We are currently using WSO2 IS 5.10.
We are storing all the challenge questions as showing below
/_system/config/repository/components/org.wso2.carbon.identity.mgt/questionCollection
We are using getChallengeQuestionsOfUser SOAP(UserIdentityManagementAdminService.wsdl) API for retrieving the challenge questions of a particular user by passing username as input parameter and getting only three security questions as response.
getChallengeQuestionsOfUser(userName)
The API is returning only 3 security Questions, is there any configuration to retrieve more than 3?
Fist verify the questionSetId property value of the questions stored at location /_system/config/repository/components/org.wso2.carbon.identity.mgt/questionCollection.
If you wish to set more than 3 challenge question for a user, there should be questions in more than 3 questionSetIds at this location. Prior to that you should have created a local claim URI for each questionSetId.
Let's say this is the user's selected question from each questionSetId. and called setChallengeQuestionsOfUser API.
Verify the set challenge questions for the user from the above soap API. Mark supported by default true for the challenge question-related claims under local claims and check on user profile.
The challenge question claim values set for the user, will be returned when getChallengeQuestionsOfUser SOAP API is invoked
If I answer to your question of
The API is returning only 3 security Questions
It should be because the user has set only 3 challenge question answers. May be you have questions at /_system/config/repository/components/org.wso2.carbon.identity.mgt/questionCollection with some otherquestionSetId. but that particular tested user has picked only challenge questions from only 3 questionSetIds
Related
Trying to find out whether WSO2 Identity Server (IS) requires case-sensitivity by default when evaluating challenge question answers in password reset requests. If not, is there a configuration flag to enable/disable case-sensitivity or any other configuration to enforce or not require case-sensitive challenge question answers?
In the code level, the answer user provide will be converted to lowercase and then hashed[1] This hashed value will be compared with the stored value. So as an answer to your question challenge question answers of the user is not case-sensitive.Also, there is no configuration to make it so OOTB.
[1].https://github.com/wso2-extensions/identity-governance/blob/824fa6505eeabcf50de13bb2272e586f7e34ff25/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/ChallengeQuestionManager.java#L760
As part of Google's security review of apps that have access newly labeled restricted scopes it was suggested that we update our scopes to a few scopes which are still restricted but are more limited. So, we compiled and submitted an update to our scopes now our app is no longer verified and has to go back through a verification process. In the interim, now our new users when connecting to their Google accounts with our service are presented with very intimidating warnings about the application now being verified.
Does anyone have advice on how to proceed with this? Feels wrong for adjusting to reduced scopes to result in this behavior.
The OAuth Application verification team isn't a support team that can be reached, until they reach out to you. Make sure you've followed the appropriate steps:
You've submitted the verification form.
You or the project owner have received messages from the verification team. Then you can address any questions from there.
Most of the answers regarding the verification process you're looking for can be answered by reading through the FAQ .
We are currently working on a Django CRUB style webapp where multiple 'tenants' each have their own 'members' (users linked to that tenant), 'Courses', etc.
We want to include a 'login with google' option and have thus turned to Django-allauth. Most Tenants use Google G suit with their own [name]#[tenant].com address.
A user is assigned to their tenant after their account has been created, to prevent users of tenant B from creating a account in tenant A, we've included a function that checks if the domain of the email matches the 'domain' field in the Tenant object. Only if this match does indeed occur is the account created.
However recently one of our tenants has begun using more than 1 email domain which required us to update the code and Tenant Object.
(Making the code handle multiple email domains, chancing the models so tenants can have multiple email domains)
This left us to wonder if there is a better way to do this - we've been investigating if Google provides a company_id response, or anything that would help us identify a company aside from their email domain. Those values could help us check if a users does indeed belong to that tenant, without having to constantly check / update email domain fields - but we've been unable to find anything of the sort.
Responses to this similar stackoverflow question suggest a similar approach to the one we are currently taking, but that was five years ago - is this still truly the best way?
we need to implement the "Update Challenge Questions of a user" functionality through WSO2 IS. We have an application UI from where post login, user can update his challenge questions as well as answers. I found that with the "setChallengeQuestionsOfUser" operation in the "UserIdentityManagementAdminService?wsdl", we can save the challenge questions and answers of a user. Do we have any operation for update scenario?
If i use the same operation, it saves the questions and answers to WSO2 IS for that user, but it does not remove old questions.
No, update challenge question operation is not available via rest or soap endpoints.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
What is the best authentication app for Django that:
has configurable required fields, for example allows using email as username
integrates with other authentication APIs, such as Facebook, Twitter, Google
password recovery flow is configurable, sends temporary password vs. recovery link
preferably has invitation system, so the registration process can be controlled
I don't think there is any that has all these features, so I'm looking for one that covers as much as possible. But these are features that almost any well design web service should have. So I don't want to reinvent the wheel.
There isn't one django package that will cover everything, instead there are numerous great projects that tackle each of the requirements you mention:
general auth : django-auth - this is a part of the django distribution but needs to be eneabled
social authentication : django-social-auth - integrates social authentication with the default django-auth flow
registration and passwords : django-registration - adds the registration flow, including sign up and email confirmation etc.
invitation system : django-invitation - allows registration to be limited to invitations
profiles : django-profiles - allows you to extend the users account with a profile
You could also have a look at django-userena which is a new hosted solution to user management for your django app. I haven't looked into how it works or how comprehensive it is, but it looks promising.
Finally, have a look at django packages for other authentication apps:
http://djangopackages.com/grids/g/authentication/
EDIT:
This post is a little outdated
django-social-auth has become python-social-auth
django-allauth: There is another good all-in-one auth app called django-allauth. I haven't used it extensively but I believe it takes care of auth, social-auth, registration and profiles in one app
Configurable User Models: Django 1.5 introduced a configuratble User models in the auth module so you can now edit what fields you want to make use of for your user (email only, no username etc.). This is also useful if you want to add profile-like information to your user without having to join with another table (like you would with django-profiles or a OneToOne relationship with a custom profile model)
Here is nice and official comparison for only Facebook Authentication Packages
Facebook Authentication
Go for django allauth. it Covers all authentication flows, Custom user model. and over 50+ social authentication providers. We are using it from a long time and it has evolved a lot over the time.
First you have to install social-auth-app-django:
pip install social-auth-app-django
Then add it into your INSTALLED_APPS (in settings) then you have to create API keys, using the steps below for the networks you want to enable:
Google
Create a project on Google Cloud Platform
Facebook
Log into Facebook developers and create API keys
Twitter
https://apps.twitter.com/app/new
After creating project you will get the App ID and App Secret (don’t share it with any one) then add these ID & Secret in setting and provide a redirec valid url for more info