of WSO2 IS doesn’t have support for this. As Step 03 we will be introducing two new attributes for SAML inbound authentication configurations when creating a Service Provider. - Service Provider Qualifier - The value defined here will be appended to the end of the “Issuer” value when registering the SAML SP in the Identity Server. This allows to configure multiple SAML SSO inbound authentication configurations for the same “Issuer” value. - IdP Entity ID Alias - “Identity Provider Entity ID” specified under SAML SSO Inbound Authentication configuration in “Resident IdP” can be overridden with this value. The PRs for this is available at [3] and [4]. I'll be working on resolving the merge conflicts. [1] https://medium.com/@dewni.matheesha/office365-configurations-with-wso2-identity-server-for-saml2-authentication-d234cb333293 [2] https://medium.com/@dewni.matheesha/user-provisioning-to-azure-ad-from-wso2-identity-server-bf7f89d30c5 [3] https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/201 [4] https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/994 Thanks & Regards, Dewni -- Dewni Weeraman | Software Engineer | WSO2 Inc. (m) +94 077 2979049 | (e) de...@wso2.com <http://wso2.com/signature> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release WSO2 Identity Server 5.7.0 RC2
Hi, I've tested following scenarios on the IS 5.7.0-RC2 pack with default database setup. UMA 2.0 flow - Obtain access token using password grant. - Create, delete, update, list resources and read resource description of a resource by invoking UMA resource registration endpoint. - Entitlement policy creation using write policy in xml and publishing. - Obtain permission ticket by invoking UMA permission endpoint. - Configure a service provider with OpenID Connect and obtain access token using UMA grant. - Invoke the OAuth Introspection Endpoint. No blocking issues are found. [+] Stable - go ahead and release. Thanks, Dewni Weeraman On Wed, Sep 12, 2018 at 8:23 PM Winma Heenatigala wrote: > Hi, > I have tested the following with Oracle and no issues were found. > >- Configuring Just-In-Time Provisioning Consent Purposes >- Self-Registration and Account Confirmation >- Configuring SAML 2.0 Artifact Binding >- Add user, add roles, add permissions > > [+] Stable - Go ahead and release > > Thanks, > Winma > > > On Wed, Sep 12, 2018 at 8:15 PM, Dinika Senarath wrote: > >> Hi, >> >> Tested the below adaptive authentication scenarios with MS-SQL DB, and no >> issues were found. >> >>- User-Age-Based Adaptive Authentication >>- Tenant-Based Adaptive Authentication >>- IP-Based Adaptive Authentication >>- Using WSO2 Stream Processor for Adaptive Authentication (Risk-Based >>Adaptive Authentication) >> >> [+] Stable - Go ahead and release >> >> Thanks, >> Dinika >> >> >> On Wed, Sep 12, 2018 at 7:58 PM, Dinali Dabarera wrote: >> >>> Hi, >>> >>> I have tested the following in H2 DB and no issues were found. >>> >>>- XACML multi-decision profile JSON/XML format >>>- Add a policy, update policy, publish policy, publish again by >>>updating. >>>- Add email templates. >>>- Adding consent purposes and Consent management during JIT >>>provisioning. >>> >>> [+] Stable - Go ahead and release >>> >>> Thanks, >>> Dinali >>> >>> On Wed, Sep 12, 2018 at 7:49 PM Maduranga Siriwardena < >>> madura...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> I have tested following and no issues were found. >>>> >>>>- Import and export service provider. >>>>- Adaptive authentication with, >>>>- role based template. >>>> - user age based template. >>>> >>>> [+] Stable - go ahead and release >>>> >>>> Thanks, >>>> Maduranga. >>>> >>>> On Wed, Sep 12, 2018 at 4:23 PM Senthalan Kanagalingam < >>>> sentha...@wso2.com> wrote: >>>> >>>>> Hi all, >>>>> >>>>> >>>>> We are pleased to announce the second release candidate of WSO2 >>>>> Identity Server 5.7.0. >>>>> >>>>> >>>>> This release fixes the following issues, >>>>> >>>>>- >>>>> >>>>>5.7.0-RC2 fixes >>>>><https://github.com/wso2/product-is/milestone/58?closed=1> >>>>>- >>>>> >>>>>5.7.0-RC1 fixes >>>>><https://github.com/wso2/product-is/milestone/52?closed=1> >>>>>- >>>>> >>>>>5.7.0-Beta2 fixes >>>>><https://github.com/wso2/product-is/milestone/57?closed=1> >>>>>- >>>>> >>>>>5.7.0-Beta fixes >>>>><https://github.com/wso2/product-is/milestone/54?closed=1> >>>>>- >>>>> >>>>>5.7.0-Alpha3 fixes >>>>><https://github.com/wso2/product-is/milestone/53?closed=1> >>>>>- >>>>> >>>>>5.7.0-Alpha2 fixes >>>>><https://github.com/wso2/product-is/milestone/51?closed=1> >>>>>- >>>>> >>>>>5.7.0-Alpha fixes >>>>><https://github.com/wso2/product-is/milestone/50?closed=1> >>>>>- >>>>> >>>>>5.7.0-M5 fixes >>>>><https://github.com/wso2/product-is/milestone/49?closed=1> >>>>>- >>>>> >>>>>5.7.0-M4 fixes >>>>><https://github.com/wso2/product-is/milestone/48?closed=1> >>>
[Dev] [IS]Error while running IS in Windows machine
Hi, I built the product-is (wso2is-5.7.0-m3-SNAPSHOT) from source and tried running it in my windows machine. While running the server I got the following error logs in the terminal. [2018-07-10 18:09:03,072] INFO {org.wso2.carbon.humantask. deployer.HumanTaskDep loyer} - Initializing HumanTask Deployer for tenant -1234. [2018-07-10 18:09:04,971] FATAL {org.wso2.carbon.core.init. CarbonServerManager} - WSO2 Carbon initialization Failed org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 middle byte 0x3f (at char #2621, byte #-1) at org.apache.axiom.om.impl.builder.StAXOMBuilder.next( StAXOMBuilder.jav a:296) at org.apache.axiom.om.impl.llom.OMDocumentImpl. getOMDocumentElement(OMD ocumentImpl.java:109) at org.apache.axiom.om.impl.builder.StAXOMBuilder. getDocumentElement(StA XOMBuilder.java:570) at org.apache.axiom.om.impl.builder.StAXOMBuilder. getDocumentElement(StA XOMBuilder.java:566) at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:592) at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:575) at org.apache.axis2.deployment.DescriptionBuilder.buildOM( DescriptionBui lder.java:97) at org.apache.axis2.deployment.AxisConfigBuilder. populateConfig(AxisConf igBuilder.java:91) at org.apache.axis2.deployment.DeploymentEngine. populateAxisConfiguratio n(DeploymentEngine.java:887) at org.apache.axis2.deployment.FileSystemConfigurator. getAxisConfigurati on(FileSystemConfigurator.java:116) at org.apache.axis2.context.ConfigurationContextFactory. createConfigurat ionContext(ConfigurationContextFactory.java:64) at org.apache.axis2.context.ConfigurationContextFactory. createConfigurat ionContextFromFileSystem(ConfigurationContextFactory.java:210) at org.wso2.carbon.core.init.CarbonServerManager. getClientConfigurationC ontext(CarbonServerManager.java:573) at org.wso2.carbon.core.init.CarbonServerManager. initializeCarbon(Carbon ServerManager.java:458) at org.wso2.carbon.core.init.CarbonServerManager. removePendingItem(Carbo nServerManager.java:291) at org.wso2.carbon.core.init.PreAxis2ConfigItemListener. bundleChanged(Pr eAxis2ConfigItemListener.java:118) at org.eclipse.osgi.framework.internal.core. BundleContextImpl.dispatchEv ent(BundleContextImpl.java:847) at org.eclipse.osgi.framework.eventmgr.EventManager. dispatchEvent(EventM anager.java:230) at org.eclipse.osgi.framework.eventmgr.EventManager$ EventThread.run(Even tManager.java:340) Caused by: com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 middle byte 0x3f (at char #2621, byte #-1) at com.ctc.wstx.sr.StreamScanner.constructFromIOE( StreamScanner.java:625 ) at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:997) at com.ctc.wstx.sr.StreamScanner.getNext(StreamScanner.java:754) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog( BasicStreamReader.ja va:2000) at com.ctc.wstx.sr.BasicStreamReader.next( BasicStreamReader.java:1134) at org.apache.axiom.om.impl.builder.StAXOMBuilder. parserNext(StAXOMBuild er.java:681) at org.apache.axiom.om.impl.builder.StAXOMBuilder.next( StAXOMBuilder.jav a:214) ... 18 more Caused by: java.io.CharConversionException: Invalid UTF-8 middle byte 0x3f (at c har #2621, byte #-1) at com.ctc.wstx.io.UTF8Reader.reportInvalidOther(UTF8Reader. java:314) at com.ctc.wstx.io.UTF8Reader.read(UTF8Reader.java:212) at com.ctc.wstx.io.ReaderSource.readInto(ReaderSource.java:87) at com.ctc.wstx.io.BranchingReaderSource.readInto( BranchingReaderSource. java:57) at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:991) ... 23 more However when I download Identity Server 5.7.0 M2 version and run it, I didn't get the above error. The server start up was successful. Any help on this is appreciated. Best Regards, Dewni Weeraman ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release of WSO2 Identity Server 5.6.0 RC3
Hi, Tested below scenarios on IS 5.6.0-RC3 pack, - Invoke the OAuth Introspection Endpoint. - OAuth token revocation. - Entitlement policy creation using write policy in xml and publishing. - Using REST APIs via XACML to manage entitlement. - Create, update, get, delete an OAuth app using Dynamic Client Registration endpoint. No blocking issues found. [+] Stable - Go ahead and release Thanks, Dewni On Tue, Jun 19, 2018 at 1:43 PM, Sathya Bandara wrote: > Hi all, > > I've tested following scenarios on the IS 5.6.0-RC3 pack. > > User management (add/update/remove users). > User management in secondary userstores (Read-Write LDAP). > Consent Management in SAML SSO. > SAML to SAML federation. > Creating workflows definitions for primary userstore users. > Engaging/Disabling workflows on user-store operations. > Enable role based authorization using XACML for service providers. > Tenant creation/update/disabling. > > No blocking issues are found. > > [+] Stable - go ahead and release. > > Thanks, > Sathya > > > On Tue, Jun 19, 2018 at 12:26 PM, Vihanga Liyanage > wrote: > >> Hi all, >> >> I've tested following scenarios on the IS 5.6.0-RC3 pack with default >> database setup. >> >>- Enable user self-registration and self-register a new user. >>- Add multiple consent purposes with multiple PII categories. >>- Login to dashboard and see whether we can see the default consent >>and above added PII categories. >>- Confirm claims are getting filtered based on consents. >>- Configure a service provider with OpenID Connect and acquire access >>tokens via Authorization Code, Implicit, Client Credential and Password >>grant types. >>- Enable ID token encryption for the service provider and test the >>flow with decryption for all grant types. >>- Delete the self-signed up user, create another user with the exact >>same username, log in to the dashboard and see what are the consents >>shown. >>- Revoke consents of the user via the dashboard and try accessing the >>SP to verify the consents are asked again. >>- Delete the SP, login to the dashboard and see whether the consents >>are deleted for that SP. >> >> No blocking issues are found. >> >> [+] Stable - go ahead and release. >> >> Thanks, >> Vihanga. >> >> On Fri, Jun 15, 2018 at 6:29 PM Madawa Soysa wrote: >> >>> Hi all, >>> >>> We are pleased to announce the third release candidate of WSO2 Identity >>> Server 5.6.0. >>> >>> This release fixes the following issues >>> >>>- 5.6.0-RC Fixes >>><https://github.com/wso2/product-is/milestone/40?closed=1> >>>- 5.6.0-Beta Fixes >>><https://github.com/wso2/product-is/milestone/39?closed=1> >>>- 5.6.0-Alpha2 Fixes >>><https://github.com/wso2/product-is/milestone/43?closed=1> >>>- 5.6.0-Alpha Fixes >>><https://github.com/wso2/product-is/milestone/38?closed=1> >>>- 5.6.0-M7 Fixes >>><https://github.com/wso2/product-is/milestone/37?closed=1> >>>- 5.6.0-M6 Fixes >>><https://github.com/wso2/product-is/milestone/36?closed=1> >>>- 5.6.0-M5 Fixes >>><https://github.com/wso2/product-is/milestone/35?closed=1> >>>- 5.6.0-M4 Fixes >>><https://github.com/wso2/product-is/milestone/34?closed=1> >>>- 5.6.0-M3 Fixes >>><https://github.com/wso2/product-is/milestone/33?closed=1> >>>- 5.6.0-M2 Fixes >>><https://github.com/wso2/product-is/milestone/31?closed=1> >>>- 5.6.0-M1 Fixes >>><https://github.com/wso2/product-is/milestone/30?closed=1> >>> >>> Source and distribution, >>> Runtime - https://github.com/wso2/product-is/releases/tag/v5.6.0- >>> rc3 >>> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc3 >>> >>> Please download, test the product and vote. >>> >>> [+] Stable - go ahead and release >>> [-] Broken - do not release (explain why) >>> >>> Thanks, >>> WSO2 Identity and Access Management Team >>> -- >>> >>> Madawa Soysa / Senior Software Engineer >>> mada...@wso2.com / +94714616050 >>> >>> *WSO2 Inc.* >>> lean.enterprise.middleware >>> >>> <https://wso2.com/signature> >>> >>> >>> >>> >> >>
Re: [Dev] [Architecture] [VOTE] Release of WSO2 Identity Server 5.6.0 RC2
Hi all, Sorry I made a small mistake. Please note that the above scenarios were tested on RC2 pack. Thanks, Dewni On Thu, Jun 14, 2018 at 10:40 AM, Dewni Weeraman wrote: > Hi, > > Tested below scenarios on RC1 pack, > >- OAuth token revocation. >- Invoke the OAuth Introspection Endpoint. >- Entitlement policy creation using write policy in xml and publishing. >- Using REST APIs via XACML to manage entitlement. >- Create, update, get, delete an OAuth app using Dynamic Client >Registration endpoint. > > > No blocking issues found. > > [+] Stable - Go ahead and release > > Thanks, > Dewni > > On Wed, Jun 13, 2018 at 4:41 PM, Vihanga Liyanage > wrote: > >> Hi all, >> >> I've tested following scenarios on the IS 5.6.0-RC2 pack with default >> database setup. >> >>- Enable user self-registration and self-register a new user. >>- Add multiple consent purposes with multiple PII categories. >>- >>- Login to dashboard and see whether we can see the default consent >>and above added PII categories. >>- >>- Confirm claims are getting filtered based on consents. >>- Configure a service provider with OpenID Connect and acquire access >>tokens via Authorization Code, Implicit, Client Credential andPassword >>grant types. >>- Enable ID token encryption for the service provider and test the >>flow with decryption for all grant types. >>- Delete the self-signed up user, create another user with the exact >>same username, log in to the dashboard and see what are the consents >>shown. >>- Revoke consents of the user via the dashboard and try accessing the >>SP to verify the consents are asked again. >>- Delete the SP, login to the dashboard and see whether the consents >>are deleted for that SP. >> >> >> No blocking issues are found. >> >> +1 to go ahead with the release. >> >> Thanks, >> Vihanga. >> >> >> On Wed, Jun 13, 2018 at 12:18 PM Madawa Soysa wrote: >> >>> Hi all, >>> >>> We are pleased to announce the second release candidate of WSO2 Identity >>> Server 5.6.0. >>> >>> This release fixes the following issues >>> >>>- 5.6.0-RC1 Fixes >>><https://github.com/wso2/product-is/milestone/40?closed=1> >>>- 5.6.0-Beta Fixes >>><https://github.com/wso2/product-is/milestone/39?closed=1> >>>- 5.6.0-Alpha2 Fixes >>><https://github.com/wso2/product-is/milestone/43?closed=1> >>>- 5.6.0-Alpha Fixes >>><https://github.com/wso2/product-is/milestone/38?closed=1> >>>- 5.6.0-M7 Fixes >>><https://github.com/wso2/product-is/milestone/37?closed=1> >>>- 5.6.0-M6 Fixes >>><https://github.com/wso2/product-is/milestone/36?closed=1> >>>- 5.6.0-M5 Fixes >>><https://github.com/wso2/product-is/milestone/35?closed=1> >>>- 5.6.0-M4 Fixes >>><https://github.com/wso2/product-is/milestone/34?closed=1> >>>- 5.6.0-M3 Fixes >>><https://github.com/wso2/product-is/milestone/33?closed=1> >>>- 5.6.0-M2 Fixes >>><https://github.com/wso2/product-is/milestone/31?closed=1> >>>- 5.6.0-M1 Fixes >>><https://github.com/wso2/product-is/milestone/30?closed=1> >>> >>> Source and distribution, >>> Runtime - https://github.com/wso2/product-is/releases/tag/v5.6.0- >>> rc2 >>> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc2 >>> >>> Please download, test the product and vote. >>> >>> [+] Stable - go ahead and release >>> [-] Broken - do not release (explain why) >>> >>> Thanks, >>> WSO2 Identity and Access Management Team - >>> -- >>> >>> Madawa Soysa / Senior Software Engineer >>> mada...@wso2.com / +94714616050 >>> >>> *WSO2 Inc.* >>> lean.enterprise.middleware >>> >>> <https://wso2.com/signature> >>> >>> >>> >>> >> >> -- >> >> Vihanga Liyanage >> >> Software Engineer | WS*O₂* Inc. >> >> M : +*94710124103* | http://wso2.com >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> >> ___ >> Architecture mailing list >> architect...@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Dewni Weeraman* > Trainee Software Engineer | WSO2 > > Email: de...@wso2.com > Mobile: +94772979049 > Web: http://wso2.com/ > > > > -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release of WSO2 Identity Server 5.6.0 RC2
Hi, Tested below scenarios on RC1 pack, - OAuth token revocation. - Invoke the OAuth Introspection Endpoint. - Entitlement policy creation using write policy in xml and publishing. - Using REST APIs via XACML to manage entitlement. - Create, update, get, delete an OAuth app using Dynamic Client Registration endpoint. No blocking issues found. [+] Stable - Go ahead and release Thanks, Dewni On Wed, Jun 13, 2018 at 4:41 PM, Vihanga Liyanage wrote: > Hi all, > > I've tested following scenarios on the IS 5.6.0-RC2 pack with default > database setup. > >- Enable user self-registration and self-register a new user. >- Add multiple consent purposes with multiple PII categories. >- >- Login to dashboard and see whether we can see the default consent >and above added PII categories. >- >- Confirm claims are getting filtered based on consents. >- Configure a service provider with OpenID Connect and acquire access >tokens via Authorization Code, Implicit, Client Credential andPassword >grant types. >- Enable ID token encryption for the service provider and test the >flow with decryption for all grant types. >- Delete the self-signed up user, create another user with the exact >same username, log in to the dashboard and see what are the consents >shown. >- Revoke consents of the user via the dashboard and try accessing the >SP to verify the consents are asked again. >- Delete the SP, login to the dashboard and see whether the consents >are deleted for that SP. > > > No blocking issues are found. > > +1 to go ahead with the release. > > Thanks, > Vihanga. > > > On Wed, Jun 