How can I get current user when claims task by wso2 bpmn?
I want to get it to call other REST-API
Thanks!
After claiming the task, he becomes the assignee of that task. You can GET the task info from the rest endpoint https://Host_Name:PORT/bpmn/runtime/tasks/{task-id} and it contains the username of the assignee.
Related
There is any webservice providing by WSO2 Identity server, to remove a session for specific user to specific ServiceProvider?
I am using SAMLSSO for many web application and they all are integrating with WSO2 server.
Now let's say scenario is,User is login with 2 application at the same time. I want to logout it from one application.
There is one service provided by logout and it's providing single logout and session will be remove for all application. There is webservice provided by IS or way to achieve logout for one specific application ?
What you are asking is to have the capability of removing a specific participant from the session created in the Identity Server side. I don't see a straight forward way (OOTB) of achieving this.
Closest you can achieve is as below.
Make your application perform a forceAuth. ForceAuth will request for user credentials despite having the cookies in the browser. (This will prevent the user from experiencing the SSO comfort. Still you can authenticate against the IS)
Prevent the application from sending an SLO request to WSO2. Rather, terminate the self(application) session upon logout.
When your application really wants to perform an SLO (logout all the applications, not just yours), your application can send an SLO request to the Identity Server.
Performing a force authentication :
SAML - Send forceAuth=true as a query paramter in your login request. Or else change the SAML AuthenricationRequest payload body to indicate a force authentication as in the spec(Line 2042).
OIDC - Send prompt=login as an additional query parameter in the /authorization request.
You can do this by calling the REST API and SOAP API provided by WSO2 IS. This will remove the session at WSO2 IS but I'm not sure if it will also trigger the SLO to other service providers or not.
Reference:
https://is.docs.wso2.com/en/latest/develop/calling-admin-services/
https://is.docs.wso2.com/en/latest/develop/session-mgt-rest-api/
Trigger a SOAP request getUserProfile from the UserProfileMgtService.wsdl. The default user profile will be 'default' or you can put the customized profile name you used. This will return the details. Grab the user id from this.
Trigger a GET to the API: /{user-id}/sessions with the user-id from step 1 to get the list of all active sessions this user currently have. Go through the list of sessions and find the session ID of the Service Provider you need to clear.
Trigger a DELETE request to API: /{user-id}/sessions/{session-id} with the user id from step 1 & session id from step 2
Hi i Want in API manager WSO2 in store section after user registered Send email with link to confirm account
am version: 2.5.0
Please Help Me
Your requirement can be achieved through a custom workflow extension. By default there is a custom workflow to the user signup process. You may need to extend that to send an email. Please refer to this.
I am using WSO2 IS 5.3.0 server and I am wondering if it is possible to send an email when user changes his password or any other attribute, etc., email.? Is this feature already built in WSO2 IS (I couldn't find anything in WSDL services) or is it then possible to extend something?
Any comments about this issue would be appreciated.
Please do the following steps to achieve this task.
Write a custom user operation event listener extending the AbstractUserOperationEventListener.java
Implement the doPostUpdateCredential method. doPostUpdateCredential
Trigger notification event handler to send a notification to the user. EventHandlerNotification
We are using WSO2 IS 5.0.0 and are implementing the user recovery process. We have noticed that when the user gets the confirmationCode from the email sent from executing the soap call "sendRecoveryNotification" in UserInformationRecoveryService that the confirmationCode is only valid for one attempt.
Is there a way to set the confirmationCode to remain valid until the user successfully updates their password as well as other similar operations requiring WSO2 generated confirmationCodes?
This is fixed with [1] and will be available in IS 5.1.0-Alpha-2
Isura
[1]https://wso2.org/jira/browse/IDENTITY-3175
We're looking to replace an existing API manager with wso2 and one of the features of the other platform is that we can identify a 'user' of the API at run time and have the throttling work.
The 'user' is not OAuth identified, rather they authenticate via the API and a session id is returned (so they've never registered at a 'store'). This session id is then used to setup the throttling at the API Manager. Additionally the other tool has code to look for the user logging in and using that id in the throttling. so if a user tries to login too many times per hour the API manager blocks the request in addition to too many requests for a logged in user per hour. The combinations of login attempts, API calls etc. are summed into the throttle. (All this was implemented by their services team years ago)
The main reason we need this is we don't want to force our old clients to go to OAuth immediately but want much more visibility, reporting and throttling.
Thoughts on how to do this with wso2? I see where we can add our own Handlers to the API to figure out session ids, login ids etc. but I don't see where to create the logic to do the throttling.
Thanks,
Chris
Login to Carbon and edit the tiers.xml (/_system/governance/apimgt/applicationdata/tiers.xml)。You can found the section <throttle:ID throttle:type="ROLE">Unauthenticated</throttle:ID>