[Dev] [IAM] Configure Requested Claims based on the Service Provider Claim Dialect
Hi All, I am currently having a requirement such as, SP can request specific claims from an IdP. Then, IdP should issue those requested claims using a specific claim dialect. (SP and IdP both request and issue claims based on the same external claim dialect) Let’s say I have an external claim dialect named as “ http://incommon.org/claims”. When an SP is configured into Identity Server, SP should be able to select its Service Provider Claim Dialect as http://incommon.org/claims. Then, it should be able to select requested claims from that dialect. In this case, I have tried the existing feature in the IS. But there are mainly two methods to configure claim dialect for SP as below. 1. Use Local Claim Dialect Here, can be configured the required external claim dialect for SP, but there is no any mean to configure Requested Claims using the same dialect. It only lets to select requested claims from local dialect. Therefore, IdP can not recognize what claims should be issued. Following is the available UI illustration for this. 2. Define Custom Claim Dialect Here, can be configured any name as SP requested and also need to select matching Local Claim from the local claim dialect. No any use of existing dialects. But, if there is a dialect configured under “Service Provider Claim Dialect” claims from the selected dialect are also issued by the IdP. Following is the available UI illustration for this. As my point of view, there is no way to fulfill my requirement (Mentioned in the beginning) from both of this two methods. My idea is that there should be a way to select Service Provider Claim Dialect from existing claim dialects and then Requested Claims can be selected from that dialect as SP needs. Also I have another concern that, although there is “Service Provider Claim Dialect” option in UI for both of above two methods, is there any correlation for them with this option? Can anyone please suggest some ideas on this? Thank you Best Regards! -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] InCommon Federation Compliance for WSO2IS - UI Component
Hi Johann, Please note that there are some modifications to be done on this. Also, if the placement is not matching here, it can go under the "Configure" tab (since the overall process is to configure SPs and IdPs). I think that your point is fair about avoiding InCommon logo and I will consider that too. I will update this soon and thank you very much for your feedback. Best Regards! On Fri, Oct 19, 2018 at 4:05 PM Johann Nallathamby wrote: > Hi Sahan, > > Two concerns here: > 1. Is the placement of the feature in the menu correct? > 2. I don't know if it was intensional, but isn't it better to avoid > InCommon logos and only label it using standard federation terminology? > Because we haven't done it like that so far for other profiles such as > eIDAS. But again I don't know if this is intensional to get traction to the > product. > > Regards, > Johann. > > On Wed, Sep 26, 2018 at 8:26 AM Sahan Gunathilaka wrote: > >> Hi All, >> One of the major requirements to comply WSO2 IS with InCommon Federation >> is to support *auto refreshment* of metadata of participating Service >> Providers and Identity Providers at IS. Following is the designed UI to >> provide this requirement. >> >> [image: Screenshot_2018-09-26 WSO2 Management Console.png] >> >> *"Enable Auto Refresh*" check box and "*Refresh Time*" drop box can be >> set to automate the refreshing cycle. All service providers' and identity >> providers' configurations will be updated according to them after clicking >> on "*Save*" button. >> >> "*Force Refresh*" button lets users to refresh metadata instantly based >> on the latest update of metadata file at the InCommon Federation. >> >> "*Clear All*" button will remove all the configured data and result "0" >> for both "Total Service Providers" and "Total Identity Providers" in the >> table. >> >> If you have any suggestion on this, please let me know. >> >> Thank you! >> Best Regards! >> >> -- >> *Sahan Gunathilaka* >> Intern - Software Engineering >> *WSO2* >> mobile: +94776343266 >> >> [image: http://wso2.com/signature] >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile: *+94 77 7776950* > LinkedIn: *http://www.linkedin.com/in/johann-nallathamby > <http://www.linkedin.com/in/johann-nallathamby>* > Medium: *https://medium.com/@johann_nallathamby > <https://medium.com/@johann_nallathamby>* > Twitter: *@dj_nallaa* > -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IAM] InCommon Federation Compliance for WSO2IS - eduPerson Claim Dialect
Hi All, I have discussed the above matter with some team members and came up with a solution. Therefore, I am going to make a change that will let to add properties for claims in *external dialects* too. To do that, I will change the "*LOCAL_CLAIM_ID*" column name in "*IDN_CLAIM_PROPERTY*" table (which is a foreign key references "*ID*" in "*IDN_CLAIM*") into "*CLAIM_ID*". (IDN_CLAIM table contains all local and external claims) Then, I will improve the source code accordingly to address the change. Thanks Best Regards! On Thu, Oct 11, 2018 at 12:01 PM Sahan Gunathilaka wrote: > Hi All, > > According to a requirement of InCommon Federation, each SAML entity should > support eduPerson attribute schema to exchange claims. Since there is not a > claim dialect in WSO2IS to support that schema, I previously mailed > mentioning about creating a new claim dialect for that. > > As a further extension, there is an addition property as "*FriendlyName*" > for each claim. But, only the wso2 local claim dialect ( > http://wso2.org/claims) supports to add additional property for each > claim. There is no way to add additional properties for claims in external > claim dialects. What I think is that there can be additional properties for > claims in specific external dialects too. Therefore, there should be a way > to add them for claims in external dialects as well. > > I am looking forward for answers regarding this matter. > > Thanks > Best Regards! > > > -- > *Sahan Gunathilaka* > Intern - Software Engineering > *WSO2* > mobile: +94776343266 > > [image: http://wso2.com/signature] > -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IAM] InCommon Federation Compliance for WSO2IS - eduPerson Claim Dialect
Hi All, According to a requirement of InCommon Federation, each SAML entity should support eduPerson attribute schema to exchange claims. Since there is not a claim dialect in WSO2IS to support that schema, I previously mailed mentioning about creating a new claim dialect for that. As a further extension, there is an addition property as "*FriendlyName*" for each claim. But, only the wso2 local claim dialect ( http://wso2.org/claims) supports to add additional property for each claim. There is no way to add additional properties for claims in external claim dialects. What I think is that there can be additional properties for claims in specific external dialects too. Therefore, there should be a way to add them for claims in external dialects as well. I am looking forward for answers regarding this matter. Thanks Best Regards! -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [IS] InCommon Federation Compliance for WSO2IS - UI Component
Hi Omindu, 1. Yes to refresh interval. As InCommon mentioned, metadata should be refreshed at least daily. However, they encourage participants to refresh them as frequently as possible. Their best suggestion is to refresh hourly. Therefore, I am currently engaging to go with an hourly refreshment process. 2. Yes for server timezone. Surely, will include them and thanks for the suggestion. 3. I am currently creating the document with entire details and will let you know soon after doing so. Thank You! Best Regards!! On Sat, Oct 6, 2018 at 11:40 PM Omindu Rathnaweera wrote: > Hi Sahan, > > Not sure whether this is a valid concern as I don't have much context on > updating SP and IdP metadata. Is there a basis on deciding the auto refresh > interval? A requirement like refreshing every 2 days or every week isn't > valid ? > > I believe the time set for refreshing is in server timezone, correct ? If > so better to mention that information as well and the last update column > should reflect the time information as well. > > On a side note, is there a reference I can use to get more on what exactly > updating SP and IdP metadata does ? > > Regards, > Omindu. > > > On Wed, Sep 26, 2018 at 12:56 PM Sahan Gunathilaka > wrote: > >> Hi All, >> One of the major requirements to comply WSO2 IS with InCommon Federation >> is to support *auto refreshment* of metadata of participating Service >> Providers and Identity Providers at IS. Following is the designed UI to >> provide this requirement. >> >> [image: Screenshot_2018-09-26 WSO2 Management Console.png] >> >> *"Enable Auto Refresh*" check box and "*Refresh Time*" drop box can be >> set to automate the refreshing cycle. All service providers' and identity >> providers' configurations will be updated according to them after clicking >> on "*Save*" button. >> >> "*Force Refresh*" button lets users to refresh metadata instantly based >> on the latest update of metadata file at the InCommon Federation. >> >> "*Clear All*" button will remove all the configured data and result "0" >> for both "Total Service Providers" and "Total Identity Providers" in the >> table. >> >> If you have any suggestion on this, please let me know. >> >> Thank you! >> Best Regards! >> >> -- >> *Sahan Gunathilaka* >> Intern - Software Engineering >> *WSO2* >> mobile: +94776343266 >> >> [image: http://wso2.com/signature] >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IS] InCommon Federation Compliance for WSO2IS - UI Component
Hi All, One of the major requirements to comply WSO2 IS with InCommon Federation is to support *auto refreshment* of metadata of participating Service Providers and Identity Providers at IS. Following is the designed UI to provide this requirement. [image: Screenshot_2018-09-26 WSO2 Management Console.png] *"Enable Auto Refresh*" check box and "*Refresh Time*" drop box can be set to automate the refreshing cycle. All service providers' and identity providers' configurations will be updated according to them after clicking on "*Save*" button. "*Force Refresh*" button lets users to refresh metadata instantly based on the latest update of metadata file at the InCommon Federation. "*Clear All*" button will remove all the configured data and result "0" for both "Total Service Providers" and "Total Identity Providers" in the table. If you have any suggestion on this, please let me know. Thank you! Best Regards! -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [Architecture] [VOTE] Release of WSO2 Identity Server Analytics 5.7.0 RC3
ase candidate of WSO2 >>>>>>>> Identity Server Analytics 5.7.0. >>>>>>>> >>>>>>>> >>>>>>>> This release fixes the following issues, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>- 5.7.0-RC3 Fixes >>>>>>>><https://github.com/wso2/analytics-is/milestone/4?closed=1> >>>>>>>>- 5.7.0-RC2 Fixes >>>>>>>><https://github.com/wso2/analytics-is/milestone/3?closed=1> >>>>>>>>- 5.7.0-RC1 Fixes >>>>>>>><https://github.com/wso2/analytics-is/milestone/2?closed=1> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Source and distribution, >>>>>>>> >>>>>>>> >>>>>>>>- https://github.com/wso2/analytics-is/releases/v5.7.0-rc3 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Please download, test the product and vote. >>>>>>>> >>>>>>>> >>>>>>>>[+] Stable - go ahead and release >>>>>>>> >>>>>>>>[-] Broken - do not release (explain why) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> - WSO2 Identity and Access Management Team - >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Best Regards, >>>>>>>> >>>>>>>> Nuwandi Wickramasinghe >>>>>>>> >>>>>>>> Senior Software Engineer >>>>>>>> >>>>>>>> WSO2 Inc. >>>>>>>> >>>>>>>> Web : http://wso2.com >>>>>>>> >>>>>>>> Mobile : 0719214873 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *C**h**amath Samarawickrama* >>>>>>> Intern | WSO2, Inc. >>>>>>> Mobile : +94772598944 >>>>>>> Twitter <https://twitter.com/htamahc> LinkedIn >>>>>>> <https://www.linkedin.com/in/htamahc/> GitHub >>>>>>> <https://github.com/htamahc> >>>>>>> ___ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Tharindu Bandara* >>>>>> Software Engineer | WSO2 >>>>>> >>>>>> Email : tharin...@wso2.com >>>>>> Mobile : +94 714221776 >>>>>> web : http://wso2.com >>>>>> <https://www.google.com/url?q=http://wso2.com=D=151765338399=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg> >>>>>> >>>>>> https://wso2.com/signature >>>>>> >>>>>> ___ >>>>>> Architecture mailing list >>>>>> architect...@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>> >>>> >>>> -- >>>> Chuhaashanan >>>> Intern - Software Engineering >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> -- >>> Best Regards, >>> M.Thumilan >>> ___ >>> Architecture mailing list >>> architect...@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> ___ >> Architecture mailing list >> architect...@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Thanks and Best Regards, > Thisaru Guruge > Software Engineer > Mobile: +94 71 720 9720 > > > WSO2 Inc.: http://www.wso2.com > > > > ___ > Architecture mailing list > architect...@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [VOTE] Release WSO2 Identity Server 5.7.0 RC3
Hi all, I have tested following with PostgreSQL database and no any issue was found, * Start with Desetup * Manual db scripts run and pack running * Self sign-in and account confirmation * SAML2 Artifact binding with dispatch sample * Basic flows - Add user, Add role, Update permission [+] Stable - Go ahead and release Thanks! Best Regards! On Thu, Sep 13, 2018 at 8:40 PM, Gangani Ariyarathne wrote: > Hi, > > I have tested the following in MS-SQL DB and no issues were found. > >- Configuring Role-Based Adaptive Authentication >- Configuring User Store-Based Adaptive Authentication >- Configuring New-Device-Based Adaptive Authentication >- Configuring ACR-Based Adaptive Authentication >- Configuring Login-Based Adaptive authentication > > [+] Stable - Go ahead and release > > Thanks, > Gangani > > > On Thu, Sep 13, 2018 at 8:35 PM, Dinali Dabarera wrote: > >> Hi all, >> >> I have tested the below in H2 DB and no issues were found. >> >>- XACML multi-decision profile (JSON/XML format) >>- Add a policy, update policy, publish policy, publish again by >>updating. >>- Add email templates. >>- Adding consent purposes and Consent management during JIT >>provisioning. >>- Add user, role, update permissions like basic user management >>scenarios. >> >> [+] Stable - Go ahead and release >> >> Thanks, >> Dinali >> >> On Thu, Sep 13, 2018 at 7:09 PM Senthalan Kanagalingam < >> sentha...@wso2.com> wrote: >> >>> Hi all, >>> >>> >>> We are pleased to announce the third release candidate of WSO2 Identity >>> Server 5.7.0. >>> >>> >>> This release fixes the following issues, >>> >>>- >>> >>>5.7.0-RC2 fixes >>><https://github.com/wso2/product-is/milestone/58?closed=1> >>>- >>> >>>5.7.0-RC1 fixes >>><https://github.com/wso2/product-is/milestone/52?closed=1> >>>- >>> >>>5.7.0-Beta2 fixes >>><https://github.com/wso2/product-is/milestone/57?closed=1> >>>- >>> >>>5.7.0-Beta fixes >>><https://github.com/wso2/product-is/milestone/54?closed=1> >>>- >>> >>>5.7.0-Alpha3 fixes >>><https://github.com/wso2/product-is/milestone/53?closed=1> >>>- >>> >>>5.7.0-Alpha2 fixes >>><https://github.com/wso2/product-is/milestone/51?closed=1> >>>- >>> >>>5.7.0-Alpha fixes >>><https://github.com/wso2/product-is/milestone/50?closed=1> >>>- >>> >>>5.7.0-M5 fixes >>><https://github.com/wso2/product-is/milestone/49?closed=1> >>>- >>> >>>5.7.0-M4 fixes >>><https://github.com/wso2/product-is/milestone/48?closed=1> >>>- >>> >>>5.7.0-M3 fixes >>><https://github.com/wso2/product-is/milestone/47?closed=1> >>>- >>> >>>5.7.0-M2 fixes >>><https://github.com/wso2/product-is/milestone/46?closed=1> >>>- >>> >>>5.7.0-M1 fixes >>><https://github.com/wso2/product-is/milestone/45?closed=1> >>> >>> >>> Source and distribution, >>> >>> >>>Runtime - https://github.com/wso2/product-is/releases/v5.7.0-rc3 >>> >>> >>> >>> Please download, test the product and vote. >>> >>> >>>[+] Stable - go ahead and release >>> >>>[-] Broken - do not release (explain why) >>> >>> >>> >>> Thanks, >>> >>> - WSO2 Identity and Access Management Team - >>> -- >>> >>> *Senthalan Kanagalingam* >>> *Software Engineer - WSO2 Inc.* >>> *Mobile : +94 (0) 77 18 77 466* >>> <http://wso2.com/signature> >>> >> >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > > *Gangani Chamika* > > *Intern - Software Engineering* > *WSO2* > <https://wso2.com/signature> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IS] InCommon Federation Compliance for WSO2IS
Hi All, In brief, the InCommon Federation have plenty of participants(organizations) with their own set of SPs and IdPs. As per the participation agreement between InCommon Federation and their paricipants, all SAML entities (SPs & IdPs) should support all attributes in '*eduPerson Object Class Specification (201310)*'[1 <http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201310.html>] as 'identity attributes'. I have already compared those attributes (claims) with claims in WSO2 local claim dialect. Many of them can be mapped with already available claims in local dialect. But there are some claims having no suitable/required claims to be mapped in local dialect. Therefore, I am going to add those claims into underline JDBC user store and map them to WSO2 local dialect. Then, I will create a new dialect for mapping all the required claims from WSO2 local dialect. Claim comparison is available in link[2 <https://docs.google.com/document/d/1DHn1zoEnhF9orESDFljYKedQP1RvmaZnlUVZtbkOtTs/edit?usp=sharing>] if needed. Please let me know if you have any suggestions regarding this scenario. [1] http://software.internet2.edu/eduperson/internet2-mace-dir- eduperson-201310.html [2] https://docs.google.com/document/d/1DHn1zoEnhF9orESDFljYKedQP1Rvm aZnlUVZtbkOtTs/edit?usp=sharing Thank you ! Best Regards! -- *Sahan Gunathilaka* Intern - Software Engineering *WSO2* mobile: +94776343266 [image: http://wso2.com/signature] ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
