Git Product home page Git Product logo

identity-apps's Introduction

WSO2 Identity Server Apps

End-user apps in WSO2 Identity Server

Stackoverflow Discord License Twitter

Table of Content

Prerequisite

Setup Development Environment

  1. Install NodeJS LTS(Latest Stable Version) from https://nodejs.org/en/download/.
  2. Install pnpm.

Note: Only PNPM v9 and above are supported.

```shell
corepack prepare pnpm@latest --activate
```

Or, follow the other [recommended installation options](https://pnpm.io/installation).
  1. Install Maven from https://maven.apache.org/download.cgi.
  2. Install JDK 11 https://openjdk.org/projects/jdk/.
  3. Install the recommended developer tools.

Download WSO2 Identity Server

In order to setup this repository locally, you need to have WSO2 Identity Server installed on your local environment.

We recommend you to download the latest release or build the product-is from source.

Setup WSO2 Identity Server

Allow CORS Origins

Add the following code to repository/conf/deployment.toml in WSO2 Identity Server distribution pack to allow CORS for local deployment URLs.

[cors]
allowed_origins = [
    "https://localhost:9000",
    "https://localhost:9001"
]
supported_methods = [
    "GET",
    "POST",
    "HEAD",
    "OPTIONS",
    "PUT",
    "PATCH",
    "HEAD",
    "DELETE",
    "PATCH"
]
exposed_headers = [ "Location" ]

Configure FIDO2 origins

Add your hostname and port as a trusted FIDO2 origin to the deployment.toml file as given below.

[fido.trusted]
origins=["https://localhost:9000"]

Make Applications Editable

Currently, Console & My Account are considered as system applications hence they are readonly by default. In order to configure them, you need to add the following config to the deployment.toml file to override the default behavior.

[system_applications]
read_only_apps = []

Configure Callback URLs for System Applications (for WSO2 IS v7.0 and above)

Important

In Identity Server v7.0 and above, callback_urls for system applications need to be configured from the deployment.toml file. If your Identity Server version is below v7.0, callback URLs can be configured from the developer console, which is explained in a later step in this guide.

[console]
callback_url = "regexp=(https://localhost:9443/console|https://localhost:9443/t/(.*)/console|https://localhost:9443/console/login|https://localhost:9443/t/(.*)/console/login|https://localhost:9001/console|https://localhost:9001/t/(.*)/console|https://localhost:9001/console/login|https://localhost:9001/t/(.*)/console/login|https://localhost:9443/o/(.*)/console|https://localhost:9001/o/(.*)/console|https://localhost:9001/o/(.*)/console/login)"

[myaccount]
callback_url = "regexp=(https://localhost:9443/myaccount|https://localhost:9443/t/(.*)/myaccount|https://localhost:9443/myaccount/login|https://localhost:9443/t/(.*)/myaccount/login|https://localhost:9000/myaccount|https://localhost:9000/t/(.*)/myaccount|https://localhost:9000/myaccount/login|https://localhost:9000/t/(.*)/myaccount/login)"

Start the Identity Server

Now you can go ahead and start WSO2 Identity Server that was downloaded in the Prerequisites step.

For instructions on startup, read the docs.

Configure Callback URLs for System Applications (for WSO2 IS below v7.0)

ℹ️ Note

This step is only applicable for WSO2 Identity Server versions below v7.0.

  1. Navigate to the Management Console i.e https://localhost:9443/carbon/ from the browser, and login to the system by entering an admin password.

💡 Find out the default password details at https://docs.wso2.com/display/ADMIN44x/Configuring+the+System+Administrator

  1. In the Management Console,

    • navigate to Service Providers -> List from left side panel.

    • Then go to Edit option in the application that you want to configure in dev mode (ex: MY_ACCOUNT).

    • Click on Inbound Authentication Configuration -> OAuth/OpenID Connect Configuration -> Edit.

    • Update the Callback Url field with below corresponding values.