13, 2018 at 12:18 PM Madawa Soysa wrote: > >> Hi all, >> >> We are pleased to announce the second release candidate of WSO2 Identity >> Server 5.6.0. >> >> This release fixes the following issues >> >>- 5.6.0-RC1 Fixes >><https://github.com/wso2/product-is/milestone/40?closed=1> >>- 5.6.0-Beta Fixes >><https://github.com/wso2/product-is/milestone/39?closed=1> >>- 5.6.0-Alpha2 Fixes >><https://github.com/wso2/product-is/milestone/43?closed=1> >>- 5.6.0-Alpha Fixes >><https://github.com/wso2/product-is/milestone/38?closed=1> >>- 5.6.0-M7 Fixes >><https://github.com/wso2/product-is/milestone/37?closed=1> >>- 5.6.0-M6 Fixes >><https://github.com/wso2/product-is/milestone/36?closed=1> >>- 5.6.0-M5 Fixes >><https://github.com/wso2/product-is/milestone/35?closed=1> >>- 5.6.0-M4 Fixes >><https://github.com/wso2/product-is/milestone/34?closed=1> >>- 5.6.0-M3 Fixes >><https://github.com/wso2/product-is/milestone/33?closed=1> >>- 5.6.0-M2 Fixes >><https://github.com/wso2/product-is/milestone/31?closed=1> >>- 5.6.0-M1 Fixes >><https://github.com/wso2/product-is/milestone/30?closed=1> >> >> Source and distribution, >> Runtime - https://github.com/wso2/product-is/releases/tag/v5.6.0-rc2 >> Analytics - https://github.com/wso2/analytics-is/releases/v5.6.0-rc2 >> >> Please download, test the product and vote. >> >> [+] Stable - go ahead and release >> [-] Broken - do not release (explain why) >> >> Thanks, >> WSO2 Identity and Access Management Team - >> -- >> >> Madawa Soysa / Senior Software Engineer >> mada...@wso2.com / +94714616050 >> >> *WSO2 Inc.* >> lean.enterprise.middleware >> >> <https://wso2.com/signature> >> >> >> >> > > -- > > Vihanga Liyanage > > Software Engineer | WS*O₂* Inc. > > M : +*94710124103* | http://wso2.com > > [image: http://wso2.com/signature] <http://wso2.com/signature> > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release of WSO2 Identity Server 5.6.0 RC1
Hi, Tested below scenarios on RC1 pack, - OAuth token revocation. - Create, update, get, delete an OAuth app using Dynamic Client Registration endpoint. - Entitlement policy creation using write policy in xml and publishing. - Using REST APIs via XACML to manage entitlement. No blocking issues found. [+] Stable - Go ahead and release Thanks, Dewni On Sun, Jun 10, 2018 at 7:15 PM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote: > Hi, > > Tested below scenarios on the RC1 pack, > > >- Authorization code grant >- Implicit grant >- Client credential grant >- Password grant >- Invoke user info with the access token retrieved from authorization >code grant >- OIDC federation with two IS > > [+] Stable - Go ahead and release > > Thanks, > Nila. > > > > On Sat, Jun 9, 2018 at 3:35 PM, Madawa Soysa wrote: > >> Hi all, >> >> We are pleased to announce the first release candidate of WSO2 Identity >> Server 5.6.0. >> >> This is the first release candidate (RC) of the WSO2 Identity Server >> 5.6.0 release. >> >> This release fixes the following issues >> >>- 5.6.0-RC1 Fixes >><https://github.com/wso2/product-is/milestone/40?closed=1> >>- 5.6.0-Beta Fixes >><https://github.com/wso2/product-is/milestone/39?closed=1> >>- 5.6.0-Alpha2 Fixes >><https://github.com/wso2/product-is/milestone/43?closed=1> >>- 5.6.0-Alpha Fixes >><https://github.com/wso2/product-is/milestone/38?closed=1> >>- 5.6.0-M7 Fixes >><https://github.com/wso2/product-is/milestone/37?closed=1> >>- 5.6.0-M6 Fixes >><https://github.com/wso2/product-is/milestone/36?closed=1> >>- 5.6.0-M5 Fixes >><https://github.com/wso2/product-is/milestone/35?closed=1> >>- 5.6.0-M4 Fixes >><https://github.com/wso2/product-is/milestone/34?closed=1> >>- 5.6.0-M3 Fixes >><https://github.com/wso2/product-is/milestone/33?closed=1> >>- 5.6.0-M2 Fixes >><https://github.com/wso2/product-is/milestone/31?closed=1> >>- 5.6.0-M1 Fixes >><https://github.com/wso2/product-is/milestone/30?closed=1> >> >> Source and distribution, >> - https://github.com/wso2/product-is/releases/tag/v5.6.0-rc1 >> >> Please download, test the product and vote. >> >> [+] Stable - go ahead and release >> [-] Broken - do not release (explain why) >> >> Thanks, >> WSO2 Identity and Access Management Team - >> -- >> >> Madawa Soysa / Senior Software Engineer >> mada...@wso2.com / +94714616050 >> >> *WSO2 Inc.* >> lean.enterprise.middleware >> >> <https://wso2.com/signature> >> >> >> >> > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 > Web : http://wso2.com/ > > > <http://wso2.com/signature> > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release WSO2 Identity Server 5.5.0 RC2
Hi, Tested the following scenarios on the IS 5.5.0-RC2 pack with MYSQL 5.7 database - OAuth grant types (Authorization Code, Implicit, Client credentials and Resource owner credentials) - OAuth token revocation - Create, update, get, delete an OAuth app using Dynamic Client Registration endpoint +1 to go ahead and release Thanks, Dewni On Thu, Mar 15, 2018 at 12:33 PM, Hasintha Indrajee <hasin...@wso2.com> wrote: > Tested below scenarios with MySQL database > > Authentication data publishing. > Custom OAuth client authenticators (Private key JWT client authenticator.) > > Self registration with consents (for super and non super tenants) > SSO with missing mandatory claims and consents for SaaS apps. (SAML, with > and without mandatory claims) > Updating and revoking consents through dashboard for super tenant and non > super tenant users. > Consent erasure while apps (for SaaS scenarios) are deleted and users are > deleted. > > No blocking issues found and +1 to proceed with release. > > > On Thu, Mar 15, 2018 at 5:19 AM, Darshana Gunawardana <darsh...@wso2.com> > wrote: > >> Hi all, >> >> We are pleased to announce the second release candidate of WSO2 Identity >> Server 5.5.0. >> >> This release fixes the following issues, >> >>- >>- 5.5.0-RC2 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC2> >>- 5.5.0-RC1 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-RC1> >>- 5.5.0-Beta fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-beta> >>- 5.5.0-Alpha3 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha3> >>- 5.5.0-Alpha2 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha2> >>- 5.5.0-Alpha fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-alpha> >>- 5.5.0-M4 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M4> >>- 5.5.0-M3 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M3> >>- 5.5.0-M2 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M2> >>- 5.5.0-M1 fixes >> >> <https://github.com/wso2/product-is/issues?q=is%3Aclosed+milestone%3A5.5.0-M1> >> >> >> Source and distribution >> >> Runtime - https://github.com/wso2/product-is/releases/v5.5.0-rc2 >> Analytics - https://github.com/wso2/analytics-is/releases/v5.5.0-rc2 >> >> >> Please download, test the product and vote. >> >> [+] Stable - go ahead and release >> [-] Broken - do not release (explain why) >> >> >> Thanks, >> - WSO2 Identity and Access Management Team - >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Technical Lead >> WSO2 Inc.; http://wso2.com >> >> *E-mail: darsh...@wso2.com <darsh...@wso2.com>* >> *Mobile: +94718566859 <071%20856%206859>*Lean . Enterprise . Middleware >> > > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Improvement for REST authentication valve to obtain UMA Protection Scope
