Skip to content
This repository has been archived by the owner on Apr 21, 2024. It is now read-only.

Commit

Permalink
Merge pull request #22 from VimukthiPerera/master
Browse files Browse the repository at this point in the history
Migrate to IS 5.5.0
  • Loading branch information
msmshariq authored Apr 5, 2018
2 parents b24edae + a922406 commit 3622611
Show file tree
Hide file tree
Showing 4 changed files with 120 additions and 7 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ cd vagrant-is
```
>If you are to try out an already released zip of this repo, please ignore this 2nd step also. Instead, extract the zip file and directly browse to `vagrant-is-<released-version>` folder.
>If you are to try out an already released tag, after executing 2nd step, checkout the relevant tag, i.e. for example: <br> git checkout tags/v5.4.1.4 and continue below steps.
>If you are to try out an already released tag, after executing 2nd step, checkout the relevant tag, i.e. for example: <br> git checkout tags/v5.5.0.1 and continue below steps.
3. Spawn up the Vagrant setup.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

# set variables
WSO2_SERVER=wso2is-analytics
WSO2_SERVER_VERSION=5.4.1
WSO2_SERVER_VERSION=5.5.0
WSO2_SERVER_PACK=${WSO2_SERVER}-${WSO2_SERVER_VERSION}*.zip
MYSQL_CONNECTOR=mysql-connector-java-5.1.*-bin.jar
JDK_ARCHIVE=jdk-8u*-linux-x64.tar.gz
Expand Down
121 changes: 117 additions & 4 deletions identity-server/confs/repository/conf/identity/identity.xml
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,24 @@
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
</SupportedGrantTypes>

<!--
Defines the grant types that will filter user claims based on user consent in their responses such as
id_token or user info response.
Default grant types that filter user claims based on user consent are 'authorization_code' and 'implicit'.
Supported versions: IS 5.5.0 onwards.
-->
<UserConsentEnabledGrantTypes>
<UserConsentEnabledGrantType>
<GrantTypeName>authorization_code</GrantTypeName>
</UserConsentEnabledGrantType>
<UserConsentEnabledGrantType>
<GrantTypeName>implicit</GrantTypeName>
</UserConsentEnabledGrantType>
</UserConsentEnabledGrantTypes>

<OAuthCallbackHandlers>
<OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler"/>
</OAuthCallbackHandlers>
Expand All @@ -261,6 +279,7 @@
<!-- Scope validators list. The validators registered here wil be executed during token validation. -->
<ScopeValidators>
<ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" />
<ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
</ScopeValidators>

<!-- Scope handlers list. The handlers registered here will be executed at the scope validation phase while
Expand Down Expand Up @@ -323,6 +342,25 @@
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>

<!-- Default asymmetric encryption algorithm that used to encrypt CEK. -->
<IDTokenEncryptionAlgorithm>RSA-OAEP</IDTokenEncryptionAlgorithm>
<!-- Default symmetric encryption algorithm that used to encrypt JWT claims set. -->
<IDTokenEncryptionMethod>A128GCM</IDTokenEncryptionMethod>

<!-- Supported versions: IS 5.5.0 onwards. -->
<SupportedIDTokenEncryptionAlgorithms>
<SupportedIDTokenEncryptionAlgorithm>RSA1_5</SupportedIDTokenEncryptionAlgorithm>
<SupportedIDTokenEncryptionAlgorithm>RSA-OAEP</SupportedIDTokenEncryptionAlgorithm>
</SupportedIDTokenEncryptionAlgorithms>
<SupportedIDTokenEncryptionMethods>
<SupportedIDTokenEncryptionMethod>A128GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A192GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A256GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A128CBC-HS256</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A128CBC+HS256</SupportedIDTokenEncryptionMethod>
</SupportedIDTokenEncryptionMethods>

<EnableAudiences>true</EnableAudiences>
<!-- Comment out to add Audience values to the JWT token (id_token) -->
<!--Audiences>
<Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
Expand All @@ -343,15 +381,20 @@
<SkipUserConsent>false</SkipUserConsent>
<!-- Sign the ID Token with Service Provider Tenant Private Key-->
<SignJWTWithSPKey>false</SignJWTWithSPKey>
<!--
Expiry period of the logout token used in OIDC Back Channel Logout in seconds.
Supported versions: IS 5.5.0 onwards
-->
<LogoutTokenExpiration>120</LogoutTokenExpiration>

<!--
OIDC Request Object builder implementation.
Supported versions: IS 5.4.0 onwards
-->
<RequestObjectBuilders>
<RequestObjectBuilder>
<BuilderName>request_param_value_builder</BuilderName>
<RequestObjectBuilderImplClass>org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder</RequestObjectBuilderImplClass>
<Type>request_param_value_builder</Type>
<ClassName>org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder</ClassName>
</RequestObjectBuilder>
</RequestObjectBuilders>

Expand Down Expand Up @@ -416,6 +459,11 @@
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
</SSOService>

<Consent>
<!--Specify whether consent management should be enable during SSO.-->
<EnableSSOConsentManagement>true</EnableSSOConsentManagement>
</Consent>

<SecurityTokenService>
<!--
Default value for IdentityProviderURL is built in following format
Expand Down Expand Up @@ -470,6 +518,12 @@
<Property name="UserName">admin</Property>
<Property name="Password">admin</Property-->
</Authenticator>

<!-- Flag to indicate advanced complex multiValued attributes support enabled or not.
Default value : false
Supported versions: IS 5.5.0 beta onwards
-->
<!--<ComplexMultiValuedAttributeSupportEnabled>true</ComplexMultiValuedAttributeSupportEnabled>-->
</SCIMAuthenticators>
</SCIM>

Expand Down Expand Up @@ -578,8 +632,28 @@
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
orderId="11" enable="true"/>

<!-- Enable this listener to call DeleteEventRecorders. -->
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.user.mgt.listeners.UserDeletionEventListener"
orderId="98" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
orderId="110" enable="true"/>
</EventListeners>

<!-- These recorders are used to write user delete information to specific sources. Default event recorder is CSV
file recorder. This recorder is disabled by default. Enable it by setting enable="true". To run these recorders,
EventListener "rg.wso2.carbon.user.mgt.listeners.UserDeletionEventListener" also should be enabled. Which is
also disabled by default. -->
<UserDeleteEventRecorders>
<UserDeleteEventRecorder name="org.wso2.carbon.user.mgt.recorder.DefaultUserDeletionEventRecorder" enable="false">
<!-- Un comment below line if you need to write entries to a separate .csv file. Otherwise this will be
written in to a log file using a separate appender. -->
<!--<Property name="path">${carbon.home}/repository/logs/delete-records.csv</Property>-->
</UserDeleteEventRecorder>
</UserDeleteEventRecorders>

<CacheConfig>
<!-- Identity cache configuration.
Timeouts are in seconds.
Expand Down Expand Up @@ -616,7 +690,44 @@


<ResourceAccessControl>
<Resource context="(.*)/api/identity/user/(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/>
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/user/v1.0/pi-info" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/user/v1.0/pi-info/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/receipts/(.*)" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>

<Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="POST">
Expand Down Expand Up @@ -714,7 +825,8 @@

<TenantContextsToRewrite>
<WebApp>
<Context>/api/identity/user/v0.9/</Context>
<Context>/api/identity/user/v1.0/</Context>
<Context>/api/identity/consent-mgt/v1.0/</Context>
<Context>/api/identity/recovery/v0.9/</Context>
<Context>/oauth2/</Context>
<Context>/scim2/</Context>
Expand All @@ -728,4 +840,5 @@

<!-- Server Synchronization Tolerance Configuration in seconds -->
<ClockSkew>300</ClockSkew>

</Server>
2 changes: 1 addition & 1 deletion identity-server/provisioner/product_provisioner.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

# set variables
WSO2_SERVER=wso2is
WSO2_SERVER_VERSION=5.4.1
WSO2_SERVER_VERSION=5.5.0
WSO2_SERVER_PACK=${WSO2_SERVER}-${WSO2_SERVER_VERSION}*.zip
WSO2_SERVER_PACK=${WSO2_SERVER}-${WSO2_SERVER_VERSION}*.zip
MYSQL_CONNECTOR=mysql-connector-java-5.1.*-bin.jar
Expand Down

0 comments on commit 3622611

Please sign in to comment.