Merge pull request #1770 from ruwany/330-release

Adding identity-consent mgt configs and changing login redirection page
application-manager-new
Geeth 7 years ago committed by GitHub
commit dece71d0c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -29,7 +29,7 @@
AuthenticationEndpointURL is location of the web app containing AuthenticationEndpointURL is location of the web app containing
the authentication related pages the authentication related pages
--> -->
<AuthenticationEndpointURL>/devicemgt/login</AuthenticationEndpointURL> <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
<AuthenticationEndpointRetryURL>/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL> <AuthenticationEndpointRetryURL>/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
<!-- <!--
@ -159,4 +159,4 @@
<TenantDataListenerURL>/authenticationendpoint/tenantlistrefresher.do</TenantDataListenerURL> <TenantDataListenerURL>/authenticationendpoint/tenantlistrefresher.do</TenantDataListenerURL>
</TenantDataListenerURLs--> </TenantDataListenerURLs-->
</ApplicationAuthentication> </ApplicationAuthentication>

@ -33,6 +33,12 @@
<Enable>true</Enable> <Enable>true</Enable>
<CleanUpTimeout>20160</CleanUpTimeout> <CleanUpTimeout>20160</CleanUpTimeout>
<CleanUpPeriod>1140</CleanUpPeriod> <CleanUpPeriod>1140</CleanUpPeriod>
<!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
<!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
<DeleteChunkSize>50000</DeleteChunkSize>
<!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
<!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
<DeleteChunkSize>50000</DeleteChunkSize>
</SessionDataCleanUp> </SessionDataCleanUp>
<OperationDataCleanUp> <OperationDataCleanUp>
<Enable>true</Enable> <Enable>true</Enable>
@ -217,13 +223,45 @@
<GrantTypeValidatorImplClass>org.wso2.carbon.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator</GrantTypeValidatorImplClass> <GrantTypeValidatorImplClass>org.wso2.carbon.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator</GrantTypeValidatorImplClass>
</SupportedGrantType> </SupportedGrantType>
</SupportedGrantTypes> </SupportedGrantTypes>
<!--
Defines the grant types that will filter user claims based on user consent in their responses such as
id_token or user info response.
Default grant types that filter user claims based on user consent are 'authorization_code' and 'implicit'.
Supported versions: IS 5.5.0 onwards.
-->
<UserConsentEnabledGrantTypes>
<UserConsentEnabledGrantType>
<GrantTypeName>authorization_code</GrantTypeName>
</UserConsentEnabledGrantType>
<UserConsentEnabledGrantType>
<GrantTypeName>implicit</GrantTypeName>
</UserConsentEnabledGrantType>
</UserConsentEnabledGrantTypes>
<OAuthCallbackHandlers> <OAuthCallbackHandlers>
<OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/> <OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
</OAuthCallbackHandlers> </OAuthCallbackHandlers>
<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>
<!--TokenValidators> <TokenValidators>
<TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/> <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
</TokenValidators--> <TokenValidator type="jwt" class="org.wso2.carbon.identity.oauth2.validators.OAuth2JWTTokenValidator"/>
</TokenValidators>
<!-- Scope validators list. The validators registered here wil be executed during token validation. -->
<ScopeValidators>
<ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" />
<ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.XACMLScopeValidator"/>
</ScopeValidators>
<!-- Scope handlers list. The handlers registered here will be executed at the scope validation phase while
issuing access tokens. -->
<ScopeHandlers>
<ScopeHandler class="org.wso2.carbon.identity.oauth2.validators.OIDCScopeHandler" />
</ScopeHandlers>
<!-- Assertions can be used to embedd parameters into access token. --> <!-- Assertions can be used to embedd parameters into access token. -->
<EnableAssertions> <EnableAssertions>
<UserName>false</UserName> <UserName>false</UserName>
@ -254,6 +292,26 @@
<OpenIDConnect> <OpenIDConnect>
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder> <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm> <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<!-- Default asymmetric encryption algorithm that used to encrypt CEK. -->
