Wednesday, September 20, 2017

Customizing Account Locking Mechanism on a User Store base in WSO2IS-5.1.0

In WSO2IS-5.1.0, there is User Account Locking scenarios as explained in this document.

One type of account locking scenario is Account locking by failed login attempts

Be default configurations related to Account locking based on failed attempts are global to all the users in the Identity Server.(i.e. Global to all the user stores)

Configuration parameters in the <IS_HOME>/repository/conf/identity/identity-mgt.properties file.
Configuration
Description
Authentication.Policy.Enable=true
This enables the authentication flow level which checks for the account lock and one time password features. This property must be enabled for the account lock feature to work.
Authentication.Policy.Account.Lock.On.Failure=true
This enables locking the account when authentication fails.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2
This indicates the number of consecutive attempts that a user can try to log in without the account getting locked. In this case, if the login fails twice, the account is locked.
Authentication.Policy.Account.Lock.Time=5
The time specified here is in minutes. In this case, the account is locked for five minutes and authentication can be attempted once this time has passed.


Let's say there is a use case to maintain these configurations per user store.

Example scenario would be,
  1. There are two user stores configured with WSO@IS-5.1.0 instance.
    1. Primary user store with default name "PRIMARY"
    2. A secondary user store with name "TEST"
  2. For both user stores we need different configuration parameter values
    1. PRIMARY user Store
      • Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2
      • Authentication.Policy.Account.Lock.Time=5
    2. TEST user store
      • Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=5
      • Authentication.Policy.Account.Lock.Time=3
Let's say user store specific configurations can be in the below format and added to <IS_HOME>/repository/conf/identity/identity-mgt.properties.
  1. <UserStore>.Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2
    <UserStore>.Authentication.Policy.Account.Lock.Time=5
ex:
  1. TEST.Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=5
    TEST.Authentication.Policy.Account.Lock.Time=3

WSO2 Identity Server doesn't support this custom configuration by default.We need to write a custom User Operations Event Listener in order to achieve this.

One approach is to extend org.wso2.carbon.identity.mgt.IdentityMgtEventListener| and override it's methods to check particular values based on the UserStore Domain.

I have written a sample user operation event listener with this approach and overridden only two methods doPreAuthenticate and doPostAuthenticate.

I have implemented a CustomIdentityMgtConfig to hold configurations and used them accordingly to retrieve user store specific configuration values.(Go through the code to get a better understanding)

Once the custom user operation event listener(org.wso2.carbon.sample.user.operation.event.listener.CustomIdentityMgtEventListener) is implemented you can enable it in the place of org.wso2.carbon.identity.mgt.IdentityMgtEventListener in $IS_HOME/repository/conf/identity/identity.xml.

Copy the built org.wso2.carbon.sample.user.operation.event.listener-1.0.0.jar to $IS_HOME/repository/components/dropins and restart the server.

To achieve full functionality we may need to override other methods as well.


Read More

Defining a Custom Default Authentication Flow for All Service Providers WSO2IS-5.3.0


You can set the default authentication sequence in the $IS_HOME/repository/conf/identity/service-providers/default.xml file.

..........
<LocalAndOutBoundAuthenticationConfig>
        <AuthenticationSteps>
            <AuthenticationStep>
                <StepOrder>1</StepOrder>
                <LocalAuthenticatorConfigs>
                    <LocalAuthenticatorConfig>
                        <Name>BasicAuthenticator</Name>
                        <DisplayName>basicauth</DisplayName>
                        <IsEnabled>true</IsEnabled>
                    </LocalAuthenticatorConfig>
                </LocalAuthenticatorConfigs>
                <!-- FederatedIdentityProviders>
                 <IdentityProvider>
                       <IdentityProviderName>facebook</IdentityProviderName>
                       <IsEnabled>true</IsEnabled>
                                     <DefaultAuthenticatorConfig>
                                             <FederatedAuthenticatorConfig>
                                                     <Name>FacebookAuthenticator</Name>
                                                     <IsEnabled>true</IsEnabled>
                                             </FederatedAuthenticatorConfig>
                                     </DefaultAuthenticatorConfig>
                 </IdentityProvider>
                </FederatedIdentityProviders -->
                <SubjectStep>true</SubjectStep>
                <AttributeStep>true</AttributeStep>
            </AuthenticationStep>
        </AuthenticationSteps>   
    </LocalAndOutBoundAuthenticationConfig>
..........


