added missing features and configurations

merge-requests/1/head
ayyoob 8 years ago
parent 502999307a
commit 63200bec45

@ -0,0 +1,32 @@
<processor>
<!-- Remove the scope validator from the identity.xml if it exists. Otherwise running the build several times
causes several scope validator elements to be added-->
<remove>
<name>//s:Server/s:OAuth/s:OAuthScopeValidator</name>
</remove>
<!-- Add the scope validator config element -->
<add>
<after>//s:Server/s:OAuth/s:OAuthCallbackHandlers</after>
<value><![CDATA[<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.validators.ExtendedJDBCScopeValidator"/>]]></value>
</add>
<!-- Add the ntlm grant type validator config element -->
<add>
<after>//s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm']/s:GrantTypeName</after>
<value>
<![CDATA[<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth.common.NTLMAuthenticationValidator</GrantTypeValidatorImplClass>]]></value>
</add>
<add>
<after>//s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm']/s:GrantTypeName</after>
<value>
<![CDATA[<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth.common.NTLMAuthenticationValidator</GrantTypeValidatorImplClass>]]></value>
</add>
<add>
<after>//s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm']</after>
<value>
<![CDATA[<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>]]></value>
</add>
</processor>

@ -90,6 +90,83 @@
</executions>
</plugin>
<plugin>
<groupId>com.google.code.maven-replacer-plugin</groupId>
<artifactId>replacer</artifactId>
<version>1.5.2</version>
<executions>
<!-- Replace Datasource, Scope mpl classes and OAuth callback class in identity.xml -->
<execution>
<id>replace-for-identity</id>
<phase>prepare-package</phase>
<goals>
<goal>replace</goal>
</goals>
<configuration>
<file>${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/identity.xml</file>
<replacements>
<replacement>
<xpath>/Server/JDBCPersistenceManager/DataSource/Name</xpath>
<token>(jdbc/WSO2CarbonDB)</token>
<value>jdbc/WSO2AM_DB</value>
</replacement>
<replacement>
<xpath>/Server/OAuth/SupportedGrantTypes/SupportedGrantType</xpath>
<token>(org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler)</token>
<value>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedAuthorizationCodeGrantHandler</value>
</replacement>
<replacement>
<xpath>/Server/OAuth/SupportedGrantTypes/SupportedGrantType</xpath>
<token>(org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler)</token>
<value>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</value>
</replacement>
<replacement>
<xpath>/Server/OAuth/SupportedGrantTypes/SupportedGrantType</xpath>
<token>(org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler)</token>
<value>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedClientCredentialsGrantHandler</value>
</replacement>
<replacement>
<xpath>/Server/OAuth/SupportedGrantTypes/SupportedGrantType</xpath>
<token>(org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler)</token>
<value>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedSAML2BearerGrantHandler</value>
</replacement>
<replacement>
<xpath>/Server/OAuth/SupportedGrantTypes/SupportedGrantType</xpath>
<token>(org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler)</token>
<value>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandlerWithHandshake</value>
</replacement>
<replacement>
<xpath>/Server/OAuth/OAuthCallbackHandlers</xpath>
<token>(org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler)</token>
<value>org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler</value>
</replacement>
</replacements>
</configuration>
</execution>
<!-- Replace Datasource, Scope mpl classes and OAuth callback class in identity.xml -->
<!-- Replace the Datasource in the thrift-authentication.xml file -->
<execution>
<id>replace-for-thrift</id>
<phase>prepare-package</phase>
<goals>
<goal>replace</goal>
</goals>
<configuration>
<file>${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/thrift-authentication.xml</file>
<replacements>
<replacement>
<xpath>/Server/JDBCPersistenceManager/DataSource/Name</xpath>
<token>(jdbc/WSO2CarbonDB)</token>
<value>jdbc/WSO2AM_DB</value>
</replacement>
</replacements>
</configuration>
</execution>
</executions>
</plugin>
<!-- Add the input and output adapter configs to the file -->
<plugin>
<groupId>com.google.code.maven-config-processor-plugin</groupId>
@ -130,6 +207,43 @@
</transformations>
</configuration>
</execution>
<execution>
<id>add-scope-validator</id>
<phase>prepare-package</phase>
<goals>
<goal>process</goal>
</goals>
<configuration>
<failOnMissingXpath>false</failOnMissingXpath>
<transformations>
<transformation>
<input>${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/identity.xml</input>
<output>../../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/identity.xml</output>
<config>identity_config_change.xml</config>
</transformation>
</transformations>
<namespaceContexts>
<s>http://wso2.org/projects/carbon/carbon.xml</s>
</namespaceContexts>
</configuration>
</execution>
<execution>
<id>init-claim-manager</id>
<phase>prepare-package</phase>
<goals>
<goal>process</goal>
</goals>
<configuration>
<failOnMissingXpath>false</failOnMissingXpath>
<transformations>
<transformation>
<input>${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/user-mgt.xml</input>
<output>../../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/user-mgt.xml</output>
<config>user_mgt_config_change.xml</config>
</transformation>
</transformations>
</configuration>
</execution>
</executions>
</plugin>
@ -444,6 +558,7 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
@ -451,52 +566,6 @@
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>com.google.code.maven-replacer-plugin</groupId>
<artifactId>replacer</artifactId>
<version>1.5.2</version>
<executions>
<!-- Replace Datasource, Scope mpl classes and OAuth callback class in identity.xml -->
<execution>
<id>replace-for-api-manager</id>
<phase>prepare-package</phase>
<goals>
<goal>replace</goal>
</goals>
<configuration>
<file>
${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/api-manager.xml
</file>
<replacements>
<replacement>
<xpath>/APIManager/GatewayType</xpath>
<token>Synapse</token>
<value>None</value>
</replacement>
</replacements>
</configuration>
</execution>
<execution>
<id>replace-for-api-store</id>
<phase>prepare-package</phase>
<goals>
<goal>replace</goal>
</goals>
<configuration>
<file>
${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/jaggeryapps/api-store/site/conf/site.json
</file>
<replacements>
<replacement>
<token>(/store)</token>
<value>/api-store</value>
</replacement>
</replacements>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>

@ -74,6 +74,7 @@
<exclude>**/lib/encoder*</exclude>
<exclude>**/plugins/jaxb*</exclude>
<exclude>**/security/authenticators.xml</exclude>
<exclude>**/user-mgt.xml</exclude>
<exclude>**/plugins/org.wso2.carbon.localentry.ui*</exclude>
<exclude>**/plugins/org.wso2.carbon.mediation.security.ui*</exclude>
@ -224,6 +225,7 @@
<include>**/log4j.properties</include>
<include>**/nhttp.properties</include>
<include>**/passthru-http.properties</include>
<include>**/user-mgt.xml</include>
</includes>
</fileSet>
<fileSet>
@ -594,6 +596,8 @@
<include>**/msg-mgt.properties</include>
<include>**/entitlement.properties</include>
<include>**/EndpointConfig.properties</include>
<include>**/identity.xml</include>
<include>**/thrift-authentication.xml</include>
</includes>
</fileSet>
<fileSet>
@ -850,24 +854,12 @@
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>src/repository/conf/identity/identity.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity
</outputDirectory>
<fileMode>644</fileMode>
</file>
<file>
<source>src/repository/conf/identity/application-authentication.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity
</outputDirectory>
<fileMode>644</fileMode>
</file>
<file>
<source>src/repository/conf/identity/thrift-authentication.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>
src/repository/conf/identity/identity-providers/iot_default.xml

@ -1,286 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
<JDBCPersistenceManager>
<DataSource>
<!-- Include a data source name (jndiConfigName) from the set of data
sources defined in master-datasources.xml -->
<Name>jdbc/WSO2AM_DB</Name>
</DataSource>
<!-- If the identity database is created from another place and if it is
required to skip schema initialization during the server start up, set the
following property to "true". -->
<!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
<SessionDataPersist>
<Enable>false</Enable>
<!--RememberMePeriod>20160</RememberMePeriod-->
<!--CleanUp>
<Enable>true</Enable>
<Period>1</Period>
<TimeOut>20160</TimeOut-->
<!--/CleanUp>
<Temporary>false</Temporary-->
</SessionDataPersist>
</JDBCPersistenceManager>
<!-- Security configurations -->
<Security>
<UserTrustedRPStore>
<Location>${carbon.home}/repository/resources/security/userRP.jks
</Location>
<!-- Keystore type (JKS/PKCS12 etc.) -->
<Type>JKS</Type>
<!-- Keystore password -->
<Password>wso2carbon</Password>
<!-- Private Key password -->
<KeyPassword>wso2carbon</KeyPassword>
</UserTrustedRPStore>
<!-- The directory under which all other KeyStore files will be stored -->
<KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
</Security>
<Identity>
<IssuerPolicy>SelfAndManaged</IssuerPolicy>
<TokenValidationPolicy>CertValidate</TokenValidationPolicy>
<BlackList/>
<WhiteList/>
<System>
<KeyStore/>
<StorePass/>
</System>
</Identity>
<OpenID>
<OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
<OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
<!-- If the users must be prompted for approval -->
<OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
<!-- Expiry time of the OpenID RememberMe token in minutes -->
<OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
<!-- Multifactor Authentication configuration -->
<UseMultifactorAuthentication>false</UseMultifactorAuthentication>
<!-- To enable or disable openid dumb mode -->
<DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
<!-- remember me session timeout in seconds -->
<SessionTimeout>36000</SessionTimeout>
<!-- skips authentication if valid SAML2 Web SSO browser session available -->
<AcceptSAMLSSOLogin>false</AcceptSAMLSSOLogin>
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.provider.openid.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
</OpenID>
<OAuth>
<RequestTokenUrl>https://localhost:9443/oauth/request-token</RequestTokenUrl>
<AccessTokenUrl>https://localhost:9443/oauth/access-token</AccessTokenUrl>
<AuthorizeUrl>https://localhost:9443/oauth/authorize-url</AuthorizeUrl>
<OAuth2TokenEPUrl>https://localhost:${mgt.transport.https.port}/oauth2/token</OAuth2TokenEPUrl>
<!-- Default validity period for Authorization Code in seconds -->
<AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
<!-- Default validity period for user access tokens in seconds -->
<AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
<!-- Default validity period for application access tokens in seconds -->
<UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
<!-- Validity period for refresh token -->
<RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
<!-- Timestamp skew in seconds -->
<TimestampSkew>300</TimestampSkew>
<!-- Enable OAuth caching -->
<EnableOAuthCache>true</EnableOAuthCache>
<!-- Enable renewal of refresh token for refresh_token grant -->
<RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
<!-- Process the token before storing it in database, e.g. encrypting -->
<TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
<!-- Supported Client Autnetication Methods -->
<ClientAuthHandlers>
<ClientAuthHandler Class="org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler">
<Property Name="StrictClientCredentialValidation">false</Property>
</ClientAuthHandler>
</ClientAuthHandlers>
<!-- Supported Response Types -->
<SupportedResponseTypes>
<SupportedResponseType>
<ResponseTypeName>token</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
<SupportedResponseType>
<ResponseTypeName>code</ResponseTypeName>
<ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
</SupportedResponseType>
</SupportedResponseTypes>
<!-- Supported Grant Types -->
<SupportedGrantTypes>
<SupportedGrantType>
<GrantTypeName>authorization_code</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>password</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>refresh_token</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>client_credentials</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>iwa:ntlm</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
</SupportedGrantType>
<SupportedGrantType>
<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType>
</SupportedGrantTypes>
<OAuthCallbackHandlers>
<OAuthCallbackHandler Class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.DeviceMgtOAuthCallbackHandler"/>
</OAuthCallbackHandlers>
<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.validators.ExtendedJDBCScopeValidator"/>
<TokenValidators>
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
</TokenValidators>
<!-- Assertions can be used to embedd parameters into access token. -->
<EnableAssertions>
<UserName>false</UserName>
</EnableAssertions>
<!-- This should be set to true when using multiple user stores and keys
should saved into different tables according to the user store. By default
all the application keys are saved in to the same table. UserName Assertion
should be 'true' to use this. -->
<EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
<!-- user store domain names and mapping to new table name. eg: if you
provide 'A:foo.com', foo.com should be the user store domain name and 'A'
represent the relavant mapping of token store table, i.e. tokens will be
added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
<AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com -->
</AccessTokenPartitioningDomains>
<AuthorizationContextTokenGeneration>
<Enabled>false</Enabled>
<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<AuthorizationContextTTL>15</AuthorizationContextTTL>
</AuthorizationContextTokenGeneration>
<SAML2Grant>
<!--SAML2TokenHandler></SAML2TokenHandler-->
</SAML2Grant>
<OpenIDConnect>
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<IDTokenIssuerID>https://localhost:9443/oauth2endpoints/token</IDTokenIssuerID>
<IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
<IDTokenExpiration>3600</IDTokenExpiration>
<UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
<SkipUserConsent>false</SkipUserConsent>
</OpenIDConnect>
</OAuth>
<MultifactorAuthentication>
<XMPPSettings>
<XMPPConfig>
<XMPPProvider>gtalk</XMPPProvider>
<XMPPServer>talk.google.com</XMPPServer>
<XMPPPort>5222</XMPPPort>
<XMPPExt>gmail.com</XMPPExt>
<XMPPUserName>multifactor1@gmail.com</XMPPUserName>
<XMPPPassword>wso2carbon</XMPPPassword>
</XMPPConfig>
</XMPPSettings>
</MultifactorAuthentication>
<SSOService>
<EntityId>localhost</EntityId>
<IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
<SingleLogoutRetryCount>5</SingleLogoutRetryCount>
<SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval> <!-- in milli seconds -->
<TenantPartitioningEnabled>false</TenantPartitioningEnabled>
<PersistanceCacheTimeout>157680000</PersistanceCacheTimeout>
<SessionIndexCacheTimeout>157680000</SessionIndexCacheTimeout>
<SessionTimeout>36000</SessionTimeout> <!-- remember me session timeout in seconds -->
<!-- skips authentication if valid SAML2 Web SSO browser session available -->
<AttributeStatementBuilder>org.wso2.carbon.identity.sso.saml.attributes.UserAttributeStatementBuilder</AttributeStatementBuilder>
<AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
<AcceptOpenIDLogin>false</AcceptOpenIDLogin>
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.sso.saml.builders.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<SAMLSSOAssertionBuilder>org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder</SAMLSSOAssertionBuilder>
<SAMLSSOEncrypter>org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter</SAMLSSOEncrypter>
<SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
<SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
<!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
<!-- SAML Token validity period in minutes -->
<SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
<UseAuthenticatedUserDomainCrypto>false</UseAuthenticatedUserDomainCrypto>
</SSOService>
<EntitlementSettings>
<!-- Uncomment this to enable on-demand policy loading -->
<!--OnDemandPolicyLoading> <Enable>true</Enable> <MaxInMemoryPolicies>100</MaxInMemoryPolicies>
</OnDemandPolicyLoading -->
<DecisionCaching>
<Enable>true</Enable>
<CachingInterval>36000</CachingInterval>
</DecisionCaching>
<AttributeCaching>
<Enable>true</Enable>
</AttributeCaching>
<ThirftBasedEntitlementConfig>
<EnableThriftService>true</EnableThriftService>
<ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
<ClientTimeout>10000</ClientTimeout>
<KeyStore>
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<Password>wso2carbon</Password>
</KeyStore>
<!-- Enable this element to mention the host-name of your IS machine -->
<ThriftHostName>localhost</ThriftHostName>
</ThirftBasedEntitlementConfig>
</EntitlementSettings>
<SCIMAuthenticators>
<Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
<Property name="Priority">5</Property>
</Authenticator>
<Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
<Property name="Priority">10</Property>
<Property name="AuthorizationServer">local://services</Property>
<!--Property name="AuthorizationServer">https://localhost:9443/services</Property>
<Property name="UserName">admin</Property>
<Property name="Password">admin</Property-->
</Authenticator>
</SCIMAuthenticators>
<!--SessionContextCache>
<Enable>true</Enable>
<Capacity>100000</Capacity>
</SessionContextCache-->
</Server>

@ -1,44 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
<JDBCPersistenceManager>
<DataSource>
<!-- Include a data source name (jndiConfigName) from the set of data sources defined in master-datasources.xml -->
<Name>jdbc/WSO2AM_DB</Name>
</DataSource>
<!-- If the identity database is created from another place and if it is required to skip schema initialization during the server start up, set the following
property to "true". -->
<!--<SkipDBSchemaCreation>true</SkipDBSchemaCreation>-->
</JDBCPersistenceManager>
<ThriftSessionDAO>org.wso2.carbon.identity.thrift.authentication.dao.DBThriftSessionDAO</ThriftSessionDAO>
<!--<ThriftSessionDAO>org.wso2.carbon.identity.thrift.authentication.dao.InMemoryThriftSessionDAO</ThriftSessionDAO>-->
<ClientTimeout>30000</ClientTimeout>
<!--<Hostname>localhost</Hostname>-->
<Port>10711</Port>
<!--30 min-->
<ThriftSessionTimeout>1800000</ThriftSessionTimeout>
</Server>

@ -461,4 +461,12 @@ org.owasp.csrfguard.unprotected.publisherRestApi=%servletContext%/api/appm/publi
org.owasp.csrfguard.unprotected.storeRestApi=%servletContext%/api/appm/store/*
org.owasp.csrfguard.unprotected.certificateMgtRestApi=%servletContext%/api/certificate-mgt/*
org.owasp.csrfguard.unprotected.deviceMgtRestApi=%servletContext%/api/device-mgt/*
org.owasp.csrfguard.unprotected.dcrRestApi=%servletContext%/dynamic-client-web/*
org.owasp.csrfguard.unprotected.dcrRestApi=%servletContext%/dynamic-client-web/*
#carbon
org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*
#identity
org.owasp.csrfguard.unprotected.acs=%servletContext%/acs/*
org.owasp.csrfguard.unprotected.iwa=%servletContext%/iwa/*
org.owasp.csrfguard.unprotected.oauthiwa=%servletContext%/commonauth/iwa/*

@ -0,0 +1,260 @@
<!--
~ Copyright WSO2, Inc. (http://wso2.com)
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<!-- Following is the configuration for internal JDBC user store. This user store manager is based on JDBC.
In case if application needs to manage passwords externally set property
<Property name="PasswordsExternallyManaged">true</Property>.
In case if user core cache domain is needed to identify uniquely set property
<Property name="UserCoreCacheIdentifier">domain</Property>.
Furthermore properties, IsEmailUserName and DomainCalculation are readonly properties.
Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens
when building configurations for products.
-->
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
<Property name="ReadOnly">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="UsernameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">true</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
</UserStoreManager>
<!-- If product is using an external LDAP as the user store in READ ONLY mode, use following user manager.
In case if user core cache domain is needed to identify uniquely set property
<Property name="UserCoreCacheIdentifier">domain</Property>
-->
<!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=system</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">ou=system</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">true</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
</UserStoreManager-->
<!-- Active directory configuration is as follows.
In case if user core cache domain is needed to identify uniquely set property
<Property name="UserCoreCacheIdentifier">domain</Property>
There are few special properties for "Active Directory".
They are :
1.Referral - (comment out this property if this feature is not reuired) This enables LDAP referral support.
2.BackLinksEnabled - (Do not comment, set to true or false) In some cases LDAP works with BackLinksEnabled.
In which role is stored at user level. Depending on this value we need to change the Search Base within code.
isADLDSRole - (Do not comment) Set to true if connecting to an AD LDS instance else set to false.
-->
<!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldaps://10.100.1.100:636</Property>
<Property name="ConnectionName">CN=admin,CN=Users,DC=WSO2,DC=Com</Property>
<Property name="ConnectionPassword">A1b2c3d4</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">CN=Users,DC=WSO2,DC=Com</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">CN=Users,DC=WSO2,DC=Com</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager-->
<!-- Following user manager is used by Identity Server (IS) as its default user manager.
IS will do token replacement when building the product. Therefore do not change the syntax.
If "kdcEnabled" parameter is true, IS will allow service principle management.
Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx" properties control the service name format and
service password formats. In case if user core cache domain is needed to identify uniquely set property
<Property name="UserCoreCacheIdentifier">domain</Property>
-->
<!--ISUserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</ISUserStoreManager-->
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">false</Property>
</AuthorizationManager>
</Realm>
</UserManager>
<!--
************* Description of some of the configuration properties used in user-mgt.xml *********************************
DomainName -
This property must be used by all secondary user store managers in multiple user store configuration.
DomainName is a unique identifier given to the user store. Users must provide both the domain name and
username at log-in as "DomainName\Username"
UserRolesCacheEnabled -
This is to indicate whether to cache role list of a user. By default it is set to true.
You may need to disable it if user-roles are changed by external means and need to reflect
those changes in the carbon product immediately.
ReplaceEscapeCharactersAtUserLogin -
This is to configure whether escape characters in user name needs to be replaced at user login.
Currently the identified escape characters that needs to be replaced are '\' & '\\'
UserDNPattern -
This property will be used when authenticating users. During authentication we do a bind. But if the user is login
with email address or some other property we need to first lookup LDAP and retrieve DN for the user.
This involves an additional step. If UserDNPattern is specified the DN will be constructed using the pattern
specified in this property. Performance of this is much better than looking up DN and binding user.
RoleDNPattern -
This property will be used when checking whether user has been assigned to a given role.
Rather than searching the role in search base, by using this property direct search can be done.
PasswordHashMethod -
This says how the password should be stored. Allowed values are as follows,
SHA - Uses SHA digest method
MD5 - Uses MD 5 digest method
PLAIN_TEXT - Plain text passwords
In addition to above this supports all digest methods supported by http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.html.
DisplayNameAttribute -
This is to have a dedicated LDAP attribute to display an entity(User/Role) in UI, in addition to the UserNameAttribute which is used for IS-UserStore interactions.
-->

@ -0,0 +1,9 @@
<processor>
<remove>
<name>//UserManager/Realm/Configuration/Property[@name='initializeNewClaimManager']</name>
</remove>
<add>
<after>//UserManager/Realm/Configuration/Property[@name='isCascadeDeleteEnabled']</after>
<value><![CDATA[<Property name="initializeNewClaimManager">true</Property>]]></value>
</add>
</processor>

@ -1614,6 +1614,11 @@
<id>org.wso2.carbon.mediation.configadmin.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.mediator.cache.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<!--feature>
<id>org.wso2.carbon.mediation.tracer.feature.group</id>
<version>${carbon.mediation.version}</version>
@ -1878,6 +1883,10 @@
<id>org.wso2.carbon.device.mgt.analytics.dashboard.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.jwt.client.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
</features>
</configuration>
</execution>
@ -1953,6 +1962,10 @@
<id>org.wso2.carbon.identity.thrift.authentication.feature.group</id>
<version>${carbon.identity.framework.version.iotcore}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.oauth2.grant.jwt.feature.group</id>
<version>${identity.jwt.extension.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.tenant.common.feature.group</id>
<version>${carbon.multitenancy.version}</version>
@ -2042,6 +2055,10 @@
<id>org.wso2.carbon.mediation.configadmin.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.mediator.cache.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<!--feature>
<id>org.wso2.carbon.mediation.statistics.feature.group</id>
<version>${carbon.mediation.version}</version>
@ -2205,6 +2222,10 @@
<id>org.wso2.carbon.apimgt.gateway.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.apimgt.keymanager.feature.group</id>
<version>${carbon.api.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.registry.extensions.feature.group</id>
<version>${carbon.governance.version}</version>
@ -2324,6 +2345,10 @@
<id>org.wso2.carbon.device.mgt.analytics.dashboard.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.jwt.client.extension.feature.group</id>
<version>${carbon.device.mgt.version}</version>
</feature>
</features>
</configuration>
</execution>
@ -2377,6 +2402,25 @@
</feature>
<!-- End of app management features-->
<!-- Dashboard Features -->
<feature>
<id>org.wso2.carbon.dashboards.shindig.feature.group</id>
<version>${carbon.dashboard.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.dashboards.portal.feature.group</id>
<version>${carbon.dashboard.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.dashboard.deployment.feature.group</id>
<version>${carbon.dashboard.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.iot.device.statistics.dashboard.feature.group</id>
<version>${carbon.device.mgt.plugin.version}</version>
</feature>
<!-- End of Dashboard Features -->
<!-- Device Management Features -->
<feature>
@ -2573,6 +2617,10 @@
<id>org.wso2.carbon.mediation.configadmin.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.mediator.cache.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<!--feature>
<id>org.wso2.carbon.mediation.statistics.feature.group</id>
<version>${carbon.mediation.version}</version>
@ -2928,6 +2976,17 @@
<id>org.wso2.carbon.analytics.api.client.feature.group</id>
<version>${carbon.analytics.version}</version>
</feature>
<!-- SSO Features -->
<feature>
<id>org.wso2.carbon.identity.authenticator.saml2.sso.feature.group</id>
<version>${identity.carbon.auth.saml2.version.iotcore}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.sso.saml.feature.group</id>
<version>${identity.inbound.auth.saml.version.iotcore}</version>
</feature>
<!-- SSO Fix-->
</features>
</configuration>
</execution>
@ -3499,6 +3558,21 @@
<id>org.wso2.carbon.analytics.api.client.feature.group</id>
<version>${carbon.analytics.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.mediator.cache.feature.group</id>
<version>${carbon.mediation.version}</version>
</feature>
<!-- SSO Features -->
<feature>
<id>org.wso2.carbon.identity.authenticator.saml2.sso.feature.group</id>
<version>${identity.carbon.auth.saml2.version.iotcore}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.sso.saml.feature.group</id>
<version>${identity.inbound.auth.saml.version.iotcore}</version>
</feature>
<!-- SSO Fix-->
</features>
</configuration>
</execution>

Loading…
Cancel
Save