<IDTokenEncryptionAlgorithm>RSA-OAEP</IDTokenEncryptionAlgorithm>
<!-- Default symmetric encryption algorithm that used to encrypt JWT claims set. -->
<IDTokenEncryptionMethod>A128GCM</IDTokenEncryptionMethod>
<!-- Supported versions: IS 5.5.0 onwards. -->
<SupportedIDTokenEncryptionAlgorithms>
<SupportedIDTokenEncryptionAlgorithm>RSA1_5</SupportedIDTokenEncryptionAlgorithm>
<SupportedIDTokenEncryptionAlgorithm>RSA-OAEP</SupportedIDTokenEncryptionAlgorithm>
</SupportedIDTokenEncryptionAlgorithms>
<SupportedIDTokenEncryptionMethods>
<SupportedIDTokenEncryptionMethod>A128GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A192GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A256GCM</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A128CBC-HS256</SupportedIDTokenEncryptionMethod>
<SupportedIDTokenEncryptionMethod>A128CBC+HS256</SupportedIDTokenEncryptionMethod>
</SupportedIDTokenEncryptionMethods>
<EnableAudiences>true</EnableAudiences>
<!-- Comment out to add Audience values to the JWT token (id_token) --> <!-- Comment out to add Audience values to the JWT token (id_token) -->
<!--Audiences> <!--Audiences>
<Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience> <Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
@ -264,13 +322,44 @@
--> -->
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID> <IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler> <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
<UserInfoJWTSignatureAlgorithm>SHA256withRSA</UserInfoJWTSignatureAlgorithm>
<IDTokenExpiration>3600</IDTokenExpiration> <IDTokenExpiration>3600</IDTokenExpiration>
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever> <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator> <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator> <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder> <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
<SkipUserConsent>false</SkipUserConsent> <SkipUserConsent>false</SkipUserConsent>
<!-- Sign the ID Token with Service Provider Tenant Private Key-->
<SignJWTWithSPKey>false</SignJWTWithSPKey>
<!--
Expiry period of the logout token used in OIDC Back Channel Logout in seconds.
Supported versions: IS 5.5.0 onwards
-->
<LogoutTokenExpiration>120</LogoutTokenExpiration>
<!--
OIDC Request Object builder implementation.
Supported versions: IS 5.4.0 onwards
-->
<RequestObjectBuilders>
<RequestObjectBuilder>
<BuilderName>request_param_value_builder</BuilderName>
<RequestObjectBuilderImplClass>org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder</RequestObjectBuilderImplClass>
</RequestObjectBuilder>
</RequestObjectBuilders>
<!--
OIDC Request Object validator implementation.
Supported versions: IS 5.4.0 onwards
-->
<RequestObjectValidator>org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl</RequestObjectValidator>
</OpenIDConnect> </OpenIDConnect>
<!-- Configs related to OAuth2 token persistence -->
<TokenPersistence>
<Enable>true</Enable>
<PoolSize>0</PoolSize>
<RetryCount>5</RetryCount>
</TokenPersistence>
</OAuth> </OAuth>
<MultifactorAuthentication> <MultifactorAuthentication>
<!--Enable>false</Enable--> <!--Enable>false</Enable-->
@ -315,6 +404,12 @@
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI> <SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
<SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled> <SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
</SSOService> </SSOService>
<Consent>
<!--Specify whether consent management should be enable during SSO.-->
<EnableSSOConsentManagement>true</EnableSSOConsentManagement>
</Consent>
<SecurityTokenService> <SecurityTokenService>
<!-- <!--
Default value for IdentityProviderURL is built in following format Default value for IdentityProviderURL is built in following format
@ -368,6 +463,17 @@
</Authenticator> </Authenticator>
</SCIMAuthenticators> </SCIMAuthenticators>
</SCIM> </SCIM>
<SCIM2>
<!--
Default value for UserEPUrl and GroupEPUrl are built in following format
https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<!--UserEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Users</UserEPUrl-->
<!--GroupEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Groups</GroupEPUrl-->
</SCIM2>
<!--Recovery> <!--Recovery>
<Notification> <Notification>
<Password> <Password>
@ -401,10 +507,15 @@
<EmailVerification> <EmailVerification>
<Enable>false</Enable> <Enable>false</Enable>
<ExpiryTime>1440</ExpiryTime>
<LockOnCreation>true</LockOnCreation> <LockOnCreation>true</LockOnCreation>
<Notification> <Notification>
<InternallyManage>true</InternallyManage> <InternallyManage>true</InternallyManage>
</Notification> </Notification>
<AskPassword>
<ExpiryTime>1440</ExpiryTime>
<PasswordGenerator>org.wso2.carbon.user.mgt.common.DefaultPasswordGenerator</PasswordGenerator>
</AskPassword>
</EmailVerification> </EmailVerification>
<SelfRegistration> <SelfRegistration>
@ -415,74 +526,251 @@
</Notification> </Notification>
<ReCaptcha>false</ReCaptcha> <ReCaptcha>false</ReCaptcha>
</SelfRegistration--> </SelfRegistration-->
<EnableAskPasswordAdminUI>true</EnableAskPasswordAdminUI>
<EnableRecoveryEndpoint>true</EnableRecoveryEndpoint>
<EnableSelfSignUpEndpoint>true</EnableSelfSignUpEndpoint>
<AuthenticationPolicy>
<CheckAccountExist>true</CheckAccountExist>
</AuthenticationPolicy>
<EventListeners> <EventListeners>
<EventListener enable="true" name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener" orderId="10" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/> <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
<EventListener enable="false" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/> name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/> orderId="10" enable="true"/>
<EventListener enable="true" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/> <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"> name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
orderId="50" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
orderId="90" enable="true"/>
<!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener"
orderId="93" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener"
orderId="95" enable="true"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener"
orderId="97" enable="true">
<Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property> <Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
</EventListener> </EventListener>
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl" orderId="10" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/> <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
<EventListener enable="false" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/> name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
<EventListener enable="true" name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy" orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/> orderId="10" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
orderId="11" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
orderId="11" enable="true"/>
<!-- Enable this listener to call DeleteEventRecorders. -->
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.user.mgt.listeners.UserDeletionEventListener"
orderId="98" enable="false"/>
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
orderId="110" enable="true"/>
</EventListeners> </EventListeners>
<!-- These recorders are used to write user delete information to specific sources. Default event recorder is CSV
file recorder. This recorder is disabled by default. Enable it by setting enable="true". To run these recorders,
EventListener "rg.wso2.carbon.user.mgt.listeners.UserDeletionEventListener" also should be enabled. Which is
also disabled by default. -->
<UserDeleteEventRecorders>
<UserDeleteEventRecorder name="org.wso2.carbon.user.mgt.recorder.DefaultUserDeletionEventRecorder" enable="false">
<!-- Un comment below line if you need to write entries to a separate .csv file. Otherwise this will be
written in to a log file using a separate appender. -->
<!--<Property name="path">${carbon.home}/repository/logs/delete-records.csv</Property>-->
</UserDeleteEventRecorder>
</UserDeleteEventRecorders>
<CacheConfig> <CacheConfig>
<!-- Identity cache configuration.
Timeouts are in seconds.
Capacity is the maximum cache size.
Unless specifically mentioned, you do not need to set the isDistributed flag.
-->
<CacheManager name="IdentityApplicationManagementCacheManager"> <CacheManager name="IdentityApplicationManagementCacheManager">
<Cache capacity="5000" enable="false" isDistributed="false" name="AppAuthFrameworkSessionContextCache" timeout="1"/> <Cache name="AppAuthFrameworkSessionContextCache"
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationContextCache" timeout="1"/> enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationRequestCache" timeout="1"/> <Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthenticationResultCache" timeout="1"/> <Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="AppInfoCache" timeout="1"/> <Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="AuthorizationGrantCache" timeout="1"/> <Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthCache" timeout="1"/> <Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="OAuthSessionDataCache" timeout="1"/> <Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOParticipantCache" timeout="1"/> <Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionIndexCache" timeout="1"/> <Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="SAMLSSOSessionDataCache" timeout="1"/> <Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderCache" timeout="1"/> <Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ProvisioningConnectorCache" timeout="1"/> <Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="false" isDistributed="false" name="ProvisioningEntityCache" timeout="1"/> <Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="ServiceProviderProvisioningConnectorCache" timeout="1"/> <Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByAuthProperty" timeout="1"/> <Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByHRI" timeout="1"/> <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache capacity="5000" enable="true" isDistributed="false" name="IdPCacheByName" timeout="1"/> <Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
<Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false"/>
</CacheManager> </CacheManager>
</CacheConfig> </CacheConfig>
<!--Cookies> <!--Cookies>
<Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" /> <Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
</Cookies--> </Cookies-->
<ResourceAccessControl> <ResourceAccessControl>
<Resource context="(.*)/api/identity/user/(.*)" http-method="all" secured="true"/> <Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/recovery/(.*)" http-method="all" secured="true"/> <Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>
<Resource context="(.*)/.well-known(.*)" http-method="all" secured="true"/> <Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/>
<Resource context="(.*)/identity/register(.*)" http-method="all" secured="true"> <Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/user/v1.0/pi-info" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/user/v1.0/pi-info/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/receipts/(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
</Resource>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="GET"/>
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.+)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
</Resource>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions> <Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
</Resource> </Resource>
<Resource context="(.*)/identity/connect/register(.*)" http-method="all" secured="true"> <Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="PUT">
<Permissions>/permission/admin/manage/identity/applicationmgt/update</Permissions>
</Resource>
<Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
</Resource>
<Resource context="(.*)/identity/register(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
</Resource>
<Resource context="(.*)/identity/connect/register(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions> <Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
</Resource> </Resource>
<Resource context="(.*)/oauth2/introspect(.*)" http-method="all" secured="true"> <Resource context="(.*)/oauth2/introspect(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions> <Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
</Resource> </Resource>
<Resource context="(.*)/api/identity/entitlement/(.*)" http-method="all" secured="true"> <Resource context="(.*)/api/identity/entitlement/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/pep</Permissions> <Permissions>/permission/admin/manage/identity/pep</Permissions>
</Resource> </Resource>
<Resource context="(.*)/scim2/Users" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/usermgt/list</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT">
<Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH">
<Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET">
<Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT">
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH">
<Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
</Resource>
<Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="GET">
<Permissions>/permission/admin/login</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE">
<Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="PUT">
<Permissions>/permission/admin/login</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH">
<Permissions>/permission/admin/login</Permissions>
</Resource>
<Resource context="(.*)/scim2/Me" secured="true" http-method="POST">
<Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
</Resource>
<Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all">
<Permissions></Permissions>
</Resource>
<Resource context="/scim2/ResourceType" secured="false" http-method="all">
<Permissions></Permissions>
</Resource>
<Resource context="/scim2/Bulk" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/usermgt</Permissions>
</Resource>
<Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all">
<Permissions>/permission/admin/manage/identity/applicationmgt</Permissions>
</Resource>
</ResourceAccessControl> </ResourceAccessControl>
<ClientAppAuthentication> <ClientAppAuthentication>
<Application hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262" name="dashboard"/> <Application name="dashboard" hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"/>
</ClientAppAuthentication> </ClientAppAuthentication>
<TenantContextsToRewrite> <TenantContextsToRewrite>
<WebApp> <WebApp>
<Context>/api/identity/user/v0.9</Context> <Context>/api/identity/user/v1.0/</Context>
<Context>/api/identity/recovery/v0.9</Context> <Context>/api/identity/consent-mgt/v1.0/</Context>
<Context>/oauth2</Context> <Context>/api/identity/recovery/v0.9/</Context>
<Context>/api/identity/entitlement</Context> <Context>/oauth2/</Context>
<Context>/scim2/</Context>
<Context>/api/identity/entitlement/</Context>
<Context>/api/identity/oauth2/dcr/v1.0/</Context>
</WebApp> </WebApp>
<Servlet> <Servlet>
<Context>/identity/(.*)</Context> <Context>/identity/(.*)</Context>
</Servlet> </Servlet>
</TenantContextsToRewrite> </TenantContextsToRewrite>
<!-- Server Synchronization Tolerance Configuration in seconds --> <!-- Server Synchronization Tolerance Configuration in seconds -->
<ClockSkew>300</ClockSkew> <ClockSkew>300</ClockSkew>
</Server> </Server>

@ -53,9 +53,9 @@
<param-value>https://localhost:9443/accountrecoveryendpoint</param-value> <param-value>https://localhost:9443/accountrecoveryendpoint</param-value>
</context-param--> </context-param-->
<context-param> <context-param>
<param-name>AccountRecoveryRESTEndpointURL</param-name> <param-name>AccountRecoveryRESTEndpointURL</param-name>
<param-value>https://localhost:9443/t/tenant-domain/api/identity/user/v0.9/</param-value> <param-value>https://localhost:9443/t/tenant-domain/api/identity/user/v1.0/</param-value>
</context-param> </context-param>
<!-- *************** End of Account Recovery Endpoint Context URL Configuration ********************** --> <!-- *************** End of Account Recovery Endpoint Context URL Configuration ********************** -->
<!--Display scopes in the consent page.--> <!--Display scopes in the consent page.-->
@ -90,6 +90,32 @@
<url-pattern>/*</url-pattern> <url-pattern>/*</url-pattern>
</filter-mapping> </filter-mapping>
<filter>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<filter-class>
org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter
</filter-class>
<init-param>
<param-name>patterns</param-name>
<param-value>"text/html" ,"application/json" ,"plain/text"</param-value>
</init-param>
<init-param>
<param-name>filterAction</param-name>
<param-value>enforce</param-value>
</init-param>
<init-param>
<param-name>httpHeaders</param-name>
<param-value>
Cache-Control: no-store, no-cache, must-revalidate, private
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<listener> <listener>
<listener-class> <listener-class>
org.wso2.carbon.identity.application.authentication.endpoint.util.listener.AuthenticationEndpointContextListener org.wso2.carbon.identity.application.authentication.endpoint.util.listener.AuthenticationEndpointContextListener
@ -181,6 +207,21 @@
<jsp-file>/registration.jsp</jsp-file> <jsp-file>/registration.jsp</jsp-file>
</servlet> </servlet>
<servlet>
<servlet-name>consent.do</servlet-name>
<jsp-file>/consent.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>cookie_policy.do</servlet-name>
<jsp-file>/cookie_policy.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>privacy_policy.do</servlet-name>
<jsp-file>/privacy_policy.jsp</jsp-file>
</servlet>
<servlet-mapping> <servlet-mapping>
<servlet-name>retry.do</servlet-name> <servlet-name>retry.do</servlet-name>
<url-pattern>/retry.do</url-pattern> <url-pattern>/retry.do</url-pattern>
@ -266,6 +307,21 @@
<url-pattern>/claims.do</url-pattern> <url-pattern>/claims.do</url-pattern>
</servlet-mapping> </servlet-mapping>
<servlet-mapping>
<servlet-name>consent.do</servlet-name>
<url-pattern>/consent.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cookie_policy.do</servlet-name>
<url-pattern>/cookie_policy.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>privacy_policy.do</servlet-name>
<url-pattern>/privacy_policy.do</url-pattern>
</servlet-mapping>
<error-page> <error-page>
<exception-type>java.lang.Throwable</exception-type> <exception-type>java.lang.Throwable</exception-type>
<location>/generic-exception-response.jsp</location> <location>/generic-exception-response.jsp</location>
@ -277,4 +333,4 @@
</cookie-config> </cookie-config>
</session-config> </session-config>
</web-app> </web-app>
Loading…
Cancel
Save