Here, You can define Authentication steps for the default authentication flow. By default it is set to One step with BasicAuthenticator.

If you do NOT configure Local & Outbound Authentication Configuration section in a Service Provider and set to Default as in below image, authentication flow for the Service Provider will be the flow you define in above configuration.

Read More

Friday, March 31, 2017

WSO2GREG-5.3.0 - Enable visibility of assets in Store only for assets in particular lifecycle state

There can be use cases that some organizations only needs to make artifacts visible in the store, only when they reach a particular state of its lifecycle. This requirement can be catered via the extension[1] model of WSO2GREG.

As an example let’s take soapservice, and assume that we need to make soapservices visible in store, only when they reach "Published" state in their lifecycle.
Follow below steps for that.

Open [Home]/repository/deployment/server/jaggeryapps/store/extensions/assets/soapservice/asset.js file.

Inside asset.manager look for 'search' function, which overrides the default store behavior. [2]

Enable below line inside 'search' function.

query = buildPublishedQuery(query);
//originally commented this inorder to let anystate visible in store.

Let's decide which state should be allowed in store. For that in the asset.configure section of the same file[3], add below meta section.

lifecycle: {
                publishedStates: ['Production']
            }

Now the asset.configure section should look something like below.
asset.configure = function() {
    return {
        meta: {
        lifecycle: {
                publishedStates: ['Production']
            },
            ui: {
                icon: 'fw fw-soap',
                iconColor: 'orange'
            },
            isDependencyShown: true,
            isDiffViewShown:false
        }
    }
};

Restart the server. Now in the store only soapservices in "published" state will be visible.

If you need to have same behavior for other asset types as well, then follow the same steps in each assets extension type, by editing [Home]/repository/deployment/server/jaggeryapps/store/extensions/assets/[ASSET-TYPE]/asset.js file.

[2] https://github.com/wso2/product-greg/blob/v5.3.0/modules/es-extensions/store/asset/soapservice/asset.js#L119
[3] https://github.com/wso2/product-greg/blob/v5.3.0/modules/es-extensions/store/asset/soapservice/asset.js#L147
Read More

Monday, February 27, 2017

WSO2GREG-5.2.0- Writing extension to bind clientside javascript to pages in store

In a previous post I have explained how to Write extensions to replicate more artifact metadata in Store
In this post I will explain how to bind some client-side javascript/jquery to improve the behavior of pages in Store UI.

Followed by the sample steps explained in this previous post, Let's see how to add a custom javascript file to restservice asset type's details page.

In this sample js, I am going to set active tab of the asset details page to a desired one, using a URL fragment.

as of now, when we are browsing assets in Store and viewing metadata details of an asset, the first tab is opened by default.

Let's say, I wanted to go directly to the page with the third tab 4th tab(security) opened.

To do that,
  •  In [HOME]/repository/deployment/server/jaggeryapps/store/extensions/assets/restservice/themes/store/js/ location, add a js file, select-tab.js with following content

$(function() {
var fragment = window.location.hash;

if(fragment) {
    var tabName = '#asset-content-' + fragment.replace("#", "");
    var tab = $(tabName);
    var tabContentName = '#tab-content-'+ fragment.replace("#", "");
    var tabContent = $(tabContentName);
    if(tab.length > 0 && tabContent.length > 0){
        tab.addClass("active");
        tabContent.addClass("active");
     } else {
    showDefault();
     }
} else {
    showDefault();
}
});


function showDefault(){
        $('#asset-description').addClass("active");
        $('#tab-properties').addClass("active");
}


  • Now bind this js, to resetservice asset details page by editing [HOME]/repository/deployment/server/jaggeryapps/store/extensions/assets/restservice/themes/store/helpers/asset.js
 var name;
var custom = require('/extensions/app/greg-store-defaults/themes/store/helpers/asset.js');
var that = this;
/*
In order to inherit all variables in the default helper
*/
for (name in custom) {
    if (custom.hasOwnProperty(name)) {
        that[name] = custom[name];
    }
}
var fn = that.resources;
var resources = function(page, meta) {
    var o = fn(page, meta);
    if (!o.css) {
        o.css = [];
    }
    //code-mirror third party library to support syntax highlighting & formatting for WSDL content.
    o.css.push('codemirror.css');
    o.js.push('codemirror.js');
    o.js.push('javascript.js');
    o.js.push('formatting.js');
    o.js.push('xml.js'); //codemirror file to provide 'xml' type formatting.
    o.js.push('asset-view.js');//renders the wsdl content with codemirror supported formatting.
    o.js.push('select-tab.js');//renders active tab based on url fragment
    return o;
};

