[Dev] [IS]User account locking

2017-07-21 Thread Hanen Ben Rhouma 
Hello guys,

I have a question related to user account locking. I tried locking admin
and even a simple user (with only login permission) via GUI as well as via
SOAP call but nothing worked, the accounts are still able to login. Was
this feature tested for the 5.3.0 version?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] SAML to SAML federation, JIT provisioning is not working for tenant mode

2017-07-19 Thread Hanen Ben Rhouma 
We're using SAML2SSOAuthenticator to authenticate federated users from ADFS
into WSO2 management console so we created an SP in SaaS mode in order to
authenticate users from different tenants; We noticed that JIT provisioning
is not working as expected, users will be provisioned to super tenant
domain instead of their respective domain; Is there an explicit
configuration to solve this issue?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Passwords encryption

2017-07-19 Thread Hanen Ben Rhouma 
Another question please, let's say we logged with super admin account and
decided to change his password, what happens with all the config files and
even the classes that mention "admin" as password? Could you explain how
this is going to reflect on IS?


Regards,
Hanen


On Wed, Jul 19, 2017 at 9:28 AM, Hanen Ben Rhouma <hanen...@gmail.com>
wrote:

> Hello guys,
>
> We're trying to encrypt all sensitive passwords within WSO2 IS including
> super admin password as well as tenant admins passwords, we looked into the
> cipher tool which can be an approach for super admin password encryption
> but not for the tenant admins, tenants passwords are stored within the LDAP
> so they can be hashed but not recovered from their storage area. Do you
> guys tackeled such issues? Is there any external approach that can be used
> for encrypting all the passwords without relying on them being declared in
> config files?
>
>
> Regards,
> Hanen
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Passwords encryption

2017-07-19 Thread Hanen Ben Rhouma 
Hello guys,

We're trying to encrypt all sensitive passwords within WSO2 IS including
super admin password as well as tenant admins passwords, we looked into the
cipher tool which can be an approach for super admin password encryption
but not for the tenant admins, tenants passwords are stored within the LDAP
so they can be hashed but not recovered from their storage area. Do you
guys tackeled such issues? Is there any external approach that can be used
for encrypting all the passwords without relying on them being declared in
config files?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] xml based IdP configuration within a tenant

2017-07-13 Thread Hanen Ben Rhouma 
Yes this is not an issue, all we're trying to achieve is a specific IdP
config residing within a tenant attached to a SaaS based SP config residing
within the super tenant. Is such scenario possible for a federation case?




Regards,
Hanen

On Thu, Jul 13, 2017 at 12:56 PM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:

> Hi Hanen,
>
> In the current IS release version, file based SP and IDPs will not be
> visible in the management console.
>
> Thanks and Regards
>
> On Thu, Jul 13, 2017 at 3:53 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello Guys,
>>
>> Is it possible to create an IdP via xml file and make it visible only to
>> a specific tenant?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Emailindu...@wso2.com
> Mobile   0772182255 <07%2072%2018%2022%2055>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] xml based IdP configuration within a tenant

2017-07-13 Thread Hanen Ben Rhouma 
Hello Guys,

Is it possible to create an IdP via xml file and make it visible only to a
specific tenant?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Source code for org.wso2.carbon.identity.sso.saml module

2017-07-11 Thread Hanen Ben Rhouma 
Thanks Pulasthi!!

Regards,
Hanen

On Tue, Jul 11, 2017 at 10:24 AM, Pulasthi Mahawithana <pulast...@wso2.com>
wrote:

> Hi Hanen,
>
> It's now at 'identity-inbound-auth-saml' repo [1]. The 5.3.0 version can
> be found at the tag at [2].
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-saml/tree/5.3.x/components/org.wso2.carbon.identity.sso.saml
>
> [2] https://github.com/wso2-extensions/identity-inbound-
> auth-saml/tree/v5.3.0/components/org.wso2.carbon.identity.sso.saml
>
> On Tue, Jul 11, 2017 at 1:43 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello guys,
>>
>> Could you please tell me where can I find the source code for
>> org.wso2.carbon.identity.sso.saml_5.3.0.jar.
>> I checked this git repo https://github.com/wso2-a
>> ttic/carbon-identity/tree/master/components/sso-saml/org.
>> wso2.carbon.identity.sso.saml  but the latest version in 5.0.9-SNAPSHOT
>>
>>
>> Any idea please?
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022 <+94%2071%20517%209022>
> Blog: https://medium.com/@pulasthi7/
>
> <https://wso2.com/signature>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Source code for org.wso2.carbon.identity.sso.saml module

2017-07-11 Thread Hanen Ben Rhouma 
Hello guys,

Could you please tell me where can I find the source code for
org.wso2.carbon.identity.sso.saml_5.3.0.jar.
I checked this git repo
https://github.com/wso2-attic/carbon-identity/tree/master/components/sso-saml/org.wso2.carbon.identity.sso.saml
 but the latest version in 5.0.9-SNAPSHOT


Any idea please?

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Role mapping through config file

2017-07-06 Thread Hanen Ben Rhouma 
Thank you guys!


Regards,
Hanen

On Thu, Jul 6, 2017 at 5:15 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi Henan,
>
> There is a sample command if the IDP is WSO2 Identity Server where you can
> export the public certificate in PEM format.
>
> keytool -exportcert -alias wso2carbon -keypass wso2carbon -keystore 
> wso2carbon.jks -storepass wso2carbon -rfc -file ispublic_crt.pem
>
> Then, you can open the certificate file with a notepad so you see the
> certificate value. You can copy this certificate value and put in the file
> with in the  tag.
>
> Please note that above is only if the IDP is WSO2 IS. If the IDP is a
> third party IDP, then you can get the certificate in PEM format and read
> the value. And the you need to copy the entire content of the PEM file and
> place it between the tags.
>
>
> Thanks,
>
> Hasanthi.
>
>
> Hasanthi Dissanayake
>
> Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com <http://wso2.com/>
>
> On Wed, Jul 5, 2017 at 11:40 PM, Farasath Ahamed <farasa...@wso2.com>
> wrote:
>
>> Hi Hanen,
>>
>> I have attached a sample file based IDP file that demonstrates how to add
>>  tag and the IDP role mapping as well.
>>
>>
>> Thanks,
>> Farasath
>>
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 <https://twitter.com/farazath619>
>> <http://wso2.com/signature>
>>
>>
>>
>> On Wed, Jul 5, 2017 at 9:09 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>> Same question for the tag  please. We're using a
>>> certificate so what should we mention in the xml file.
>>>
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jul 5, 2017 at 5:36 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hello guys,
>>>>
>>>> Could you please tell me what are the xml tags I can use within an IDP
>>>> xml config file for role mapping. I mean the properties I can add for
>>>> mapping roles in the tag 
>>>> in default.xml for example
>>>>
>>>>
>>>> Rehards,
>>>> Hanen
>>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Role mapping through config file

2017-07-05 Thread Hanen Ben Rhouma 
Same question for the tag  please. We're using a certificate
so what should we mention in the xml file.



Regards,
Hanen






On Wed, Jul 5, 2017 at 5:36 PM, Hanen Ben Rhouma <hanen...@gmail.com> wrote:

> Hello guys,
>
> Could you please tell me what are the xml tags I can use within an IDP xml
> config file for role mapping. I mean the properties I can add for mapping
> roles in the tag 
> in default.xml for example
>
>
> Rehards,
> Hanen
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Role mapping through config file

2017-07-05 Thread Hanen Ben Rhouma 
Hello guys,

Could you please tell me what are the xml tags I can use within an IDP xml
config file for role mapping. I mean the properties I can add for mapping
roles in the tag 
in default.xml for example


Rehards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Federated access for user with multiple email addresses

2017-07-04 Thread Hanen Ben Rhouma 
Hello guys,

I have a question regarding user account with multiple email adresses
trying to access different tenants;

Is there a way to handle such type of user knowing that the use case
consists of creating a user in ADFS and federating his access to WSO2, this
user is supposed to have access to different tenants, the constraint here
is that email address attribute is going to be a multi value field and it's
going to be confusing to WSO2 to dispatch the user to the right domain;

Is there a way to handle this or are we obliged to have different accounts
 for the same person.


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] 6.0.0 roadmap

2017-05-22 Thread Hanen Ben Rhouma 
Hello,

Could you please state the new features and bug fixes introduced within IS
6.0.0.m2

And what's coming within the major release and it's date please?

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Vulnerabilities detected through Dependency Check

2017-05-22 Thread Hanen Ben Rhouma 
Hello guys,

I scanned WSO2 IS with Dependency Check 1.4.5 and the report shows many
vulnerabilities, I raised a Jira
 for this concern, could you
please let me know if there is any upcoming actions like dependencies
version upgrade or libraries stack change. It's important to validate the
security level for IS in order to fully adopt the solution and sign a
support contract.


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Token validation stub user permissions

2017-04-28 Thread Hanen Ben Rhouma 
Thanks Omindu!

Farasath, actually we're validating the token through a spring security
filter which is delegating under the hood the real validation to WSO2, we
thought of using the SOAP stub to make the validation; Do you think there
is a nicer approach?

Regards,
Hanen

On Fri, Apr 28, 2017 at 1:43 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

>
>
>
>
> On Fri, Apr 28, 2017 at 3:10 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> Could you please tell me what are the minimum permissions required for a
>> user to invoke token validation stub.
>>
>> curl --user admin:admin --header "Content-Type: text/xml" --header
>> "SOAPAction: validate" -k -d @soap.xml https://localhost:9443/service
>> s/OAuth2TokenValidationService/
>>
>> I don't want to use the super admin, what should a normal user have as
>> permissions to be able to do such validation.
>>
>>
> Btw any specific reason why you are using the OAuth2TokenValidationService
> SOAP Service over the OAuth2 introspection endpoint?
>
>
>>
>> Regards,
>> Hanen
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Token validation stub user permissions

2017-04-28 Thread Hanen Ben Rhouma 
Hello,

Could you please tell me what are the minimum permissions required for a
user to invoke token validation stub.

curl --user admin:admin --header "Content-Type: text/xml" --header
"SOAPAction: validate" -k -d @soap.xml
https://localhost:9443/services/OAuth2TokenValidationService/

I don't want to use the super admin, what should a normal user have as
permissions to be able to do such validation.


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] OAuth2 token validation

2017-03-28 Thread Hanen Ben Rhouma 
Hi,

I have a question regarding oauth2 token validation: when I use
client_credentials as grant type the generated token isn't valid (used the
token validate() soap call) but the /oauth2/userinfo returns correctly the
user attributes. Any explanation please?

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Issue while trying to call oauth2 userinfo

2017-03-27 Thread Hanen Ben Rhouma 
Yes you're right, we only need to identify to which tenant it belongs to so
that data can be segregated accordingly.

Regards,
Hanen

On Mon, Mar 27, 2017 at 1:29 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

>
>
> On Mon, Mar 27, 2017 at 1:26 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Farasath,
>>
>> That returned the sub attribute, how can I retrieve more information
>> about the user knowing that I'm using client_credentials as a grant type?
>>
>
> Does it make sense to use the client_credentials grant type to get a token
> with user information?
>
> AFAIK it is used to get an access token for the application to talk to an
> API/resource. Only user related here would be the developer who created
> this app, isn't it?
>
>
>
>
>>
>> Regards,
>> Hanen
>>
>> On Fri, Mar 24, 2017 at 8:17 PM, Farasath Ahamed <farasa...@wso2.com>
>> wrote:
>>
>>> Hi Hanen,
>>>
>>> This error usually means that in the initially, you have obtained an
>>> access token that does not contain 'openid' scope and used it on the
>>> userinfo endpoint. Here, 'openid' is not related to the OpenID protocol.
>>>
>>> Can you try adding 'openid' as a scope in your initial OAuth2 token
>>> request and use that token to invoke the https://host:9443/oauth2/u
>>> serinfo endpoint?
>>>
>>> For example,
>>> If you are using password grant type,
>>>
>>> curl -k -v --user *:* -d
>>> "grant_type=password=**=**=scope1
>>> openid" https://localhost:9443/oauth2/token
>>>
>>> And then do a get on the user info endpoint
>>>
>>> curl -k -H "Authorization: Bearer*
>>> *" https://localhost:9443/oauth2/
>>> userinfo?schema=openid
>>>
>>>
>>> Thanks,
>>> Farasath.
>>>
>>>
>>> Farasath Ahamed
>>> Software Engineer, WSO2 Inc.; http://wso2.com
>>> Mobile: +94777603866
>>> Blog: blog.farazath.com
>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>> <http://wso2.com/signature>
>>>
>>>
>>>
>>> On Fri, Mar 24, 2017 at 10:05 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Do I need extra params to invoke the userinfo endpoint (
>>>> https://host:9443/oauth2/userinfo) ?
>>>>
>>>> I'm getting
>>>>   "error_description": "Access token does not have the openid scope",
>>>>   "error": "insufficient_scope"
>>>>
>>>> Eventhough I'm using Oauth2 without OpenID
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Issue while trying to call oauth2 userinfo

2017-03-27 Thread Hanen Ben Rhouma 
Thanks Farasath,

That returned the sub attribute, how can I retrieve more information about
the user knowing that I'm using client_credentials as a grant type?

Regards,
Hanen

On Fri, Mar 24, 2017 at 8:17 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

> Hi Hanen,
>
> This error usually means that in the initially, you have obtained an
> access token that does not contain 'openid' scope and used it on the
> userinfo endpoint. Here, 'openid' is not related to the OpenID protocol.
>
> Can you try adding 'openid' as a scope in your initial OAuth2 token
> request and use that token to invoke the https://host:9443/oauth2/userinfo
> endpoint?
>
> For example,
> If you are using password grant type,
>
> curl -k -v --user *:* -d
> "grant_type=password=**=**=scope1
> openid" https://localhost:9443/oauth2/token
>
> And then do a get on the user info endpoint
>
> curl -k -H "Authorization: Bearer* *"
> https://localhost:9443/oauth2/userinfo?schema=openid
>
>
> Thanks,
> Farasath.
>
>
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>
> On Fri, Mar 24, 2017 at 10:05 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Do I need extra params to invoke the userinfo endpoint (
>> https://host:9443/oauth2/userinfo) ?
>>
>> I'm getting
>>   "error_description": "Access token does not have the openid scope",
>>   "error": "insufficient_scope"
>>
>> Eventhough I'm using Oauth2 without OpenID
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Issue while trying to call oauth2 userinfo

2017-03-24 Thread Hanen Ben Rhouma 
Hi,

Do I need extra params to invoke the userinfo endpoint (
https://host:9443/oauth2/userinfo) ?

I'm getting
  "error_description": "Access token does not have the openid scope",
  "error": "insufficient_scope"

Eventhough I'm using Oauth2 without OpenID

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Source code of some modules

2017-03-17 Thread Hanen Ben Rhouma 
Thanks Omindu.

Regards,
Hanen


On Thu, Mar 16, 2017 at 5:02 PM, Omindu Rathnaweera <omi...@wso2.com> wrote:

> Hi Hanen,
>
> The oauth component can be found at [1] and the authentication endpoint
> can be found at [2].
>
> [1] - https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/tree/v5.3.4/components/org.wso2.carbon.identity.oauth
> [2] - https://github.com/wso2/carbon-identity-framework/
> tree/v5.7.5/components/authentication-framework/org.wso2.carbon.identity.
> application.authentication.endpoint
>
> Regards,
> Omindu.
>
>
> On Thu, Mar 16, 2017 at 9:22 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hi guys,
>>
>> Could you please tell me where can I find the latest source code of
>> org.wso2.carbon.identity.oauth (version 5.3.4)
>>
>> and the source code of the web application authenticationendpoint
>> (shipped with WSO2 IS 5.3.0)
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Omindu Rathnaweera
> Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Source code of some modules

2017-03-16 Thread Hanen Ben Rhouma 
Hi guys,

Could you please tell me where can I find the latest source code of
org.wso2.carbon.identity.oauth
(version 5.3.4)

and the source code of the web application authenticationendpoint (shipped
with WSO2 IS 5.3.0)


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] SaaS Application Mode in SP configuration

2017-02-14 Thread Hanen Ben Rhouma 
Hello guys,

I have a question regarding the configuration of the Service Provider. Say
I want to share the SP configuration between all my tenants so that all
users can access my application, for achieving this I created my SP
instance in one of my tenants and checked the SaaS Application checkbox but
I couldn't authenticate users from other tenants. Is there some other
config that I need to add to my application in order to make it work.

I saw something saying we need to add this to web.xml :


carbon.enable.saas
true


and


carbon.saas.tenants
*


Does it answer the question?


Regards,

Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] Generated IdP metadata urls are always pointing to localhost:9443

2017-02-13 Thread Hanen Ben Rhouma 
Thanks Kasun,

Isn't there a way to change the resident IdP urls generated by default, my
goal is to use the metadata Url instead of the file and this can't be
achieved by creating a custom IdP instance, it should be routed by the
resident one.

Regards,
Hanen

On Mon, Feb 13, 2017 at 10:44 AM, Kasun Bandara <kbandara...@gmail.com>
wrote:

> Hi Hanen,
>
> For each tenant, you should be able to define their own separate metadata
> information as you stated. Can you please check your scenario with [1].
>
> [1] http://saml-metadata-featurer.blogspot.com.au/2016/
> 11/saml-metadata-feature-for-identity.html
>
> Regards,
> Kasun.
>
>
>
> Kasun Gayan Bandara
> PhD Research Student
> Machine Learning Group
>
> Faculty of Information Technology, Clayton
> Monash University
> 25 Exhibition Walk, Clayton Campus
> Wellington Road
> Clayton VIC 3800
> Australia.
>
> E: herath.band...@monash.edu
> M (+61) 43 491 6476
>
> <https://www.linkedin.com/in/bandarakasun>
>
>
>
> On Mon, Feb 13, 2017 at 8:29 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>>
>> Hello Guys,
>>
>> I have a question regarding the generated IdP metadata, the generated SSo
>> Url and Logout Url are always pointing to localhost:9443, I changed
>> the HostName and Offset in carbon.xml and even the IdentityProviderURL
>> and DefaultLogoutEndpoint in identity.xml but still the Urls are the same.
>>
>> How can I adapt such metadata dynamically to each environment and
>> according to each tenant?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Generated IdP metadata urls are always pointing to localhost:9443

2017-02-13 Thread Hanen Ben Rhouma 
Hello Guys,

I have a question regarding the generated IdP metadata, the generated SSo
Url and Logout Url are always pointing to localhost:9443, I changed
the HostName and Offset in carbon.xml and even the IdentityProviderURL
and DefaultLogoutEndpoint in identity.xml but still the Urls are the same.

How can I adapt such metadata dynamically to each environment and according
to each tenant?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Idp metadata url

2017-02-09 Thread Hanen Ben Rhouma 
Hello guys,

I have a question regarding IdP metadata, is there a web url from which we
can download such metadata dynamically for each tenant without passing by
the file download. If so do we need to add a request param to distinguish
each tenant metadata url from the others?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Form based SSO SAML2 authentication

2017-02-07 Thread Hanen Ben Rhouma 
Hi guys,

Is it possible to authenticate users through a different approach from the
form-based one, means can we escape the login page offered by WSO2 IS and
pass the login/password from another web application directly to the IdP?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] SAML2 SSO2 into a tenant

2017-02-06 Thread Hanen Ben Rhouma 
Thanks Godwin,

It's working by passing the query param to the xml metadata file

https://IP:PORT/samlsso?tenantDomain=domain.com;

ResponseLocation="https://IP:PORT/samlsso?tenantDomain=domain.com"/>


I'm trying to pass it dynamically by picking it up from the login
(email so contains domain name), so I overrode WebSSOProfileImpl
(Spring SAML) by setting the AuthRequest Destination to default
Location with tenantDomain param but it's not picked up.

Any idea why or what should be tweaked for this?


Regards,

Hanen



On Mon, Feb 6, 2017 at 1:04 PM, Godwin Shrimal <god...@wso2.com> wrote:

> Hi Hanen,
>
> If your Service Provider configured in a specific tenant. Ex. foo.com you
> need to send an additional query parameter tenantDomain="foo.com" to
> /samlsso endpoint. Then Identity server looking for the particular service
> provider related to issuer in foo.com tenant. What i described above is
> how to get the tenant for authenticated user. You can try out this scenario
> using travelocity sample and uncomment the line [1] and configure the
> correct tenant domain there.
>
> [1] https://github.com/wso2/product-is/blob/release-5.3.0/
> modules/samples/sso/sso-agent-sample/src/main/resources/
> travelocity.properties#L100
>
> Thanks
> Godwin
>
>
> On Mon, Feb 6, 2017 at 4:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Godwin but I'm afraid it didn't do the trick, there isn't any
>> extra request param appended to the SamlRequest and the tenant is not
>> recognised. How did you test such feature to validate it's working ?
>>
>> Regards,
>> Hanen
>>
>> On Thu, Feb 2, 2017 at 3:14 PM, Godwin Shrimal <god...@wso2.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> Under Local and Outbound configuration of Service provider there is an
>>> option called *Use tenant domain in local subject identifier *which
>>> will append the tenant domain to subject. you can find more information in
>>> [1]
>>>
>>> [1] https://docs.wso2.com/display/IS530/Configuring+Local+and+Ou
>>> tbound+Authentication+for+a+Service+Provider
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Thu, Feb 2, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I have a question regarding SAML2 SSO bewteen a web application having
>>>> Spring SAML and WSO2 IS as an Idp.
>>>>
>>>> Is it possible to take the username pattern:  u...@tenant.com
>>>> to identify the tenant which we want to authenticate our user within it?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Senior Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
>>> twitter: https://twitter.com/godwinamila
>>> <http://wso2.com/signature>
>>>
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] SAML2 SSO2 into a tenant

2017-02-06 Thread Hanen Ben Rhouma 
Thanks Godwin but I'm afraid it didn't do the trick, there isn't any extra
request param appended to the SamlRequest and the tenant is not recognised.
How did you test such feature to validate it's working ?

Regards,
Hanen

On Thu, Feb 2, 2017 at 3:14 PM, Godwin Shrimal <god...@wso2.com> wrote:

> Hi Hanen,
>
> Under Local and Outbound configuration of Service provider there is an
> option called *Use tenant domain in local subject identifier *which will
> append the tenant domain to subject. you can find more information in [1]
>
> [1] https://docs.wso2.com/display/IS530/Configuring+Local+and+
> Outbound+Authentication+for+a+Service+Provider
>
> Thanks
> Godwin
>
> On Thu, Feb 2, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> I have a question regarding SAML2 SSO bewteen a web application having
>> Spring SAML and WSO2 IS as an Idp.
>>
>> Is it possible to take the username pattern:  u...@tenant.com
>> to identify the tenant which we want to authenticate our user within it?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] SAML2 SSO2 into a tenant

2017-02-02 Thread Hanen Ben Rhouma 
Hello,

I have a question regarding SAML2 SSO bewteen a web application having
Spring SAML and WSO2 IS as an Idp.

Is it possible to take the username pattern:  u...@tenant.com
to identify the tenant which we want to authenticate our user within it?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Handle fine-grained role permissions : Enhancing the existing API or replacing it

2017-01-10 Thread Hanen Ben Rhouma 
Hi,

Let's suppose I want to develop a new API to handle a fine grained
permissions per each created role. What should be the reference API that I
need to modify or replace?

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] SCIM call to create a role with permissions

2017-01-10 Thread Hanen Ben Rhouma 
Hi,

Is it possible to create a role with a list of permissions through SCIM ?
I created one with this command

curl -v -k --user admin:admin --data '{"displayName":
"TenantAdmin","members":
[{"value":"09f55b8d-9a94-484c-9fff-09e02013167a","hanen": "hanen"}]}'
--header "Content-Type:application/json"
https://localhost:9443/wso2/scim/Groups

but the result is stripped of any kind of permission, is it possible to
assign them through such calls ?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] Permission to create roles and assign users to them

2017-01-06 Thread Hanen Ben Rhouma 
Is it possible to hide the extra modules (IdP, SP, Claim Mgt, etc.) from
the interface once the user is logged with a role which has "/permission/
admin/manage/identity" as permissions ?

Regards,
Hanen

On Thu, Jan 5, 2017 at 12:06 PM, Hanen Ben Rhouma <hanen...@gmail.com>
wrote:

> I did add both permissions and same is happening.
>
> Shall I raise a bug?
>
> Regards,
> Hanen
>
>
> On Thu, Jan 5, 2017 at 11:40 AM, Chamila Wijayarathna <
> cdwijayarat...@gmail.com> wrote:
>
>> Hi Hanen,
>>
>> To achieve this in SOAP API calls, your user need to have both "User
>> Management" and "Role Management" permissions.
>>
>> Regards!
>> Chamila
>>
>> On Thu, Jan 5, 2017 at 9:37 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> In fact, even by using the SOAP service call to add role mgt only as a
>>> permission, the result is the same the created user won't have the
>>> possibility to create roles:
>>>
>>> http://schemas.
>>> xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.u
>>> m.carbon.wso2.org" xmlns:xsd="http://dao.service.
>>> ws.um.carbon.wso2.org/xsd">
>>>
>>>
>>>   
>>>  
>>>  TestRole
>>>  
>>>  hanen
>>>  
>>>  
>>> 
>>> ui.execute
>>> 
>>> /permission/admin/manage/identity/rolemgt/>> xsd:resourceId>
>>>  
>>>   
>>>
>>> 
>>>
>>> Regards,
>>> Hanen
>>>
>>> On Wed, Jan 4, 2017 at 5:06 PM, Darshana Gunawardana <darsh...@wso2.com>
>>> wrote:
>>>
>>>> Hi Chamila\Hanen,
>>>>
>>>> Yes. you need to have "'/permission/admin/manage/identity'" permission
>>>> to manage roles from the UI. Since we are doing multiple management
>>>> operation via management console we require much higher level of
>>>> permissions. But Relevant backend services (UserAdmin service) do support
>>>> finer level permission ("/permission/admin/manage/identity/usermgt")
>>>> then if some external client need to connect with restricted permissions
>>>> still it's possible. But indeed this UIs can be improved to support fine
>>>> grained permissions. Since we are working on the IS 6.0.0 which is based on
>>>> next gen Carbon 5 platform with complete re-design of the product with
>>>> parallel to IS 5.3.0 release, we did not focus on major redesigning of UI
>>>> and related UI permissions with the IS 5.3.0.
>>>>
>>>> Giving you bit of insight of IS 6.0.0 effort, we have plans to decouple
>>>> persona that use identity server for different types of administration and
>>>> provide separate views for each of those. You will be able to follow up on
>>>> those discussions on architecture list soon.
>>>>
>>>> We have created https://wso2.org/jira/browse/IDENTITY-5560 to track
>>>> this specific improvement, and it will consider fixing this in a future
>>>> release.
>>>>
>>>> Thanks
>>>>
>>>> On Wed, Jan 4, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Actually I tried most of the combinations and the smallest set of
>>>>> permissions allowing users to create roles is by selecting the whole
>>>>> "Identity" permissions block. Why ????
>>>>> Sometimes we want some type of users to be able to only create users
>>>>> and assign them to some roles, the rest of the application (IdP, SP, Key
>>>>> stores, Workflow mgt, etc.) isn't trivial to them and is not even in their
>>>>> scope of responsibility. Why such limitation?
>>>>>
>>>>> Regards,
>>>>> Hanen
>>>>>
>>>>> On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna <
>>>>> cdwijayarat...@gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> It looks like you need to have '/permission/admin/manage/identity'
>>>>>> to do this using management console. However, when looking at code if you
>>>>>> are doing it using API ca

Re: [Dev] [VOTE] Release WSO2 MSF4J 2.1.0 RC3

2017-01-05 Thread Hanen Ben Rhouma 
Hi,

How can we get those samples?

Regards,
Hanen

On Thu, Nov 3, 2016 at 10:01 AM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Devs,
>
> Thank you for testing the MSF4J 2.1.0 RC3. This vote is passed with 3 +1s
> and 0 -1s.
> Therefore we will proceed with the MSF4J 2.1.0 release.
>
> Best Regards
> Thusitha
>
> On Thu, Nov 3, 2016 at 2:17 PM, Nisala Nanayakkara 
> wrote:
>
>> Hi Thusitha,
>>
>> I have tested following samples.
>>
>>- Hello World
>>- Spring Hello World
>>- Session-aware Service
>>- Lifecycle
>>- Metrics
>>- File Server
>>- FormParam
>>- BasicAuth Security
>>- OAuth2 Security
>>- Template
>>
>> [x] Stable - go ahead and release
>> Thanks,
>> Nisala
>>
>> On Mon, Oct 31, 2016 at 8:41 PM, Thusitha Thilina Dayaratne <
>> thusit...@wso2.com> wrote:
>>
>>> Hi Devs,
>>>
>>> This is the 3rd Release Candidate of WSO2 MSF4J(Microservices Framework
>>> for Java) 2.1.0.
>>>
>>> Please download, test the framework and vote. The vote will be open for
>>> 72 hours or as needed.
>>> Refer to GitHub readmes for guides.
>>>
>>> *Source and binary distribution files:*
>>> https://github.com/wso2/msf4j/releases/tag/v2.1.0-rc3
>>>
>>> *Maven staging repository:*
>>> https://maven.wso2.org/nexus/content/repositories/orgwso2msf4j-1010
>>>
>>> *The tag to be voted upon:*
>>> https://github.com/wso2/msf4j/tree/v2.1.0-rc3
>>>
>>>
>>>
>>> [ ] Broken - do not release (explain why)
>>> [ ] Stable - go ahead and release
>>>
>>> Thank you,
>>> Platform Team
>>> --
>>> Thusitha Dayaratne
>>> Software Engineer
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> Mobile  +94712756809
>>> Blog  alokayasoya.blogspot.com
>>> Abouthttp://about.me/thusithathilina
>>> 
>>>
>>>
>>
>>
>> --
>> *Nisala Niroshana Nanayakkara,*
>> Software Engineer
>> Mobile:(+94)717600022
>> WSO2 Inc., http://wso2.com/
>>
>
>
>
> --
> Thusitha Dayaratne
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Is it possible to make it a microservice?

2017-01-05 Thread Hanen Ben Rhouma 
Hi,

Is it possible to transform WSO2 IS into a microservice?



Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

2017-01-05 Thread Hanen Ben Rhouma 
Thanks Chamila :)

Regards,
Hanen

On Thu, Jan 5, 2017 at 2:55 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi,
>
> This repository is no longer in use. Current code for user-mgt can be
> found at https://github.com/wso2/carbon-identity-framework/ . You find
> find tags for all the versions used for releases there.
>
> On Fri, Jan 6, 2017 at 12:52 AM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> It worked, thanks!!!
>>
>> Could you tell me where is the official git repository from which I can
>> get the source code of such recent modules ? I referenced this
>> https://github.com/wso2/carbon-identity/tree/master/componen
>> ts/user-mgt/org.wso2.carbon.user.mgt.ui
>> but there is no 5.7.5 tag version
>>
>> Regards,
>> Hanen
>>
>> On Thu, Jan 5, 2017 at 2:24 PM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> RC2 uses org.wso2.carbon.user.mgt.ui version 5.7.5, you'll have to add
>>> patch with this version or newer version, otherwise it picks the jar with
>>> highest version AFAIK.
>>>
>>> On Fri, Jan 6, 2017 at 12:13 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> 5.3.0-rc2
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Thu, Jan 5, 2017 at 11:36 AM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> No, UI jars are the same as others, what is the IS version you are
>>>>> using?
>>>>>
>>>>> On Thu, Jan 5, 2017 at 9:24 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Chamila,
>>>>>>
>>>>>> I did create a directory patch0001 and put the jar under it, the logs
>>>>>> were showing it's taken into account but from the GUI side the changes
>>>>>> didn't take effect:
>>>>>>
>>>>>> [2017-01-05 11:13:29,776]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Checking for patch changes ...
>>>>>> [2017-01-05 11:13:29,803]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  New patch available - patch0001
>>>>>> [2017-01-05 11:13:29,806]  INFO 
>>>>>> {org.wso2.carbon.server.extensions.PatchInstaller}
>>>>>> -  Patch changes detected
>>>>>> [2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Backed up plugins to patch
>>>>>> [2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Applying patches ...
>>>>>> [2017-01-05 11:13:35,758]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Applying - patch0001
>>>>>> [2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Patched org.wso2.carbon.user.mgt.ui_5.
>>>>>> 7.0.jar(MD5:096b6efee440a71e964e1756b8dd25fc)
>>>>>> [2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Patch verification started
>>>>>> [2017-01-05 11:13:35,862]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>>>> -  Patch verification successfully completed
>>>>>>
>>>>>>
>>>>>> Is there something different about ui jars ? I changed a JSP, is
>>>>>> there another step to configure ?
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Hanen
>>>>>>
>>>>>>
>>>>>> On Wed, Jan 4, 2017 at 11:53 PM, Chamila Wijayarathna <
>>>>>> cdwijayarat...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Hanen,
>>>>>>>
>>>>>>> Changing plugin is not a recommended thing, but applying patch
>>>>>>> should work here, refer[1] for guidelines to apply patches.
>>>>>>> If patch wasn't taken into account, please make sure the patch you
>>>>>>> add is as the same version as the already available jar in plugins 
>>>>>>> folder.
>>>>>>> You can verify whether the patch has applied correctly by referring
>>>>>>> to repository/logs/patches log
>>>>>>>
>>>>>>> [1]. https://docs.wso2.com/disp

Re: [Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

2017-01-05 Thread Hanen Ben Rhouma 
It worked, thanks!!!

Could you tell me where is the official git repository from which I can get
the source code of such recent modules ? I referenced this
https://github.com/wso2/carbon-identity/tree/master/components/user-mgt/org.wso2.carbon.user.mgt.ui
but there is no 5.7.5 tag version

Regards,
Hanen

On Thu, Jan 5, 2017 at 2:24 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> RC2 uses org.wso2.carbon.user.mgt.ui version 5.7.5, you'll have to add
> patch with this version or newer version, otherwise it picks the jar with
> highest version AFAIK.
>
> On Fri, Jan 6, 2017 at 12:13 AM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> 5.3.0-rc2
>>
>> Regards,
>> Hanen
>>
>> On Thu, Jan 5, 2017 at 11:36 AM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> No, UI jars are the same as others, what is the IS version you are using?
>>>
>>> On Thu, Jan 5, 2017 at 9:24 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hi Chamila,
>>>>
>>>> I did create a directory patch0001 and put the jar under it, the logs
>>>> were showing it's taken into account but from the GUI side the changes
>>>> didn't take effect:
>>>>
>>>> [2017-01-05 11:13:29,776]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Checking for patch changes ...
>>>> [2017-01-05 11:13:29,803]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  New patch available - patch0001
>>>> [2017-01-05 11:13:29,806]  INFO 
>>>> {org.wso2.carbon.server.extensions.PatchInstaller}
>>>> -  Patch changes detected
>>>> [2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Backed up plugins to patch
>>>> [2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Applying patches ...
>>>> [2017-01-05 11:13:35,758]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Applying - patch0001
>>>> [2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Patched org.wso2.carbon.user.mgt.ui_5.7.0.jar(MD5:096b6efee440a71e96
>>>> 4e1756b8dd25fc)
>>>> [2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Patch verification started
>>>> [2017-01-05 11:13:35,862]  INFO {org.wso2.carbon.server.util.PatchUtils}
>>>> -  Patch verification successfully completed
>>>>
>>>>
>>>> Is there something different about ui jars ? I changed a JSP, is there
>>>> another step to configure ?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>>
>>>> On Wed, Jan 4, 2017 at 11:53 PM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Hanen,
>>>>>
>>>>> Changing plugin is not a recommended thing, but applying patch should
>>>>> work here, refer[1] for guidelines to apply patches.
>>>>> If patch wasn't taken into account, please make sure the patch you add
>>>>> is as the same version as the already available jar in plugins folder.
>>>>> You can verify whether the patch has applied correctly by referring to
>>>>> repository/logs/patches log
>>>>>
>>>>> [1]. https://docs.wso2.com/display/IS510/Applying+Patches
>>>>>
>>>>> Regards!
>>>>> Chamila
>>>>>
>>>>> On Thu, Jan 5, 2017 at 4:20 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> What if I want to change the jsp managing such logic which is within
>>>>>> org.wso2.carbon.user.mgt.ui_5.7.0
>>>>>> The thing is that WSO2 is becoming unstable once I modify the plugin,
>>>>>> I even tried differently by putting the jar within patches but it wasn't
>>>>>> taken into account.
>>>>>> Any idea how can I replace the default plugin with a another one?
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Hanen
>>>>>>
>>>>>> On Wed, Jan 4, 2017 at 4:59 PM, Darshana Gunawardana <
>>>>>> darsh...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi Hanen,
>>>>>>>
>>>>>>> As of the current behaviour of the management

Re: [Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

2017-01-05 Thread Hanen Ben Rhouma 
5.3.0-rc2

Regards,
Hanen

On Thu, Jan 5, 2017 at 11:36 AM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> No, UI jars are the same as others, what is the IS version you are using?
>
> On Thu, Jan 5, 2017 at 9:24 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hi Chamila,
>>
>> I did create a directory patch0001 and put the jar under it, the logs
>> were showing it's taken into account but from the GUI side the changes
>> didn't take effect:
>>
>> [2017-01-05 11:13:29,776]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Checking for patch changes ...
>> [2017-01-05 11:13:29,803]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  New patch available - patch0001
>> [2017-01-05 11:13:29,806]  INFO 
>> {org.wso2.carbon.server.extensions.PatchInstaller}
>> -  Patch changes detected
>> [2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Backed up plugins to patch
>> [2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Applying patches ...
>> [2017-01-05 11:13:35,758]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Applying - patch0001
>> [2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Patched org.wso2.carbon.user.mgt.ui_5.7.0.jar(MD5:096b6efee440a71e96
>> 4e1756b8dd25fc)
>> [2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Patch verification started
>> [2017-01-05 11:13:35,862]  INFO {org.wso2.carbon.server.util.PatchUtils}
>> -  Patch verification successfully completed
>>
>>
>> Is there something different about ui jars ? I changed a JSP, is there
>> another step to configure ?
>>
>>
>> Regards,
>> Hanen
>>
>>
>> On Wed, Jan 4, 2017 at 11:53 PM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> Changing plugin is not a recommended thing, but applying patch should
>>> work here, refer[1] for guidelines to apply patches.
>>> If patch wasn't taken into account, please make sure the patch you add
>>> is as the same version as the already available jar in plugins folder.
>>> You can verify whether the patch has applied correctly by referring to
>>> repository/logs/patches log
>>>
>>> [1]. https://docs.wso2.com/display/IS510/Applying+Patches
>>>
>>> Regards!
>>> Chamila
>>>
>>> On Thu, Jan 5, 2017 at 4:20 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> What if I want to change the jsp managing such logic which is within
>>>> org.wso2.carbon.user.mgt.ui_5.7.0
>>>> The thing is that WSO2 is becoming unstable once I modify the plugin, I
>>>> even tried differently by putting the jar within patches but it wasn't
>>>> taken into account.
>>>> Any idea how can I replace the default plugin with a another one?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Wed, Jan 4, 2017 at 4:59 PM, Darshana Gunawardana <darsh...@wso2.com
>>>> > wrote:
>>>>
>>>>> Hi Hanen,
>>>>>
>>>>> As of the current behaviour of the management console, it cannot hide
>>>>> primary user store from the drop down for tenant users.
>>>>>
>>>>> There are two ways to enforce this,
>>>>> * Add backend validation for restricting user creation in primary
>>>>> userstore for tenant users (this requires a listener implementation for
>>>>> user management operations)
>>>>> * Write a separate dashboard with these customizations (this requires
>>>>> to develop separate webapp)
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Wed, Jan 4, 2017 at 7:48 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Is there a way to restrict tenant users (having the permission to
>>>>>> create other users) to a secondary user store; I noticed PRIMARY user 
>>>>>> store
>>>>>> is always there when trying to create a new user even for tenant users, 
>>>>>> it
>>>>>> leads to some confusion and some users can persist other newly created
>>>>>> users on the PRIMARY, can't we grey out this drop down so that it works 
>>>>>> for
>>>>>&g

Re: [Dev] [WSO2 IS] Permission to create roles and assign users to them

2017-01-05 Thread Hanen Ben Rhouma 
I did add both permissions and same is happening.

Shall I raise a bug?

Regards,
Hanen


On Thu, Jan 5, 2017 at 11:40 AM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> To achieve this in SOAP API calls, your user need to have both "User
> Management" and "Role Management" permissions.
>
> Regards!
> Chamila
>
> On Thu, Jan 5, 2017 at 9:37 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hi,
>>
>> In fact, even by using the SOAP service call to add role mgt only as a
>> permission, the result is the same the created user won't have the
>> possibility to create roles:
>>
>> http://schemas.
>> xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.u
>> m.carbon.wso2.org" xmlns:xsd="http://dao.service.
>> ws.um.carbon.wso2.org/xsd">
>>
>>
>>   
>>  
>>  TestRole
>>  
>>  hanen
>>  
>>  
>> 
>> ui.execute
>> 
>> /permission/admin/manage/identity/rolemgt/> xsd:resourceId>
>>  
>>   
>>
>> 
>>
>> Regards,
>> Hanen
>>
>> On Wed, Jan 4, 2017 at 5:06 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> Hi Chamila\Hanen,
>>>
>>> Yes. you need to have "'/permission/admin/manage/identity'" permission
>>> to manage roles from the UI. Since we are doing multiple management
>>> operation via management console we require much higher level of
>>> permissions. But Relevant backend services (UserAdmin service) do support
>>> finer level permission ("/permission/admin/manage/identity/usermgt")
>>> then if some external client need to connect with restricted permissions
>>> still it's possible. But indeed this UIs can be improved to support fine
>>> grained permissions. Since we are working on the IS 6.0.0 which is based on
>>> next gen Carbon 5 platform with complete re-design of the product with
>>> parallel to IS 5.3.0 release, we did not focus on major redesigning of UI
>>> and related UI permissions with the IS 5.3.0.
>>>
>>> Giving you bit of insight of IS 6.0.0 effort, we have plans to decouple
>>> persona that use identity server for different types of administration and
>>> provide separate views for each of those. You will be able to follow up on
>>> those discussions on architecture list soon.
>>>
>>> We have created https://wso2.org/jira/browse/IDENTITY-5560 to track
>>> this specific improvement, and it will consider fixing this in a future
>>> release.
>>>
>>> Thanks
>>>
>>> On Wed, Jan 4, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Actually I tried most of the combinations and the smallest set of
>>>> permissions allowing users to create roles is by selecting the whole
>>>> "Identity" permissions block. Why 
>>>> Sometimes we want some type of users to be able to only create users
>>>> and assign them to some roles, the rest of the application (IdP, SP, Key
>>>> stores, Workflow mgt, etc.) isn't trivial to them and is not even in their
>>>> scope of responsibility. Why such limitation?
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> It looks like you need to have '/permission/admin/manage/identity' to
>>>>> do this using management console. However, when looking at code if you are
>>>>> doing it using API calls, having "User Management" and "Role Management"
>>>>> should be enough to do this.
>>>>>
>>>>> It should work with "Roles Management" IMO, I'm not sure why it's not
>>>>> implemented like that.
>>>>> @Johann, Darshana : Any idea on this?
>>>>>
>>>>> On Wed, Jan 4, 2017 at 10:42 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> What is the permission that gives the user the possibility to create
>>>>>> roles and assign users

Re: [Dev] [WSO2 IS] Permission to create roles and assign users to them

2017-01-05 Thread Hanen Ben Rhouma 
Hi,

In fact, even by using the SOAP service call to add role mgt only as a
permission, the result is the same the created user won't have the
possibility to create roles:

http://schemas.xmlsoap.org/soap/envelope/;
xmlns:ser="http://service.ws.um.carbon.wso2.org; xmlns:xsd="
http://dao.service.ws.um.carbon.wso2.org/xsd;>
   
   
  
 
 TestRole
 
 hanen
 
 

ui.execute


/permission/admin/manage/identity/rolemgt/
 
  
   


Regards,
Hanen

On Wed, Jan 4, 2017 at 5:06 PM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi Chamila\Hanen,
>
> Yes. you need to have "'/permission/admin/manage/identity'" permission to
> manage roles from the UI. Since we are doing multiple management operation
> via management console we require much higher level of permissions. But
> Relevant backend services (UserAdmin service) do support finer level
> permission ("/permission/admin/manage/identity/usermgt") then if some
> external client need to connect with restricted permissions still it's
> possible. But indeed this UIs can be improved to support fine
> grained permissions. Since we are working on the IS 6.0.0 which is based on
> next gen Carbon 5 platform with complete re-design of the product with
> parallel to IS 5.3.0 release, we did not focus on major redesigning of UI
> and related UI permissions with the IS 5.3.0.
>
> Giving you bit of insight of IS 6.0.0 effort, we have plans to decouple
> persona that use identity server for different types of administration and
> provide separate views for each of those. You will be able to follow up on
> those discussions on architecture list soon.
>
> We have created https://wso2.org/jira/browse/IDENTITY-5560 to track this
> specific improvement, and it will consider fixing this in a future release.
>
> Thanks
>
> On Wed, Jan 4, 2017 at 7:13 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Actually I tried most of the combinations and the smallest set of
>> permissions allowing users to create roles is by selecting the whole
>> "Identity" permissions block. Why 
>> Sometimes we want some type of users to be able to only create users and
>> assign them to some roles, the rest of the application (IdP, SP, Key
>> stores, Workflow mgt, etc.) isn't trivial to them and is not even in their
>> scope of responsibility. Why such limitation?
>>
>> Regards,
>> Hanen
>>
>> On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> It looks like you need to have '/permission/admin/manage/identity' to
>>> do this using management console. However, when looking at code if you are
>>> doing it using API calls, having "User Management" and "Role Management"
>>> should be enough to do this.
>>>
>>> It should work with "Roles Management" IMO, I'm not sure why it's not
>>> implemented like that.
>>> @Johann, Darshana : Any idea on this?
>>>
>>> On Wed, Jan 4, 2017 at 10:42 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>>
>>>> Hello,
>>>>
>>>> What is the permission that gives the user the possibility to create
>>>> roles and assign users to them? I tried "Roles Management" permission but
>>>> it's not doing the trick.
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Chamila Dilshan Wijayarathna,
>>> PhD Research Student
>>> The University of New South Wales (UNSW Canberra)
>>> Australian Centre for Cyber Security
>>> Australian Defence Force Academy
>>> PO Box 7916, Canberra BA ACT 2610
>>> Australia
>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>
>>>
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Associate Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

2017-01-05 Thread Hanen Ben Rhouma 
Hi Chamila,

I did create a directory patch0001 and put the jar under it, the logs were
showing it's taken into account but from the GUI side the changes didn't
take effect:

[2017-01-05 11:13:29,776]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Checking for patch changes ...
[2017-01-05 11:13:29,803]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 New patch available - patch0001
[2017-01-05 11:13:29,806]  INFO
{org.wso2.carbon.server.extensions.PatchInstaller} -  Patch changes
detected
[2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Backed up plugins to patch
[2017-01-05 11:13:35,757]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Applying patches ...
[2017-01-05 11:13:35,758]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Applying - patch0001
[2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Patched
org.wso2.carbon.user.mgt.ui_5.7.0.jar(MD5:096b6efee440a71e964e1756b8dd25fc)
[2017-01-05 11:13:35,855]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Patch verification started
[2017-01-05 11:13:35,862]  INFO {org.wso2.carbon.server.util.PatchUtils} -
 Patch verification successfully completed


Is there something different about ui jars ? I changed a JSP, is there
another step to configure ?


Regards,
Hanen


On Wed, Jan 4, 2017 at 11:53 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> Changing plugin is not a recommended thing, but applying patch should work
> here, refer[1] for guidelines to apply patches.
> If patch wasn't taken into account, please make sure the patch you add is
> as the same version as the already available jar in plugins folder.
> You can verify whether the patch has applied correctly by referring to
> repository/logs/patches log
>
> [1]. https://docs.wso2.com/display/IS510/Applying+Patches
>
> Regards!
> Chamila
>
> On Thu, Jan 5, 2017 at 4:20 AM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> What if I want to change the jsp managing such logic which is within
>> org.wso2.carbon.user.mgt.ui_5.7.0
>> The thing is that WSO2 is becoming unstable once I modify the plugin, I
>> even tried differently by putting the jar within patches but it wasn't
>> taken into account.
>> Any idea how can I replace the default plugin with a another one?
>>
>>
>> Regards,
>> Hanen
>>
>> On Wed, Jan 4, 2017 at 4:59 PM, Darshana Gunawardana <darsh...@wso2.com>
>> wrote:
>>
>>> Hi Hanen,
>>>
>>> As of the current behaviour of the management console, it cannot hide
>>> primary user store from the drop down for tenant users.
>>>
>>> There are two ways to enforce this,
>>> * Add backend validation for restricting user creation in primary
>>> userstore for tenant users (this requires a listener implementation for
>>> user management operations)
>>> * Write a separate dashboard with these customizations (this requires to
>>> develop separate webapp)
>>>
>>> Thanks,
>>>
>>> On Wed, Jan 4, 2017 at 7:48 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Is there a way to restrict tenant users (having the permission to
>>>> create other users) to a secondary user store; I noticed PRIMARY user store
>>>> is always there when trying to create a new user even for tenant users, it
>>>> leads to some confusion and some users can persist other newly created
>>>> users on the PRIMARY, can't we grey out this drop down so that it works for
>>>> only one secondary user store?
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>> Middleware
>>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chamila Dilshan Wijayarathna,
> PhD Research Student
> The University of New South Wales (UNSW Canberra)
> Australian Centre for Cyber Security
> Australian Defence Force Academy
> PO Box 7916, Canberra BA ACT 2610
> Australia
> Mobile:(+61)416895795 <+61%20416%20895%20795>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

2017-01-04 Thread Hanen Ben Rhouma 
What if I want to change the jsp managing such logic which is
within org.wso2.carbon.user.mgt.ui_5.7.0
The thing is that WSO2 is becoming unstable once I modify the plugin, I
even tried differently by putting the jar within patches but it wasn't
taken into account.
Any idea how can I replace the default plugin with a another one?


Regards,
Hanen

On Wed, Jan 4, 2017 at 4:59 PM, Darshana Gunawardana <darsh...@wso2.com>
wrote:

> Hi Hanen,
>
> As of the current behaviour of the management console, it cannot hide
> primary user store from the drop down for tenant users.
>
> There are two ways to enforce this,
> * Add backend validation for restricting user creation in primary
> userstore for tenant users (this requires a listener implementation for
> user management operations)
> * Write a separate dashboard with these customizations (this requires to
> develop separate webapp)
>
> Thanks,
>
> On Wed, Jan 4, 2017 at 7:48 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Is there a way to restrict tenant users (having the permission to create
>> other users) to a secondary user store; I noticed PRIMARY user store is
>> always there when trying to create a new user even for tenant users, it
>> leads to some confusion and some users can persist other newly created
>> users on the PRIMARY, can't we grey out this drop down so that it works for
>> only one secondary user store?
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Associate Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] How to limit tenant users to one secondary user store while trying to create other users

2017-01-04 Thread Hanen Ben Rhouma 
Hi,

Is there a way to restrict tenant users (having the permission to create
other users) to a secondary user store; I noticed PRIMARY user store is
always there when trying to create a new user even for tenant users, it
leads to some confusion and some users can persist other newly created
users on the PRIMARY, can't we grey out this drop down so that it works for
only one secondary user store?

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [WSO2 IS] Permission to create roles and assign users to them

2017-01-04 Thread Hanen Ben Rhouma 
Hi,

Actually I tried most of the combinations and the smallest set of
permissions allowing users to create roles is by selecting the whole
"Identity" permissions block. Why 
Sometimes we want some type of users to be able to only create users and
assign them to some roles, the rest of the application (IdP, SP, Key
stores, Workflow mgt, etc.) isn't trivial to them and is not even in their
scope of responsibility. Why such limitation?

Regards,
Hanen

On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi,
>
> It looks like you need to have '/permission/admin/manage/identity' to do
> this using management console. However, when looking at code if you are
> doing it using API calls, having "User Management" and "Role Management"
> should be enough to do this.
>
> It should work with "Roles Management" IMO, I'm not sure why it's not
> implemented like that.
> @Johann, Darshana : Any idea on this?
>
> On Wed, Jan 4, 2017 at 10:42 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>>
>> Hello,
>>
>> What is the permission that gives the user the possibility to create
>> roles and assign users to them? I tried "Roles Management" permission but
>> it's not doing the trick.
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chamila Dilshan Wijayarathna,
> PhD Research Student
> The University of New South Wales (UNSW Canberra)
> Australian Centre for Cyber Security
> Australian Defence Force Academy
> PO Box 7916, Canberra BA ACT 2610
> Australia
> Mobile:(+61)416895795 <+61%20416%20895%20795>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Permission to create roles and assign users to them

2017-01-04 Thread Hanen Ben Rhouma 
Hello,

What is the permission that gives the user the possibility to create roles
and assign users to them? I tried "Roles Management" permission but it's
not doing the trick.


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Regression in user permissions management in 5.3.0-rc1

2017-01-03 Thread Hanen Ben Rhouma 
Hello,

When I create a user and assign him a role having "Login" as permission he
can only login without any further actions within his Management Console,
while in the previous version 5.2 the same kind of permission gives him the
possibility to change his password. Is it a regression?

If I want my user to be able to login, change his password and edit his
profile (and nothing more) what are the permissions I need to affect him?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Can't login with tenant users: password is hashed in external LDAP

2017-01-03 Thread Hanen Ben Rhouma 
Hello,

I have a question regarding user password hashing when using external LDAP
user store.
After creating a CustomUserStore I created some users from WSO2 IS
Management Console and assigned them a custom role which has enough
permissions (including login).
Once they're created I tried to login with but I couldn't and I noticed
that the method doAuthenticate is taking correct username but the password
is encrypted and passed as org.wso2.carbon.utils.Secret@3d1c01cc.
How can I change this knowing that I'm on a Mint distribution (Debian
based) and  that for the same WSO2 version installed with another LDAP on
Centos the behavior is different and the password passed to doAuthenticate
methos is clear.

Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: [IS] Customize user creation form with a date picker widget

2016-12-23 Thread Hanen Ben Rhouma 
Yes your understanding is right Chamila, ideally I want this custom
attribute since the creation but I'm still working on that, so for the time
being I'm concentrated on the edit form.

Ok. I'll put the jar under patches and will retest.

Thanks.

Regards,
Hanen

On Fri, Dec 23, 2016 at 3:12 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> This is my understanding about your requirement. You are trying to get
> "publicHolidays" attribute from per user, where each user/admin (I'm not
> clear whether user or admin does this operation) can update this attribute
> in user profile update page (or is it at user creation time?).
>
> You have added a new claim for this and in the profile update page, you
> need to use a jquery date picker to this field. You have updated profile
> edit page. where you consider above claim specially and use date picker
> there.
>
> If this is what you are trying to do, I think what you have done is okay.
> Without replacing the jar in plugins folder, you can create a patch
> folder at repository/cpmponents/patches folder at put your jar their. This
> is the recommended way.  must be the highest number in the folder. If
> your patches folder is empty, use 0001.
>
> Regards!
> Chamila
>
> On Sat, Dec 24, 2016 at 1:00 AM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> I have attached the JSP file. Mainly I'm trying to use date picker
>> whenever the form field id corresponds to the Claim URI "
>> http://wso2.org/claims/publicHolidays;.
>> For this I added jquery and jquery-ui and created a javascript function:
>>
>>
>> $( function() { $( "#http://wso2.org/claims/publicHolidays;
>> ).datepicker(); } );
>>
>> The idea is to display the date picker whenever the user is trying to
>> fill the field Working Holidays.
>>
>>
>>
>>
>> Regards,
>> Hanen
>>
>> On Fri, Dec 23, 2016 at 2:47 PM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> What are the changes you are planning to include in front end?
>>>
>>> On Sat, Dec 24, 2016 at 12:41 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Actually, I did create a CustomUserStoreManager inheriting from
>>>> ReadWriteLDAPUserStoreManager and overrode its method doAuthenticate, I
>>>> packaged it as an OSGi bundle and put it under dropins, it's working fine.
>>>> I was just looking for a conceptually more adequate solution but as I can
>>>> see it's almost the same thing. I agree doPreAuthenticate makes more sense
>>>> but it's going to take me the same effort to generate another working
>>>> bundle. Although for the front part I need to change the creation form
>>>> which corresponds to the component 
>>>> org.wso2.carbon.identity.user.profile.ui_5.6.34.
>>>> For this I need to recompile the plugin and replace it. Please correct me
>>>> if I'm wrong.
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Fri, Dec 23, 2016 at 1:50 PM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Hanen,
>>>>>
>>>>> If you only need the changes we discussed above about authentication
>>>>> and no changes for any functionality in identity.mgt component, I think it
>>>>> would be better to add your logic as a new component with a new
>>>>> implementation of UserStoreEventListener rather than changing identity.mgt
>>>>> component. [1] contains a sample component I wrote sometimes back, if you
>>>>> need an idea about how to write a carbon component. If you only need
>>>>> authentication functionality, your component only need to have pom,
>>>>> serviceComponent class and listener implementation. After creating the
>>>>> component, you can add the har file to repository/component/dropins folder
>>>>> and OSGI will automatically pick it.
>>>>>
>>>>> Hope that helps!
>>>>> Chamila
>>>>>
>>>>> [1]. https://github.com/wso2/product-is/tree/master/modules/
>>>>> samples/workflow/handler/service-provider
>>>>>
>>>>> On Fri, Dec 23, 2016 at 11:35 PM, Hanen Ben Rhouma <hanen...@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Thanks Chamila,
>>>>>>
>>>>>> I think I need then to override IdentityMgtEventListener which is
&

Re: [Dev] Fwd: [IS] Customize user creation form with a date picker widget

2016-12-23 Thread Hanen Ben Rhouma 
I have attached the JSP file. Mainly I'm trying to use date picker whenever
the form field id corresponds to the Claim URI "
http://wso2.org/claims/publicHolidays;.
For this I added jquery and jquery-ui and created a javascript function:


$( function() { $( "#http://wso2.org/claims/publicHolidays; ).datepicker();
} );

The idea is to display the date picker whenever the user is trying to fill
the field Working Holidays.




Regards,
Hanen

On Fri, Dec 23, 2016 at 2:47 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> What are the changes you are planning to include in front end?
>
> On Sat, Dec 24, 2016 at 12:41 AM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Actually, I did create a CustomUserStoreManager inheriting from
>> ReadWriteLDAPUserStoreManager and overrode its method doAuthenticate, I
>> packaged it as an OSGi bundle and put it under dropins, it's working fine.
>> I was just looking for a conceptually more adequate solution but as I can
>> see it's almost the same thing. I agree doPreAuthenticate makes more sense
>> but it's going to take me the same effort to generate another working
>> bundle. Although for the front part I need to change the creation form
>> which corresponds to the component 
>> org.wso2.carbon.identity.user.profile.ui_5.6.34.
>> For this I need to recompile the plugin and replace it. Please correct me
>> if I'm wrong.
>>
>> Regards,
>> Hanen
>>
>> On Fri, Dec 23, 2016 at 1:50 PM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> If you only need the changes we discussed above about authentication and
>>> no changes for any functionality in identity.mgt component, I think it
>>> would be better to add your logic as a new component with a new
>>> implementation of UserStoreEventListener rather than changing identity.mgt
>>> component. [1] contains a sample component I wrote sometimes back, if you
>>> need an idea about how to write a carbon component. If you only need
>>> authentication functionality, your component only need to have pom,
>>> serviceComponent class and listener implementation. After creating the
>>> component, you can add the har file to repository/component/dropins folder
>>> and OSGI will automatically pick it.
>>>
>>> Hope that helps!
>>> Chamila
>>>
>>> [1]. https://github.com/wso2/product-is/tree/master/modules/
>>> samples/workflow/handler/service-provider
>>>
>>> On Fri, Dec 23, 2016 at 11:35 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Thanks Chamila,
>>>>
>>>> I think I need then to override IdentityMgtEventListener which is
>>>> within the jar org.wso2.carbon.identity.mgt_5.6.34.
>>>>
>>>> Do I have to use a patch ? If so, do I need to ckeck out the source
>>>> code of org.wso2.carbon.identity.mgt_5.6.34, change it and deploy a
>>>> new jar which I need to put within patches directory?
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Fri, Dec 23, 2016 at 12:49 PM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Hanen,
>>>>>
>>>>> If you need to check only working hours and public holidays while
>>>>> authentication, you can implement that by implementing a
>>>>> UserStoreEventListener [1]. You can implement doPreAuthenticate method in
>>>>> your listener implementation and check your time and holiday related logic
>>>>> there, and fail authentication if login time is not withing a permitted
>>>>> time period. You'll have to save your public holiday list in some
>>>>> datasource accessible to this listener.
>>>>>
>>>>> However, I'm not sure how much effort you'll have to put, if you are
>>>>> going to set the public holiday list at tenant creation time.
>>>>>
>>>>> [1]. https://docs.wso2.com/display/IS510/User+Store+Listeners
>>>>>
>>>>> On Fri, Dec 23, 2016 at 10:36 PM, Hanen Ben Rhouma <hanen...@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Thanks Chamila,
>>>>>>
>>>>>> Let's say it's custom and inherits from
>>>>>> LDAPReadWriteUserStoreManager, what are the methods I need to override?
>>>>>>
>>>>>> Regards,

Re: [Dev] Fwd: [IS] Customize user creation form with a date picker widget

2016-12-23 Thread Hanen Ben Rhouma 
Actually, I did create a CustomUserStoreManager inheriting from
ReadWriteLDAPUserStoreManager and overrode its method doAuthenticate, I
packaged it as an OSGi bundle and put it under dropins, it's working fine.
I was just looking for a conceptually more adequate solution but as I can
see it's almost the same thing. I agree doPreAuthenticate makes more sense
but it's going to take me the same effort to generate another working
bundle. Although for the front part I need to change the creation form
which corresponds to the
component org.wso2.carbon.identity.user.profile.ui_5.6.34. For this I need
to recompile the plugin and replace it. Please correct me if I'm wrong.

Regards,
Hanen

On Fri, Dec 23, 2016 at 1:50 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> If you only need the changes we discussed above about authentication and
> no changes for any functionality in identity.mgt component, I think it
> would be better to add your logic as a new component with a new
> implementation of UserStoreEventListener rather than changing identity.mgt
> component. [1] contains a sample component I wrote sometimes back, if you
> need an idea about how to write a carbon component. If you only need
> authentication functionality, your component only need to have pom,
> serviceComponent class and listener implementation. After creating the
> component, you can add the har file to repository/component/dropins folder
> and OSGI will automatically pick it.
>
> Hope that helps!
> Chamila
>
> [1]. https://github.com/wso2/product-is/tree/master/
> modules/samples/workflow/handler/service-provider
>
> On Fri, Dec 23, 2016 at 11:35 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Chamila,
>>
>> I think I need then to override IdentityMgtEventListener which is within
>> the jar org.wso2.carbon.identity.mgt_5.6.34.
>>
>> Do I have to use a patch ? If so, do I need to ckeck out the source code
>> of org.wso2.carbon.identity.mgt_5.6.34, change it and deploy a new jar
>> which I need to put within patches directory?
>>
>>
>>
>> Regards,
>> Hanen
>>
>> On Fri, Dec 23, 2016 at 12:49 PM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> If you need to check only working hours and public holidays while
>>> authentication, you can implement that by implementing a
>>> UserStoreEventListener [1]. You can implement doPreAuthenticate method in
>>> your listener implementation and check your time and holiday related logic
>>> there, and fail authentication if login time is not withing a permitted
>>> time period. You'll have to save your public holiday list in some
>>> datasource accessible to this listener.
>>>
>>> However, I'm not sure how much effort you'll have to put, if you are
>>> going to set the public holiday list at tenant creation time.
>>>
>>> [1]. https://docs.wso2.com/display/IS510/User+Store+Listeners
>>>
>>> On Fri, Dec 23, 2016 at 10:36 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Thanks Chamila,
>>>>
>>>> Let's say it's custom and inherits from LDAPReadWriteUserStoreManager,
>>>> what are the methods I need to override?
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Fri, Dec 23, 2016 at 11:25 AM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Henen,
>>>>>
>>>>> As per my understanding, in this scenario, you'll have to implement a
>>>>> custom user store manager to extend authentication facilitate your custom
>>>>> need, In that case you should be able to save this list of holidays in a
>>>>> datasource which is accessible by your custom user store manager.
>>>>>
>>>>>
>>>>> On Fri, Dec 23, 2016 at 9:16 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Yes it's per tenant but this attribute is taken into account for each
>>>>>> user authentication request.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Hanen
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Dec 23, 2016 at 10:53 AM, Chamila Wijayarathna <
>>>>>> cdwijayarat...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Hanen,

[Dev] Fwd: [IS] Customize user creation form with a date picker widget

2016-12-23 Thread Hanen Ben Rhouma 
Thanks Chamila,

I think I need then to override IdentityMgtEventListener which is within
the jar org.wso2.carbon.identity.mgt_5.6.34.

Do I have to use a patch ? If so, do I need to ckeck out the source code of
org.wso2.carbon.identity.mgt_5.6.34, change it and deploy a new jar which I
need to put within patches directory?



Regards,
Hanen

On Fri, Dec 23, 2016 at 12:49 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> If you need to check only working hours and public holidays while
> authentication, you can implement that by implementing a
> UserStoreEventListener [1]. You can implement doPreAuthenticate method in
> your listener implementation and check your time and holiday related logic
> there, and fail authentication if login time is not withing a permitted
> time period. You'll have to save your public holiday list in some
> datasource accessible to this listener.
>
> However, I'm not sure how much effort you'll have to put, if you are going
> to set the public holiday list at tenant creation time.
>
> [1]. https://docs.wso2.com/display/IS510/User+Store+Listeners
>
> On Fri, Dec 23, 2016 at 10:36 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Chamila,
>>
>> Let's say it's custom and inherits from LDAPReadWriteUserStoreManager,
>> what are the methods I need to override?
>>
>> Regards,
>> Hanen
>>
>> On Fri, Dec 23, 2016 at 11:25 AM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi Henen,
>>>
>>> As per my understanding, in this scenario, you'll have to implement a
>>> custom user store manager to extend authentication facilitate your custom
>>> need, In that case you should be able to save this list of holidays in a
>>> datasource which is accessible by your custom user store manager.
>>>
>>>
>>> On Fri, Dec 23, 2016 at 9:16 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Yes it's per tenant but this attribute is taken into account for each
>>>> user authentication request.
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Dec 23, 2016 at 10:53 AM, Chamila Wijayarathna <
>>>> cdwijayarat...@gmail.com> wrote:
>>>>
>>>>> Hi Hanen,
>>>>>
>>>>> What is the purpose of getting list of publicHolidays in user creation
>>>>> form? Public Holidays attribute is not per user thing, is it?
>>>>>
>>>>>
>>>>> On Fri, Dec 23, 2016 at 8:48 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> Is it possible to store in an external  LDAP an attribute
>>>>>> representing publicHolidays which is a list of dates, the idea is to 
>>>>>> have a
>>>>>> custom attribute within the user creation form which accepts comma
>>>>>> separated dates through a date picker widget.
>>>>>>
>>>>>> Do you think it's feasible within WSO2 IS?
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Hanen
>>>>>>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Chamila Dilshan Wijayarathna,
>>>>> PhD Research Student
>>>>> The University of New South Wales (UNSW Canberra)
>>>>> Australian Centre for Cyber Security
>>>>> Australian Defence Force Academy
>>>>> PO Box 7916, Canberra BA ACT 2610
>>>>> Australia
>>>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Chamila Dilshan Wijayarathna,
>>> PhD Research Student
>>> The University of New South Wales (UNSW Canberra)
>>> Australian Centre for Cyber Security
>>> Australian Defence Force Academy
>>> PO Box 7916, Canberra BA ACT 2610
>>> Australia
>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>
>>>
>>
>
>
> --
> Chamila Dilshan Wijayarathna,
> PhD Research Student
> The University of New South Wales (UNSW Canberra)
> Australian Centre for Cyber Security
> Australian Defence Force Academy
> PO Box 7916, Canberra BA ACT 2610
> Australia
> Mobile:(+61)416895795 <+61%20416%20895%20795>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Customize user creation form with a date picker widget

2016-12-23 Thread Hanen Ben Rhouma 
Yes it's per tenant but this attribute is taken into account for each user
authentication request.



Regards,
Hanen



On Fri, Dec 23, 2016 at 10:53 AM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi Hanen,
>
> What is the purpose of getting list of publicHolidays in user creation
> form? Public Holidays attribute is not per user thing, is it?
>
>
> On Fri, Dec 23, 2016 at 8:48 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> Is it possible to store in an external  LDAP an attribute representing
>> publicHolidays which is a list of dates, the idea is to have a custom
>> attribute within the user creation form which accepts comma separated dates
>> through a date picker widget.
>>
>> Do you think it's feasible within WSO2 IS?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chamila Dilshan Wijayarathna,
> PhD Research Student
> The University of New South Wales (UNSW Canberra)
> Australian Centre for Cyber Security
> Australian Defence Force Academy
> PO Box 7916, Canberra BA ACT 2610
> Australia
> Mobile:(+61)416895795 <+61%20416%20895%20795>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Customize user creation form with a date picker widget

2016-12-23 Thread Hanen Ben Rhouma 
Hello,

Is it possible to store in an external  LDAP an attribute representing
publicHolidays which is a list of dates, the idea is to have a custom
attribute within the user creation form which accepts comma separated dates
through a date picker widget.

Do you think it's feasible within WSO2 IS?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Login error popup customization

2016-12-22 Thread Hanen Ben Rhouma 
Hello,

I have a question regarding error handling within the authentication part
of WSO IS: How can I customize the login error popup when login/pwd are
correct but a third attribute is not valid (in my case login time is out of
range of "workingHours" attribute).

Like instead of having a popup with a message : Login failed! Please
recheck the username and password and try again.

I'd customize it according to this situation by saying for example : Login
failed! Please come back between 8h30 and 19h.


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Enhance authentication criteria with a third attribute

2016-12-22 Thread Hanen Ben Rhouma 
Hi Godwin,

I'm referring the IS management console.

Regards,
Hanen

On Thu, Dec 22, 2016 at 10:30 AM, Godwin Shrimal <god...@wso2.com> wrote:

> Hi Hanen,
>
> You are referring logging to Identity Server management console or SSO
> login ?
>
> Thanks
> Godwin
>
>
> On Thu, Dec 22, 2016 at 2:25 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> Is there a way to manage authentication based on a third attribute like
>> "workingHours" which specifies in which time interval is the user
>> authorized to access ? Can we customize WSO2 IS to take this attribute into
>> account?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Enhance authentication criteria with a third attribute

2016-12-22 Thread Hanen Ben Rhouma 
Hello,

Is there a way to manage authentication based on a third attribute like
"workingHours" which specifies in which time interval is the user
authorized to access ? Can we customize WSO2 IS to take this attribute into
account?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [WSO2 IS] Issue whien trying to customize user form creation

2016-12-21 Thread Hanen Ben Rhouma 
Hello,

I am trying to enrich the user creation form within WSO2 IS. For this I
checked out the source code of org.wso2.carbon.user.mgt.ui-5.6.34 and
changed it a bit by adding an "organization" attribute within the first
step in user creation form (modified *add-step1.jsp*,
*add-finish-ajaxprocessor.jsp* and *UserBean.java*).

After generating the jar and restarting WSO2 IS I noticed that the field is
there and I can fill it and the creation if successfully finished but when
I display my user profile the "organization" field is empty and even within
ApacheDs the information wasn't persisted.

Do I have to modify the server bundle as well
(org.wso2.carbon.user.mgt_5.6.34). If so could you please guide me where
the new attribute needs to be declared.


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS : Create a Tenant

2016-12-21 Thread Hanen Ben Rhouma 
Appreciative for the answer.

Regards,
Hanen

On Tue, Dec 20, 2016 at 1:52 PM, Tharindu Edirisinghe <tharin...@wso2.com>
wrote:

> Hi Hanen,
>
> Yes, the limit defined in the configuration file is not used and therefore
> you can deploy multi-users even with the default Demo plan.
>
> Regards,
> Tharindu
>
> On Wed, Dec 14, 2016 at 4:16 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Ishara for the answer. As I can see in multitenancy-packages.xml
>> the demo plan offers a limit of one user; what does that mean, are we
>> allowed to deploy multi-users per tenant on AWS for example even if we have
>> a Demo plan?
>>
>> Regards,
>>
>>
>> *Hanen Ben Rhouma*
>> *Java Tech Lead*
>>
>> On Wed, Dec 14, 2016 at 12:56 AM, Ishara Cooray <isha...@wso2.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> "Select Usage Plan For Tenant" functionality comes from Stratos. It let
>>> the admin to choose a subscription packages for the creating tenant. One
>>> can define subscription packages in "/repository/conf
>>> /multitenancy/multitenancy-packages.xml" file. However this
>>> configuration is no longer loaded and the "Demo" package that is shown in
>>> the dropdown is a hard-coded value. This feature is not used as in
>>> standalone products but was used with the cloud deployments because this
>>> functionality was moved to stratos manager.
>>>
>>> Thanks & Regards,
>>> Ishara Cooray
>>> Senior Software Engineer
>>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>>> WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> On Tue, Dec 13, 2016 at 8:07 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hello guys,
>>>>
>>>> When trying to create a tenant, there is only one option for usage plan
>>>> which is "Demo", how can we customize it and what are the other options?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : tharindue.blogspot.com
> mobile : +94 775181586 <+94%2077%20518%201586>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding users/roles creation per tenant and within a secondary ReadWriteLDAP userstore

2016-12-21 Thread Hanen Ben Rhouma 
Ok thanks Tharindu!

Regards,
Hanen

On Wed, Dec 21, 2016 at 6:59 AM, Tharindu Edirisinghe <tharin...@wso2.com>
wrote:

> Hi Hanen,
>
> No. As designed, when you create a tenant, the admin will be created in
> the PRIMARY userstore.
>
> This tenant admin may later login to the management console and add any
> secondary userstore and create users in those user stores.
>
> Regards,
> Tharindu
>
> On Tue, Dec 20, 2016 at 7:54 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks guys for the answer, I restarted from a fresh installation of WSO2
>> and kept my secondary user store, will let you know if it changes anything.
>>
>> I have another question please, I noticed that tenant admin is always
>> persisted under primary userstore, is there a specific syntax i need to
>> mention when creating him (username, email, etc.) in order to find him
>> under secondary user store?
>>
>> Regards,
>> Hanen
>>
>> On Tue, Dec 20, 2016 at 1:56 PM, Tharindu Edirisinghe <tharin...@wso2.com
>> > wrote:
>>
>>> Hi Hanen,
>>>
>>> When you called the RemoteUserStoreManager admin service, you have to
>>> use the particular tenant admin's credentials to authenticate in the SOAP
>>> client. Then the user will be added to the particular tenant when you
>>> browse the LDAP you would see the user is created. Let us know if this is
>>> not the case so we can guide you.
>>>
>>> Regards,
>>> Tharindu
>>>
>>> On Mon, Dec 19, 2016 at 10:46 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I have a question regarding tenants management within WSO2 IS; When I
>>>> create a tenant there is a tenant admin created simultaneously, I checked
>>>> apacheDS directory and didn't find him there. Where is he persisted?
>>>>
>>>> I have another question regarding secondary user store: I have
>>>> configured a ReadWriteLDAPUserstore as a secondary user store under a
>>>> tenant directory (tenant-related LDAP).
>>>> When I create my users through a SOAP call by using the
>>>> RemoteUserStoreManager, I can see them within the administration console
>>>> but not within my LDAP and if I create users from within the LDAP I can see
>>>> them through the administration console prefixed with "DOMAIN_NAME/".
>>>> Could you please clarify all this for me, how can I have my users
>>>> persisted correctly within the LDAP and through the application?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Tharindu Edirisinghe
>>> Senior Software Engineer | WSO2 Inc
>>> Platform Security Team
>>> Blog : tharindue.blogspot.com
>>> mobile : +94 775181586 <+94%2077%20518%201586>
>>>
>>
>>
>
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : tharindue.blogspot.com
> mobile : +94 775181586 <+94%2077%20518%201586>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding users/roles creation per tenant and within a secondary ReadWriteLDAP userstore

2016-12-20 Thread Hanen Ben Rhouma 
Thanks guys for the answer, I restarted from a fresh installation of WSO2
and kept my secondary user store, will let you know if it changes anything.

I have another question please, I noticed that tenant admin is always
persisted under primary userstore, is there a specific syntax i need to
mention when creating him (username, email, etc.) in order to find him
under secondary user store?

Regards,
Hanen

On Tue, Dec 20, 2016 at 1:56 PM, Tharindu Edirisinghe <tharin...@wso2.com>
wrote:

> Hi Hanen,
>
> When you called the RemoteUserStoreManager admin service, you have to use
> the particular tenant admin's credentials to authenticate in the SOAP
> client. Then the user will be added to the particular tenant when you
> browse the LDAP you would see the user is created. Let us know if this is
> not the case so we can guide you.
>
> Regards,
> Tharindu
>
> On Mon, Dec 19, 2016 at 10:46 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> I have a question regarding tenants management within WSO2 IS; When I
>> create a tenant there is a tenant admin created simultaneously, I checked
>> apacheDS directory and didn't find him there. Where is he persisted?
>>
>> I have another question regarding secondary user store: I have configured
>> a ReadWriteLDAPUserstore as a secondary user store under a tenant directory
>> (tenant-related LDAP).
>> When I create my users through a SOAP call by using the
>> RemoteUserStoreManager, I can see them within the administration console
>> but not within my LDAP and if I create users from within the LDAP I can see
>> them through the administration console prefixed with "DOMAIN_NAME/".
>> Could you please clarify all this for me, how can I have my users
>> persisted correctly within the LDAP and through the application?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : tharindue.blogspot.com
> mobile : +94 775181586 <+94%2077%20518%201586>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Regarding users/roles creation per tenant and within a secondary ReadWriteLDAP userstore

2016-12-19 Thread Hanen Ben Rhouma 
Hello,

I have a question regarding tenants management within WSO2 IS; When I
create a tenant there is a tenant admin created simultaneously, I checked
apacheDS directory and didn't find him there. Where is he persisted?

I have another question regarding secondary user store: I have configured a
ReadWriteLDAPUserstore as a secondary user store under a tenant directory
(tenant-related LDAP).
When I create my users through a SOAP call by using the
RemoteUserStoreManager, I can see them within the administration console
but not within my LDAP and if I create users from within the LDAP I can see
them through the administration console prefixed with "DOMAIN_NAME/".
Could you please clarify all this for me, how can I have my users persisted
correctly within the LDAP and through the application?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 IS : Change admin username/password through environment variables

2016-12-14 Thread Hanen Ben Rhouma 
Hello,

We're trying to launch WSO2 IS from a docker image by passing admin
username and password as environment variables:


JAVA_OPTS="-DWSO2_ADMIN_USERNAME=customuser -DWSO2_ADMIN_PASSWORD=custompwd"
./bin/wso2server.sh


while WSO2_ADMIN_USERNAME and WSO2_ADMIN_PASSWORD are declared within
user-mgt.xml as follow

 

23


${WSO2_ADMIN_USERNAME}

24


${WSO2_ADMIN_PASSWORD}

25






We noticed that it's working locally but when we deploy in a centos VM
containing docker, the variables aren't replcaed by their values.


Any ideas why it's not picking up the arguments values?



Regards,

Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS : Create a Tenant

2016-12-14 Thread Hanen Ben Rhouma 
Thanks Ishara for the answer. As I can see in multitenancy-packages.xml the
demo plan offers a limit of one user; what does that mean, are we allowed
to deploy multi-users per tenant on AWS for example even if we have a Demo
plan?

Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Wed, Dec 14, 2016 at 12:56 AM, Ishara Cooray <isha...@wso2.com> wrote:

> Hi Hanen,
>
> "Select Usage Plan For Tenant" functionality comes from Stratos. It let
> the admin to choose a subscription packages for the creating tenant. One
> can define subscription packages in "/repository/conf
> /multitenancy/multitenancy-packages.xml" file. However this configuration
> is no longer loaded and the "Demo" package that is shown in the dropdown is
> a hard-coded value. This feature is not used as in standalone products but
> was used with the cloud deployments because this functionality was moved to
> stratos manager.
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512 <+94%2077%20262%209512>
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Tue, Dec 13, 2016 at 8:07 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello guys,
>>
>> When trying to create a tenant, there is only one option for usage plan
>> which is "Demo", how can we customize it and what are the other options?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 IS : Create a Tenant

2016-12-13 Thread Hanen Ben Rhouma 
Hello guys,

When trying to create a tenant, there is only one option for usage plan
which is "Demo", how can we customize it and what are the other options?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] JIRA Account to report bugs

2016-12-12 Thread Hanen Ben Rhouma 
Thanks

Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Thu, Dec 8, 2016 at 3:20 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Hanen,
>
> You can register an account at [1] and then you should be able to login to
> public JIRA
>
> [1] - https://wso2.com/user/register
>
> Thanks
>
> On Thu, Dec 8, 2016 at 7:21 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Could you please create me a jira account to report bugs related to WSO2
>> IS 5.3.0-Beta ?
>>
>> Thanks,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thusitha Dayaratne
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> <http://wso2.com/signature>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Docker image deployment in the Cloud

2016-12-12 Thread Hanen Ben Rhouma 
Thanks guys for the answers,

Actually I found a project called docker-rsync I don't know if this is what
you meant Pubudu, it seams a good solution for such issue, we need to test
it first. What about WSO2 cloud based solutions don't you guys have a
continuous build pipeline to validate each change happening to the config
as well as the resources? How are you handling such scenarion?



Regards,
Hanen


On Fri, Dec 9, 2016 at 9:06 PM, Pubudu Gunatilaka <pubu...@wso2.com> wrote:

> Hi,
>
> I think we can use dep sync. This is what normally do for API Manager and
> ESB. If we use SVN based dep sync, server changes will be pushed to SVN.
> SVN server can be a dedicated server or docker container.
>
> If you use docker containers for SVN, you need to mount the container file
> system to the container host machine file system. If you are using
> container management systems such as Kubernetes, Mesos, etc. you need to
> restrict SVN docker container to spin in the same host machine.
>
> Thank you!
>
> On Fri, Dec 9, 2016 at 11:32 PM, Harsha Thirimanna <hars...@wso2.com>
> wrote:
>
>> Hi Hanen,
>>
>> Yes, there may be several possibilities to do this such a situation.
>> If we consider the real container base deployment, it may not be possible
>> to allow to generate files in within the container itself because in that
>> case we can't push that changes to the original docker image directly to
>> add the new changes to the next spawning instance using current image. So
>> if we want to go in that approach, definitely we have to first build a
>> concrete identity server instance with the all the configuration changes
>> except the runtime data that is stored in databases.
>> As an example, when we create secondary user store, we create it in file
>> system. So we can't allow to add such one in container model and we have to
>> create it first and prepare the cdocker image using that concrete instance.
>> That is not the specific problem to the WSO2 IS, but for this deployment
>> model.
>> In other way, it would be nice if we could point our configs in central
>> place and use same image always. But that is not the expected container
>> model. But in practical world it may be the one we can use. But WSO2 IS, we
>> don't have a way to point configs in out side place of the product. All are
>> relative to the product home folder.
>> Am i answered to you ? Please let me know for further clarification.
>>
>> thanks
>>
>> *Harsha Thirimanna*
>> *Associate Tech Lead | WSO2*
>>
>> Email: hars...@wso2.com
>> Mob: +94715186770 <+94%2071%20518%206770>
>> Blog: http://harshathirimanna.blogspot.com/
>> Twitter: http://twitter.com/harshathirimann
>> Linked-In: linked-in: http://www.linkedin.com/pub/ha
>> rsha-thirimanna/10/ab8/122
>> <http://wso2.com/signature>
>>
>> On Fri, Dec 9, 2016 at 7:42 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I have a question related to WSO2 IS deployment on the cloud: what is
>>> the best approach to set up a continuous build pipeline for WSO2 IS knowing
>>> that the idea behind is to launch a dockerfile which is going to deploy the
>>> WSO2 IS image on AWS, the challenge is how can we keep our dynamic data
>>> generated after manipulating WSO2 on the cloud, we can persist xml files on
>>> BitBucket and retrieve them each time we rebuild the image but aside from
>>> those files there are some other types of transient data that are generated
>>> by the user actions once he starts configuring WSO2 from the administration
>>> console, how can we make sure that they're not lost once the docker image
>>> is regenerated ?
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Docker image deployment in the Cloud

2016-12-09 Thread Hanen Ben Rhouma 
Hello,

I have a question related to WSO2 IS deployment on the cloud: what is the
best approach to set up a continuous build pipeline for WSO2 IS knowing
that the idea behind is to launch a dockerfile which is going to deploy the
WSO2 IS image on AWS, the challenge is how can we keep our dynamic data
generated after manipulating WSO2 on the cloud, we can persist xml files on
BitBucket and retrieve them each time we rebuild the image but aside from
those files there are some other types of transient data that are generated
by the user actions once he starts configuring WSO2 from the administration
console, how can we make sure that they're not lost once the docker image
is regenerated ?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] JIRA Account to report bugs

2016-12-08 Thread Hanen Ben Rhouma 
Could you please create me a jira account to report bugs related to WSO2 IS
5.3.0-Beta ?

Thanks,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS 5.3.0 Beta

2016-12-08 Thread Hanen Ben Rhouma 
You chose to move it to an independent extension but I still can integrate
it within WSO2 IS if I want to I suppose, can you explain how can I achieve
that ?

I did clone the extension code, built the the jar file and put it under
extensions directory but I still can't see the module within the
administration console.





On Thu, Dec 8, 2016 at 12:15 PM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> I'm not very clear about the issue you are having. Can you explain?
>
> On Thu, Dec 8, 2016 at 10:10 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> How to integrate it within WSO2 IS ?
>>
>>
>>
>> On Thu, Dec 8, 2016 at 11:42 AM, Chamila Wijayarathna <
>> cdwijayarat...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Are you referring to Identity Governance UI?
>>> I think it has been moved to Resident IDP UI[1].
>>>
>>> [1]. https://wso2.org/jira/browse/IDENTITY-5221
>>>
>>> On Thu, Dec 8, 2016 at 9:31 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> Why did you guys remove Governance module from WSO2 IS 5.3.0 Beta ?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Chamila Dilshan Wijayarathna,
>>> PhD Research Student
>>> The University of New South Wales (UNSW Canberra)
>>> Australian Centre for Cyber Security
>>> Australian Defence Force Academy
>>> PO Box 7916, Canberra BA ACT 2610
>>> Australia
>>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>>
>>>
>>
>
>
> --
> Chamila Dilshan Wijayarathna,
> PhD Research Student
> The University of New South Wales (UNSW Canberra)
> Australian Centre for Cyber Security
> Australian Defence Force Academy
> PO Box 7916, Canberra BA ACT 2610
> Australia
> Mobile:(+61)416895795 <+61%20416%20895%20795>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS 5.3.0 Beta

2016-12-08 Thread Hanen Ben Rhouma 
How to integrate it within WSO2 IS ?



On Thu, Dec 8, 2016 at 11:42 AM, Chamila Wijayarathna <
cdwijayarat...@gmail.com> wrote:

> Hi,
>
> Are you referring to Identity Governance UI?
> I think it has been moved to Resident IDP UI[1].
>
> [1]. https://wso2.org/jira/browse/IDENTITY-5221
>
> On Thu, Dec 8, 2016 at 9:31 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> Why did you guys remove Governance module from WSO2 IS 5.3.0 Beta ?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chamila Dilshan Wijayarathna,
> PhD Research Student
> The University of New South Wales (UNSW Canberra)
> Australian Centre for Cyber Security
> Australian Defence Force Academy
> PO Box 7916, Canberra BA ACT 2610
> Australia
> Mobile:(+61)416895795 <+61%20416%20895%20795>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 IS 5.3.0 Beta

2016-12-08 Thread Hanen Ben Rhouma 
Hello,

Why did you guys remove Governance module from WSO2 IS 5.3.0 Beta ?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS 5.3.0-Alpha2 : Not Able to authenticate users coming from External LDAP user store

2016-12-07 Thread Hanen Ben Rhouma 
Both tweaks didn't change anything. Do I have to modify claim-config.xml ?
Do you have a working example with OpenLDAP default schemas ?

Regards,
Hanen



On Wed, Dec 7, 2016 at 11:55 AM, Hanen Ben Rhouma <hanen...@gmail.com>
wrote:

> Both tweaks didn't change anything. Do I have to modify claim-config.xml ?
> Do you have a working example with OpenLDAP default schemas ?
>
> Regards,
> Hanen
>
> On Tue, Dec 6, 2016 at 3:54 PM, Danushka Fernando <danush...@wso2.com>
> wrote:
>
>> My guess is that you are using default ldap config which we use
>> wso2Person type objects and your ldap doesn't have that type defined. So
>> please try changing that to inetOrgPerson in user-mgt.cml
>>
>> Thanks & Regards
>> Danushka Fernando
>> Senior Software Engineer
>> WSO2 inc. http://wso2.com/
>> Mobile : +94716332729 <+94%2071%20633%202729>
>>
>> On Tue, Dec 6, 2016 at 7:18 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I'm facing an issue while trying to authenticate external users (coming
>>> from an external OpenLDAP user store) through WSO2 IS. There are missing
>>> claims that are required and even through I commented all what my LDAP
>>> doesn't provide in  claim-config.xml I'm still not able to authenticate
>>> users:
>>>
>>> [2016-12-06 13:32:39,159] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadOnlyLDAPUserStoreManager} -  User: admin exist: true
>>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters
>>> configured to: true
>>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters
>>> configured to: true
>>> [2016-12-06 13:32:39,204] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadWriteLDAPUserStoreManager} -  One or more attributes you are
>>> trying to add/update are not supported by underlying LDAP for user : admin
>>> javax.naming.directory.InvalidAttributeIdentifierException: [LDAP:
>>> error code 17 - failedLoginAttempts: attribute type undefined]; remaining
>>> name 'cn=admin'
>>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
>>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
>>> at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1408)
>>> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttribu
>>> tes(ComponentDirContext.java:257)
>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>>> tributes(PartialCompositeDirContext.java:167)
>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>>> tributes(PartialCompositeDirContext.java:156)
>>> at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
>>> .doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:917)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>>> tUserClaimValues(AbstractUserStoreManager.java:1211)
>>> at org.wso2.carbon.identity.governance.store.UserStoreBasedIden
>>> tityDataStore.store(UserStoreBasedIdentityDataStore.java:72)
>>> at org.wso2.carbon.identity.governance.listener.IdentityStoreEv
>>> entListener.doPreSetUserClaimValues(IdentityStoreEventListener.java:110)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>>> tUserClaimValues(AbstractUserStoreManager.java:1205)
>>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>>> ockHandler.handlePostAuthentication(AccountLockHandler.java:221)
>>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>>> ockHandler.handleEvent(AccountLockHandler.java:141)
>>> at org.wso2.carbon.identity.event.services.IdentityEventService
>>> Impl.handleEvent(IdentityEventServiceImpl.java:56)
>>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>>> tListener.handleEvent(IdentityMgtEventListener.java:595)
>>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>>> tListener.handleEvent(IdentityMgtEventListener.java:547)
>>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>>> tListener.doPostAuthenticate(IdentityMgtEventListener.java:101)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>>> thenticateInternal(AbstractUserStoreManager.java:558)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreMana

Re: [Dev] WSO2 IS 5.3.0-Alpha2 : Not Able to authenticate users coming from External LDAP user store

2016-12-07 Thread Hanen Ben Rhouma 
Both tweaks didn't change anything. Do I have to modify claim-config.xml ?
Do you have a working example with OpenLDAP default schemas ?

Regards,
Hanen

On Tue, Dec 6, 2016 at 3:54 PM, Danushka Fernando <danush...@wso2.com>
wrote:

> My guess is that you are using default ldap config which we use wso2Person
> type objects and your ldap doesn't have that type defined. So please try
> changing that to inetOrgPerson in user-mgt.cml
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
> On Tue, Dec 6, 2016 at 7:18 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> I'm facing an issue while trying to authenticate external users (coming
>> from an external OpenLDAP user store) through WSO2 IS. There are missing
>> claims that are required and even through I commented all what my LDAP
>> doesn't provide in  claim-config.xml I'm still not able to authenticate
>> users:
>>
>> [2016-12-06 13:32:39,159] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadOnlyLDAPUserStoreManager} -  User: admin exist: true
>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters configured
>> to: true
>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters configured
>> to: true
>> [2016-12-06 13:32:39,204] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadWriteLDAPUserStoreManager} -  One or more attributes you are
>> trying to add/update are not supported by underlying LDAP for user : admin
>> javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error
>> code 17 - failedLoginAttempts: attribute type undefined]; remaining name
>> 'cn=admin'
>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
>> at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1408)
>> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttribu
>> tes(ComponentDirContext.java:257)
>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>> tributes(PartialCompositeDirContext.java:167)
>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>> tributes(PartialCompositeDirContext.java:156)
>> at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
>> .doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:917)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>> tUserClaimValues(AbstractUserStoreManager.java:1211)
>> at org.wso2.carbon.identity.governance.store.UserStoreBasedIden
>> tityDataStore.store(UserStoreBasedIdentityDataStore.java:72)
>> at org.wso2.carbon.identity.governance.listener.IdentityStoreEv
>> entListener.doPreSetUserClaimValues(IdentityStoreEventListener.java:110)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>> tUserClaimValues(AbstractUserStoreManager.java:1205)
>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>> ockHandler.handlePostAuthentication(AccountLockHandler.java:221)
>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>> ockHandler.handleEvent(AccountLockHandler.java:141)
>> at org.wso2.carbon.identity.event.services.IdentityEventService
>> Impl.handleEvent(IdentityEventServiceImpl.java:56)
>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>> tListener.handleEvent(IdentityMgtEventListener.java:595)
>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>> tListener.handleEvent(IdentityMgtEventListener.java:547)
>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>> tListener.doPostAuthenticate(IdentityMgtEventListener.java:101)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>> thenticateInternal(AbstractUserStoreManager.java:558)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.ac
>> cess$100(AbstractUserStoreManager.java:71)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.
>> run(AbstractUserStoreManager.java:466)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.
>> run(AbstractUserStoreManager.java:463)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>> thenticate(AbstractUserStoreManager.java:463)
>> at org.wso2.carbon.user.core.common.AbstractUser

[Dev] WSO2 IS 5.3.0-Alpha2 : Not Able to authenticate users coming from External LDAP user store

2016-12-06 Thread Hanen Ben Rhouma 
Hello,

I'm facing an issue while trying to authenticate external users (coming
from an external OpenLDAP user store) through WSO2 IS. There are missing
claims that are required and even through I commented all what my LDAP
doesn't provide in  claim-config.xml I'm still not able to authenticate
users:

[2016-12-06 13:32:39,159] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User:
admin exist: true
[2016-12-06 13:32:39,161] DEBUG
{org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  Replace
escape characters configured to: true
[2016-12-06 13:32:39,161] DEBUG
{org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  Replace
escape characters configured to: true
[2016-12-06 13:32:39,204] DEBUG
{org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  One or
more attributes you are trying to add/update are not supported by
underlying LDAP for user : admin
javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error
code 17 - failedLoginAttempts: attribute type undefined]; remaining name
'cn=admin'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1408)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:257)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:167)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:156)
at
org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:917)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.setUserClaimValues(AbstractUserStoreManager.java:1211)
at
org.wso2.carbon.identity.governance.store.UserStoreBasedIdentityDataStore.store(UserStoreBasedIdentityDataStore.java:72)
at
org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener.doPreSetUserClaimValues(IdentityStoreEventListener.java:110)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.setUserClaimValues(AbstractUserStoreManager.java:1205)
at
org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler.handlePostAuthentication(AccountLockHandler.java:221)
at
org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler.handleEvent(AccountLockHandler.java:141)
at
org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56)
at
org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:595)
at
org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:547)
at
org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.doPostAuthenticate(IdentityMgtEventListener.java:101)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticateInternal(AbstractUserStoreManager.java:558)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.access$100(AbstractUserStoreManager.java:71)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.run(AbstractUserStoreManager.java:466)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.run(AbstractUserStoreManager.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticate(AbstractUserStoreManager.java:463)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.run(AbstractUserStoreManager.java:451)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.run(AbstractUserStoreManager.java:442)
at java.security.AccessController.doPrivileged(Native Method)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticate(AbstractUserStoreManager.java:442)
at
org.wso2.carbon.core.services.authentication.AuthenticationAdmin.login(AuthenticationAdmin.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
at
org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
at
org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at
org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at
org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
at

Re: [Dev] WSO2 5.3.0 carbon repo

2016-11-28 Thread Hanen Ben Rhouma 
Is there a repo I can add through the module mentioned in the attached
screen?

[image: Inline image 1]



On Mon, Nov 28, 2016 at 5:45 PM, Jayanga Kaushalya <jayan...@wso2.com>
wrote:

> Hi Hanen,
>
> We don't have a IS 5.3.0 Alpha 3 yet. Its in Alpha 2 [1]. By saying
> compatible carbon repository, do you mean carbon-kernel repository? It is
> carbon-kernel v4.4.10 [2].
>
> [1] https://github.com/wso2/product-is/tree/v5.3.0-alpha2
> [2] https://github.com/wso2/carbon-kernel/tree/v4.4.10
>
> Thanks!
>
> *Jayanga Kaushalya*
> Software Engineer
> Mobile: +94777860160
> WSO2 Inc. | http://wso2.com
> lean.enterprise.middleware
>
> On Mon, Nov 28, 2016 at 7:51 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> What's the carbon repository compatible with WSO2 IS 5.3.0 Alpha3 ?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SSO enablement

2016-11-28 Thread Hanen Ben Rhouma 
Thanks Farasath!!


Regards,
Hanen

On Mon, Nov 28, 2016 at 4:18 PM, Farasath Ahamed <farasa...@wso2.com> wrote:

> Hi Hanen,
>
>
> I think the information you are looking for can be found at [1].
> We usually use the travelocity.com sample[2] that comes with IS to
> demonstrate SP-initiated SSO. The SSO agent code used in the sample can be
> found at [3]
>
>
> [1] https://docs.wso2.com/display/IS520/SAML+2.0+Web+SSO
> [2] https://github.com/wso2/product-is/tree/master/
> modules/samples/sso/sso-agent-sample
> [3] https://github.com/wso2-extensions/identity-agent-sso
>
>
>
> Thanks,
>
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>
> On Mon, Nov 28, 2016 at 6:45 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello,
>>
>> In order to enable an SP initiated SSO which uses a federated
>> authenticator represented by the Idp we need to add some code to the
>> service provider application. Is this part documented somewhere with WSO2
>> IS ?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 5.3.0 carbon repo

2016-11-28 Thread Hanen Ben Rhouma 
Hello,

What's the carbon repository compatible with WSO2 IS 5.3.0 Alpha3 ?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] SSO enablement

2016-11-28 Thread Hanen Ben Rhouma 
Hello,

In order to enable an SP initiated SSO which uses a federated authenticator
represented by the Idp we need to add some code to the service provider
application. Is this part documented somewhere with WSO2 IS ?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-11-23 Thread Hanen Ben Rhouma 
Yes I did check both options. Actually, my custom userstore inherits from
JDBCUserstore and override one method which is getUserPropertyValues. I'm
not sure that this is sufficient, are there other methods that need to be
overridden in order to get those claims ?

Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Wed, Nov 23, 2016 at 11:25 AM, Maduranga Siriwardena <madura...@wso2.com>
wrote:

> Hi Hanen,
>
> Document at [1] has the SAML configurations (for IS 5.1.0). Have you
> enabled the "Enable Attribute Profile" configuration and sending the
> correct attribute consuming service index with the request? If you are
> sending a attribute consuming service index it has to be the index
> generated by IS. If you are not sending the attribute consuming service
> index with the request, enable "Include Attributes in the Response
> Always" configuration.
>
> [1] https://docs.wso2.com/display/IS510/Configuring+
> SAML2+Web+Single-Sign-On
>
> Thanks,
>
> On Wed, Nov 23, 2016 at 2:50 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Maduranga for the reply,
>>
>> I did create a custom user store which retrieves user details by calling
>> a rest endpoint, the challenge I'm facing right now is how to configure
>> WSO2 to retrieve those  attributes, I deployed travelocity sample
>> application and tried to generate the SAML token, while checking the SAML
>> response I didn't find any of the claims I declared. Is there a config part
>> apart from declaring custom claims ?
>>
>>
>> Regards,
>>
>>
>> *Hanen Ben Rhouma*
>> *Java Tech Lead*
>>
>> On Tue, Nov 22, 2016 at 5:32 AM, Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>> Hi Hanen,
>>>
>>> As I understood, you need to connect to your own database schema or a
>>> REST endpoint to retrieve the user information. For this you can write a
>>> custom userstore manager as explained above.
>>>
>>> If you see the mothod getUserPropertyValues in JDBCUserStoreManager [1],
>>> what it does is connect to the database and retrieve the user attributes
>>> according to a predefined schema. So you can extend
>>> AbstractUserStoreManager and implement getUserPropertyValues method to
>>> talk to a your REST endpoint to fetch user attributes following the
>>> JDBCUserStoreManager as an example. In the same way you have to implement
>>> all the abstract methods in AbstractUserStoreManager to be able to
>>> connect to a REST endpoint and work as a user store.
>>>
>>> [1] https://github.com/wso2/carbon-kernel/blob/v4.4.9/core/o
>>> rg.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/
>>> core/jdbc/JDBCUserStoreManager.java#L926
>>>
>>> Thanks,
>>>
>>> On Mon, Nov 21, 2016 at 2:15 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Any ideas guys?
>>>>
>>>>
>>>> Regards,
>>>> Hanen
>>>>
>>>> On Fri, Nov 18, 2016 at 4:38 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> The tutorial doesn't answer the question "how can I interface with a
>>>>> REST API", there are many examples around custom JDBC stores but for REST
>>>>> calls I couldn't find anything.
>>>>> There are other examples about transforming WSO2 OSGi bundles into
>>>>> REST APIs but this not what I'm looking for.
>>>>> The idea is to inherit from AbstractUserStoreManager and override its
>>>>> methods in order to communicate with a third party REST API to retrieve
>>>>> user details and roles without having to mention a JDBC or LDAP store
>>>>> properties in user-mgt.xml.
>>>>>
>>>>> Is this feasible guys?
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Hanen
>>>>>
>>>>> On Thu, Nov 3, 2016 at 9:53 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Thanks Gayan,
>>>>>>
>>>>>> I followed the blog entry but now I'm receiving another kind of error
>>>>>> related to domain name:
>>>>>>
>>>>>> [2016-11-03 09:50:15,556] ERROR {org.wso2.carbon.identity.user
>>>>>> .store.configuration.UserStoreConfigAdminService} -   Error occurred
>>>>&g

Re: [Dev] Password Policy in WSO2 Identity Server

2016-11-23 Thread Hanen Ben Rhouma 
Thanks Sherene,

When is the release date for 5.3.0 ?






Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Tue, Nov 22, 2016 at 12:32 PM, Sherene Mahanama <sher...@wso2.com> wrote:

> Hi Hanen,
>
> The documentation for configuring password policy per tenant can be found
> here [1]. It is a feature in WSO2 IS 5.3.0 and is available in the alpha
> pack [2] as mentioned by Chamila.
>
> [1] https://docs.wso2.com/display/IS530/Password+Policy+Validation
> [2] https://github.com/wso2/product-is/releases/tag/v5.3.0-alpha2
>
> Thanks,
>
> On Tue, Nov 22, 2016 at 4:08 AM, Chamila Wijayarathna <
> cdwijayarat...@gmail.com> wrote:
>
>> Hi Hanen,
>>
>> Per tenant support for identity management features including password
>> policy is planned for IS 5.3.0 version, which is not released yet.
>>
>> You can try this in IS 5.3.0 ALPHA2 [1] which is released recently. But
>> I'm not sure if there is any documentation available for this yet.
>>
>> [1]. https://github.com/wso2/product-is/releases/tag/v5.3.0-alpha2
>>
>> Regards!
>>
>> On Tue, Nov 22, 2016 at 2:10 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> Does WSO2 IS support password policy definition per tenant ? If so, is
>>> there any documentation about it ?
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Chamila Dilshan Wijayarathna,
>> PhD Research Student
>> The University of New South Wales (UNSW Canberra)
>> Australian Centre for Cyber Security
>> Australian Defence Force Academy
>> PO Box 7916, Canberra BA ACT 2610
>> Australia
>> Mobile:(+61)416895795
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sherene Mahanama
> Associate Technical Writer
>
> WSO2 (pvt.) Ltd.
> Colombo, Sri Lanka
> (+94) 777 <%28%2B94%29%20773131798>*994805*
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-11-23 Thread Hanen Ben Rhouma 
Thanks Maduranga for the reply,

I did create a custom user store which retrieves user details by calling a
rest endpoint, the challenge I'm facing right now is how to configure WSO2
to retrieve those  attributes, I deployed travelocity sample application
and tried to generate the SAML token, while checking the SAML response I
didn't find any of the claims I declared. Is there a config part apart from
declaring custom claims ?


Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Tue, Nov 22, 2016 at 5:32 AM, Maduranga Siriwardena <madura...@wso2.com>
wrote:

> Hi Hanen,
>
> As I understood, you need to connect to your own database schema or a REST
> endpoint to retrieve the user information. For this you can write a custom
> userstore manager as explained above.
>
> If you see the mothod getUserPropertyValues in JDBCUserStoreManager [1],
> what it does is connect to the database and retrieve the user attributes
> according to a predefined schema. So you can extend
> AbstractUserStoreManager and implement getUserPropertyValues method to
> talk to a your REST endpoint to fetch user attributes following the
> JDBCUserStoreManager as an example. In the same way you have to implement
> all the abstract methods in AbstractUserStoreManager to be able to
> connect to a REST endpoint and work as a user store.
>
> [1] https://github.com/wso2/carbon-kernel/blob/v4.4.9/
> core/org.wso2.carbon.user.core/src/main/java/org/wso2/
> carbon/user/core/jdbc/JDBCUserStoreManager.java#L926
>
> Thanks,
>
> On Mon, Nov 21, 2016 at 2:15 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Any ideas guys?
>>
>>
>> Regards,
>> Hanen
>>
>> On Fri, Nov 18, 2016 at 4:38 PM, Hanen Ben Rhouma <hanen...@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> The tutorial doesn't answer the question "how can I interface with a
>>> REST API", there are many examples around custom JDBC stores but for REST
>>> calls I couldn't find anything.
>>> There are other examples about transforming WSO2 OSGi bundles into REST
>>> APIs but this not what I'm looking for.
>>> The idea is to inherit from AbstractUserStoreManager and override its
>>> methods in order to communicate with a third party REST API to retrieve
>>> user details and roles without having to mention a JDBC or LDAP store
>>> properties in user-mgt.xml.
>>>
>>> Is this feasible guys?
>>>
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>> On Thu, Nov 3, 2016 at 9:53 AM, Hanen Ben Rhouma <hanen...@gmail.com>
>>> wrote:
>>>
>>>> Thanks Gayan,
>>>>
>>>> I followed the blog entry but now I'm receiving another kind of error
>>>> related to domain name:
>>>>
>>>> [2016-11-03 09:50:15,556] ERROR {org.wso2.carbon.identity.user
>>>> .store.configuration.UserStoreConfigAdminService} -   Error occurred
>>>> during the transformation process of C:\Users\rhoumah\DOCUME~1\LMR\
>>>> WSO2\WSO2IS~1.0\bin\..\repository\deployment\server\userstor
>>>> es\custom.xml
>>>> org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException:
>>>>  Error occurred during the transformation process of
>>>> C:\Users\rhoumah\DOCUME~1\LMR\WSO2\WSO2IS~1.0\bin\..\reposit
>>>> ory\deployment\server\userstores\custom.xml
>>>> at org.wso2.carbon.identity.user.store.configuration.UserStoreC
>>>> onfigAdminService.writeUserMgtXMLFile(UserStoreConfigAdminSe
>>>> rvice.java:831)
>>>> at org.wso2.carbon.identity.user.store.configuration.UserStoreC
>>>> onfigAdminService.addUserStore(UserStoreConfigAdminService.java:270)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>>> ssorImpl.java:62)
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>>> thodAccessorImpl.java:43)
>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>> at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RP
>>>> CUtil.java:212)
>>>> at org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invo
>>>> keBusinessLogic(RPCInOnlyMessageReceiver.java:66)
>>>> at org.apache.axis2.receivers.AbstractMessageReceiver.receive(A
>>>> bstractMessageReceiver.java:110)
>>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:1

[Dev] Password Policy in WSO2 Identity Server

2016-11-21 Thread Hanen Ben Rhouma 
Hello,

Does WSO2 IS support password policy definition per tenant ? If so, is
there any documentation about it ?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-11-21 Thread Hanen Ben Rhouma 
Any ideas guys?


Regards,
Hanen

On Fri, Nov 18, 2016 at 4:38 PM, Hanen Ben Rhouma <hanen...@gmail.com>
wrote:

> Hello,
>
> The tutorial doesn't answer the question "how can I interface with a REST
> API", there are many examples around custom JDBC stores but for REST calls
> I couldn't find anything.
> There are other examples about transforming WSO2 OSGi bundles into REST
> APIs but this not what I'm looking for.
> The idea is to inherit from AbstractUserStoreManager and override its
> methods in order to communicate with a third party REST API to retrieve
> user details and roles without having to mention a JDBC or LDAP store
> properties in user-mgt.xml.
>
> Is this feasible guys?
>
>
>
> Regards,
> Hanen
>
> On Thu, Nov 3, 2016 at 9:53 AM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks Gayan,
>>
>> I followed the blog entry but now I'm receiving another kind of error
>> related to domain name:
>>
>> [2016-11-03 09:50:15,556] ERROR {org.wso2.carbon.identity.user
>> .store.configuration.UserStoreConfigAdminService} -   Error occurred
>> during the transformation process of C:\Users\rhoumah\DOCUME~1\LMR\
>> WSO2\WSO2IS~1.0\bin\..\repository\deployment\server\userstores\custom.xml
>> org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException:
>>  Error occurred during the transformation process of
>> C:\Users\rhoumah\DOCUME~1\LMR\WSO2\WSO2IS~1.0\bin\..\reposit
>> ory\deployment\server\userstores\custom.xml
>> at org.wso2.carbon.identity.user.store.configuration.UserStoreC
>> onfigAdminService.writeUserMgtXMLFile(UserStoreConfigAdminSe
>> rvice.java:831)
>> at org.wso2.carbon.identity.user.store.configuration.UserStoreC
>> onfigAdminService.addUserStore(UserStoreConfigAdminService.java:270)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(
>> RPCUtil.java:212)
>> at org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invo
>> keBusinessLogic(RPCInOnlyMessageReceiver.java:66)
>> at org.apache.axis2.receivers.AbstractMessageReceiver.receive(A
>> bstractMessageReceiver.java:110)
>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:
>> 180)
>> at org.apache.axis2.transport.local.LocalTransportReceiver.proc
>> essMessage(LocalTransportReceiver.java:169)
>> at org.apache.axis2.transport.local.LocalTransportReceiver.proc
>> essMessage(LocalTransportReceiver.java:82)
>> at org.wso2.carbon.core.transports.local.CarbonLocalTransportSe
>> nder.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
>> at org.apache.axis2.transport.local.LocalTransportSender.invoke
>> (LocalTransportSender.java:77)
>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
>> at org.apache.axis2.description.OutInAxisOperationClient.send(O
>> utInAxisOperation.java:430)
>> at org.apache.axis2.description.OutInAxisOperationClient.execut
>> eImpl(OutInAxisOperation.java:225)
>> at org.apache.axis2.client.OperationClient.execute(OperationCli
>> ent.java:149)
>> at org.wso2.carbon.identity.user.store.configuration.stub.UserS
>> toreConfigAdminServiceStub.addUserStore(UserStoreConfigAd
>> minServiceStub.java:889)
>> at org.wso2.carbon.identity.user.store.configuration.ui.client.
>> UserStoreConfigAdminServiceClient.addUserStore(UserStoreConf
>> igAdminServiceClient.java:95)
>> at org.apache.jsp.userstore_005fconfig.userstore_002dconfig_
>> 002dfinish_002dajaxprocessor_jsp._jspService(userstore_002d
>> config_002dfinish_002dajaxprocessor_jsp.java:198)
>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.
>> java:70)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.apache.jasper.servlet.JspServletWrapper.service(JspServl
>> etWrapper.java:439)
>> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServl
>> et.java:395)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
>> :339)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.ui.JspServlet.service(Js

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-11-18 Thread Hanen Ben Rhouma 
Hello,

The tutorial doesn't answer the question "how can I interface with a REST
API", there are many examples around custom JDBC stores but for REST calls
I couldn't find anything.
There are other examples about transforming WSO2 OSGi bundles into REST
APIs but this not what I'm looking for.
The idea is to inherit from AbstractUserStoreManager and override its
methods in order to communicate with a third party REST API to retrieve
user details and roles without having to mention a JDBC or LDAP store
properties in user-mgt.xml.

Is this feasible guys?



Regards,
Hanen

On Thu, Nov 3, 2016 at 9:53 AM, Hanen Ben Rhouma <hanen...@gmail.com> wrote:

> Thanks Gayan,
>
> I followed the blog entry but now I'm receiving another kind of error
> related to domain name:
>
> [2016-11-03 09:50:15,556] ERROR {org.wso2.carbon.identity.
> user.store.configuration.UserStoreConfigAdminService} -   Error occurred
> during the transformation process of C:\Users\rhoumah\DOCUME~1\LMR\
> WSO2\WSO2IS~1.0\bin\..\repository\deployment\server\userstores\custom.xml
> org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException:
>  Error occurred during the transformation process of
> C:\Users\rhoumah\DOCUME~1\LMR\WSO2\WSO2IS~1.0\bin\..\
> repository\deployment\server\userstores\custom.xml
> at org.wso2.carbon.identity.user.store.configuration.
> UserStoreConfigAdminService.writeUserMgtXMLFile(
> UserStoreConfigAdminService.java:831)
> at org.wso2.carbon.identity.user.store.configuration.
> UserStoreConfigAdminService.addUserStore(UserStoreConfigAdminService.
> java:270)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.axis2.rpc.receivers.RPCUtil.
> invokeServiceClass(RPCUtil.java:212)
> at org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.
> invokeBusinessLogic(RPCInOnlyMessageReceiver.java:66)
> at org.apache.axis2.receivers.AbstractMessageReceiver.receive(
> AbstractMessageReceiver.java:110)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
> at org.apache.axis2.transport.local.LocalTransportReceiver.
> processMessage(LocalTransportReceiver.java:169)
> at org.apache.axis2.transport.local.LocalTransportReceiver.
> processMessage(LocalTransportReceiver.java:82)
> at org.wso2.carbon.core.transports.local.
> CarbonLocalTransportSender.finalizeSendWithToAddress(
> CarbonLocalTransportSender.java:45)
> at org.apache.axis2.transport.local.LocalTransportSender.
> invoke(LocalTransportSender.java:77)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
> at org.apache.axis2.description.OutInAxisOperationClient.send(
> OutInAxisOperation.java:430)
> at org.apache.axis2.description.OutInAxisOperationClient.
> executeImpl(OutInAxisOperation.java:225)
> at org.apache.axis2.client.OperationClient.execute(
> OperationClient.java:149)
> at org.wso2.carbon.identity.user.store.configuration.stub.
> UserStoreConfigAdminServiceStub.addUserStore(
> UserStoreConfigAdminServiceStub.java:889)
> at org.wso2.carbon.identity.user.store.configuration.ui.client.
> UserStoreConfigAdminServiceClient.addUserStore(
> UserStoreConfigAdminServiceClient.java:95)
> at org.apache.jsp.userstore_005fconfig.userstore_
> 002dconfig_002dfinish_002dajaxprocessor_jsp._jspService(userstore_
> 002dconfig_002dfinish_002dajaxprocessor_jsp.java:198)
> at org.apache.jasper.runtime.HttpJspBase.service(
> HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.apache.jasper.servlet.JspServletWrapper.service(
> JspServletWrapper.java:439)
> at org.apache.jasper.servlet.JspServlet.serviceJspFile(
> JspServlet.java:395)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.
> java:339)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
> at org.wso2.carbon.ui.TilesJspServlet.service(
> TilesJspServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.
> service(ContextPathServletAdaptor.java:37)
> at org.eclipse.equinox.http.servlet.internal.
> ServletRegistration.service(ServletRegistration.java:61)
> at org.eclipse.equinox.http.servlet.internal.Prox

[Dev] WSO2 Identity Server on the cloud with custom data stores (not the classic connectors)

2016-11-14 Thread Hanen Ben Rhouma 
Hello,

Can WSO2 Identity Server be installed on the cloud and communicate with
custom data stores installed on premises (like through REST endpoints, LDAP
or JDBC stores) ? If so, how much time does the whole
installation/configuration/deployment process take ?


Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS tests automation

2016-11-08 Thread Hanen Ben Rhouma 
Thanks Lakshani :)

Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Mon, Nov 7, 2016 at 5:39 PM, Lakshani Gamage <laksh...@wso2.com> wrote:

> Hi Hanen,
>
> There are IS automation tests in [1]. See if they are useful.
>
> [1] https://github.com/wso2/product-is/tree/master/
> modules/integration/tests-integration/tests-backend
>
> Thanks,
> Lakshani.
>
> On Mon, Nov 7, 2016 at 9:35 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Hello guys,
>>
>> Are there some examples for test automation to WSO2 IS features including
>> Entitlement/Authentication and User management?
>>
>>
>> Regards,
>> Hanen
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Lakshani Gamage
>
> *Software Engineer, WSO2*
>
> *Mobile : +94 71 5478184 <%2B94%20%280%29%20773%20451194>*
> *Blog : http://lakshanigamage.blogspot.com/
> <http://lakshanigamage.blogspot.com/>*
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 IS tests automation

2016-11-07 Thread Hanen Ben Rhouma 
Hello guys,

Are there some examples for test automation to WSO2 IS features including
Entitlement/Authentication and User management?


Regards,
Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-11-03 Thread Hanen Ben Rhouma 
)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.xml.transform.TransformerException:
java.io.FileNotFoundException:
C:\Users\rhoumah\DOCUME%7E1\LMR\WSO2\WSO2IS%7E1.0\bin\..\repository\deployment\server\userstores\custom.xml
(The system cannot find the path specified)
at
org.apache.xalan.transformer.TransformerIdentityImpl.createResultContentHandler(TransformerIdentityImpl.java:297)
at
org.apache.xalan.transformer.TransformerIdentityImpl.transform(TransformerIdentityImpl.java:330)
at
org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.writeUserMgtXMLFile(UserStoreConfigAdminService.java:825)


How can I configure the domain in order for WSO2 IS to generate the
required XML file?


Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Wed, Nov 2, 2016 at 7:14 PM, Gayan Gunawardana <ga...@wso2.com> wrote:

>
>
> On Wed, Nov 2, 2016 at 8:53 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks for the reply Gayan,
>>
>> Actually I'm facing an issue while trying to deploy the custom user store
>> jar file under WSO2 IS, though I put it in  
>> /repository/components/dropins
>> and changed /repository/conf/user-mgt.xml according to the
>> documentation I'm receiving a ClassNotFound error:
>>
>> [2016-11-02 16:16:03,660] ERROR 
>> {org.wso2.carbon.user.core.common.DefaultRealm}
>> -  com.wso2.custom.usermgt.CustomUserStoreManager cannot be found by
>> org.wso2.carbon.user.core_4.4.9Type class java.lang.ClassNotFoundExcepti
>> on
>> org.wso2.carbon.user.core.UserStoreException:
>> com.wso2.custom.usermgt.CustomUserStoreManager cannot be found by
>> org.wso2.carbon.user.core_4.4.9Type class java.lang.ClassNotFoundExcepti
>> on
>> at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWi
>> thOptions(DefaultRealm.java:401)
>> at org.wso2.carbon.user.core.common.DefaultRealm.initializeObje
>> cts(DefaultRealm.java:222)
>> at org.wso2.carbon.user.core.common.DefaultRealm.init(Default

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-11-02 Thread Hanen Ben Rhouma 
Thanks for the reply Gayan,

Actually I'm facing an issue while trying to deploy the custom user store
jar file under WSO2 IS, though I put it in
/repository/components/dropins
and changed /repository/conf/user-mgt.xml according to the
documentation I'm receiving a ClassNotFound error:

[2016-11-02 16:16:03,660] ERROR
{org.wso2.carbon.user.core.common.DefaultRealm} -
 com.wso2.custom.usermgt.CustomUserStoreManager cannot be found by
org.wso2.carbon.user.core_4.4.9Type class java.lang.ClassNotFoundException
org.wso2.carbon.user.core.UserStoreException:
com.wso2.custom.usermgt.CustomUserStoreManager cannot be found by
org.wso2.carbon.user.core_4.4.9Type class java.lang.ClassNotFoundException
at
org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:401)
at
org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:222)
at
org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:127)
at
org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:263)
at
org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:100)
at
org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:113)
at
org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68)
at
org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at
org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at
org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at
org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
at
org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
at
org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at
org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at
org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at
org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at
org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at
org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at
org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at
org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Caused by: java.lang.ClassNotFoundException:
com.wso2.custom.usermgt.CustomUserStoreManager cannot be found by
org.wso2.carbon.user.core_4.4.9
at
org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:501)
at
org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421)
at
org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412)
at
org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at
org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:345)


Is there a missing config step in order to load the new jar?




Regards,


*Hanen Ben Rhouma*
*Java Tech Lead*

On Tue, Nov 1, 2016 at 2:10 AM, Gayan Gunawardana <ga...@wso2.com> wrote:

> Hi Hanen,
>
> On Mon, Oct 31, 2016 at 9:57 PM, Hanen Ben Rhouma <hanen...@gmail.com>
> wrote:
>
>> Thanks guys for your help but I guess I didn't explain it well; Actually,
>> I'm looking for a step by step configuration that allows me to create an
>> identity provider which jumps to our DB or any other inhouse endpoint (it
>> can be a REST endpoint) in order to retrieve user details and aggregate
>> them within the SAML token. Is there a way to do it through WSO2 IS?
>>
> You can write custom user store manager according to [1] and override 
> doAuthenticate,
> doGetUserClaimValue methods to jump into your DB or REST endpoint.
> Once you have custom user store, you can configure a service provider in
> WSO2 IS with SAML inbound protocol.
>
> [1] https://docs.wso2.com/display/IS520/Writing+a+Custom+User+
> Store+Manager
>
>>
>>
>> Thanks,
>> Hanen
>>
&g

Re: [Dev] Token generation through user details retriveal from DB or REST API

2016-10-31 Thread Hanen Ben Rhouma 
Thanks guys for your help but I guess I didn't explain it well; Actually,
I'm looking for a step by step configuration that allows me to create an
identity provider which jumps to our DB or any other inhouse endpoint (it
can be a REST endpoint) in order to retrieve user details and aggregate
them within the SAML token. Is there a way to do it through WSO2 IS?


Thanks,
Hanen


On Fri, Oct 28, 2016 at 8:07 PM, Gayan Gunawardana  wrote:

>
>
> On Fri, Oct 28, 2016 at 2:54 PM, Lakshani Gamage 
> wrote:
>
>> Hi Hanen,
>>
>> This article [1] contains how to communicate Identity server with REST
>> APIs. It will be a help to your POC.
>>
>> [1] http://wso2.com/library/articles/2016/10/article-exposing-
>> wso2-identity-server-admin-services-the-rest-way/
>>
>> Regards,
>> Lakshani
>>
>> On Fri, Oct 28, 2016 at 1:22 PM, Ben Rhouma, Hanen (FircoSoft) <
>> hanen.ben.rho...@fircosoft.com> wrote:
>>
>>> Hello,
>>>
>>>
>>>
>>> We’re working on a POC related to Authentication and Identity Management
>>> using WSO2. We’re looking for a way to configure the Identity Provider to
>>> communicate with a REST API or even a database in order to retrieve more
>>> details about the user trying to authenticate so that those details can be
>>> used to generate the token.
>>>
>> What sort of token you expect to generate ?
> If you are looking for REST way to get authenticated user information OIDC
> might help[1]. If you can explain exact use case we can help you more.
>
> [1]https://docs.wso2.com/display/IS520/OpenID+Connect
>
>> Is there a tutorial or a documentation part which can point us directly
>>> to such use case implementation?
>>>
>>>
>>>
>>> Regards,
>>>
>>> Hanen
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Lakshani Gamage
>>
>> *Software Engineer, WSO2*
>>
>> *Mobile : +94 71 5478184 <%2B94%20%280%29%20773%20451194>*
>> *Blog : http://lakshanigamage.blogspot.com/
>> *
>>
>
>
>
> --
> Gayan Gunawardana
> Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Token generation through user details retriveal from DB or REST API

2016-10-28 Thread Hanen Ben Rhouma 
Hello,



We’re working on a POC related to Authentication and Identity Management
using WSO2. We’re looking for a way to configure the Identity Provider to
communicate with a REST API or even a database in order to retrieve more
details about the user trying to authenticate so that those details can be
used to generate the token. Is there a tutorial or a documentation part
which can point us directly to such use case implementation?



Regards,

Hanen
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev