Showing posts from September, 2013

OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

How to Write a Custom User Store Manager - WSO2 Identity Server 4.5.0

With this post I will be demonstrating writing a simple custom user store manager for WSO2 Carbon and specifically in WSO2 Identity Server 4.5.0 which is released recently. The Content is as follows, Use caseWriting the custom User Store ManagerConfiguration in Identity Server You can download the sample here.
Use Case By default WSO2 Carbon has four implementations of User Store Managers as follows. org.wso2.carbon.user.core.jdbc.JDBCUserStoreManagerorg.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManagerorg.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager org.wso2.carbon.user.core.ldap.ActiveDirectoryLDAPUserStoreManager Let's look at a scenario where a company has a simple user store where they have kept customer_id, customer_name and the password (For the moment let's not worry about salting etc. as purpose is to demonstrate getting a custom user store into action). So the company may want to keep this as it is, as there may be other services depending on this…

WSO2 Identity Server 4.5.0 - User Store Management

In this post we will be going through the high level view of user management in WSO2 Carbon Products from Kernel 4.2.0 on. Specifically in WSO2 IS 4.5.0 which is based on this Kernel. These versions are armed with the capability to configure user stores at run time. 
Org.wso2.carbon.user.core is the  OSGI component responsible for handling users in Carbon products. There we have the concept of 'User Realm' which is a collection of users with attributes. It consists of following four aspects, Use store managementAuthorization ManagementClaim managementProfile configuration management You can get a clear picture of these 4 aspects from this blog, . Here we will see into the improvements done in User Store Management aspects with the newly released version. It provides the capability to configure user stores at run time, even in a clustered mode as described in this previous post by myself, using a conven…

Cluster mode - User Store Management Configuration at Run Time

We can even simply try this out with following simple steps in WSO2 Identity Server.

In the extracted pack go to,  CARBON_HOME/repository/conf/axis2/axis2.xml and enable clustering<clustering class="org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent"                 enable="true">
CARBON_HOME/repository/conf/carbon.xml and set-up deployment synchronizer,
 <DeploymentSynchronizer>         <Enabled>true</Enabled>         <AutoCommit>true</AutoCommit>         <AutoCheckout>true</AutoCheckout>         <RepositoryType>svn</RepositoryType>         <SvnUrl></SvnUrl>         <SvnUser>username</SvnUser>         <SvnPassword>password</SvnPassword>         <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId> </DeploymentSynchronizer>
This is our primary node in the cluster. Now take two copies of this extracted folder a…

Deploying Identity Server over a JDBC Based User Store

With this post I am to demonstrate how to configure WSO2 Identity Server with a JDBC user store. For the demonstration I am using a MySQL user store, but same procedure applies to any other JDBC user store as well. My environment is,
OS - Ubuntu 12.10
Java - 1.6
WSO2 IS 4.5.0
Setting up MySQL databaseUser Store Configuration in IS - Primary User Store Configuration in IS - Secondary (I am referring to extracted wso2is folder as CARBON_HOME in this post)
Setting up MySQL database We need MySQL running at first. This post will be helpful in setting up the MySQL database, if it's not already done. Once MySQL is running we have to set up the database as required by the Identity Server. The server packs the necessary sql scripts within itself, which can be located at CARBON_HOME/dbscripts. 
Let's login to MySQL server and execute the following, Create a database, mysql> create database JDBC_demo_user_store; Check out the creation, mysql> show databases; Then use the sql scr…

Getting Started with MySQL

This is a simple beginners guide to use MySQL in linux, from installation to querying the databases.
InstallationLogin Databases and tables Installation First let's make sure our package management tools are up-to date. For that run the following commands in command line.
sudo apt-get update sudo apt-get dist-upgrade Once it finishes update and upgrading, we can install MySQL with following command. sudo apt-get install mysql-server mysql-client This will take a moment to install and now we are ready to go.  Login At first start up MySQL server is not set up with a password for root and we can login with, mysql -u root -p If we are setting the password for the first time we can use following to set-up, mysqladmin -u root -p NEWPASSWORD   If we want to change a previously set password following command can be used,
mysqladmin -u root -p'oldpassword' password newpassword
Databases and Tables First we should login to MySQL server with, mysql -uroot -p<password> Then it …

Implemention of Support for Mutiple User Store Configuration at Run Time (A touch on the Beauty of WSO2 Carbon Architecture)

As I have shared in the previous post, WSO2 IS 4.5.0 version is released with added support for dynamic configuration of multiple user stores. While implementing this piece of component, I could touch some beautiful areas of WSO2 Carbon architecture,  which is known to be inherently dynamic and flexible. With this post I am to list those characteristics of Carbon platform that came handy in this implementation.The content of this post is,
How dynamic User Store Configuration happensCarbon characteristics that facilitated rapid development How dynamic User Store Configuration happens Following figure highlights the flow of a new user store configuration.

The super admin or tenant admin can add user stores through the UI, to own domain. We have allowed dynamic configurations only for secondary user stores and 'Primary' user store is not configurable at run time. This was because it is available for all tenants and allowing changes to it's configuration at run time can guid…