  • Restart the server and after login to store, goto URls like "https://192.168.122.1:9443/store/assets/restservice/details/3601ed3c-5f49-4115-ac7d-d6f578d4c593#security

 


Read More

Thursday, January 5, 2017

Configure Email Server in WSO2IS-5.3.0

         Email notification mechanism in WSO2IS-5.3.0 Identity Management components, is now handled with new notification component. Accordingly, email server configurations also changed as follows. Other than configurations in axis2.xml,

  • Open [IS_HOME]/repository/conf/output-event-adapters.xml
  • In this file give correct property values for the email server that you need to configure for this service in adapterConfig type="email"
    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
        based authentication rather username/password authentication -->
        <property key="mail.smtp.from">abcd@gmail.com</property>
        <property key="mail.smtp.user">abcd@gmail.com</property>
        <property key="mail.smtp.password">xxxx</property>
        <property key="mail.smtp.host">smtp.gmail.com</property>
        <property key="mail.smtp.port">587</property>
        <property key="mail.smtp.starttls.enable">true</property>
        <property key="mail.smtp.auth">true</property>
        <!-- Thread Pool Related Properties -->
        <property key="minThread">8</property>
        <property key="maxThread">100</property>
        <property key="keepAliveTimeInMillis">20000</property>
        <property key="jobQueueSize">10000</property>
    </adapterConfig>
Read More

Tuesday, August 30, 2016

Enable debug logs for a jaggery app

Goto  [Product-Home]/repository/deployment/server/jaggeryapps/<app-folder>
    ex: to enable debug logs for WSO2 GREG  Publisher app,             [GREG-HOME]/repository/deployment/server/jaggeryapps/publisher

Open the jaggery.conf file


Modify the "logLevel": "info" entry to "logLevel": "debug"


Restart the server and now you can see debug logs in the console.


[1] http://jaggeryjs.org/documentation.jag?api=jagconf
Read More

Monday, August 15, 2016

WSO2 G-Reg-5.30 Associations Publisher REST API

WSO2 Governance Registry product provides a set of resources under its Publisher Rest API to perform CRUD operations over Associations of an asset instance.

Default it provides below API resources under /{context}/apis/association/

GET /{type}/{association}/{id}

    Returns list of possible associatable target assets list.
    {type} - source asset type
    {association} - association name
    {id} - source asset id

Parameters:
    q="name":"*"
Returns associatable assets subject to default paging

    q="name":"aa"
Returns associatable assets subject to search over name attribute for the provided input.

Ex: https://localhost:9443/publisher/apis/association/soapservices/reference/404cada0-5e8d-4e39-8c21-fdc96c1f0ccc?q="name"%3A"te"

Response:
{
  "results":[
     {
        "uuid":"aaeab854-547d-4fcd-ac1f-f906e623877f",
        "text":"tets",
        "version":"1.2.3",
        "type":"application/vnd.wso2-soap-service+xml",
        "shortName":"soapservice"
     },
     {
        "uuid":"e47d7197-14a1-45a0-b43b-d46468ad58a0",
        "text":"API_Test",
        "version":"1.2.3",
        "type":"application/vnd.wso2-restservice+xml",
        "shortName":"restservice"
     },
     {
        "uuid":"e98b151b-6711-4963-84ef-6607a219817d",
        "text":"testRest",
        "version":"1.2.3",
        "type":"application/vnd.wso2-restservice+xml",
        "shortName":"restservice"
     }
  ]
}


GET  /{type}


    Returns association types defined in governance.xml for a given asset type.

