Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
This was identified through "Sample application not working if we deploy only one" email thread. Individual deployment of IS OIDC samples does not work due to SSL certificate validation

Suggested Labels:
Bug, Improvements

Suggested Assignees:
[email protected]

Affected Product Version:
N/A

OS, DB, other environment details and versions:
N/A

Steps to reproduce:
Start a tomcat server and deploy any oidc sample app (with SP configuration). Try to login and you will get the mentioned error,

javax.servlet.ServletException: org.apache.oltu.oauth2.common.exception.OAuthSystemException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:667)

Related Issues:
N/A

Description:
Due to API addition IS 5.7.0 the SOAP services in IS 5.7.0 do not work in IS 5.6.0. We need to fix this in application level

Description:
With IS 5.7.0, the WSO2 IS consent management service changed.
Hence, the current GDPR QSG is not working with that.

Description:
In the work-flow scenario of doc [1], email sending is not working as expected.

[1] https://docs.wso2.com/display/IS560/Quick+Start+Guide#QuickStartGuide-Creatingaworkflow

Description:
Currently in the QSG we have two scenarios to demonstrate,

1. SSO among two SAML Apps
2. SSO among two OIDC Apps

It would be great if we could included a scenario to demonstrate the SSO between one SAML app and one OIDC app.

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Logout of pickup application goes to default logout page. Therefore after the logout user can't go to the login page. So after the logout user should be redirected to login page rather than go to the default IS logout page.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Even though we have three different web application to show demo for GDPR, the index pages are same as below.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Go to sample app with http://localhost.com:8080/notification
loggedin
Click on view campaign button
You will get following exception
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) sun.security.validator.Validator.validate(Validator.java:260) sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) sun.security.ssl.Handshaker.process_record(Handshaker.java:987) sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) org.wso2.sample.consent.mgt.ClientServlet.getConsentReceiptId(ClientServlet.java:60) org.wso2.sample.consent.mgt.ClientServlet.doGet(ClientServlet.java:29) org.wso2.sample.consent.mgt.ClientServlet.doPost(ClientServlet.java:40) javax.servlet.http.HttpServlet.service(HttpServlet.java:661) javax.servlet.http.HttpServlet.service(HttpServlet.java:742) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Sample IS GIT structure is complex at the moment. It doe not have a proper standard. Since we refer this to users, customers we must provide a minimalistic folder structure

Suggested Labels:
Improvements

Suggested Assignees:
[email protected]

Description:
Pickup & Dispatch SAML applications deploy successfully only when IS server is running. Otherwise its not deployed.

Description:
Issue 1: An issue of carbon server error "Invalid remote address" is occurred when the domain name is used as localhost although the etc/hosts name is defined properly for localhost

Issue 2: When running the bat file in windows, the Specified label not found fun_name issue occurred

Description:
Once the user presses a wrong input then the execution exit, but it should not exit until the user explicitly mention to exit
Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Older versions (5.3.0) of IS use different keystore compared to one that used in the later versions (5.7.0).

Need to update readmes on updating the keystore if it's needed

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently tomcat, IS port and host names were hardcoded in the script but that should be configurable.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Implement the SAML apps to try SAML bearer grant

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

1. Logged in to Dispatch, logged in to Swift.
2. Logout from Swift
3. Dispatch is not get logged out.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
We deliver a .zip for our QSG guide. It is the first instance of interaction with our IS server. But at the moment, delivered ZIP is complex. For example, scripts are not present in root level. One must navigate a lot to find and start the guide.

We must simply the overview of folder structure.

Suggested Labels:
Improvements

Suggested Assignees:
[email protected]

Description:
Currently, the security codes generated via the SOAP service cannot be used by the new REST service

Description:

1. Exceute gdpr.sh file
2. users will be created (cameron)
3. Then we asked to login as that user (cameron) but the password is not shown anywhere

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Sometimes its annoying when users have to copy paste the tomcat and IS path during the run of each sample.

I would suggest to either read it from an environment variable. If the environment variable is not set then we can prompt for the path in the QSG scripts.

Description:

1. Execute the script gdpr.sh
2. Select option 1
3. It will create a user, service provider
4. Again repeat the same steps
5. Still you will get user successfully added and all. But the exception is throwing in the backend. The script should be fixed

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
This should be configurable and not hard coded

Description:
According to the new fixes a property file called server.properties file is added to the bin folder to configure, IS home path and tomcat server path.