      • Console

        regexp=(https://localhost:9443/console|https://localhost:9443/t/(.*)/console|https://localhost:9443/console/login|https://localhost:9443/t/(.*)/console/login|https://localhost:9001/console|https://localhost:9001/t/(.*)/console|https://localhost:9001/console/login|https://localhost:9001/t/(.*)/console/login|https://localhost:9443/o/(.*)/console|https://localhost:9001/o/(.*)/console|https://localhost:9001/o/(.*)/console/login)

      • My Account

        regexp=(https://localhost:9443/myaccount|https://localhost:9443/t/(.*)/myaccount|https://localhost:9443/myaccount/login|https://localhost:9443/t/(.*)/myaccount/login|https://localhost:9000/myaccount|https://localhost:9000/t/(.*)/myaccount|https://localhost:9000/myaccount/login|https://localhost:9000/t/(.*)/myaccount/login)

Build & Run

Build

Clone or download the identity-apps repository and run the following commands from the command line in the project root directory (where the package.json is located) to build all the packages with dependencies.

For Console & My Account

# From project root.
pnpm install && pnpm build

For JSP apps (authentication portal, recovery portal, etc)

# From project root.
cd identity-apps-core

mvn clean install

Run

To start the apps in development mode, execute the following commands accordingly.

Console

# To start Console
cd apps/console
pnpm start

Once the development server is up and running, you can access the application via https://localhost:9001/console.

My Account

# To start My Account
cd apps/myaccount
pnpm start

Once the development server is up and running, you can access the application via https://localhost:9000/myaccount.

Releases

This repository uses 🦋 Changesets to manage releases. Refer to release documentation to learn more about the release process.

Configuration

The portals i.e. Console & My Account are configurable using the deployment.toml when they are hosted inside the Identity Server. Read through our configurations guidelines to learn about the configuration process.

Deployment

Go through our deployment guide to learn the supported app deployment options.

Connectors

Go through our connectors guide to learn how to handle connectors in the Identity Server Console.

Troubleshoot

Go through our troubleshooting guide to clarify any issues you encounter.

If the issue you are facing is not on the existing guide, consider reaching out to us on Discord, StackOverflow or by creating an issue as described in Reporting Issues.

Contributing

Go through our contributing guideline to get an understanding about our contribution process and other necessary instructions.

Reporting Issues

We encourage you to report issues, improvements and feature requests regarding the project through GitHub Issue Tracker.

⚠️ Important:

Please be advised that security issues must be reported to [email protected], not as GitHub issues, in order to reach proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting the security issues.

License

Licenses this source under the Apache License, Version 2.0 (LICENSE), You may not use this file except in compliance with the License.

(c) Copyright 2022 WSO2 LLC.

identity-apps's People

Contributors

achintha444 avatar ashanthamara avatar brionmario avatar chamathns avatar dasuni-30 avatar dilshansenarath avatar dimalchandrasiri avatar dinikasen avatar donomalvindula avatar github-actions[bot] avatar inthirakumaaran avatar jathushan-r avatar jayashakthi97 avatar jeradrutnam avatar kavinda1995 avatar kayathiri4 avatar nipunibhagya avatar nipunsampath avatar pasinduyeshan avatar pavindulakshan avatar rashmini avatar savindi7 avatar thanujalk avatar thiva-k avatar thivi avatar vihanga-liyanage avatar vivekvinushanth avatar wso2-jenkins-bot avatar yasinmiran avatar yathindrak avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jeradrutnam darshanasbg nipunibhagya brionmario codeturbine isurangaperera thivi denuwanthi inthirakumaaran mefarazath thanujalk hasinidilanka sachiniwettasinghe dimalchandrasiri sarubi bouriga anuradhask thumimku shanchathusanda93 chamathns kanchanagodage emswbandara gayashanbc piraveena gangani vihanga-liyanage ashendes avishkajayasundara malithie sumedhe tharindu-b-hewage janakamarasena senthalan pushpalanka madurangasiriwardena ashensw mevan-karu poscarasia ganeshkrishnasharma sumedhassk abilashini rksk dinikasen geve82 somindatommy kushanb nilasini cyracom hoabuiyt dewnimw rdranathunga sathiyakugan lahirulakruwan omindu rohanlekamge ayshsandu ediboko1980 pulasthi7 tharikagithub buddhimah tharakawijekoon muharihar ridmir binhfoto shiromi-basil mailenhaht yasinmiran gayarohanangajanan mihirukongahage shehandinuka kalanika dilshannaveen chinthakarukshan nilukasripalim jenkins-is-staging aaujayasena isuruhettiarachchi nipunthilakshan haribabu401 himashirathnayake minolih kanapriya ahmedassaf maneeshaindrachapa msm1992 kepuss fernandocyder ictasl rashmini tmkasun kayathiri4 jdchathuranga yasara-y ayeshajay hasuniea udeshathukorala ndjpirisyala cbenitotaya vordimous tiffany-silva

identity-apps's Issues

Remember me option on sign-in page / login page not working-user portal

Tested version: identity-app: 0.9.17-SNAPSHOT
Describe the bug

  1. Login as admin/ admin by selecting "Remember me on this computer" option
  2. sign out
  3. enter password as "admin"

Issue: "Remember me" is not working in user portal

Need to look in how this can be implemented in a secure manner.