Ex:https://localhost:9443/publisher/apis/association/soapservices

Response:
    [
  {
     "key":"ownedBy",
     "value":"fw-user"
  },
  {
     "key":"security",
     "value":"fw-security"
  },
  {
     "key":"depends",
     "value":"fw-store"
  },
  {
     "key":"usedBy",
     "value":"fw-globe"
  }
]

POST /*

    Add an association to a given asset instance
Ex: https://localhost:9443/publisher/apis/association
Request Payload
    {
  "sourceUUID":"b26d640b-9239-42ec-aeda-d4fbb79d665a",
  "destUUID":"e98b151b-6711-4963-84ef-6607a219817d",
  "sourceType":"soapservice",
  "destType":"restservice",
  "associationType":"depends"
}

DELETE /remove

    Remove added association from an asset instance.
Ex: https://localhost:9443/publisher/apis/association/remove
Request Payload
        {
  "sourceUUID":"b26d640b-9239-42ec-aeda-d4fbb79d665a",
  "destUUID":"e98b151b-6711-4963-84ef-6607a219817d",
  "sourceType":"soapservice",
  "destType":"restservice",
  "associationType":"depends"
}

Read More

Change the default icon of an asset type in WSO2 G-Reg 5.3.0

WSO2 G-Reg 5.3.0 is the latest release version of Governance Registry product.

In a vanilla pack all the thumbnails are rendered to be default to an unique color and the first letter of the asset name.

But if someone wants to customize this thumbnail here are the steps.

In this post I will explain how to change the thumbnail of a particular asset type, namely I will take 'reserservice' type as an example.

Let's say we want to change all the occurrences of thumbnails of 'restservice' type to a custom image icon shown below.
api-thumbnail.png



Let's start with copying desired thumbnail icon to following location where <asset-type> refers to the interested type.

[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/<asset-type>/themes/default/imgs/

Ex: I have added api_thumbnail.png into
[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/imgs/

Consider Details page of an asset. By default it looks like below image.


default-thumbnain-in-details.png

To change the thumbnail of this page to the custom image refer the newly added image from

[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/partials/view-asset-top-common-container.hbs file. 
If you already don't have view-asset-top-common-container.hbs in location take a copy of 
[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/app/greg-publisher-defaults/themes/default/partials/view-asset-top-common-container.hbs
into
[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/partials/view-asset-top-common-container.hbs 

It is default to below
<div class="ast-name-icon">{{this.nameToChar}}</div>
Change it to
<div class="ast-name-icon">
     <img alt="thumbnail" class="square-element img-thumbnail" src='{{url ""}}/extensions/assets/restservice/themes/default/imgs/api_thumbnail.png'>
</div>

And change the style configurations to align the custom image nicely. I have removed  style="background: {{this.uniqueColor}}" from parent div as well.

Now
[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/partials/view-asset-top-common-container.hbs looks like below.


{{#with assets}}
    <div class="well asset-well">
        <div class="container-fluid">
            <div class="row">
                <div class="col-lg-12">
                    <div class="pull-left ast-img setbgcolor" title="{{name}}">
                        <span class="ast-type-icon" title="{{this.singularLabel}}">
                            <i class="{{icon}} fw-lg"></i>
                        </span>
                        <!--div class="ast-name-icon">{{this.nameToChar}}</div-->
                        <div class="ast-name-icon">
                            <img alt="thumbnail" class="square-element img-thumbnail" src='{{url ""}}/extensions/assets/restservice/themes/default/imgs/api_thumbnail.png'>
                        </div>
                    </div>
                    <div class="asset-details-right">
                        <h4>{{name}}</h4>
                        {{#if version}}
                            <p>Version : {{version}}</p>
                        {{/if}}
                        {{#if lifecycleState}}
                        <p>{{lifecycle}} : {{lifecycleState}}</p>
                        {{/if}}
                        <div class="well-description">{{tables.0.fields.createdtime.value}}</div>
                    </div>
                 </div>
            </div>
        </div>
    </div>

{{/with}}

When you refresh the details page, the thumbnail should be changes as in below image. make sure to refresh the browser cache if the change is not appearing.


changed-details.png




Now consider overriding the default thumbnail in ‘Edit’ page which is default rendered as below.


default-thumbnain-in-edit.png

Same as in the previous step, now edit the
[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/partials/update_asset.hbs

After changing it should look like below.

{{#with assets}}

    <div class="well asset-well">

        <div class="container-fluid">
            <div class="row">
                <div class="col-lg-12">
                    <div class="pull-left ast-img setbgcolor" title="{{name}}">
                        <span class="ast-type-icon" title="{{this.singularLabel}}">
                            <i class="fw fw-rest-service fw-lg"></i>
                        </span>
                        <!--div class="ast-name-icon">{{this.nameToChar}}</div-->
                        <div class="ast-name-icon">
                            <img alt="thumbnail" class="square-element img-thumbnail" src='{{url ""}}/extensions/assets/restservice/themes/default/imgs/api_thumbnail.png'>
                        </div>
                    </div>
                    <div class="asset-details-right">
                        <h4>{{name}}</h4>
                        {{#if version}}
                            <p>Version : {{version}}</p>
                        {{/if}}
                        {{#if lifecycleState}}
                            <p>{{lifecycle}} : {{lifecycleState}}</p>
                        {{/if}}
                        <div class="well-description">{{tables.0.fields.createdtime.value}}</div>
                    </div>
                </div>
            </div>
        </div>
    </div>
{{/with}}


{{> update_form .}}

When you refresh the browser Edit page of the asset will get rendered with below change.

changed-update.png




To override the default thumbnail in asset Listing page, you need to edit 

[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/partials/list_assets_table_body.hbs



default thumbnail.png
To override the default thumbnail in asset listing page.


[HOME]/repository/deployment/server/jaggeryapps/publisher/extensions/assets/restservice/themes/default/partials/list_assets_table_body.hbs

After changing it should look like below.
{{#each .}}


    <div class="ctrl-wr-asset">
        <div class="itm-ast">
            <a id="{{this.id}}" class="ast-img" href='{{url ""}}/assets/{{type}}/details/{{this.id}}' title="{{this.attributes.overview_name}}">
                <div class="ast-img setbgcolor" >
                    <span class="ast-type-icon" title="{{this.singularLabel}}">
                        <i class="fw fw-rest-service fw-lg"></i>
                    </span>
                    <!--div class="ast-name-icon">{{this.nameToChar}}</div-->
                    <div class="ast-name-icon">
                        <img alt="thumbnail" class="square-element img-thumbnail" src='{{url ""}}/extensions/assets/restservice/themes/default/imgs/api_thumbnail.png'>
                    </div>
                </div>
            </a>
            <div class="ast-desc">
                <a href='{{url ""}}/assets/{{type}}/details/{{this.id}}'>
                    <h3 class="ast-name" title="{{this.attributes.overview_name}}">{{this.attributes.overview_name}}</h3>
                </a>
                {{#if this.attributes.overview_version}}
                    <span class="ast-ver">V{{this.attributes.overview_version}} </span>
                {{/if}}
                <span class="ast-published">{{this.attributes.overview_namespace}}</span>
                {{#if this.currentLCStateDurationColour}}
                    <span class="lifecycle-state">
                    <small>
                        <div class="colorbar" Title="Current Lifecycle State Duration: {{this.currentLCStateDuration}}"
                             style="background-color: {{this.currentLCStateDurationColour}}"></div>
                        <i class="icon-circle lc-state-{{this.currentLCStateDuration}}"></i> {{this.lifecycleState}}
                    </small></span>
                {{else}}
                    {{#if this.lifecycleState}}
                        <span class="lifecycle-state"><small><i
                                class="icon-circle lc-state-{{this.lifecycleState}}"></i> {{this.lifecycleState}}
                        </small></span>
                    {{/if}}
                {{/if}}
            </div>
            <br class="c-both" />
        </div><br class="c-both" />
    </div>
{{/each}}

Refreshing restservices 'Listing' page, restservice thumbnails should be changes as below.


To see the same behavior in Store side for restservices,

First copy the desired image to 
[HOME]/repository/deployment/server/jaggeryapps/store/extensions/assets/restservice/themes/store/imgs/api_thumbnail.png

Then edit 
[HOME]/repository/deployment/server/jaggeryapps/store/extensions/assets/restservice/themes/store/partials/default-thumbnail.hbs
to refer to the custom image. If
[HOME]/repository/deployment/server/jaggeryapps/store/extensions/assets/restservice/themes/store/partials/default-thumbnail.hbs 
is not available default in this location, take a copy from 
[HOME]/repository/deployment/server/jaggeryapps/store/extensions/app/greg-store-defaults/themes/store/partials/default-thumbnail.hbs

After edit the file it should look like below.

<div class="ast-img setbgcolor" data-toggle="tooltip" title="{{name}}">
    <span class="ast-type-icon"  title="{{this.singularLabel}}">
      <i class="fw fw-rest-service fw-lg"></i>
      </span>
    <!--div class="ast-name-icon">{{this.nameToChar}}</div-->
    <div class="ast-name-icon">
        <img alt="thumbnail" class="square-element img-thumbnail" src='{{url ""}}/extensions/assets/restservice/themes/store/imgs/api_thumbnail.png'>
    </div>

</div>

Read More
Designed ByBlogger Templates