Add this information to doc [1]

[1] https://docs.wso2.com/display/IS560/Quick+Start+Guide

Description:
At the moment, sample apps have mock UI functionality. We do not provide a backend. Having a backend will allow us to demonstrate special scenarios such as IS as a Key manager. Backend must be self deployable using msf4j

Suggested Labels:
Improvements, enhancements

Suggested Assignees:
[email protected]

Description:

Rename the OIDC SSO sample application names from

• pickup-dispatch -> oidc-web-app-pickup-dispatch
• pickup-manager -> oidc-web-app-pickup-manager

Severity: Critical
Priority: High
Type: Bug

Web apps saml2-web-app-pickup-dispatch.com [1] and saml2-web-app-pickup-manager.com [2] URL of the SAML 2.0 Assertion Consumer host name should change as , localhost

[1] https://github.com/wso2/samples-is/blob/master/sso-samples/saml2-sso-sample/saml2-web-app-pickup-dispatch/src/main/resources/sso.properties#L41

[2] https://github.com/wso2/samples-is/blob/master/sso-samples/saml2-sso-sample/saml2-web-app-pickup-manager/src/main/resources/sso.properties#L38

Description:
We have no proper documentation to configure properties file of the sample apps with necessary property values.

Description:
Currently using the QSG, when we successfully log in we can use the authenticated username in the page.
It would be better if we provide a way to view the user information returned as claims in the sample apps.

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
At the moment, we do not set claims for SAML and OIDC responses. This makes it impossible to generate a user profile section in Sample applications.

We must enable user profile section.

Suggested Labels:
Improvements

Suggested Assignees:
[email protected]

Description:
The script is closing once a scenario tried. It has to run again and again to try all the scenarios. Better to keep the script alive and give an option like "Do you want to exist?"

Description:

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently, in the web application pick up we have self-registration option. But once click on that it will go to dashboard and complete the flow, so in that case, can't we straightly asked the user to click on login and then user register now option.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Although admin is our default user, it is not good to have admin for demonstration purposes. Change that to Cameron

Description:
At the moment maven-scr-plugin is defined at root pom level build plugin. This breaks the build if a module doe not contain any OSGI annotation

Suggested Labels:
Bug, improvement

Resolves with #58

Description:
The following error is printed when running qsg.sh with option 2.
qsg.sh: 660: cd: can't cd to binaries cp: cannot stat 'saml2-web-app-dispatch.com.war': No such file or directory ** Web application Dispatch successfully deployed. ** cp: cannot stat 'saml2-web-app-swift.com.war': No such file or directory

When running qsg.sh with option 1 following error is printed
qsg.sh: 660: cd: can't cd to binaries cp: cannot stat 'saml2-web-app-dispatch.com.war': No such file or directory ** Web application Dispatch successfully deployed. ** cp: cannot stat 'saml2-web-app-swift.com.war': No such file or directory

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Furthermore, there is not proper official wso2 document for GDPR - Quick start guide

import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager;
import org.wso2.carbon.identity.sso.agent.util.SSOAgentUtils;

/**
*
*/
@RestController
@RequestMapping("/saml")
public class SSORestController {

private static final XLogger LOGGER = XLoggerFactory.getXLogger(SSORestController.class);

@Autowired
public SAML2SSOManager saml2SSOManager;

@bean(name = "saml2SSOManager")
public SAML2SSOManager saml2SSOManager() {
try {
SSOAgentConfig ssoAgentConfig = this.ssoAgentConfig();
ssoAgentConfig.initConfig(this.samlProperties());

        return new SAML2SSOManager(ssoAgentConfig);
    } catch (Exception ex) {
        LOGGER.debug("SAML2SSOManager error " + ex.getMessage());
    }
    return null;
}

@Bean
public SSOAgentConfig ssoAgentConfig() {
    return new SSOAgentConfig();
}

@Bean
public Properties samlProperties() {
    try {
        return PropertiesLoaderUtils.loadProperties(new ClassPathResource("/config/travelocity.properties"));
    } catch (IOException ex) {
        LOGGER.info("Could not load properties from " + ex.getMessage());
    }
    return null;
}

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager]: Factory method 'saml2SSOManager' threw exception; nested exception is java.lang.NoClassDefFoundError: org/wso2/carbon/user/api/UserStoreException
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:579)
... 35 common frames omitted
Caused by: java.lang.NoClassDefFoundError: org/wso2/carbon/user/api/UserStoreException
at com.aimia.aip.identity.config.AppServiceConfig.saml2SSOManager(AppServiceConfig.java:269)
at com.aimia.aip.identity.config.AppServiceConfig$$EnhancerBySpringCGLIB$$1eb8fcb9.CGLIB$saml2SSOManager$5()
at com.aimia.aip.identity.config.AppServiceConfig$$EnhancerBySpringCGLIB$$1eb8fcb9$$FastClassBySpringCGLIB$$8a5dee81.invoke()
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:361)
at com.aimia.aip.identity.config.AppServiceConfig$$EnhancerBySpringCGLIB$$1eb8fcb9.saml2SSOManager()
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 36 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.wso2.carbon.user.api.UserStoreException
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 47 common frames omitted

Description:
OIDC apps use authorization code flow. In this flow, response is handled by a servlet. Once redirect is validated, servlet dispatch home.jsp. Obtaining of token happens through jsp code that are embedded in the jsp page. This will reveal the authorization code in the URL, which is not appropriate.

This is a bug that needs to be fixed

Suggested Labels:
Bug, Improvements

Suggested Assignees:
[email protected]