Claim names are not translated in profile completion component

Describe the bug
Screen Shot 2019-12-17 at 8 22 53 AM

Claims are get translated in the Profile page though,
Screen Shot 2019-12-17 at 8 25 56 AM

Additionally, lets get URL and other possible claims also translated by default. So if anyone enabled supported by default for OOTB claims shipped in the product, usability be intact.

Environment
A product-is m10-snapshot pack with identity-apps: 0.1.149.

Page will navigate to empty page-Self-registration

Affected IAM version : 5.10 m9
Identity -app version : 0.1.152-SNAPSHOT
Type: Improvement
Severity: Medium
Priority: High

Description
After filling in all the data and clicking on the "Register", it will move to an empty page.

Expected improvement :
it is better if we can display a conformation message box
EX: Confirmation link has been sent to your email

Browser / UI scaling issue- User portal

Describe the bug
UI Issue after minimizing the Browser

Screenshot attached:
image

Test Environment

  • Product IS : wso2is-5.10.0-m4
  • Browser : Safari- Version 13.0.3 (13608.3.10.10.1), Google Chrome Version 78.0.3904.97 (Official Build) (64-bit)

Errors when using identifier-first login

To Reproduce
Steps to reproduce the behavior:

  1. Login to management console, click edit on User Portal SP. Expand Local & Outbound Authentication Configuration section and click on Advanced Configuration option button.
  2. Click on Add Authentication Step and select identifier-first from the Local Authenticators section and click on Add Authenticator button.
  3. Click on Add Authentication Step again and select basic from the Local Authenticators section and click on Add Authenticator button.
  4. Click on update to save Advanced Authentication Configurations and click update on the next page to save all changes to the 'Service Provider`
  5. Try to login to the User Portal.
  6. It will show following page,

Screen Shot 2019-12-15 at 7 28 34 PM

Expected behavior
Issue 1: Type user name and click on continue. It will ended up with an error page,
Screen Shot 2019-12-15 at 7 31 02 PM

TID: [-1234] [authenticationendpoint] [2019-12-15 19:46:12,418] [04aa31ab-e829-4624-af3f-86a415e6a718] ERROR {org.wso2.carbon.identity.application.authentication.endpoint.util.AuthContextAPIClient} - Sending GET request to URL : https://localhost:9443/api/identity/auth/v1.1/context/48f11a36-6f64-4a59-b53a-ca4ba8ee0dc1failed. java.io.IOException: Server returned HTTP response code: 401 for URL: https://localhost:9443/api/identity/auth/v1.1/context/48f11a36-6f64-4a59-b53a-ca4ba8ee0dc1
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.AuthContextAPIClient.getContextProperties(AuthContextAPIClient.java:69)
	at org.apache.jsp.login_jsp._jspService(login_jsp.java:374)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:179)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

TID: [-1234] [authenticationendpoint] [2019-12-15 19:46:12,427] [04aa31ab-e829-4624-af3f-86a415e6a718] ERROR {org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/authenticationendpoint].[oauth2_login.do]} - Servlet.service() for servlet [oauth2_login.do] threw exception java.lang.NullPointerException
	at org.apache.jsp.login_jsp._jspService(login_jsp.java:377)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:179)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

TID: [-1234] [authenticationendpoint] [2019-12-15 19:46:12,480] [04aa31ab-e829-4624-af3f-86a415e6a718] ERROR {org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/authenticationendpoint].[default]} - Servlet.service() for servlet [default] in context with path [/authenticationendpoint] threw exception [An exception occurred processing [login.jsp] at line [106]

103:         String contextProperties = AuthContextAPIClient.getContextProperties(authAPIURL);
104:         Gson gson = new Gson();
105:         Map<String, Object> parameters = gson.fromJson(contextProperties, Map.class);
106:         username = (String) parameters.get("username");
107:     }
108: %>
109: 


Stacktrace:] with root cause java.lang.NullPointerException
	at org.apache.jsp.login_jsp._jspService(login_jsp.java:377)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:179)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

Issue 2: In the identifier first step, type username and press enter. It's redirect user to registration page.
Screen Shot 2019-12-15 at 7 43 06 PM

When non admin user is login there are errors in the console

Describe the bug
If you log in using non-admin user security page is not loading properly

To Reproduce
Steps to reproduce the behavior:

  1. Sign in using non-admin user
  2. Go to the security page

Expected behavior
Flow should work without any issues

Screenshots
image

Application listing inconsistencies

Note the below image,

Screen Shot 2019-12-14 at 2 56 13 PM

When there are mix of applications,

  • Ones that have a description and
  • Ones that doesn't have description

it can see following issues,

  1. Recent Application section has an inconsistency with the size of tiles
  2. All Application section also has the same consistency as above which is only visible when hover over the mouse pointer on different applications
  3. Description is not properly showing in the application listing. Have to revisit on how to show the description in there.
  4. In All Application section, in applications that does not have descriptions, the application name seems to be more positioned towards the top, compared to ones that have the descriptions.

Profile information are not populated properly-User Portal

When login to the user profile with valid user credentials, "Profile information" are not populated properly.
Priority : High
Severity : High

Affected Product version: wso2is-5.10.0-m3
Tested Environment:
Browser- Google chrome Version 78.0.3904.70 , Firefox 69.0.1 (64-bit),68.0.2 (64-bit), Opera mini, Microsoft Edge-Version 78.0.276.20, Safari

Database:MySQL 5.7, H2
User Store- JDBC, LDAP

OS- Mac OS, Windows Server 2016

Microsoft Edge
image

Opera mini
image

Fire fox

image

image

Translating display names of claims

Is your feature request related to a problem? Please describe.
The label of the claims in the profile page don/t support translation.

Describe the solution you'd like
Since the profile page obtains the label to be displayed for claims from the displayName attribute of the schema attributes, translated versions of the display names should be available to support localization.

Associating users who does not have login permission

Describe the bug
From the user-portal, we can associate users who do not have login permission. Then when we try to switch to that user, user-portal goes to the logout page.

Expected behavior
The current behavior is somewhat ok, but we can improve the experience in the following ways,

  • Do not allow the association of the user accounts which do not have login permission?
  • Since the permission later can be removed, during the switch time if the required scopes did not get returned, switch back to the previous account showing a warning message?

"profile data" JSON files downloaded twice for one click- User Portal

Product IS: wso2is-5.10.0-m3
Priority: Medium
Severity : Low

Describe the bug
Links to "profile data" JSON downloads the file twice.

Expected behavior
It should only do once.

Desktop (please complete the following information):

  • OS: Mac OS, Windows-Server-2016-standard-64bit
  • Browser: Google Chrome-Version 78.0.3904.70, Firefox 70.0 (64-bit)

Unable to list "Personal info" when a user(SCIM2.0) create with multi valued attribute

Type/BUG
Affected/5.10.0
Severity/Major
Priority/High

Screenshots attached
Response comparing
image

SCIM 2.0 REST API
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

i18n not working properly

Refer the image below,
Screen Shot 2019-12-14 at 2 39 57 PM
characters in other languages not showing properly.

Note the text WSO2 Identity Server © 2019 in the left side of footer, it also have weird charactor.

When SCIM not enabled for the user-store user-portal goes to an inconsistent state after the login.

Describe the bug
When SCIM not enabled for the user-store user-portal goes to an inconsistent state after the login.

To Reproduce
Steps to reproduce the behavior:

  1. Create a secondary user-store.
  2. Create a user and add the required roles.
  3. Login to the user-portal.
  4. We can see the inconsistent state as in the screenshot.

Expected behavior
The user-portal should relay on the id_token for user attributes and disable any features which use the SCIM.

Screenshots
Screenshot 2019-12-16 at 10 42 15

Error log in Firefox browser console-User Portal

IAM Product : wso2is-5.10.0-m3
Priority : Low
Severity : Low

Describe the bug
When click on the "Logout" button, error logs are displayed in Firefox browser console

To Reproduce
Steps to reproduce the behavior:

  1. Login with proper credentials
  2. Scroll down to. 'user-dropdown'
  3. Click on 'Logout' button
  4. See error in console

Expected behavior
User should successfully logout without any error.

Screenshots
image

image

image

  • OS: Mac OS , Windows-Server-2016-standard-64bit
  • Browser Firefox 70.0 (64-bit) & 70.0.1 (64-bit

Profile claims are not synced with Personal info

Affected version: is_5 10 m9, -Identity -app version - 0.1.152-SNAPSHOT

Description
Default user Profile (management console) claims are not synced with Personal info-> user profile claims.

**
management console, by using wso2 http://wso2.org/claims, but in user profile get claims through scim dialect, so this may be the cause of this issue.

All the Tasks authorized to a particular Role/user, will not be listed on the grid- User Portal

Description

  1. All the Tasks authorized to a particular Role/user, will not be listed on the grid ("Operations → Pending approvals"), when added more than 50 user tasks for the workflow. even there are no pagination to view all tasks.

  2. Only the added task at the end is shown

Type: BUG
Severity : High
Priority : High

Steps to reproduce the behavior:

  1. Add more than 50 user tasks for the workflow
  2. Navigate to user portal → Operations → Pending approvals

Test Environment :

  • OS: Mac OS
  • Browser Safari- Version 13.0.3 (13608.3.10.10.1), Google Chrome Version 78.0.3904.97 (Official Build) (64-bit), Firefox 70.0.1 (64-bit)

Cross-Site Scripting vulnerability in uglifyjs-webpack-plugin plugin

Describe the bug
npm audit report will give a moderate security vulnerability for the webpack plugin uglifyjs-webpack-plugin which has an outdated dependency serialize-javascript in it's dependency list.

Vulnerability Report

To Reproduce
Steps to reproduce the behavior:

  1. Go to the root of ìdentity-app` repository.
  2. Run command npm audit to get the report.

Expected behavior
The npm audit command shouldn't have any vulnerabilities listed.

Screenshots
Screenshot 2020-01-24 at 11 44 02

Desktop (please complete the following information):

  • OS: MacOs Catelina
  • Browser: N/A
  • Version: N/A

Security question, consent details are missing in user-profile.json

Affected version: is_5 10 m9, -Identity -app version - 0.1.152-SNAPSHOT
-Type: Bug
-Severity: Low
-Priority: High

Description
Even user sets challenge questions, consent, but those details are missing in user-profile.json

But we already mentioned in an Export profile grid,
"Download all your profile data including personal data, security questions, and consents"

Sessions list is not getting updated once session terminate button is clicked - User portal

Describe the bug

In the user portal, sessions can be terminated by extending the corresponding session description and clicking on the Terminate button or by clicking on Terminate All button from the user sessions section in the security page. Once either action is performed the sessions list is not getting updated.

To Reproduce
Steps to reproduce the behavior:

  1. Go to security page in the user portal and navigate to the Active user sessions section.
  2. Click on any session's show more button.
  3. Scroll down to the Danger zone and click on the Terminate button.

Expected behavior

The details section should get retracted and the sessions list should be updated. The terminated session should not be on the list.

Screenshots

Screen Shot 2019-12-18 at 4 51 22 PM

Desktop

  • OS: macOS version 10.14
  • Browser: Google Chrome
  • Version 78.0.3904

The mobile number is provided but it is not updated in the "optional fields completed" section

Affected Version:
-IAM version: 5.10 m9
-Identity -app version - 0.1.152-SNAPSHOT
-Type: Bug
-Severity: Medium
-Priority : High

**Description **

Either user created with mobile number, via management console or
the mobile number updated via user portal, it is not updated in the "Complete your profile"->"optional fields completed" section

Test Environment

  • OS: Mac OS
  • Browser Chrome, Firefox

Application display invalid confirmation message when enter the non existing user name

Description
Step to reproduce:
Forgot password use case Login screen user portal
Initially, Management Console

  1. Configure the email configurations in deployment.toml
    [output_adapter.email]
    from_address= "<email_address>"
    username=""
    password=""

  2. Click on Resident found under the Identity Providers section on the Main tab of the management console.

  3. Expand the Account Management Policies tab, then the Account Recovery tab and select the Enable Notification Based Password Recovery.

In User portal,
Click on the Forgot password link and enter a non-existing user name, select the "Recover with Email" option and submit it.

Then, the Application display an invalid confirmation message

Please refer screenshots :
1.
image

image

Expected Behaviour: if the user enters the non-existing or invalid or deleted user name then there should be a display validation message for “Invalid username” or “User not exist.”

Additional context
But there is proper Error log is displaying in wso2carbon log

ERROR {org.wso2.carbon.identity.recovery.endpoint.impl.RecoverPasswordApiServiceImpl} - Unable to find an user with username: Nonexistentuser in the system.

Styling issues in the login page when federated idps are added

Describe the bug
$subject. Built a product on top of wso2/product-is@d0302d0.

Screen Shot 2019-12-13 at 3 26 55 PM

To Reproduce
Steps to reproduce the behavior:

  1. Create two idps.
  2. Edit "User Portal" service provider. Click on "Local & Outbound Authentication Configuration" section. Click on "Advanced Configuration" option button.
  3. Add created two idps as login options.
  4. Click update.
  5. Try to login to user portal SP.

If you add basic authentication in step 3 above, it would looks like following,
Screen Shot 2019-12-13 at 4 48 43 PM

User able to Register user and will get email confirmation message without checking "Privacy Policy" checkbox

Description

User able to Register user and will get email confirmation message without checking "Privacy Policy" checkbox

Scenario: Self user registration -> Create New Account (https://localhost:9443/accountrecoveryendpoint/signup.do)

Step to reproduce:
Enter all required fields, and try to click Register without checking "I hereby confirm that I have read and understood the Privacy Policy"

Unable to view Personal Info: when user creates via SCIM 2.0

Affected product version: wso2is-5.10.0-alpha2-SNAPSHOT
Identity -App: 0.9.8-SNAPSHOT

Description
Unable to view Personal Infor: when user creates via SCIM 2.0

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Response :
{"emails":
[
{"type":"work","value":"[email protected]"},{"type":"home","value":"[email protected]"}
],
"meta":{"created":"2020-01-10T16:24:15.279577Z","location":"https://localhost:9443/scim2/Users/fcd8c49a-1fb4-4ae8-a41a-60026fe26117","lastModified":"2020-01-10T16:24:15.279577Z","resourceType":"User"},
"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"roles":[
{"type":"default","value":"Internal/everyone"}
],
"name":{
"givenName":"kim",
"familyName":"jackson"
},
"id":"fcd8c49a-1fb4-4ae8-a41a-60026fe26117","userName":"kim"
}

followed document : https://is.docs.wso2.com/en/5.9.0/develop/using-the-scim-2.0-rest-apis/#post-create-user

Screenshot:
image

Even password does not match with Confirm password, user can successfully register

Affected IS version: wso2is-5.10.0-alpha2-SNAPSHOT
Identity App: 0.9.8-SNAPSHOT

Description
Scenario: self user registration
Even password does not match with Confirm password, user can successfully register.

Step to reproduced:
Enable Self User Registration - Identity Providers > Resident and expand the Account Management Policies section.(management Console)
2. Click on "Create Account" in user portal
3. Add proper user name and click on Proceed to self Register
4. Fill fields which required, in "Create New Account" section
5. enter that, Password != Confirm password
6. Click Register

Application allow user to continue, process even password != conform password

Need to update styling on all OOTB shipped endpoints

Is your feature request related to a problem? Please describe.

Tried SMS OTP flow where I have basic authenticator as the step 1 and SMS OTP IDP as the step 2.

Step-1 basic login page looks like this,
Screen Shot 2019-12-15 at 10 44 40 AM
while the step-2 SMS OTP page looks like this,
Screen Shot 2019-12-15 at 8 02 52 PM

Cannot have disconnected UX, hence as the first iteration it should have all the OOTB shipped endpoints to use same styling pattern.

As of 5.10.0-m9, following endpoints are available OOTB.

accountrecoveryendpoint
authenticationendpoint
emailotpauthenticationendpoint
smsotpauthenticationendpoint
totpauthenticationendpoint
user-portal
x509certificateauthenticationendpoint

Then should have a plan to update all other endpoints that product supports.

UI issue with, User portal Consent page

Tested Environment: wso2is m8 DEV mode

Please refer attached screenshots :

Issue 1:
image

Issue 2:
Select, "Select All" then it will only select the particular checkbox.
image

Issue3:
Asterisk (*) symbol which uses for identity mandatory fields should be red color.
image

Issue 4 : Environment -windows 2016 server, Google chrome browser
When click on "Continue" without selecting any radio button

image

Profile completion showed as not complete, even all values are given

Describe the bug
Mobile claim showing a Incomplete Claim even it have a value.

To Reproduce
Steps to reproduce the behavior:

  1. Login to user portal
  2. Fill all profile attributes. See below image,

Screen Shot 2019-12-17 at 8 19 12 AM

  1. Go to overview page. It shows Mobile claim as Incomplete Claim

Screen Shot 2019-12-17 at 8 19 22 AM

Environment
A product-is m10-snapshot pack with identity-apps: 0.1.149.

Multiple requests to Gravatar sent with the email hash set to null

Describe the bug
Multiple requests to the Gravatar API endpoint is sent with no email hash appended (null).

To Reproduce
Steps to reproduce the behavior:

  1. Log in using a user account and observe the console.

Expected behavior
The gravatar request should only be sent once, ideally. If there is no gravatar image associated with the first email, only then additional requests should be sent iteratively until a gravatar image is found for an email address.
Screenshots
Screenshot 2020-01-22 at 10 26 50

The cancel does not redirect to the "Sign in" page when clicked

Affected Version:
-IAM version: 5.10 m9

  • Identity -app version - 0.1.152-SNAPSHOT

  • Type: Bug
    -Severity: Medium

  • Priority : High

Description
The consent page does not redirect to the home page when clicking on cancel.

Tested Environment:

  • OS: macOS
  • Browser Chrome, Firefox

Footer is overlapping the App content body content.

Describe the bug
Footer is overlapping the App content body content.

Screenshot 2020-01-22 at 11 35 55

To Reproduce
Steps to reproduce the behavior:

  1. Open the admin portal.
  2. Scroll down to the end of the page
  3. Will see overlap of the footer

Expected behavior
Shouldn't overlap the Body content.

Desktop (please complete the following information):

  • MacOS Catelina
  • Chrome
  • 79.0.3945.117

Getting an Error and unable to add a biometric device via user portal

Tested Environment: wso2is m8, Dev mode,
Browsers: Google-Version 78.0.3904.108 (Official Build) (64-bit) and Firefox 70.0.1 (64-bit)

Description
Getting an error, when trying to add a biometric device via User portal
"Error occurred while retrieving the device"

:9443/api/users/v1/me/webauthn/start-registration?appId=https:%2F%2Flocalhost:9000:1 GET https://localhost:9443/api/users/v1/me/webauthn/start-registration?appId=https:%2F%2Flocalhost:9000 500

Added below in identity.xml j2
"

{{fido.webauthn.enable}}


{% for origin in fido.trusted.origins %}
{{origin}}
https://localhost:9000/
https://localhost
{% endfor %}


"

Application name get stripped off from the bottom in the application listing page

Describe the bug
Some characters in Application Name get stripped off from the below in the Applications view in the user portal.

To Reproduce
Steps to reproduce the behavior:

  1. Create a service provide with the name Google Drive and mark it as discoverable app.
  2. Login to user portal and got to the Application view.

This issue observed with both Firefox and Safari, but not with Chrome.

Expected behavior
Application name should be showed without stripping out characters in edges.

Screenshots
Screen Shot 2019-12-10 at 1 17 47 PM
Note the letter 'g' got stripped off in the bottom.

Desktop (please complete the following information):

  • OS: iOS
  • Browser: Firefox 71.0 (64-bit) (Have the issue)
  • Browser: Safari 13.0 (14608.1.49) (Have the issue)
  • Browser: Chrome 78.0.3904.108 (Don't have the issue)

Issue with Associating User Accounts- user portal

Affected version:
wso2is: wso2is-5.10.0-alpha3-SNAPSHOT
Identity -app: 0.9.11-SNAPSHOT

Describe the bug

  1. Initially, Log in with a user who has permission to view operations(e.g admin),
    and initiate a new user account association but that user has only the login permission.
  2. switch between associated user account that user has only the login permission.
  3. again switch to the initial user who has permission to view operations(e.g admin)
    Issue: the application does not display the "operations" in the left side but ser who has permission to view operations (e.g admin),

Screenshots:
Initially, Log in with a user who has permission to view operations(e.g admin),
image

  1. switch between associated user account that user has only the login permission.
    image

  2. switch to the initial user who has permission to view operations(e.g admin)
    image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.