From ebe22410c429aba4316a5cd1dfd1de5e197b1777 Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Thu, 1 Dec 2016 16:45:42 +0530
Subject: [PATCH 1/7] Adding missing certificate management web apps features

---
 modules/core/p2-profile-gen/pom.xml | 30 +++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml
index 0e9eb687..fb56f45a 100644
--- a/modules/core/p2-profile-gen/pom.xml
+++ b/modules/core/p2-profile-gen/pom.xml
@@ -110,6 +110,12 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.policy.mgt.server.feature:${carbon.device.mgt.version}
                                 </featureArtifactDef>
+                                <featureArtifactDef>
+                                    org.wso2.carbon.devicemgt:org.wso2.carbon.certificate.mgt.api.feature:${carbon.device.mgt.version}
+                                </featureArtifactDef>
+                                <featureArtifactDef>
+                                    org.wso2.carbon.devicemgt:org.wso2.carbon.certificate.mgt.cert.admin.api.feature:${carbon.device.mgt.version}
+                                </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.certificate.mgt.server.feature:${carbon.device.mgt.version}
                                 </featureArtifactDef>
@@ -2166,6 +2172,14 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
+                                    <version>${carbon.device.mgt.version}</version>
+                                </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.certificate.mgt.cert.admin.api.feature.group</id>
+                                    <version>${carbon.device.mgt.version}</version>
+                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2249,6 +2263,14 @@
                                     <id>org.wso2.carbon.email.sender.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
+                                    <version>${carbon.device.mgt.version}</version>
+                                </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.certificate.mgt.cert.admin.api.feature.group</id>
+                                    <version>${carbon.device.mgt.version}</version>
+                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2706,6 +2728,14 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
+                                    <version>${carbon.device.mgt.version}</version>
+                                </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.certificate.mgt.cert.admin.api.feature.group</id>
+                                    <version>${carbon.device.mgt.version}</version>
+                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>

From 96d0d048df98ea0eb4a0be36836bbfa28810c1b3 Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Tue, 6 Dec 2016 10:25:40 +0530
Subject: [PATCH 2/7] Adding APNS and GCM commented on cdm-config

---
 modules/core/distribution/src/repository/conf/cdm-config.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/core/distribution/src/repository/conf/cdm-config.xml b/modules/core/distribution/src/repository/conf/cdm-config.xml
index bd22a4b0..caa367a5 100644
--- a/modules/core/distribution/src/repository/conf/cdm-config.xml
+++ b/modules/core/distribution/src/repository/conf/cdm-config.xml
@@ -28,6 +28,8 @@
     <PushNotificationProviders>
         <Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.MQTTBasedPushNotificationProvider</Provider>
         <Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.XMPPBasedPushNotificationProvider</Provider>
+        <!--<Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.GCMBasedPushNotificationProvider</Provider>-->
+        <!--<Provider>org.wso2.carbon.device.mgt.mobile.impl.ios.apns.APNSBasedPushNotificationProvider</Provider>-->
     </PushNotificationProviders>
     <IdentityConfiguration>
         <ServerUrl>https://localhost:9443</ServerUrl>

From 694a7087b0e8860d92100922134f62f57f72f025 Mon Sep 17 00:00:00 2001
From: Harshan Liyanage <harshan@wso2.com>
Date: Tue, 6 Dec 2016 10:37:55 +0530
Subject: [PATCH 3/7] Updated carbon component versions to include security
 fixes

---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index aea41c23..28c672e5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1513,7 +1513,7 @@
         <carbon.commons.version>4.5.4</carbon.commons.version>
 
         <!-- Carbon Deployment -->
-        <carbon.deployment.version>4.7.0</carbon.deployment.version>
+        <carbon.deployment.version>4.7.2</carbon.deployment.version>
 
         <!-- Carbon Identity -->
         <carbon.identity.framework.version>5.2.0</carbon.identity.framework.version>
@@ -1534,12 +1534,12 @@
         <identity.jwt.extension.version>1.0.2</identity.jwt.extension.version>
 
         <!-- Carbon Multi-tenancy -->
-        <carbon.multitenancy.version>4.6.0</carbon.multitenancy.version>
+        <carbon.multitenancy.version>4.6.1</carbon.multitenancy.version>
 
         <!-- Carbon Registry -->
-        <carbon.registry.version>4.5.6</carbon.registry.version>
+        <carbon.registry.version>4.5.8</carbon.registry.version>
         <!-- Carbon Governance -->
-        <carbon.governance.version>4.6.4</carbon.governance.version>
+        <carbon.governance.version>4.6.5</carbon.governance.version>
 
         <!-- Carbon Device Management -->
         <carbon.device.mgt.version>2.0.3-SNAPSHOT</carbon.device.mgt.version>

From ae96430e0d2f2475c9e2fc8bbdba80ab24c0687f Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Tue, 6 Dec 2016 10:59:45 +0530
Subject: [PATCH 4/7] Adding /devicemgt/login as authentication url when sso
 enabled

---
 .../identity/application-authentication.xml   | 162 ++++++++++++++++++
 1 file changed, 162 insertions(+)
 create mode 100644 modules/core/distribution/src/repository/conf/identity/application-authentication.xml

diff --git a/modules/core/distribution/src/repository/conf/identity/application-authentication.xml b/modules/core/distribution/src/repository/conf/identity/application-authentication.xml
new file mode 100644
index 00000000..2139b873
--- /dev/null
+++ b/modules/core/distribution/src/repository/conf/identity/application-authentication.xml
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+~
+~ Licensed under the Apache License, Version 2.0 (the "License");
+~ you may not use this file except in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing, software
+~ distributed under the License is distributed on an "AS IS" BASIS,
+~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+~ See the License for the specific language governing permissions and
+~ limitations under the License.
+ -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+    <!--
+        ProxyMode allows framework to operate in either 'smart' mode
+        or 'dumb' mode.
+        smart = both local and federated authentication is supported
+        dumb = only federated authentication is supported
+    -->
+    <ProxyMode>smart</ProxyMode>
+
+    <!--
+        AuthenticationEndpointURL is location of the web app containing
+        the authentication related pages
+    -->
+    <AuthenticationEndpointURL>https://${carbon.host}:${carbon.management.port}/devicemgt/login</AuthenticationEndpointURL>
+    <AuthenticationEndpointRetryURL>https://${carbon.host}:${carbon.management.port}/devicemgt/login?retry=true</AuthenticationEndpointRetryURL>
+
+    <!--
+        Extensions allow extending the default behaviour of the authentication
+        process.
+    -->
+    <Extensions>
+        <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+        <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+        <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+        <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+        <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+        <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+        <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+        <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+        <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+    </Extensions>
+
+    <!--
+        AuthenticatorNameMappings allow specifying an authenticator
+        against a pre-defined alias (which will be used by other components.
+        E.g. Application Mgt component). This enables the usage of a custom
+        authenticator in place of an authenticator that gets packed with the
+        distribution.
+    -->
+    <AuthenticatorNameMappings>
+        <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+        <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+        <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+        <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+        <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+        <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+        <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+        <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+    </AuthenticatorNameMappings>
+
+    <!--
+		AuthenticatorConfigs allow specifying various configurations needed
+		by the authenticators by using any number of \'Parameter\' elements
+		E.g.
+		<AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+			<Parameter name="paramName1">paramValue</Parameter>
+			<Parameter name="paramName2">paramValue</Parameter>
+		</AuthenticatorConfig>
+    -->
+    <AuthenticatorConfigs>
+        <AuthenticatorConfig name="BasicAuthenticator" enabled="true">
+            <!--Parameter name="UserNameAttributeClaimUri">http://wso2.org/claims/emailaddress</Parameter-->
+            <!--Parameter name="showAuthFailureReason">true</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+        <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+        <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+            <!--Parameter name="SignAuth2SAMLUsingSuperTenant">true</Parameter-->
+            <!--Parameter name="SAML2SSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+            <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+            <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+            <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+            <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+            <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="GoogleOIDCAuthenticator" enabled="true">
+            <Parameter name="GoogleTokenEndpoint">https://accounts.google.com/o/oauth2/token</Parameter>
+            <Parameter name="GoogleAuthzEndpoint">https://accounts.google.com/o/oauth2/auth</Parameter>
+            <Parameter name="GoogleUserInfoEndpoint">https://www.googleapis.com/oauth2/v3/userinfo</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="MicrosoftWindowsLive" enabled="true">
+            <Parameter name="AuthTokenEndpoint">https://login.live.com/oauth20_token.srf</Parameter>
+            <Parameter name="AuthnEndpoint">https://login.live.com/oauth20_authorize.srf</Parameter>
+            <Parameter name="UserInfoEndpoint">https://apis.live.net/v5.0/me?access_token=</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="FacebookAuthenticator" enabled="true">
+            <Parameter name="AuthTokenEndpoint">https://graph.facebook.com/oauth/access_token</Parameter>
+            <Parameter name="AuthnEndpoint">http://www.facebook.com/dialog/oauth</Parameter>
+            <Parameter name="UserInfoEndpoint">https://graph.facebook.com/me</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig  name="FIDOAuthenticator" enabled="true">
+            <Parameter name="FidoAuth">/authenticationendpoint/fido-auth.jsp</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="YahooOAuth2Authenticator" enabled="true">
+            <Parameter name="YahooTokenEndpoint">https://api.login.yahoo.com/oauth2/get_token</Parameter>
+            <Parameter name="YahooOAuthzEndpoint">https://api.login.yahoo.com/oauth2/request_auth</Parameter>
+            <Parameter name="YahooUserInfoEndpoint">https://social.yahooapis.com/v1/user/</Parameter>
+        </AuthenticatorConfig>
+    </AuthenticatorConfigs>
+
+    <!--
+		Sequences allow specifying authentication flows for different
+		registered applications. \'default\' sequence is taken if an
+		application specific sequence doesn't exist in this file or
+		in the Application Mgt module.
+    -->
+    <Sequences>
+        <!-- Default Sequence. This is mandatory -->
+        <Sequence appId="default">
+            <Step order="1">
+                <Authenticator name="BasicAuthenticator"/>
+            </Step>
+        </Sequence>
+    </Sequences>
+
+    <!--
+            AuthenticationEndpointQueryParams are the request parameters
+            that would be sent to the AuthenticationEndpoint.
+            'action' defines the behaviour: if 'include', only the defined
+            parameters would be included in the request.
+            If 'exclude' specified, all the parameters received by the
+            Authentication Framework would be sent in the request except
+            the ones specified.
+            'sessionDataKey', 'type', 'relyingParty', 'sp' and 'authenticators'
+            parameters will be always sent. They should not be specified here.
+        -->
+    <AuthenticationEndpointQueryParams action="exclude">
+        <AuthenticationEndpointQueryParam name="username"/>
+        <AuthenticationEndpointQueryParam name="password"/>
+        <AuthenticationEndpointQueryParam name="SAMLRequest"/>
+    </AuthenticationEndpointQueryParams>
+
+    <!--TenantDomainDropDownEnabled>true</TenantDomainDropDownEnabled>
+    <TenantDataListenerURLs>
+      <TenantDataListenerURL>/authenticationendpoint/tenantlistrefresher.do</TenantDataListenerURL>
+    </TenantDataListenerURLs-->
+
+</ApplicationAuthentication>
\ No newline at end of file

From 945c581d99e759bcac786a315b3930951a6bbbbb Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Tue, 6 Dec 2016 11:59:23 +0530
Subject: [PATCH 5/7] Copying application-authentication.xml into pack

---
 modules/core/distribution/src/assembly/bin.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml
index c504063c..10700d27 100644
--- a/modules/core/distribution/src/assembly/bin.xml
+++ b/modules/core/distribution/src/assembly/bin.xml
@@ -851,6 +851,12 @@
             </outputDirectory>
             <fileMode>644</fileMode>
         </file>
+        <file>
+            <source>src/repository/conf/identity/application-authentication.xml</source>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity
+            </outputDirectory>
+            <fileMode>644</fileMode>
+        </file>
         <file>
             <source>src/repository/conf/identity/thrift-authentication.xml</source>
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity</outputDirectory>

From 3e3bf1ce3826108d25eb61e330537334913de045 Mon Sep 17 00:00:00 2001
From: Rasika Perera <info.rasika@gmail.com>
Date: Tue, 6 Dec 2016 12:18:30 +0530
Subject: [PATCH 6/7] Fixing application-authentication.xml not replaced

---
 modules/core/distribution/src/assembly/bin.xml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml
index 10700d27..0e2a2e26 100644
--- a/modules/core/distribution/src/assembly/bin.xml
+++ b/modules/core/distribution/src/assembly/bin.xml
@@ -822,15 +822,6 @@
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
-        <file>
-            <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/application-authentication.xml
-            </source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity
-            </outputDirectory>
-            <filtered>true</filtered>
-            <fileMode>644</fileMode>
-        </file>
         <!-- Copying thrift-authentication.xml -->
         <file>
             <source>src/repository/conf/application-authenticators.xml</source>

From 9874844082b0714f19b36bd41c44bfe372cea998 Mon Sep 17 00:00:00 2001
From: Chatura Dilan <dilan@dilan.me>
Date: Tue, 6 Dec 2016 13:48:08 +0530
Subject: [PATCH 7/7] Added config to remove webapps

---
 .../core/distribution/src/assembly/bin.xml    |  6 +++++
 .../repository/resources/appm-tenant-conf.xml | 25 +++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 modules/core/distribution/src/repository/resources/appm-tenant-conf.xml

diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml
index c504063c..8b50b7bd 100644
--- a/modules/core/distribution/src/assembly/bin.xml
+++ b/modules/core/distribution/src/assembly/bin.xml
@@ -965,6 +965,12 @@
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
+        <file>
+            <source>src/repository/resources/appm-tenant-conf.xml</source>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/resources</outputDirectory>
+            <filtered>true</filtered>
+            <fileMode>644</fileMode>
+        </file>
         <!--License Config file-->
         <file>
             <source>
diff --git a/modules/core/distribution/src/repository/resources/appm-tenant-conf.xml b/modules/core/distribution/src/repository/resources/appm-tenant-conf.xml
new file mode 100644
index 00000000..377b7d54
--- /dev/null
+++ b/modules/core/distribution/src/repository/resources/appm-tenant-conf.xml
@@ -0,0 +1,25 @@
+
+<!--
+
+Tenant specific configurations for appmgt
+
+-->
+<AppMgt>
+
+    <!--
+        Configures the app subscription types.
+    -->
+    <Subscriptions>
+        <EnableSelfSubscription>false</EnableSelfSubscription>
+        <EnableEnterpriseSubscription>false</EnableEnterpriseSubscription>
+    </Subscriptions>
+
+    <!--
+    These types in the configuration provides a list of enabled types in the APP Manager.
+    If web app is commented, it will be hidden from APP Manager. These type values can be read as artifact types in RXT template
+    -->
+    <EnabledAssetTypes>
+        <Type>mobileapp</Type>
+    </EnabledAssetTypes>
+
+</AppMgt>