Hi, I have added the scope parameter to OAuth2AccessTokenHandler. Please review and merge [1]. [1] https://github.com/wso2-extensions/identity-carbon-auth-rest/pull/55 Thanks On Wed, Feb 21, 2018 at 12:46 PM, Hasintha Indrajee <hasin...@wso2.com> wrote: > +1. We can do this at OAuth2AccessTokenHandler without any cost since > scopes are anyway returned as a result of oauth2 token validation. Hence > doing this validation again in application level to just to retrieve scopes > is a cost. > > Please make sure to use an oauth specific name for this parameter so that > anybody who consumes the authentication result knows that this is something > related to oauth authentication. ex - oauth2.scopes > > On Wed, Feb 21, 2018 at 12:38 PM, Dewni Weeraman <de...@wso2.com> wrote: > >> >> Hi All, >> >> I'm currently working on implementing protection API endpoints for UMA >> 2.0 . To access the protection API endpoints it is a must to have a valid >> PAT (Protection API Access Token) in the request. PAT represents the >> authorization of the resource owner for the resource server to use the >> authorization server for protecting resources. >> >> I have used the existing REST authentication valve available at [1] to >> filter out the required values. I have a requirement to check if the token >> has the scope as uma_protection. The issue is that the current valve >> implementation doesn't have a way to obtain the scope. I have to add >> another parameter at [2] to obtain the scope to proceed with the >> authentication. >> >> Please provide your thoughts on this. >> >> [1] https://github.com/wso2-extensions/identity-carbon-auth-rest >> [2] https://github.com/wso2-extensions/identity-carbon-auth- >> rest/blob/master/components/org.wso2.carbon.identity.auth. >> service/src/main/java/org/wso2/carbon/identity/auth/service/handler/impl/ >> OAuth2AccessTokenHandler.java#L95 >> >> Thanks >> -- >> *Dewni Weeraman* >> Trainee Software Engineer | WSO2 >> >> Email: de...@wso2.com >> Mobile: +94772979049 <077%20297%209049> >> Web: http://wso2.com/ >> >> >> >> > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Improvement for REST authentication valve to obtain UMA Protection Scope
Hi All, I'm currently working on implementing protection API endpoints for UMA 2.0 . To access the protection API endpoints it is a must to have a valid PAT (Protection API Access Token) in the request. PAT represents the authorization of the resource owner for the resource server to use the authorization server for protecting resources. I have used the existing REST authentication valve available at [1] to filter out the required values. I have a requirement to check if the token has the scope as uma_protection. The issue is that the current valve implementation doesn't have a way to obtain the scope. I have to add another parameter at [2] to obtain the scope to proceed with the authentication. Please provide your thoughts on this. [1] https://github.com/wso2-extensions/identity-carbon-auth-rest [2] https://github.com/wso2-extensions/identity-carbon-auth-rest/blob/master/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java#L95 Thanks -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Please review and merge the pull request
Hi, Please merge the pull request [1] which contains the fix for [2]. [1] - https://github.com/wso2/carbon-kernel/pull/1456 <https://github.com/wso2/carbon-kernel/pull/1445> [2] - https://github.com/wso2/carbon-kernel/issues/1455 Regards, Dewni Weeraman -- *Dewni Weeraman* Trainee Software Engineer | WSO2 Email: de...@wso2.com Mobile: +94772979049 Web: http://wso2.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev