On Sun, Oct 16, 2016 at 11:37 AM, Ishara Karunarathna
wrote:
> Hi All,
>
> With the current IS implementation We have individual SP configurations
> and we associate authentication chains, claim, provisioning configurations
> etc.. to that service provider configuration.
> As a improvement to thi
On Wed, Oct 19, 2016 at 12:57 PM, Ishara Karunarathna
wrote:
> Hi Farasath,
>
> On Wed, Oct 19, 2016 at 12:39 PM, Farasath Ahamed
> wrote:
>
>> We also need to consider how we are going to handle the 'NotApplicable'
>> and 'Indeterminate' responses by the XACML engine. Especially the
>> Indeterm
Hi Nuwandi
Can WSO2IS popup for user claims which must be provision in to the local
user store (JIT provisioning) ?
If federated claims are not enough to update the user store, then it is
assume that WSO2IS can popup for addition claims & persisted.. Does it work
with WSO2IS 5.3.0 ?
Thanks,
Asel
release ?
However; if i want to achieve this using WSO2IS 5.3.0 what is extension
to customize ? Is it JIT provisioning handler or some other ? (Assume
that i want to JIT claims which are popup/requested by SP)
Thanks,
Asela.
>
> thanks
> Nuwandi
>
> On Mon, Jan 23, 2017 at 6:
or future release ?
>>
>> However; if i want to achieve this using WSO2IS 5.3.0 what is extension
>> to customize ? Is it JIT provisioning handler or some other ? (Assume
>> that i want to JIT claims which are popup/requested by SP)
>>
>> Thanks,
>> Asela.
Hi Devs,
Default configurations of the WSO2IS 5.2.0/5.3.0 have been defined to
switch off the framework level caching.
Once you disable the caching; when single user is authenticated
with WSO2IS using SSO, there are around 12 INSERT queries in to database.
It is important to know the exact rec
On Fri, Feb 3, 2017 at 1:01 PM, Nuwandi Wickramasinghe
wrote:
> Hi,
>
> Shall we implement $subject for next release?
>
> The requirement to define mandatory claims for JIT provisioning and prompt
> for the missing claims at the user login time was raised in [1] by Asela.
> It is possible in IS 5
Hi All,
According to the current design; KeyStore which is defined in the
carbon.xml file is used for both secure vault & token signing
(SAML/id_token) which is not a good design. We need to keep that separate
keystore for secure vault as it can not be modified.
Also; To add more flexibility;
need to configure more keystores..
>
>
> Thanks
> Godwin
>
> On Wed, Apr 12, 2017 at 5:58 PM, Asela Pathberiya wrote:
>
>> Hi All,
>>
>> According to the current design; KeyStore which is defined in the
>> carbon.xml file is used for both secure vault
On Wed, Apr 19, 2017 at 1:45 PM, Bhathiya Jayasekara
wrote:
> Hi Darshana,
>
> Please find my opinions inline.
>
> On Wed, Apr 19, 2017 at 11:19 AM, Darshana Gunawardana
> wrote:
>
>> Hi all,
>>
>> Please find few questions on the requirement and deployment below.
>>
>>1. Does APIM really ne
On Thu, Apr 20, 2017 at 11:08 AM, Ishara Cooray wrote:
> Hi,
>
> Previous versions(Before C5) of APIM Publisher, Store Apps front end
> validations were done based on user roles.
>
> But with C5 we think of fine graining User Interfaces by controlling
> access to UI components such as Add, Edit,
On Tue, Apr 18, 2017 at 11:51 AM, Asela Pathberiya wrote:
>
>
> On Mon, Apr 17, 2017 at 12:00 PM, Godwin Shrimal wrote:
>
>> +1 to have separate keystores for secure vault & token signing. Any
>> reason/use case to have separate kesytores for each token signi
On Wed, Apr 5, 2017 at 9:04 AM, Harsha Thirimanna wrote:
>
>
> On Apr 1, 2017 10:37 PM, "Farasath Ahamed" wrote:
>
>
>
>
>
> On Sat, Apr 1, 2017 at 11:27 AM, Bhathiya Jayasekara
> wrote:
>
>>
>>
>> On Sat, Apr 1, 2017 at 1:39 AM, Farasath Ahamed
>> wrote:
>>
>>>
>>>
>>> On Thursday, March 30,
On Thu, Apr 20, 2017 at 4:42 PM, Bhathiya Jayasekara
wrote:
> Hi Asela,
>
> On Thu, Apr 20, 2017 at 3:17 PM, Asela Pathberiya wrote:
>
>>
>> Hi Bhathiya,
>>
>> Just to clarify; These registered users are not the actual end end users
>> & just appli
On Thu, Apr 20, 2017 at 6:46 PM, Johann Nallathamby wrote:
>
>
> On Thu, Apr 20, 2017 at 3:27 PM, Asela Pathberiya wrote:
>
>>
>>
>> On Tue, Apr 18, 2017 at 11:51 AM, Asela Pathberiya
>> wrote:
>>
>>>
>>>
>>> On Mon, Apr
Hi IS/APIM team,
Is $subject in our roadmap ? This seems to be a required features.
Different applications may need the different user token expiry time based
on their security level.
Just heard that; IOT server may has already requirement with that; It is
needed to define a token expiry level
On Fri, Apr 21, 2017 at 4:46 PM, Ishara Cooray wrote:
> Hi Asela,
>
> What is reason for using scopes for authorization.. ? Can't we use policy
> based approach such as XACML ?
>
> Default authentication and authorization protocol we use is oauth, hence
> we already have support for scopes in ou
On Tue, Apr 25, 2017 at 12:44 PM, Harsha Thirimanna
wrote:
>
> On Tue, Apr 25, 2017 at 12:38 PM, Nuwan Dias wrote:
>
>> Hi Gayan,
>>
>> What are you trying to achieve by moving the client-secret validation
>> logic to the interceptor from the jax-rs layer?
>>
>
> Actually, we have separate laye
ut how to render the html on the client side unless I
>>>> evaluate the XACML policy on the client side, which of course is nearly
>>>> impossible I guess.
>>>>
>>>> Our concern was not to say any wrong about the OAuth2 scopes. Only
>>> concern was we can use X
On Tue, Apr 25, 2017 at 2:52 PM, Harsha Thirimanna wrote:
>
> On Tue, Apr 25, 2017 at 2:00 PM, Asela Pathberiya wrote:
>
>>
>>
>> On Tue, Apr 25, 2017 at 12:44 PM, Harsha Thirimanna
>> wrote:
>>
>>>
>>> On Tue, Apr 25, 2017 at 12:38 PM,
On Tue, Apr 25, 2017 at 3:34 PM, Harsha Thirimanna wrote:
>
>
> On Tue, Apr 25, 2017 at 3:04 PM, Asela Pathberiya wrote:
>
>>
>>
>> On Tue, Apr 25, 2017 at 2:52 PM, Harsha Thirimanna
>> wrote:
>>
>>>
>>> On Tue, Apr 25, 2017 at 2:0
On Wed, May 24, 2017 at 12:11 PM, Roshan Wijesena wrote:
>
> On Wed, May 24, 2017 at 1:19 AM, Bhathiya Jayasekara
> wrote:
>
>> 1. How do you configure this IDPs other than WSO2 identity server
>>
>
> This is a good question, what if other IDP does not support OIDC? any
> other solution for SSO
On Wed, May 31, 2017 at 1:08 PM, Farasath Ahamed wrote:
>
> On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe
> wrote:
>
>> Hi Dinali,
>>
>> Consider the following calculation.
>>
>> expiry time = issuedTimeInMillis + validityPeriodMillis -
>> (System.currentTimeMillis() - timestampSkew)
>>
>
On Wed, May 31, 2017 at 10:38 AM, Ruwan Abeykoon wrote:
>
> Hi Prabath,
>
>
>> Please check whether my understanding is correct based on the following
>> mail..
>>
>> 1. We define set of ACR values at the framework level - which are
>> agnostic to the inbound protocols.
>> 2. Each inbound protoco
On Mon, May 29, 2017 at 11:12 AM, Harsha Thirimanna
wrote:
>
>
> On Wed, May 17, 2017 at 9:44 AM, Prabath Siriwardena
> wrote:
>
>> At the moment we can't delete an identity provider, if its associated
>> with one or more service providers.
>>
>> Also - for the user there is no way to find out t
On Wed, May 31, 2017 at 2:38 PM, Prabath Siriwardena
wrote:
>
>
> On Wed, May 31, 2017 at 1:16 AM, Asela Pathberiya wrote:
>
>>
>>
>> On Mon, May 29, 2017 at 11:12 AM, Harsha Thirimanna
>> wrote:
>>
>>>
>>>
>>> On Wed, May
On Fri, Jul 14, 2017 at 11:31 AM, Harsha Kumara wrote:
> Hi All,
>
> This is regarding the behavior of Authentication flow between multiple
> service providers.
>
> I have created two service providers with following configurations.
>
> *SP1*
>
> This service provider has two options which allow
Hi APIM team,
According to the docs; We are not recommending the thrift protocol to
communicate with GW and KM when even TCP load balancer is used.
The problem is that; thrift connection must be authenticated & thrift
session is not replicated among key manager nodes.
IMO; we have three solutio
.
> thanks
>
> On Fri, Sep 1, 2017 at 12:55 PM, Asela Pathberiya wrote:
>
>> Hi APIM team,
>>
>> According to the docs; We are not recommending the thrift protocol to
>> communicate with GW and KM when even TCP load balancer is used.
>>
>> The proble
On Mon, Sep 18, 2017 at 6:03 PM, Thilina Madumal
wrote:
> Hi all,
>
>
> On Mon, Sep 11, 2017 at 11:28 AM, Dulanja Liyanage
> wrote:
>
>>
>>
>> On Mon, Sep 11, 2017 at 11:20 AM, Ishara Karunarathna
>> wrote:
>>
>>> HI,
>>>
>>> On Fri, Sep 1, 2017 at 12:55 AM, Johann Nallathamby
>>> wrote:
>>>
>
On Wed, Sep 20, 2017 at 6:35 PM, Lakmal Warusawithana
wrote:
> +1, this should go with v3.
>
> On Wed, Sep 20, 2017 at 1:08 PM, Pubudu Gunatilaka
> wrote:
>
>> Hi,
>>
>> Shall we prioritize this feature and add this to APIM 3.0.0 GA? IMO, this
>> is more useful to have as we have more focus towa
On Mon, Sep 11, 2017 at 9:31 PM, Dave Florek
wrote:
> Hi,
>
> I'm trying to achieve load-balancing on WSO2 Identity Server and need some
> help understanding the documentation and what my options are.
>
> I came across this article (https://docs.wso2.com/display/IS540/Clustered+
> Deployment) sta
On Sat, Sep 9, 2017 at 11:57 AM, Johann Nallathamby wrote:
> Hi IAM Team,
>
> The current keystore management functionalities of Carbon Server are
> provided by the security-mgt bundle. The features include,
>
>- Adding new key stores
>- Adding/Removing certificates to key stores (includi
On Wed, Oct 4, 2017 at 7:14 PM, Johann Nallathamby wrote:
> Hi IAM Team,
>
> Currently we don't have $subject. What we have currently are two APIs.
>
> 1. RemoteAuthorizationManagerService.isUserAuthorized(user, resource,
> action) - a SOAP API that evaluates the permission tree.
>
> 2. XACML3.0
Hi IAM/APIM team,
We have already seen that large number of table entries in OAuth2 access
token table , OAuth2 authorization code table & IDN session data tables
are causing issues in production system.
Sometime these tables contain around 10m entries. Most of entries are
expired or invalid.
On Fri, Dec 1, 2017 at 10:57 PM, Jayanga Kaushalya
wrote:
> The WSO2 Identity and Access Management team is pleased to announce the
> release of WSO2 Identity Server 5.4.0 Beta.
>
> You can build the distribution from the source tag,
>
> Runtime: https://github.com/wso2/product-is/releases/tag/v5
On Thu, Jan 11, 2018 at 7:52 AM, Sagara Gunathunga wrote:
> IS bin directory contains following set of sh/bat files, ATM these are
> exists due to historical reasons only couldn't find any real usage. If
> there is no objection I would like to discard them from 5.5.0 WDYT ?
>
> java2wsdl.sh
> jav
On Mon, Jan 15, 2018 at 2:39 PM, Rasika Perera wrote:
> Hi Dimuthu,
>
> Recently, we did a similar setup, which involves a Federated IDP of OIDC.
> All internal apps configured with SAML SSO. Login flow worked smoothly with
> oidc authenticator; however external apps initiated logout(inbound logo
On Tue, Jan 16, 2018 at 11:16 AM, Nadun De Silva wrote:
> Hi,
>
> At the moment the authenticator only has the *"password expiration time
> period"* in the password expiration policy.
>
> So I can start off by altering the authenticator to publish the following
> to analytics
>
Do we need to dep
On Tue, Jan 16, 2018 at 12:05 PM, Senthalan Kanagalingam wrote:
> Hi Johann,
>
> Thanks for the feedback. Currently, I am checking that feature.
>
You can find the sample implementation for XACML based scope validator from
here [1] . It would help.
[1]
http://xacmlinfo.org/2014/10/24/authoriza
On Tue, Jan 16, 2018 at 2:01 PM, Nadun De Silva wrote:
> Hi Asela,
>
> On Tue, Jan 16, 2018 at 12:14 PM, Asela Pathberiya wrote:
>
>>
>>
>> On Tue, Jan 16, 2018 at 11:16 AM, Nadun De Silva wrote:
>>
>>> Hi,
>>>
>>> At the m
On Fri, Jan 5, 2018 at 5:50 PM, Jayanga Kaushalya wrote:
> Hi all,
>
> According to the GDPR act [1] Chapter 3, Section 3, Article 17 (Right to
> erasure) the data subject has the authority to request the erasure of the
> data from controller. And the controller has the authority to erase the
> d
On Tue, Jan 16, 2018 at 8:06 PM, Roman CHRENKO
wrote:
> Hi.
>
> I would like to know what databases are supported with WSO2 IS 5.4 (5.3).
>
> By https://docs.wso2.com/display/IS540/Installation+Prerequisites =>
> Working with Databases (https://docs.wso2.com/
> display/ADMIN44x/Working+with+Datab
!
My concern is that; when we are introducing a new feature/improvement, It
is better to have an easy way which will help users/customers to try out
without any cost. Yes! extensible/distributed deployment must be there.
>
> Regards,
> Johann.
>
>
>>
>> Cheers,
But if you test your
use cases, they would cover them as well.
> Best regards,
>
> Roman Chrenko
>
>
>
> *From:* Architecture [mailto:architecture-boun...@wso2.org] *On Behalf Of
> *Asela Pathberiya
> *Sent:* Tuesday, January 16, 2018 4:01 PM
> *To:* architecture
>
Hi Gayan,
Is SCIM PATCH implementation available with next Identity Server release ?
Thanks,
Asela.
On Sun, Jul 27, 2014 at 9:10 PM, Gayan Gunawardana wrote:
> Hi All,
>
> Review notes
>
> Participants : Prabath, Chamath, Prasad, Thanuja, Isura, Pulasthi, Gayan
>
>
> 1. Move jax rs custom patch
ll..
Thanks,
Asela.
>
> Thanks,
> Gayan
>
> On Mon, Nov 10, 2014 at 3:47 PM, Asela Pathberiya wrote:
>>
>> Hi Gayan,
>>
>> Is SCIM PATCH implementation available with next Identity Server release ?
>>
>> Thanks,
>> Asela.
>>
Hi Prabath/Johann,
It seems to be that we are supporting only the openid connect core
specification. Is there any idea to support other profiles such as
session management [1] ? If we are supporting this [1] profile.. I
hope that we can easily implement end to end web SSO with OpenID
connect wi
Hi Prabath/Johann/IS Team,
According to the openid-connect specification, It is stated that the
recommended approach for granting id_token is, by using code and
implicit grant types. But WSO2IS supports for password grant type as
well... I think it would be fine [1]. But, what are commendation f
On Tue, Sep 24, 2013 at 11:39 AM, Venura Kahawala wrote:
> Hi,
>
> We are in the process of moving the below UI features out from the IS
> management console.
>
> 1. My Profiles
> 2. Account Recovery
> 3. My Authorized apps
> 4. OpenID
> 5. My SCIM Providers
> 6. Multifactor Authentication
> 7. S
On Mon, Oct 21, 2013 at 12:34 PM, Prabath Siriwardena wrote:
> How do we handle SAML2 sessions now..?
>
> I believe we keep it in-memory..
>
> Keep this in-memory won't scale - as these sessions suppose to live long..
> and also won't be accessed frequently..
>
> Can we use an LRU cache - and pers
Hi All,
AFAIK, currently OAuth2 token endpoint returns the same access token for
different scope. Access tokens are issued per client and resource owner. I
guess, it must be per client, resource owner and scope. If we are
implementing scope validation and resource owner authorization, i guess,
Hi All,
Our current OAuth implementation issues JWT token when validating an OAuth
token that is granted by client credential grant type. This JWT token
contains end user name and user's attributes. Please refer jira [1].
1. How we are identifying the authorized user and claims in the JWT token
w
Hi All,
How can we revoke or update client credentials? If there is a trusted
client and when client's secret is compromised. Client would need to update
this secret. (or generate new one and revoke older one). Sorry, I could not
find any API method for this with IS 450. Or else, we need to de
-Prabath
>
>
> On Fri, Nov 29, 2013 at 10:16 AM, Asela Pathberiya wrote:
>
>> Hi All,
>>
>> Our current OAuth implementation issues JWT token when validating an
>> OAuth token that is granted by client credential grant type. This JWT token
>> conta
IS.. Jira is created to
tract [1]
[1] https://wso2.org/jira/browse/IDENTITY-1916
Thanks,
Asela.
>
> Thanks & regards,
> -Prabath
>
>
>>
>>
>> On Fri, Nov 29, 2013 at 10:49 AM, Asela Pathberiya wrote:
>>
>>> Hi All,
>>>
>>
On Fri, Nov 29, 2013 at 10:53 AM, Asela Pathberiya wrote:
> Hi Prabath/Johann,
>
> Thanks for reply.
>
>
> On Fri, Nov 29, 2013 at 10:40 AM, Prabath Siriwardena wrote:
>
>> If its the client credentials - the resource owner (end user) is the
>> client it self.
&
; Sent from my mobile device
>
> > On Oct 25, 2013, at 5:29 PM, Asela Pathberiya wrote:
> >
> > Hi All,
> >
> > AFAIK, currently OAuth2 token endpoint returns the same access token
> for different scope. Access tokens are issued per client and resource
> owner. I
On Thu, Dec 5, 2013 at 3:07 PM, Ishara Karunarathna wrote:
> Hi All,
>
> This is already fixed in 4.2.1 trunk, and will add this to IS 4.6.0
> release.
>
Great...!!!
Thanks,
Asela.
>
> Thanks,
> Ishara.
>
>
> On Thu, Dec 5, 2013 at 2:51 PM, Asela Pathberiy
Hi All,
AFAIK, OAuth token value can be an any string and there is no special
format has been defined. Therefore I guess, It is better to create an
extension to build the access token. Currently, It seems to be that OAuth
implementation have not an simple extension to customize the returning
acce
ertion-check
Thanks,
Asela.
>
> Thanks & regards,
> -Prabath
>
>
> On Tue, Dec 17, 2013 at 12:29 PM, Asela Pathberiya wrote:
>
>> Hi All,
>>
>> AFAIK, OAuth token value can be an any string and there is no special
>> format has been defined. Therefore
Hi All,
As It is discussed; There are two easy ways that could improve the
performance of Balana.
1. Parallel evaluation of XACML policies.
In Balana, 1st, It would be check whether each policies is valid according
to the target element And then it starts the evaluating of matched
policies.. It
On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika wrote:
> Hi,
>
> I checked the code and found below configuration need to be added to
> identity.xml,in-order to configure the self signup user's assigning role.
>
>
>
> test
> true
>
>
>
> Addition to configuring custom roles for self registr
Hi All,
In some Identity Server deployment, there are clients (web
applications, Application clients and so on) that talk to admin
services in Identity server such as user management, entitlement and
s on... To access these admin services, client must be authenticated
to Identity Server. We can c
On Wed, Mar 5, 2014 at 3:10 PM, Sameera Jayasoma wrote:
> Hi Asela,
>
>
> On Wed, Mar 5, 2014 at 10:55 AM, Asela Pathberiya wrote:
>>
>> Hi All,
>>
>> In some Identity Server deployment, there are clients (web
>> applications, Application clients an
Hi All,
There are several customers/users who are looking for $subject with APIM.
Specially following features
1. Account lock/disable
2. Password/Account recovery
3. Password policies
We are usually not recommending the feature installation. Therefore,
shall we ship these features by default w
ust support for all
other identity management features as well.
Are we removing the user registration from APIM 3.0 ?
Thanks,
Asela.
> Which means that users would expect the same set of features on 3.0 as
> well. Therefore I would be -1 to installing these features on APIM.
>
> On Mon,
same!
On Mon, Feb 5, 2018 at 8:08 PM, Sagara Gunathunga wrote:
>
>
> On Mon, Feb 5, 2018 at 12:56 PM, Nuwan Dias wrote:
>
>>
>>
>> On Mon, Feb 5, 2018 at 12:36 PM, Asela Pathberiya wrote:
>>
>>>
>>>
>>> On Mon, Feb 5, 2018 at 12
On Thu, Sep 6, 2018 at 4:15 PM, Sinthuja Rajendran
wrote:
> Hi,
>
> I have a few questions/concerns on as stated below.
>
> 1) In our WSO2 servers startup script, we do have below java props [1],
> which basically can create a heap dump when the server has gone OOM.
> Therefore, I believe here y
On Fri, Apr 19, 2019 at 5:21 AM Ruwan Abeykoon wrote:
> Hi Johann,
> +1 for implementing the use-case.
> We need to have a white-board session to capture all the possible cases,
> and modules to be touched.
>
> Can we do this once the release pressure is over? For the prospect, can we
> say this
On Thu, May 23, 2019 at 3:00 PM Johann Nallathamby wrote:
> *Problem*
>
> IS currently supports different types of communication channels in the
> products with the use of output event adaptor such as Email, SMS, HTTP,
> etc. However currently there can be only one channel selected for a given
>
On Fri, May 31, 2019 at 7:58 AM Johann Nallathamby wrote:
> *Problem*
>
> When we federate to other OpenID Connect Providers, we can send scope
> values. However, currently the scope values are fixed per OP we define in
> IS. This works fine if the service provider is not a OpenID Connect RP or
>
On Thu, May 23, 2019 at 3:48 PM Asela Pathberiya wrote:
>
>
> On Thu, May 23, 2019 at 3:00 PM Johann Nallathamby
> wrote:
>
>> *Problem*
>>
>> IS currently supports different types of communication channels in the
>> products with the use of output event a
restricted
> set of scopes.
>
To be clear, I assume that this is to implement which is mentioned in here
[1] as scope ?
[1] https://tools.ietf.org/html/rfc7521#section-4.1
Thanks,
Asela.
> Thanks & Regards,
> Johann.
>
> On Fri, May 31, 2019 at 9:43 AM Asela Path
On Mon, Jun 3, 2019 at 2:45 PM Johann Nallathamby wrote:
>
>
> On Mon, Jun 3, 2019 at 1:05 PM Asela Pathberiya wrote:
>
>>
>>
>> On Thu, May 23, 2019 at 3:48 PM Asela Pathberiya wrote:
>>
>>>
>>>
>>> On Thu, May 23, 2019 at 3:00 PM
On Mon, May 27, 2019 at 12:28 PM Johann Nallathamby wrote:
> IAM Team,
>
> Lately I've been thinking of a way to support dynamic roles in WSO2 IS.
> What triggered me was, we already have a tool to author dynamic role
> policies with XACML, albeit its shortcomings. Moreover the limitations in
> t
On Mon, Jun 3, 2019 at 6:28 PM Johann Nallathamby wrote:
>
>
> On Mon, Jun 3, 2019 at 6:25 PM Johann Nallathamby wrote:
>
>>
>>
>> On Mon, Jun 3, 2019 at 5:29 PM Asela Pathberiya wrote:
>>
>>>
>>>
>>> On Mon, Jun 3, 20
On Thu, Jul 18, 2019 at 1:55 PM Dinali Dabarera wrote:
> Hi all,
>
> As an improvement, we have introduced a new validation for SP certificate
> expiry time in SAML request validation flow flow as a fix for the issue
> reported in [1]. The fix is as follows [2]
>
> We have introduced a new prope
On Tue, Aug 20, 2019 at 2:37 PM Nuwan Dias wrote:
> Hi,
>
> With the introduction of the Microgateway self-contained access tokens
> were supported in the API Manager since version 2.5. Self-contained access
> tokens however were only supported in the Microgateway so far. The regular
> gateway wa
On Wed, Sep 18, 2019 at 7:09 AM Ruwan Abeykoon wrote:
> Hi Nipun,
> This is supported OOTB [1]
>
> [1] https://docs.wso2.com/display/IS570/Working+with+ACR+and+AMR
>
Does this support with back channel authentication + token granting ?
Thanks
Asela.
>
> Cheers,
> Ruwan A
>
> On Wed, Sep 18, 2
On Wed, Sep 25, 2019 at 10:47 AM gayan gunawardana
wrote:
> Hi APIM team,
>
> Is there any recommended deployment pattern to implement [1] if SSL
> termination happen from load balancer ?
>
One option is that sending the client certificate's data using HTTP
header. Also it can be done at the SS
On Tue, Oct 22, 2019 at 10:12 PM Supun Perera wrote:
> Reduced Audience
>
>
>
> On Tue, Oct 22, 2019 at 9:03 PM Supun Perera wrote:
>
>> Hi All,
>>
>> As the correlation logs is a wonderful feature for troubleshooting the
>> issues, It was very helpful in support, However, we have noticed that i
On Tue, Dec 31, 2019 at 6:36 PM Supun Perera wrote:
> Hi All,
>
> *Problem*
> As of now Identity server users database based session data persistence
> for storing the user authentication sessions in addition to the
> authentication cache. Also, it's recommended to enable the session
> persistenc
On Wed, Jan 1, 2020 at 8:43 PM Asela Pathberiya wrote:
>
>
> On Tue, Dec 31, 2019 at 6:36 PM Supun Perera wrote:
>
>> Hi All,
>>
>> *Problem*
>> As of now Identity server users database based session data persistence
>> for storing the user
On Wed, Feb 12, 2020 at 5:44 PM Sarubi Thillainathan
wrote:
>
>
>
> On Wed, Feb 12, 2020 at 5:38 PM Sarubi Thillainathan
> wrote:
>
>> Hi All,
>>
>> Currently in IS, whenever a token request comes with a list of scopes
>> we'll be showing all the scopes and get the consent from the user
>> regar
by default ?
Thanks,
Asela.
> Thanks,
> Sarubi.
>
> On Wed, Feb 12, 2020 at 6:06 PM Asela Pathberiya wrote:
>
>>
>>
>> On Wed, Feb 12, 2020 at 5:44 PM Sarubi Thillainathan
>> wrote:
>>
>>>
>>>
>>>
>>> On Wed, Feb
On Thu, Feb 13, 2020 at 11:15 AM Sarubi Thillainathan
wrote:
>
>
> On Thu, Feb 13, 2020 at 10:50 AM Asela Pathberiya wrote:
>
>>
>>
>> On Thu, Feb 13, 2020 at 10:48 AM Sarubi Thillainathan
>> wrote:
>>
>>> Hi Asela,
>>>
>>&
87 matches
Mail list logo