From df60608d28e4374611963b5b38db7f2ab8991b98 Mon Sep 17 00:00:00 2001 From: dewniMW Date: Mon, 18 Dec 2023 08:14:26 +0530 Subject: [PATCH 01/42] Bump carbon identity framework version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e1e8ed535ab..c4b00b73948 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.622 + 5.25.624 [5.14.67, 6.0.0] From 221c4b437a1410cbe5c720c6b811c7762fc4f905 Mon Sep 17 00:00:00 2001 From: vivekvinushanth Date: Mon, 18 Dec 2023 11:29:08 +0530 Subject: [PATCH 02/42] Update oauth version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 725d6ba4206..d1fb6e160db 100755 --- a/pom.xml +++ b/pom.xml @@ -2280,7 +2280,7 @@ 5.11.30 - 6.11.228 + 6.11.229 5.9.5 5.10.19 5.7.4 From 3e9f2017eeeffaca41fb8156c6688bdbe3971a9e Mon Sep 17 00:00:00 2001 From: vivekvinushanth Date: Mon, 18 Dec 2023 11:34:22 +0530 Subject: [PATCH 03/42] Add clientRequestbinding --- .../api/server/application/management/v1/oidc-metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/oidc-metadata.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/oidc-metadata.json index bdbb0d101e9..4b8151da275 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/oidc-metadata.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/oidc-metadata.json @@ -95,7 +95,8 @@ "cookie", "sso-session", "device-flow", - "certificate" + "certificate", + "client-request" ], "defaultValue": "None" }, From b232a9969c8400fe2caaf5020d3c39bf5d79e18d Mon Sep 17 00:00:00 2001 From: Anju Chamantha Date: Mon, 18 Dec 2023 13:11:29 +0530 Subject: [PATCH 04/42] [FAPI] check server started text change --- oidc-fapi-conformance-tests/configure_is_fapi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oidc-fapi-conformance-tests/configure_is_fapi.py b/oidc-fapi-conformance-tests/configure_is_fapi.py index f2f0185a596..486f2fd2797 100644 --- a/oidc-fapi-conformance-tests/configure_is_fapi.py +++ b/oidc-fapi-conformance-tests/configure_is_fapi.py @@ -145,7 +145,7 @@ def unpack_and_run(zip_file_name): process = subprocess.Popen("./" + dir_name + "/bin/wso2server.sh", stdout=subprocess.PIPE) while True: output = process.stdout.readline() - if b'..................................' in output: + if b'WSO2 Carbon started' in output: print("\n>>> Server Started") break if output: From 90952b1c4fe0d57d87f357fbf7ff9cf58d5f81d6 Mon Sep 17 00:00:00 2001 From: Pasindu Yeshan <61885844+PasinduYeshan@users.noreply.github.com> Date: Mon, 18 Dec 2023 13:22:06 +0530 Subject: [PATCH 05/42] Update pom.xml --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index c4b00b73948..3a8d683c0fc 100755 --- a/pom.xml +++ b/pom.xml @@ -2284,7 +2284,7 @@ 1.8.13 - 1.7.29 + 1.7.30 @@ -2355,7 +2355,7 @@ 2.0.13 1.3.30 - 1.2.142 + 1.2.143 5.5.9 5.5.7 From f83c7a68e11a1864afcd9949450e85223fa66b2f Mon Sep 17 00:00:00 2001 From: sadilchamishka Date: Mon, 18 Dec 2023 13:28:23 +0530 Subject: [PATCH 06/42] Bump organization management service version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c4b00b73948..861f28ea209 100755 --- a/pom.xml +++ b/pom.xml @@ -2341,7 +2341,7 @@ 1.0.14 1.0.2 - 1.3.138 + 1.3.139 1.0.95 1.1.24 1.1.20 From f3731a834752d1c1c9777c2aaec8a7ff26ae2e55 Mon Sep 17 00:00:00 2001 From: sahandilshan Date: Thu, 14 Dec 2023 18:13:30 +0530 Subject: [PATCH 07/42] Modify the tests to work with drop_unregistered_scopes config With https://github.com/wso2/product-is/issues/17551, we will enable the drop_unregistered_scopes by default [1]. If we did that, the above tests will get failed and we need to modify them accordingly to work with the newest changes [1] - https://github.com/wso2/carbon-identity-framework/pull/5284 --- .../auth/SecondaryStoreUserLoginTestCase.java | 2 +- .../test/oauth2/OAuth2DeviceFlowTestCase.java | 2 +- ...OAuth2ServiceClientCredentialTestCase.java | 9 ++++-- .../OAuth2ServiceImplicitGrantTestCase.java | 8 +++-- ...OAuth2ServiceRegexCallbackUrlTestCase.java | 1 + ...ithMultipleSessionTerminationTestCase.java | 2 +- .../OAuth2XACMLScopeValidatorTestCase.java | 15 +++++++++ .../oauth2/Oauth2HashAlgorithmTestCase.java | 30 +---------------- ...rsistenceProcessorInsertTokenTestCase.java | 30 +---------------- .../IS/oauth/add_scope_deployment.toml | 1 + .../artifacts/IS/xacml_scope_validator.toml | 32 +++++++++++++++++++ .../src/test/resources/testng.xml | 2 +- 12 files changed, 68 insertions(+), 66 deletions(-) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/xacml_scope_validator.toml diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/auth/SecondaryStoreUserLoginTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/auth/SecondaryStoreUserLoginTestCase.java index 744b4fef317..fe3aac99a78 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/auth/SecondaryStoreUserLoginTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/auth/SecondaryStoreUserLoginTestCase.java @@ -175,7 +175,7 @@ private void sendAuthorizedPost() throws Exception { urlParameters.add(new BasicNameValuePair("callbackurl", PLAYGROUND_APP_CALLBACK_URI)); urlParameters.add(new BasicNameValuePair("authorizeEndpoint", OAuth2Constant.APPROVAL_URL)); urlParameters.add(new BasicNameValuePair("authorize", OAuth2Constant.AUTHORIZE_PARAM)); - urlParameters.add(new BasicNameValuePair("scope", "")); + urlParameters.add(new BasicNameValuePair("scope", "device_01")); HttpResponse response = sendPostRequestWithParameters(client, urlParameters, OAuth2Constant.AUTHORIZED_USER_URL); Assert.assertNotNull(response, "Authorized response is null"); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2DeviceFlowTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2DeviceFlowTestCase.java index 9f865fa72eb..1ac77785246 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2DeviceFlowTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2DeviceFlowTestCase.java @@ -134,7 +134,7 @@ public void testSendDeviceAuthorize() throws Exception { List urlParameters = new ArrayList<>(); urlParameters.add(new BasicNameValuePair(CLIENT_ID_PARAM, consumerKey)); - urlParameters.add(new BasicNameValuePair(SCOPE_PLAYGROUND_NAME, "device")); + urlParameters.add(new BasicNameValuePair(SCOPE_PLAYGROUND_NAME, "device_01")); AutomationContext automationContext = new AutomationContext("IDENTITY", TestUserMode.SUPER_TENANT_ADMIN); String deviceAuthEndpoint = automationContext.getContextUrls().getBackEndUrl() diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceClientCredentialTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceClientCredentialTestCase.java index 09f3c93b223..f29017fb22f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceClientCredentialTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceClientCredentialTestCase.java @@ -66,6 +66,8 @@ public class OAuth2ServiceClientCredentialTestCase extends OAuth2ServiceAbstract private CloseableHttpClient client; + private static final String VALID_RANDOM_SCOPE = "device_01"; + @DataProvider(name = "configProvider") public static Object[][] configProvider() { @@ -125,7 +127,7 @@ public void testGetTokenUsingClientCredentialsGrant() throws Exception { ClientID clientID = new ClientID(consumerKey); Secret clientSecret = new Secret(consumerSecret); ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret); - Scope scope = new Scope(OAUTH2_SCOPE_OPENID, "xyz"); + Scope scope = new Scope(OAUTH2_SCOPE_OPENID, "xyz", VALID_RANDOM_SCOPE); URI tokenEndpoint = new URI(getTenantQualifiedURL(OAuth2Constant.ACCESS_TOKEN_ENDPOINT, tenantInfo.getDomain())); TokenRequest request = new TokenRequest(tokenEndpoint, clientAuth, clientCredentialsGrant, scope); @@ -143,7 +145,10 @@ public void testGetTokenUsingClientCredentialsGrant() throws Exception { Assert.assertNotNull(accessToken, "Access Token is null in the token response."); Scope scopesInResponse = accessTokenResponse.getTokens().getAccessToken().getScope(); - Assert.assertTrue(scopesInResponse.contains("xyz"), "Requested scope is missing in the token response"); + Assert.assertFalse(scopesInResponse.contains("xyz"), "Not allowed random scope is issued for client credential " + + "grant type."); + Assert.assertTrue(scopesInResponse.contains(VALID_RANDOM_SCOPE), "Allowed random scope is not issued for " + + "client credential grant type."); // This ensures that openid scopes are not issued for client credential grant type. Assert.assertFalse(accessTokenResponse instanceof OIDCTokenResponse, "Client credential grant type cannot " + diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java index 0b1413c93dc..e6193ebec29 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java @@ -18,6 +18,7 @@ package org.wso2.identity.integration.test.oauth2; +import org.apache.commons.lang.StringUtils; import org.apache.http.Header; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; @@ -73,6 +74,7 @@ public class OAuth2ServiceImplicitGrantTestCase extends OAuth2ServiceAbstractInt private final AutomationContext context; private Tenant tenantInfo; private String applicationId; + private static final String VALID_SCOPES = "device_01"; @DataProvider(name = "configProvider") public static Object[][] configProvider() { @@ -104,7 +106,7 @@ public void testInit() throws Exception { .setDefaultRequestConfig(requestConfig) .setDefaultCookieSpecRegistry(cookieSpecRegistry) .build(); - scopes = "abc"; + scopes = "abc " + VALID_SCOPES; } @AfterClass(alwaysRun = true) @@ -223,7 +225,7 @@ public void testSendApprovalPost() throws Exception { String urlScopes = DataExtractUtil.extractParamFromURIFragment(locationHeader.getValue(), OAuth2Constant.OAUTH2_SCOPE); Assert.assertNotNull(accessToken, "Access token is null."); - Assert.assertEquals(urlScopes, scopes, "Scopes are not equal."); + Assert.assertEquals(urlScopes, VALID_SCOPES, "Scopes are not equal."); EntityUtils.consume(response.getEntity()); } @@ -236,5 +238,7 @@ public void testValidateAccessToken() throws Exception { username, userPassword); Assert.assertNotNull(responseObj, "Validate access token failed. response is invalid."); Assert.assertEquals(responseObj.get("active"), true, "Token Validation failed"); + // Only the allowed scopes should be returned and Random Scope should not be returned. + Assert.assertTrue(StringUtils.equals((String) responseObj.get("scope"), VALID_SCOPES), "Token Validation failed"); } } diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceRegexCallbackUrlTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceRegexCallbackUrlTestCase.java index 327433c5d7c..4306db249c5 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceRegexCallbackUrlTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceRegexCallbackUrlTestCase.java @@ -119,6 +119,7 @@ public void testSendAuthorozedPost() throws Exception { urlParameters.add(new BasicNameValuePair("authorizeEndpoint", OAuth2Constant.APPROVAL_URL)); urlParameters.add(new BasicNameValuePair("authorize", OAuth2Constant.AUTHORIZE_PARAM)); urlParameters.add(new BasicNameValuePair("consumerSecret", consumerSecret)); + urlParameters.add(new BasicNameValuePair("scope", "device_01")); HttpResponse response = sendPostRequestWithParameters(client, urlParameters, OAuth2Constant.AUTHORIZED_USER_URL); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2TokenRevocationWithMultipleSessionTerminationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2TokenRevocationWithMultipleSessionTerminationTestCase.java index 8f7f8cbbb65..7d5c90143da 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2TokenRevocationWithMultipleSessionTerminationTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2TokenRevocationWithMultipleSessionTerminationTestCase.java @@ -137,7 +137,7 @@ public void testMultipleOIDCLogins() throws Exception { private void testLoginToFirstSession() throws Exception { - initiateAuthorizationRequest(httpClientForFirstSession, OAuth2Constant.OAUTH2_SCOPE_OPENID + " " + "random"); + initiateAuthorizationRequest(httpClientForFirstSession, OAuth2Constant.OAUTH2_SCOPE_OPENID + " " + "device_01"); authenticateUser(httpClientForFirstSession); String authorizationCode = performConsentApproval(httpClientForFirstSession); accessTokenInFirstSession = generateAuthzCodeAccessToken(authorizationCode, httpClientForFirstSession); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2XACMLScopeValidatorTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2XACMLScopeValidatorTestCase.java index cea864c7cb3..369b36c71b0 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2XACMLScopeValidatorTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2XACMLScopeValidatorTestCase.java @@ -43,12 +43,15 @@ import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider; import org.wso2.carbon.identity.entitlement.stub.dto.PolicyDTO; import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; import org.wso2.identity.integration.common.clients.entitlement.EntitlementPolicyServiceClient; import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.ApplicationPatchModel; import org.wso2.identity.integration.test.rest.api.server.application.management.v1.model.AssociatedRolesConfig; +import org.wso2.identity.integration.test.util.Utils; import org.wso2.identity.integration.test.utils.CarbonUtils; import org.wso2.identity.integration.test.utils.OAuth2Constant; +import java.io.File; import java.net.URI; import java.util.ArrayList; import java.util.Arrays; @@ -58,6 +61,7 @@ */ public class OAuth2XACMLScopeValidatorTestCase extends OAuth2ServiceAbstractIntegrationTest { + private ServerConfigurationManager serverConfigurationManager; private static final String VALIDATE_SCOPE_BASED_POLICY_ID = "validate_scope_based_policy_template"; private static final String VALID_SCOPE = "SCOPE1"; private static final String INTROSPECT_SCOPE = "internal_application_mgt_view"; @@ -116,6 +120,16 @@ public class OAuth2XACMLScopeValidatorTestCase extends OAuth2ServiceAbstractInte @BeforeClass(alwaysRun = true) public void testInit() throws Exception { + super.init(TestUserMode.SUPER_TENANT_USER); + String carbonHome = Utils.getResidentCarbonHome(); + // Disabling dropping unregistered scopes to avoid scope validation failure. + File defaultTomlFile = getDeploymentTomlFile(carbonHome); + File configuredTomlFile = new File(getISResourceLocation() + File.separator + + "xacml_scope_validator.toml"); + + serverConfigurationManager = new ServerConfigurationManager(isServer); + serverConfigurationManager.applyConfigurationWithoutRestart(configuredTomlFile, defaultTomlFile, true); + serverConfigurationManager.restartGracefully(); super.init(TestUserMode.SUPER_TENANT_USER); isLegacyRuntimeEnabled = CarbonUtils.isLegacyAuthzRuntimeEnabled(); entitlementPolicyClient = new EntitlementPolicyServiceClient(backendURL, sessionCookie); @@ -126,6 +140,7 @@ public void atEnd() throws Exception { deleteApplication(); removeOAuthApplicationData(); + serverConfigurationManager.restoreToLastConfiguration(false); consumerKey = null; consumerSecret = null; entitlementPolicyClient.removePolicy(VALIDATE_SCOPE_BASED_POLICY_ID); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2HashAlgorithmTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2HashAlgorithmTestCase.java index 63b274f3c97..6c6f613a304 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2HashAlgorithmTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2HashAlgorithmTestCase.java @@ -57,7 +57,6 @@ public class Oauth2HashAlgorithmTestCase extends OAuth2ServiceAbstractIntegrationTest { private String accessToken; - private String sessionDataKeyConsent; private String sessionDataKey; private String consumerKey; private String consumerSecret; @@ -163,32 +162,6 @@ public void testSendLoginPost() throws Exception { EntityUtils.consume(response.getEntity()); response = sendGetRequest(client, locationHeader.getValue()); - Map keyPositionMap = new HashMap<>(1); - keyPositionMap.put("name=\"" + OAuth2Constant.SESSION_DATA_KEY_CONSENT + "\"", 1); - List keyValues = - DataExtractUtil.extractSessionConsentDataFromResponse(response, - keyPositionMap); - Assert.assertNotNull(keyValues, "SessionDataKeyConsent key value is null"); - sessionDataKeyConsent = keyValues.get(0).getValue(); - EntityUtils.consume(response.getEntity()); - - Assert.assertNotNull(sessionDataKeyConsent, "Invalid session key consent."); - } - - @Test(groups = "wso2.is", description = "Send approval post request", dependsOnMethods = "testSendLoginPost") - public void testSendApprovalPost() throws Exception { - - HttpResponse response = sendApprovalPost(client, sessionDataKeyConsent); - Assert.assertNotNull(response, "Approval response is invalid."); - - Header locationHeader = - response.getFirstHeader(OAuth2Constant.HTTP_RESPONSE_HEADER_LOCATION); - Assert.assertNotNull(locationHeader, "Approval Location header is null."); - EntityUtils.consume(response.getEntity()); - - response = sendPostRequest(client, locationHeader.getValue()); - Assert.assertNotNull(response, "Get Activation response is invalid."); - Map keyPositionMap = new HashMap<>(1); keyPositionMap.put("Authorization Code", 1); List keyValues = @@ -201,10 +174,9 @@ public void testSendApprovalPost() throws Exception { } Assert.assertNotNull(authorizationCode, "Authorization code is null."); EntityUtils.consume(response.getEntity()); - } - @Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendApprovalPost") + @Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendLoginPost") public void testGetAccessToken() throws Exception { HttpResponse response = sendGetAccessTokenPost(client, consumerSecret); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2PersistenceProcessorInsertTokenTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2PersistenceProcessorInsertTokenTestCase.java index 5cfdb6c0bbd..f3c2a728c48 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2PersistenceProcessorInsertTokenTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/Oauth2PersistenceProcessorInsertTokenTestCase.java @@ -56,7 +56,6 @@ public class Oauth2PersistenceProcessorInsertTokenTestCase extends OAuth2ServiceAbstractIntegrationTest { private String accessToken; - private String sessionDataKeyConsent; private String sessionDataKey; private String consumerKey; private String consumerSecret; @@ -163,32 +162,6 @@ public void testSendLoginPost() throws Exception { EntityUtils.consume(response.getEntity()); response = sendGetRequest(client, locationHeader.getValue()); - Map keyPositionMap = new HashMap<>(1); - keyPositionMap.put("name=\"" + OAuth2Constant.SESSION_DATA_KEY_CONSENT + "\"", 1); - List keyValues = - DataExtractUtil.extractSessionConsentDataFromResponse(response, - keyPositionMap); - Assert.assertNotNull(keyValues, "SessionDataKeyConsent key value is null"); - sessionDataKeyConsent = keyValues.get(0).getValue(); - EntityUtils.consume(response.getEntity()); - - Assert.assertNotNull(sessionDataKeyConsent, "Invalid session key consent."); - } - - @Test(groups = "wso2.is", description = "Send approval post request", dependsOnMethods = "testSendLoginPost") - public void testSendApprovalPost() throws Exception { - - HttpResponse response = sendApprovalPost(client, sessionDataKeyConsent); - Assert.assertNotNull(response, "Approval response is invalid."); - - Header locationHeader = - response.getFirstHeader(OAuth2Constant.HTTP_RESPONSE_HEADER_LOCATION); - Assert.assertNotNull(locationHeader, "Approval Location header is null."); - EntityUtils.consume(response.getEntity()); - - response = sendPostRequest(client, locationHeader.getValue()); - Assert.assertNotNull(response, "Get Activation response is invalid."); - Map keyPositionMap = new HashMap<>(1); keyPositionMap.put("Authorization Code", 1); List keyValues = @@ -201,10 +174,9 @@ public void testSendApprovalPost() throws Exception { } Assert.assertNotNull(authorizationCode, "Authorization code is null."); EntityUtils.consume(response.getEntity()); - } - @Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendApprovalPost") + @Test(groups = "wso2.is", description = "Get access token", dependsOnMethods = "testSendLoginPost") public void testGetAccessToken() throws Exception { HttpResponse response = sendGetAccessTokenPost(client, consumerSecret); diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/add_scope_deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/add_scope_deployment.toml index a7a3c8337d0..d03b5584fee 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/add_scope_deployment.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/add_scope_deployment.toml @@ -39,4 +39,5 @@ hash = "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262" app_password = "dashboard" [oauth] +drop_unregistered_scopes = false allowed_scopes = ["internal_test", "test"] diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/xacml_scope_validator.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/xacml_scope_validator.toml new file mode 100644 index 00000000000..6da7b341ef2 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/xacml_scope_validator.toml @@ -0,0 +1,32 @@ +[server] +hostname = "localhost" +node_ip = "127.0.0.1" +base_path = "https://$ref{server.hostname}:${carbon.management.port}" + +[super_admin] +username = "admin" +password = "admin" +create_admin_account = true + +[user_store] +type = "database_unique_id" + +[database.identity_db] +driver = "$env{IDENTITY_DATABASE_DRIVER}" +url = "$env{IDENTITY_DATABASE_URL}" +username = "$env{IDENTITY_DATABASE_USERNAME}" +password = "$env{IDENTITY_DATABASE_PASSWORD}" + +[database.shared_db] +driver = "$env{SHARED_DATABASE_DRIVER}" +url = "$env{SHARED_DATABASE_URL}" +username = "$env{SHARED_DATABASE_USERNAME}" +password = "$env{SHARED_DATABASE_PASSWORD}" + +[keystore.primary] +file_name = "wso2carbon.jks" +password = "wso2carbon" + +[oauth] +drop_unregistered_scopes= false +allowed_scopes= [] diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index 3de90a9548e..20948c42e7a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -68,7 +68,6 @@ - @@ -343,6 +342,7 @@ + From 9717e8e1aa3a9ee7ac99ad6ac37d272c716a4b82 Mon Sep 17 00:00:00 2001 From: Thanuja Date: Mon, 18 Dec 2023 15:06:58 +0530 Subject: [PATCH 08/42] Update adaptive-metadata.json --- .../api/server/application/management/v1/adaptive-metadata.json | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json index 8a761313a60..476e3e477c0 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json @@ -1,3 +1,3 @@ { - "templatesJSON": "{\"AdaptiveMFA\":{\"displayName\":\"Adaptive MFA\",\"templates\":[{\"summary\":\"Define conditional authentication by passing one or many Authentication Context Class References as comma separated values.\",\"preRequisites\":[\"Change the supportedAcrValues parameter to an array of ACR Levels.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+ACR-Based+Adaptive+Authentication\",\"code\":[\"// Define conditional authentication by passing one or many Authentication Context Class References \",\"// as comma separated values.\",\"\",\"// Specify the ordered list of ACR here.\",\"var supportedAcrValues = ['acr1', 'acr2', 'acr3'];\",\"\",\"var onLoginRequest = function(context) {\",\" var selectedAcr = selectAcrFrom(context, supportedAcrValues);\",\" Log.info('--------------- ACR selected: ' + selectedAcr);\",\" context.selectedAcr = selectedAcr;\",\" switch (selectedAcr) {\",\" case supportedAcrValues[0] :\",\" executeStep(1);\",\" break;\",\" case supportedAcrValues[1] :\",\" executeStep(1);\",\" executeStep(2);\",\" break;\",\" case supportedAcrValues[2] :\",\" executeStep(1);\",\" executeStep(3);\",\" break;\",\" default :\",\" executeStep(1);\",\" executeStep(2);\",\" executeStep(3);\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\",\"Step 3\":\"FIDO authenticator\"},\"parametersDescription\":{\"supportedAcrValues\":\"An array of ACRs ordered by the level\"},\"name\":\"ACR-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]},\"3\":{\"federated\":[],\"local\":[\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ACR-Based 2FA Template\",\"authenticationSteps\":3},{\"summary\":\"Define conditional authentication by risk score value calculated from analytics engine.\",\"preRequisites\":[\"Change the siddhiApplication and siddhiInputStream according to the Siddhi application you have deployed in the Stream Processor.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Risk-Based+Adaptive+Authentication\",\"code\":[\"// [Deprecated - Use ELK-Risk-Based with ELK analytics integration]\",\"\",\"// Define conditional authentication by risk score value calculated from analytics engine.\",\"\",\"// Specify the Siddhi application name.\",\"var siddhiApplication = 'RiskBasedLogin';\",\"// Specify the Siddhi input stream name.\",\"var siddhiInputStream = 'InputStream';\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callAnalytics({'Application':siddhiApplication,'InputStream':siddhiInputStream}, {'username':username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.event.riskScore);\",\" if (data.event.riskScore > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call analytics engine');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"siddhiApplication\":\"Name of the Siddhi application in the Stream processor\",\"siddhiInputStream\":\"Name of the input stream in the above Siddhi application\"},\"name\":\"[Deprecated] Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Risk-Based 2FA Template [Deprecated]\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belong to any of the given sets of groups.\",\"preRequisites\":[\"Change the groupList parameter to an array of groups for which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"code\":[\"// This script will step up authentication for any user who belongs\",\"// to one of the given groups.\",\"// If the user is a member of the following groups, authentication will be stepped up\",\"var groupsToStepUp = ['manager','employee'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step.\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given groups.\",\" var isMember = isMemberOfAnyOfGroups(user, groupsToStepUp);\",\" if (isMember) {\",\" Log.info(user.username + ' is a member of one of the groups: ' + groupsToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"groupsToStepUp\":\"An array of groups for which users need to enforce 2FA.\"},\"name\":\"Group-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Group-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are logging outside of the given ip range.\",\"preRequisites\":[\"Change the corpNetwork parameter to an array of ip ranges that should bypass 2FA\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+IP-Based+Adaptive+Authentication\",\"code\":[\"// This script will step up authentication for any user who are trying to log in outside from the configured network\",\"\",\"// Configure the network ranges here\",\"var corpNetwork = ['192.168.1.0/24', '10.100.0.0/16'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var user = context.currentKnownSubject;\",\" // Extracting the origin IP of the request\",\" var loginIp = context.request.ip;\",\" Log.info('User: ' + user.username + ' logged in from IP: ' + loginIp);\",\" // Checking if the IP is within the allowed range\",\" if (!isCorporateIP(loginIp, corpNetwork)) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\",\"\",\"// Function to convert ip address string to long value\",\"var convertIpToLong = function(ip) {\",\" var components = ip.split('.');\",\" if (components) {\",\" var ipAddr = 0, pow = 1;\",\" for (var i = 3; i >= 0; i -= 1) {\",\" ipAddr += pow * parseInt(components[i]);\",\" pow *= 256;\",\" }\",\" return ipAddr;\",\" } else {\",\" return -1;\",\" }\",\"};\",\"\",\"// Function to check if the ip address is within the given subnet\",\"var isCorporateIP = function(ip, subnets) {\",\" var subnetLength = subnets.length;\",\" for (var i = 0; i < subnetLength; i++) {\",\" var subnetComponents = subnets[i].split('/');\",\" var minHost = convertIpToLong(subnetComponents[0]);\",\" var ipAddr = convertIpToLong(ip);\",\" var mask = subnetComponents[1];\",\" if (subnetComponents && minHost >= 0) {\",\" var numHosts = Math.pow(2, 32 - parseInt(mask));\",\" if ((ipAddr >= minHost) && (ipAddr <= minHost + numHosts - 1)) {\",\" return true;\",\" }\",\" }\",\" }\",\" return false;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"corpNetwork\":\"An array of ip ranges which should bypass 2FA\"},\"name\":\"IP-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"IP-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are from one of the given user store domains.\",\"preRequisites\":[\"Change the userStoresToStepUp parameter to an array of user store domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User+Store-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected set of user stores.\",\"// If the user is in one of the following user stores, user will be prompted 2FA\",\"var userStoresToStepUp = ['EMPLOYEES', 'CONTRACTORS'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting user store domain of authenticated subject from the first step\",\" var userStoreDomain = context.currentKnownSubject.userStoreDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (userStoresToStepUp.indexOf(userStoreDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"userStoresToStepUp\":\"An array of user store domains of which users are required to use 2FA\"},\"name\":\"User Store-Based\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"runTime\":\"any\",\"category\":\"AdaptiveMFA\",\"title\":\"User Store-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Send an email notification and/or prompts 2FA to the users who is logging in from a previously unused device. A cookie is used to identify whether the device has been used before.\",\"preRequisites\":[\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\",\"Change the parameters detailed below to reflect your requirements\"],\"img\":\"./images/user.png\",\"code\":[\"// This script will step up authentication and send email notification in case of\",\"// a user being logging in from a new device (identified by a cookie).\",\"\",\"// Amount of time in seconds to remember a device. Set to 2 years below.\",\"var deviceRememberPeriod = 60 * 60 * 24 * 365 * 2;\",\"\",\"// Cookie name to be set\",\"var cookieName = 'deviceAuth';\",\"\",\"// Whether to send a notification on new device login\",\"var sendNotification = true;\",\"\",\"// Whether to step up authentication for new device login\",\"var stepUpAuthentication = true;\",\"\",\"// Email template to be used for new device login notification\",\"var emailTemplate = 'UnseenDeviceLogin';\",\"\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" subject = context.currentKnownSubject;\",\" if (!validateCookie(context, subject)) {\",\" Log.debug('New device login for ' + subject.identifier);\",\"\",\" if (sendNotification === true) {\",\" var templatePlaceholders = {\",\" 'username': subject.identifier,\",\" 'login-time': new Date().toUTCString()\",\" };\",\" var isSent = sendEmail(subject, emailTemplate, templatePlaceholders);\",\" if (isSent) {\",\" Log.debug('New device login notification sent to ' + subject.identifier);\",\" } else {\",\" Log.debug('New device login notification sending failed to ' + subject.identifier);\",\" }\",\" }\",\"\",\" if (stepUpAuthentication === true) {\",\" Log.debug('Stepping up authentication due to a new device login for ' + subject.identifier);\",\" executeStep(2, {\",\" onSuccess: function (context) {\",\" setCookie(context.response, cookieName, subject.identifier, {\",\" 'sign': true,\",\" 'max-age': deviceRememberPeriod,\",\" 'sameSite': 'LAX'\",\" });\",\" }\",\" });\",\" }\",\" }\",\" }\",\" });\",\"};\",\"\",\"//Validate if the user has a valid cookie with the value as subject's username\",\"var validateCookie = function(context, subject) {\",\" var cookieVal = getCookieValue(context.request, cookieName, {'validateSignature': true});\",\" return subject.identifier === cookieVal;\",\"};\",\"\"],\"parametersDescription\":{\"sendNotification\":\"Whether to send email notifications to the users\",\"stepUpAuthentication\":\"Whether to step up the authentication\",\"cookieName\":\"Cookie name to be used for device identification\",\"deviceRememberPeriod\":\"How long should this device be remembered as trusted. Once this time passed, login attempts will be considered as new device logins\"},\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"title\":\"New-Device-Based Authentication Template\",\"authenticationSteps\":2,\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+New-Device-Based+Adaptive+Authentication\",\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"name\":\"New-Device-Based\",\"runTime\":\"any\",\"category\":\"AdaptiveMFA\"},{\"summary\":\"Prompts 2FA to the users who are from one of the given tenants.\",\"preRequisites\":[\"Service provider should be registered as a SAAS Application.\",\"Change the tenantsToStepUp parameter to an array of tenant domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Tenant-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected\",\"// set of tenants.\",\"// The app is assumed to be a SAAS app here which can be accessed by any tenant\",\"\",\"// If the user is in one of the following tenants, user will be prompted 2FA\",\"var tenantsToStepUp = ['abc.com', 'xyz.com'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting tenant domain of authenticated subject from the first step\",\" var userTenantDomain = context.currentKnownSubject.tenantDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (tenantsToStepUp.indexOf(userTenantDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"tenantsToStepUp\":\"An array of tenants of which users are required to use 2FA\"},\"name\":\"Tenant-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Tenant-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are successfully logging after specific number of failed login attempts.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will step up authentication for any user who has exceeded 3 invalid login attempts continuously.\",\"// This variable is used to define the number of invalid attempts allowed before prompting the second facto.\",\"var invalidAttemptsToStepup = 3;\",\"\",\"var failedLoginAttemptsBeforeSuccessClaim= 'http://wso2.org/claims/identity/failedLoginAttemptsBeforeSuccess';\",\"var onLoginRequest = function(context) {\",\" doLogin(context);\",\"};\",\"\",\"var doLogin = function(context) {\",\" executeStep(1, {\",\" onSuccess : function(context){\",\" var user = context.steps[1].subject;\",\" if (isExceedInvalidAttempts(user)) {\",\" executeStep(2, {\",\" onSuccess : function(context) {\",\" var user = context.steps[1].subject;\",\" user.localClaims[failedLoginAttemptsBeforeSuccessClaim] = \\\"0\\\";\",\" }\",\" });\",\" }\",\" },\",\" onFail : function(context) {\",\" // Retry the login..\",\" doLogin(context);\",\" }\",\" });\",\"};\",\"\",\"var isExceedInvalidAttempts = function(user) {\",\" if (user.localClaims[failedLoginAttemptsBeforeSuccessClaim] >= invalidAttemptsToStepup) {\",\" return true;\",\" } else {\",\" return false;\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"invalidAttemptsToStepup\":\"Minimum number of attempts made by a user to prompt 2FA.\"},\"name\":\"Login-Attempts-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Login-Attempts-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belongs to any of the given set of roles which are associated to the application.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/role-based-template/\",\"code\":[\"// This script will step up authentication for any user belonging\",\"// to one of the given roles\",\"// If the user has any of the below roles, authentication will be stepped up\",\"var rolesToStepUp = ['admin', 'manager'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users need to enforce 2FA.\"},\"name\":\"Role-Based-V2\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Role-V2-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Define conditional authentication by risk score value calculated from ELK.\",\"preRequisites\":[\"Change elasticsearch domain with the port.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/learn/configuring-risk-based-adaptive-authentication/\",\"code\":[\"// Define conditional authentication by risk score value calculated from ELK analytics.\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callElastic({'username': username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.risk_score);\",\" if (data.risk_score > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call ELK');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"duration\":\"[optional] Aggregation time period from current timestamp. (Default: '5m')\",\"riskLogic\":\"[optional] Elastic map script to calculate the summation of values. (Default: 'state.sum.add(doc['amount'].value);')\",\"index\":\"[optional] Elasticsearch index to calculate the risk score. (Default: 'transaction')\",\"threshold\":\"[optional] Threshold summation value to identify as a risk. (Default: '10000')\",\"username\":\"Current login context username.\"},\"name\":\"ELK-Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ELK Risk-Based 2FA Template\",\"authenticationSteps\":2}],\"icon\":\"./images/adaptive-mfa-template.png\",\"order\":2},\"uncategorized\":{\"displayName\":\"Uncategorized\",\"order\":10000},\"AccessControl\":{\"displayName\":\"Access Control\",\"templates\":[{\"summary\":\"Allow login to application if the user's age is over configured value. User's age is calculated using the user's date of birth attribute.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User-Age-Based+Adaptive+Authentication\",\"code\":[\"// This script will only allow login to application if the user's age is over configured value\",\"// The user will be redirected to an error page if the date of birth is not present or user is below configured value\",\"\",\"var ageLimit = 18;\",\"\",\"// Error page to redirect unauthorized users,\",\"// can be either an absolute url or relative url to server root, or empty/null\",\"// null/empty value will redirect to the default error page\",\"var errorPage = '';\",\"\",\"// Additional query params to be added to the above url.\",\"// Hint: Use i18n keys for error messages\",\"var errorPageParameters = {\",\" 'status': 'Unauthorized',\",\" 'statusMsg': 'You need to be over ' + ageLimit + ' years to login to this application.'\",\"};\",\"\",\"// Date of birth attribute at the client side\",\"var dateOfBirthClaim = 'http://wso2.org/claims/dob';\",\"\",\"// The validator function for DOB. Default validation check if the DOB is in YYYY-MM-dd format\",\"var validateDOB = function (dob) {\",\" return dob.match(/^(\\\\d{4})-(\\\\d{2})-(\\\\d{2})$/);\",\"};\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var underAge = true;\",\" // Extracting user store domain of authenticated subject from the first step\",\" var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];\",\" Log.debug('DOB of user ' + context.currentKnownSubject.identifier + ' is : ' + dob);\",\" if (dob && validateDOB(dob)) {\",\" var birthDate = new Date(dob);\",\" if (getAge(birthDate) >= ageLimit) {\",\" underAge = false;\",\" }\",\" }\",\" if (underAge === true) {\",\" Log.debug('User ' + context.currentKnownSubject.identifier + ' is under aged. Hence denied to login.');\",\" sendError(errorPage, errorPageParameters);\",\" }\",\" }\",\" });\",\"};\",\"\",\"var getAge = function(birthDate) {\",\" var today = new Date();\",\" var age = today.getFullYear() - birthDate.getFullYear();\",\" var m = today.getMonth() - birthDate.getMonth();\",\" if (m < 0 || (m === 0 && today.getDate() < birthDate.getDate())) {\",\" age--;\",\" }\",\" return age;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\"},\"parametersDescription\":{\"ageLimit\":\"Minimum age required for the user to login to the application\",\"errorPage\":\"Error page to redirect user, if the age limit is below ageLimit\",\"errorPageParameters\":\"Parameters to be passed to the error page\"},\"name\":\"User-Age-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"AccessControl\",\"title\":\"User-Age-Based Authentication Template\",\"authenticationSteps\":1},{\"summary\":\"Prompts session handling to the users who belongs to any of the given set of roles which are associated to the application based on currently active session count.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to prompt for session handling.\",\"Modify the maxSessionCount parameter as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/concurrent-session-based-template/\",\"code\":[\"// This script will prompt concurrent session handling\",\"// to one of the given roles\",\"// If the user has any of the below roles, concurrent session handling will be prompted\",\"// and it will either kill sessions or abort login based on number of active concurrent user sessions\",\"var rolesToStepUp = ['admin', 'manager'];\",\"var maxSessionCount = 1;\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\"\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2, {\",\" authenticatorParams: {\",\" local: {\",\" SessionExecutor: {\",\" MaxSessionCount: '1'\",\" }\",\" }\",\" }\",\" }, {});\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users should be prompted for session handling.\",\"MaxSessionCount\":\"Maximum number of allowed concurrent sessions for the role which a particular user belongs to.\"},\"name\":\"Session-Based-V2\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"SessionExecutor\"]}},\"category\":\"AccessControl\",\"title\":\"Concurrent Session Management Template with V2 Roles\",\"authenticationSteps\":1}],\"icon\":\"./images/access-control-template.png\",\"order\":1},\"PasskeyEnrollment\":{\"displayName\":\"Passkey Enrollment\",\"templates\":[{\"summary\":\"If Passkey is set as a 1st authentication factor and there is a need to enable progressive Passkey enrollment, this adaptive script, along with the relevant connections configurations, should be added.\",\"preRequisites\":[\"Modify the 1st factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/passwordless-login/add-passwordless-login-with-passkey\",\"code\":[\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onFail: function(context) {\",\" var authenticatorStatus = context.request.params.scenario;\",\"\",\" // If it is a passkey progressive enrollment request trigger the following flow.\",\" if (authenticatorStatus != null && authenticatorStatus[0] == 'INIT_FIDO_ENROLL') {\",\" var filteredAuthenticationOptions = filterAuthenticators(context.steps[1].options, 'FIDOAuthenticator');\",\" executeStep(1, {\",\" stepOptions: {\",\" markAsSubjectIdentifierStep: 'true',\",\" markAsSubjectAttributeStep: 'true'\",\" },\",\" authenticationOptions: filteredAuthenticationOptions\",\" }, {\",\" onSuccess: function(context) {\",\" // If user got successfully authenticated \",\" executeStep(1, {\",\" stepOptions: {\",\" forceAuth: 'true'\",\" },\",\" authenticationOptions: [{\",\" authenticator: 'FIDOAuthenticator'\",\" }]\",\" }, {});\",\" },\",\" });\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Passkey and Basic (Password) authenticator.\"},\"name\":\"Passkey Progressive Enrollment\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\",\"FIDOAuthenticator\"]}},\"category\":\"PasskeyEnrollment\",\"title\":\"Passkey Progressive Enrollment Template\",\"authenticationSteps\":1}],\"icon\":\"./images/passkey-enrollment-template.png\",\"order\":4},\"UserAttributes\":{\"displayName\":\"User Attributes\",\"templates\":[{\"summary\":\"Office365 integration of WSO2 IS require role based, on-demand user provisioning. Therefore assign a given role specific to office365 for successfully authenticated users if not already assigned, in order to trigger the role based user provisioning.\",\"preRequisites\":[\"Create a new role specific for Office365.\",\"Change the assigningRoles parameter to a single element array with the role specific to office365.\",\"Modify the 1st factor authentication option from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will assign the below Office365 specific role to any user if not already assigned\",\"var roleToBeAssigned = ['Internal/office365Role'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is already assigned to the given Office365 specific role\",\" var hasRole = hasAnyOfTheRoles(user, roleToBeAssigned);\",\" if (!hasRole) {\",\" Log.info('Assigning role: ' + roleToBeAssigned.toString() + ' for the user:' + user.username);\",\" assignUserRoles(user, roleToBeAssigned);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"roleToBeAssigned\":\"A single element array with a given role specific for Office365.\"},\"name\":\"Update Office365 role\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"UserAttributes\",\"title\":\"Office365-Based Authentication Template\",\"authenticationSteps\":1}],\"icon\":\"./images/user-attributes-template.png\",\"order\":3}}" + "templatesJSON":"{\"AdaptiveMFA\":{\"displayName\":\"Adaptive MFA\",\"templates\":[{\"summary\":\"Define conditional authentication by passing one or many Authentication Context Class References as comma separated values.\",\"preRequisites\":[\"Change the supportedAcrValues parameter to an array of ACR Levels.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+ACR-Based+Adaptive+Authentication\",\"code\":[\"// Define conditional authentication by passing one or many Authentication Context Class References \",\"// as comma separated values.\",\"\",\"// Specify the ordered list of ACR here.\",\"var supportedAcrValues = ['acr1', 'acr2', 'acr3'];\",\"\",\"var onLoginRequest = function(context) {\",\" var selectedAcr = selectAcrFrom(context, supportedAcrValues);\",\" Log.info('--------------- ACR selected: ' + selectedAcr);\",\" context.selectedAcr = selectedAcr;\",\" switch (selectedAcr) {\",\" case supportedAcrValues[0] :\",\" executeStep(1);\",\" break;\",\" case supportedAcrValues[1] :\",\" executeStep(1);\",\" executeStep(2);\",\" break;\",\" case supportedAcrValues[2] :\",\" executeStep(1);\",\" executeStep(3);\",\" break;\",\" default :\",\" executeStep(1);\",\" executeStep(2);\",\" executeStep(3);\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\",\"Step 3\":\"FIDO authenticator\"},\"parametersDescription\":{\"supportedAcrValues\":\"An array of ACRs ordered by the level\"},\"name\":\"ACR-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]},\"3\":{\"federated\":[],\"local\":[\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ACR-Based 2FA Template\",\"authenticationSteps\":3},{\"summary\":\"Define conditional authentication by risk score value calculated from analytics engine.\",\"preRequisites\":[\"Change the siddhiApplication and siddhiInputStream according to the Siddhi application you have deployed in the Stream Processor.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Risk-Based+Adaptive+Authentication\",\"code\":[\"// [Deprecated - Use ELK-Risk-Based with ELK analytics integration]\",\"\",\"// Define conditional authentication by risk score value calculated from analytics engine.\",\"\",\"// Specify the Siddhi application name.\",\"var siddhiApplication = 'RiskBasedLogin';\",\"// Specify the Siddhi input stream name.\",\"var siddhiInputStream = 'InputStream';\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callAnalytics({'Application':siddhiApplication,'InputStream':siddhiInputStream}, {'username':username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.event.riskScore);\",\" if (data.event.riskScore > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call analytics engine');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"siddhiApplication\":\"Name of the Siddhi application in the Stream processor\",\"siddhiInputStream\":\"Name of the input stream in the above Siddhi application\"},\"name\":\"[Deprecated] Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Risk-Based 2FA Template [Deprecated]\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belong to any of the given sets of groups.\",\"preRequisites\":[\"Change the groupList parameter to an array of groups for which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"code\":[\"// This script will step up authentication for any user who belongs\",\"// to one of the given groups.\",\"// If the user is a member of the following groups, authentication will be stepped up\",\"var groupsToStepUp = ['manager','employee'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step.\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given groups.\",\" var isMember = isMemberOfAnyOfGroups(user, groupsToStepUp);\",\" if (isMember) {\",\" Log.info(user.username + ' is a member of one of the groups: ' + groupsToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"groupsToStepUp\":\"An array of groups for which users need to enforce 2FA.\"},\"name\":\"Group-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Group-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are logging outside of the given ip range.\",\"preRequisites\":[\"Change the corpNetwork parameter to an array of ip ranges that should bypass 2FA\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+IP-Based+Adaptive+Authentication\",\"code\":[\"// This script will step up authentication for any user who are trying to log in outside from the configured network\",\"\",\"// Configure the network ranges here\",\"var corpNetwork = ['192.168.1.0/24', '10.100.0.0/16'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var user = context.currentKnownSubject;\",\" // Extracting the origin IP of the request\",\" var loginIp = context.request.ip;\",\" Log.info('User: ' + user.username + ' logged in from IP: ' + loginIp);\",\" // Checking if the IP is within the allowed range\",\" if (!isCorporateIP(loginIp, corpNetwork)) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\",\"\",\"// Function to convert ip address string to long value\",\"var convertIpToLong = function(ip) {\",\" var components = ip.split('.');\",\" if (components) {\",\" var ipAddr = 0, pow = 1;\",\" for (var i = 3; i >= 0; i -= 1) {\",\" ipAddr += pow * parseInt(components[i]);\",\" pow *= 256;\",\" }\",\" return ipAddr;\",\" } else {\",\" return -1;\",\" }\",\"};\",\"\",\"// Function to check if the ip address is within the given subnet\",\"var isCorporateIP = function(ip, subnets) {\",\" var subnetLength = subnets.length;\",\" for (var i = 0; i < subnetLength; i++) {\",\" var subnetComponents = subnets[i].split('/');\",\" var minHost = convertIpToLong(subnetComponents[0]);\",\" var ipAddr = convertIpToLong(ip);\",\" var mask = subnetComponents[1];\",\" if (subnetComponents && minHost >= 0) {\",\" var numHosts = Math.pow(2, 32 - parseInt(mask));\",\" if ((ipAddr >= minHost) && (ipAddr <= minHost + numHosts - 1)) {\",\" return true;\",\" }\",\" }\",\" }\",\" return false;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"corpNetwork\":\"An array of ip ranges which should bypass 2FA\"},\"name\":\"IP-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"IP-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are from one of the given user store domains.\",\"preRequisites\":[\"Change the userStoresToStepUp parameter to an array of user store domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User+Store-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected set of user stores.\",\"// If the user is in one of the following user stores, user will be prompted 2FA\",\"var userStoresToStepUp = ['EMPLOYEES', 'CONTRACTORS'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting user store domain of authenticated subject from the first step\",\" var userStoreDomain = context.currentKnownSubject.userStoreDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (userStoresToStepUp.indexOf(userStoreDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"userStoresToStepUp\":\"An array of user store domains of which users are required to use 2FA\"},\"name\":\"User Store-Based\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"runTime\":\"any\",\"category\":\"AdaptiveMFA\",\"title\":\"User Store-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Send an email notification and/or prompts 2FA to the users who is logging in from a previously unused device. A cookie is used to identify whether the device has been used before.\",\"preRequisites\":[\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\",\"Change the parameters detailed below to reflect your requirements\"],\"img\":\"./images/user.png\",\"code\":[\"// This script will step up authentication and send email notification in case of\",\"// a user being logging in from a new device (identified by a cookie).\",\"\",\"// Amount of time in seconds to remember a device. Set to 2 years below.\",\"var deviceRememberPeriod = 60 * 60 * 24 * 365 * 2;\",\"\",\"// Cookie name to be set\",\"var cookieName = 'deviceAuth';\",\"\",\"// Whether to send a notification on new device login\",\"var sendNotification = true;\",\"\",\"// Whether to step up authentication for new device login\",\"var stepUpAuthentication = true;\",\"\",\"// Email template to be used for new device login notification\",\"var emailTemplate = 'UnseenDeviceLogin';\",\"\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" subject = context.currentKnownSubject;\",\" if (!validateCookie(context, subject)) {\",\" Log.debug('New device login for ' + subject.identifier);\",\"\",\" if (sendNotification === true) {\",\" var templatePlaceholders = {\",\" 'username': subject.identifier,\",\" 'login-time': new Date().toUTCString()\",\" };\",\" var isSent = sendEmail(subject, emailTemplate, templatePlaceholders);\",\" if (isSent) {\",\" Log.debug('New device login notification sent to ' + subject.identifier);\",\" } else {\",\" Log.debug('New device login notification sending failed to ' + subject.identifier);\",\" }\",\" }\",\"\",\" if (stepUpAuthentication === true) {\",\" Log.debug('Stepping up authentication due to a new device login for ' + subject.identifier);\",\" executeStep(2, {\",\" onSuccess: function (context) {\",\" setCookie(context.response, cookieName, subject.identifier, {\",\" 'sign': true,\",\" 'max-age': deviceRememberPeriod,\",\" 'sameSite': 'LAX'\",\" });\",\" }\",\" });\",\" }\",\" }\",\" }\",\" });\",\"};\",\"\",\"//Validate if the user has a valid cookie with the value as subject's username\",\"var validateCookie = function(context, subject) {\",\" var cookieVal = getCookieValue(context.request, cookieName, {'validateSignature': true});\",\" return subject.identifier === cookieVal;\",\"};\",\"\"],\"parametersDescription\":{\"sendNotification\":\"Whether to send email notifications to the users\",\"stepUpAuthentication\":\"Whether to step up the authentication\",\"cookieName\":\"Cookie name to be used for device identification\",\"deviceRememberPeriod\":\"How long should this device be remembered as trusted. Once this time passed, login attempts will be considered as new device logins\"},\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"title\":\"New-Device-Based Authentication Template\",\"authenticationSteps\":2,\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+New-Device-Based+Adaptive+Authentication\",\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"name\":\"New-Device-Based\",\"runTime\":\"any\",\"category\":\"AdaptiveMFA\"},{\"summary\":\"Prompts 2FA to the users who are from one of the given tenants.\",\"preRequisites\":[\"Service provider should be registered as a SAAS Application.\",\"Change the tenantsToStepUp parameter to an array of tenant domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Tenant-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected\",\"// set of tenants.\",\"// The app is assumed to be a SAAS app here which can be accessed by any tenant\",\"\",\"// If the user is in one of the following tenants, user will be prompted 2FA\",\"var tenantsToStepUp = ['abc.com', 'xyz.com'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting tenant domain of authenticated subject from the first step\",\" var userTenantDomain = context.currentKnownSubject.tenantDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (tenantsToStepUp.indexOf(userTenantDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"tenantsToStepUp\":\"An array of tenants of which users are required to use 2FA\"},\"name\":\"Tenant-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Tenant-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are successfully logging after specific number of failed login attempts.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will step up authentication for any user who has exceeded 3 invalid login attempts continuously.\",\"// This variable is used to define the number of invalid attempts allowed before prompting the second facto.\",\"var invalidAttemptsToStepup = 3;\",\"\",\"var failedLoginAttemptsBeforeSuccessClaim= 'http://wso2.org/claims/identity/failedLoginAttemptsBeforeSuccess';\",\"var onLoginRequest = function(context) {\",\" doLogin(context);\",\"};\",\"\",\"var doLogin = function(context) {\",\" executeStep(1, {\",\" onSuccess : function(context){\",\" var user = context.steps[1].subject;\",\" if (isExceedInvalidAttempts(user)) {\",\" executeStep(2, {\",\" onSuccess : function(context) {\",\" var user = context.steps[1].subject;\",\" user.localClaims[failedLoginAttemptsBeforeSuccessClaim] = \\\"0\\\";\",\" }\",\" });\",\" }\",\" },\",\" onFail : function(context) {\",\" // Retry the login..\",\" doLogin(context);\",\" }\",\" });\",\"};\",\"\",\"var isExceedInvalidAttempts = function(user) {\",\" if (user.localClaims[failedLoginAttemptsBeforeSuccessClaim] >= invalidAttemptsToStepup) {\",\" return true;\",\" } else {\",\" return false;\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"invalidAttemptsToStepup\":\"Minimum number of attempts made by a user to prompt 2FA.\"},\"name\":\"Login-Attempts-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Login-Attempts-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belongs to any of the given set of roles which are associated to the application.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/role-based-template/\",\"code\":[\"// This script will step up authentication for any user belonging\",\"// to one of the given roles\",\"// If the user has any of the below roles, authentication will be stepped up\",\"var rolesToStepUp = ['admin', 'manager'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users need to enforce 2FA.\"},\"name\":\"Role-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Role-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Define conditional authentication by risk score value calculated from ELK.\",\"preRequisites\":[\"Change elasticsearch domain with the port.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/learn/configuring-risk-based-adaptive-authentication/\",\"code\":[\"// Define conditional authentication by risk score value calculated from ELK analytics.\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callElastic({'username': username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.risk_score);\",\" if (data.risk_score > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call ELK');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"duration\":\"[optional] Aggregation time period from current timestamp. (Default: '5m')\",\"riskLogic\":\"[optional] Elastic map script to calculate the summation of values. (Default: 'state.sum.add(doc['amount'].value);')\",\"index\":\"[optional] Elasticsearch index to calculate the risk score. (Default: 'transaction')\",\"threshold\":\"[optional] Threshold summation value to identify as a risk. (Default: '10000')\",\"username\":\"Current login context username.\"},\"name\":\"ELK-Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ELK Risk-Based 2FA Template\",\"authenticationSteps\":2}],\"icon\":\"./images/adaptive-mfa-template.png\",\"order\":2},\"uncategorized\":{\"displayName\":\"Uncategorized\",\"order\":10000},\"AccessControl\":{\"displayName\":\"Access Control\",\"templates\":[{\"summary\":\"Allow login to application if the user's age is over configured value. User's age is calculated using the user's date of birth attribute.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User-Age-Based+Adaptive+Authentication\",\"code\":[\"// This script will only allow login to application if the user's age is over configured value\",\"// The user will be redirected to an error page if the date of birth is not present or user is below configured value\",\"\",\"var ageLimit = 18;\",\"\",\"// Error page to redirect unauthorized users,\",\"// can be either an absolute url or relative url to server root, or empty/null\",\"// null/empty value will redirect to the default error page\",\"var errorPage = '';\",\"\",\"// Additional query params to be added to the above url.\",\"// Hint: Use i18n keys for error messages\",\"var errorPageParameters = {\",\" 'status': 'Unauthorized',\",\" 'statusMsg': 'You need to be over ' + ageLimit + ' years to login to this application.'\",\"};\",\"\",\"// Date of birth attribute at the client side\",\"var dateOfBirthClaim = 'http://wso2.org/claims/dob';\",\"\",\"// The validator function for DOB. Default validation check if the DOB is in YYYY-MM-dd format\",\"var validateDOB = function (dob) {\",\" return dob.match(/^(\\\\d{4})-(\\\\d{2})-(\\\\d{2})$/);\",\"};\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var underAge = true;\",\" // Extracting user store domain of authenticated subject from the first step\",\" var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];\",\" Log.debug('DOB of user ' + context.currentKnownSubject.identifier + ' is : ' + dob);\",\" if (dob && validateDOB(dob)) {\",\" var birthDate = new Date(dob);\",\" if (getAge(birthDate) >= ageLimit) {\",\" underAge = false;\",\" }\",\" }\",\" if (underAge === true) {\",\" Log.debug('User ' + context.currentKnownSubject.identifier + ' is under aged. Hence denied to login.');\",\" sendError(errorPage, errorPageParameters);\",\" }\",\" }\",\" });\",\"};\",\"\",\"var getAge = function(birthDate) {\",\" var today = new Date();\",\" var age = today.getFullYear() - birthDate.getFullYear();\",\" var m = today.getMonth() - birthDate.getMonth();\",\" if (m < 0 || (m === 0 && today.getDate() < birthDate.getDate())) {\",\" age--;\",\" }\",\" return age;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\"},\"parametersDescription\":{\"ageLimit\":\"Minimum age required for the user to login to the application\",\"errorPage\":\"Error page to redirect user, if the age limit is below ageLimit\",\"errorPageParameters\":\"Parameters to be passed to the error page\"},\"name\":\"User-Age-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"AccessControl\",\"title\":\"User-Age-Based Authentication Template\",\"authenticationSteps\":1},{\"summary\":\"Prompts session handling to the users who belongs to any of the given set of roles which are associated to the application based on currently active session count.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to prompt for session handling.\",\"Modify the maxSessionCount parameter as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/concurrent-session-based-template/\",\"code\":[\"// This script will prompt concurrent session handling\",\"// to one of the given roles\",\"// If the user has any of the below roles, concurrent session handling will be prompted\",\"// and it will either kill sessions or abort login based on number of active concurrent user sessions\",\"var rolesToStepUp = ['admin', 'manager'];\",\"var maxSessionCount = 1;\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\"\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2, {\",\" authenticatorParams: {\",\" local: {\",\" SessionExecutor: {\",\" MaxSessionCount: '1'\",\" }\",\" }\",\" }\",\" }, {});\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users should be prompted for session handling.\",\"MaxSessionCount\":\"Maximum number of allowed concurrent sessions for the role which a particular user belongs to.\"},\"name\":\"Session-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"SessionExecutor\"]}},\"category\":\"AccessControl\",\"title\":\"Concurrent Session Management Template with Roles\",\"authenticationSteps\":1}],\"icon\":\"./images/access-control-template.png\",\"order\":1},\"PasskeyEnrollment\":{\"displayName\":\"Passkey Enrollment\",\"templates\":[{\"summary\":\"If Passkey is set as a 1st authentication factor and there is a need to enable progressive Passkey enrollment, this adaptive script, along with the relevant connections configurations, should be added.\",\"preRequisites\":[\"Modify the 1st factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/passwordless-login/add-passwordless-login-with-passkey\",\"code\":[\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onFail: function(context) {\",\" var authenticatorStatus = context.request.params.scenario;\",\"\",\" // If it is a passkey progressive enrollment request trigger the following flow.\",\" if (authenticatorStatus != null && authenticatorStatus[0] == 'INIT_FIDO_ENROLL') {\",\" var filteredAuthenticationOptions = filterAuthenticators(context.steps[1].options, 'FIDOAuthenticator');\",\" executeStep(1, {\",\" stepOptions: {\",\" markAsSubjectIdentifierStep: 'true',\",\" markAsSubjectAttributeStep: 'true'\",\" },\",\" authenticationOptions: filteredAuthenticationOptions\",\" }, {\",\" onSuccess: function(context) {\",\" // If user got successfully authenticated \",\" executeStep(1, {\",\" stepOptions: {\",\" forceAuth: 'true'\",\" },\",\" authenticationOptions: [{\",\" authenticator: 'FIDOAuthenticator'\",\" }]\",\" }, {});\",\" },\",\" });\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Passkey and Basic (Password) authenticator.\"},\"name\":\"Passkey Progressive Enrollment\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\",\"FIDOAuthenticator\"]}},\"category\":\"PasskeyEnrollment\",\"title\":\"Passkey Progressive Enrollment Template\",\"authenticationSteps\":1}],\"icon\":\"./images/passkey-enrollment-template.png\",\"order\":4},\"UserAttributes\":{\"displayName\":\"User Attributes\",\"templates\":[{\"summary\":\"Office365 integration of WSO2 IS require role based, on-demand user provisioning. Therefore assign a given role specific to office365 for successfully authenticated users if not already assigned, in order to trigger the role based user provisioning.\",\"preRequisites\":[\"Create a new role specific for Office365.\",\"Change the assigningRoles parameter to a single element array with the role specific to office365.\",\"Modify the 1st factor authentication option from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will assign the below Office365 specific role to any user if not already assigned\",\"var roleToBeAssigned = ['Internal/office365Role'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is already assigned to the given Office365 specific role\",\" var hasRole = hasAnyOfTheRolesV2(context, roleToBeAssigned);\",\" if (!hasRole) {\",\" Log.info('Assigning role: ' + roleToBeAssigned.toString() + ' for the user:' + user.username);\",\" assignUserRolesV2(context, roleToBeAssigned);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"roleToBeAssigned\":\"A single element array with a given role specific for Office365.\"},\"name\":\"Update Office365 role\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"UserAttributes\",\"title\":\"Office365-Based Authentication Template\",\"authenticationSteps\":1}],\"icon\":\"./images/user-attributes-template.png\",\"order\":3}}" } diff --git a/pom.xml b/pom.xml index 1d251ce5231..490fd58cca2 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.624 + 5.25.626 [5.14.67, 6.0.0] From 9e9ae895669b79536172d8c1a40a37a154a33b83 Mon Sep 17 00:00:00 2001 From: Thanuja Date: Tue, 19 Dec 2023 10:05:10 +0530 Subject: [PATCH 09/42] Fix build failure --- .../server/application/management/v1/adaptive-metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json index 476e3e477c0..40b1381f0d9 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json @@ -1,3 +1,3 @@ { - "templatesJSON":"{\"AdaptiveMFA\":{\"displayName\":\"Adaptive MFA\",\"templates\":[{\"summary\":\"Define conditional authentication by passing one or many Authentication Context Class References as comma separated values.\",\"preRequisites\":[\"Change the supportedAcrValues parameter to an array of ACR Levels.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+ACR-Based+Adaptive+Authentication\",\"code\":[\"// Define conditional authentication by passing one or many Authentication Context Class References \",\"// as comma separated values.\",\"\",\"// Specify the ordered list of ACR here.\",\"var supportedAcrValues = ['acr1', 'acr2', 'acr3'];\",\"\",\"var onLoginRequest = function(context) {\",\" var selectedAcr = selectAcrFrom(context, supportedAcrValues);\",\" Log.info('--------------- ACR selected: ' + selectedAcr);\",\" context.selectedAcr = selectedAcr;\",\" switch (selectedAcr) {\",\" case supportedAcrValues[0] :\",\" executeStep(1);\",\" break;\",\" case supportedAcrValues[1] :\",\" executeStep(1);\",\" executeStep(2);\",\" break;\",\" case supportedAcrValues[2] :\",\" executeStep(1);\",\" executeStep(3);\",\" break;\",\" default :\",\" executeStep(1);\",\" executeStep(2);\",\" executeStep(3);\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\",\"Step 3\":\"FIDO authenticator\"},\"parametersDescription\":{\"supportedAcrValues\":\"An array of ACRs ordered by the level\"},\"name\":\"ACR-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]},\"3\":{\"federated\":[],\"local\":[\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ACR-Based 2FA Template\",\"authenticationSteps\":3},{\"summary\":\"Define conditional authentication by risk score value calculated from analytics engine.\",\"preRequisites\":[\"Change the siddhiApplication and siddhiInputStream according to the Siddhi application you have deployed in the Stream Processor.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Risk-Based+Adaptive+Authentication\",\"code\":[\"// [Deprecated - Use ELK-Risk-Based with ELK analytics integration]\",\"\",\"// Define conditional authentication by risk score value calculated from analytics engine.\",\"\",\"// Specify the Siddhi application name.\",\"var siddhiApplication = 'RiskBasedLogin';\",\"// Specify the Siddhi input stream name.\",\"var siddhiInputStream = 'InputStream';\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callAnalytics({'Application':siddhiApplication,'InputStream':siddhiInputStream}, {'username':username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.event.riskScore);\",\" if (data.event.riskScore > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call analytics engine');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"siddhiApplication\":\"Name of the Siddhi application in the Stream processor\",\"siddhiInputStream\":\"Name of the input stream in the above Siddhi application\"},\"name\":\"[Deprecated] Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Risk-Based 2FA Template [Deprecated]\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belong to any of the given sets of groups.\",\"preRequisites\":[\"Change the groupList parameter to an array of groups for which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"code\":[\"// This script will step up authentication for any user who belongs\",\"// to one of the given groups.\",\"// If the user is a member of the following groups, authentication will be stepped up\",\"var groupsToStepUp = ['manager','employee'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step.\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given groups.\",\" var isMember = isMemberOfAnyOfGroups(user, groupsToStepUp);\",\" if (isMember) {\",\" Log.info(user.username + ' is a member of one of the groups: ' + groupsToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"groupsToStepUp\":\"An array of groups for which users need to enforce 2FA.\"},\"name\":\"Group-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Group-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are logging outside of the given ip range.\",\"preRequisites\":[\"Change the corpNetwork parameter to an array of ip ranges that should bypass 2FA\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+IP-Based+Adaptive+Authentication\",\"code\":[\"// This script will step up authentication for any user who are trying to log in outside from the configured network\",\"\",\"// Configure the network ranges here\",\"var corpNetwork = ['192.168.1.0/24', '10.100.0.0/16'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var user = context.currentKnownSubject;\",\" // Extracting the origin IP of the request\",\" var loginIp = context.request.ip;\",\" Log.info('User: ' + user.username + ' logged in from IP: ' + loginIp);\",\" // Checking if the IP is within the allowed range\",\" if (!isCorporateIP(loginIp, corpNetwork)) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\",\"\",\"// Function to convert ip address string to long value\",\"var convertIpToLong = function(ip) {\",\" var components = ip.split('.');\",\" if (components) {\",\" var ipAddr = 0, pow = 1;\",\" for (var i = 3; i >= 0; i -= 1) {\",\" ipAddr += pow * parseInt(components[i]);\",\" pow *= 256;\",\" }\",\" return ipAddr;\",\" } else {\",\" return -1;\",\" }\",\"};\",\"\",\"// Function to check if the ip address is within the given subnet\",\"var isCorporateIP = function(ip, subnets) {\",\" var subnetLength = subnets.length;\",\" for (var i = 0; i < subnetLength; i++) {\",\" var subnetComponents = subnets[i].split('/');\",\" var minHost = convertIpToLong(subnetComponents[0]);\",\" var ipAddr = convertIpToLong(ip);\",\" var mask = subnetComponents[1];\",\" if (subnetComponents && minHost >= 0) {\",\" var numHosts = Math.pow(2, 32 - parseInt(mask));\",\" if ((ipAddr >= minHost) && (ipAddr <= minHost + numHosts - 1)) {\",\" return true;\",\" }\",\" }\",\" }\",\" return false;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"corpNetwork\":\"An array of ip ranges which should bypass 2FA\"},\"name\":\"IP-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"IP-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are from one of the given user store domains.\",\"preRequisites\":[\"Change the userStoresToStepUp parameter to an array of user store domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User+Store-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected set of user stores.\",\"// If the user is in one of the following user stores, user will be prompted 2FA\",\"var userStoresToStepUp = ['EMPLOYEES', 'CONTRACTORS'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting user store domain of authenticated subject from the first step\",\" var userStoreDomain = context.currentKnownSubject.userStoreDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (userStoresToStepUp.indexOf(userStoreDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"userStoresToStepUp\":\"An array of user store domains of which users are required to use 2FA\"},\"name\":\"User Store-Based\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"runTime\":\"any\",\"category\":\"AdaptiveMFA\",\"title\":\"User Store-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Send an email notification and/or prompts 2FA to the users who is logging in from a previously unused device. A cookie is used to identify whether the device has been used before.\",\"preRequisites\":[\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\",\"Change the parameters detailed below to reflect your requirements\"],\"img\":\"./images/user.png\",\"code\":[\"// This script will step up authentication and send email notification in case of\",\"// a user being logging in from a new device (identified by a cookie).\",\"\",\"// Amount of time in seconds to remember a device. Set to 2 years below.\",\"var deviceRememberPeriod = 60 * 60 * 24 * 365 * 2;\",\"\",\"// Cookie name to be set\",\"var cookieName = 'deviceAuth';\",\"\",\"// Whether to send a notification on new device login\",\"var sendNotification = true;\",\"\",\"// Whether to step up authentication for new device login\",\"var stepUpAuthentication = true;\",\"\",\"// Email template to be used for new device login notification\",\"var emailTemplate = 'UnseenDeviceLogin';\",\"\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" subject = context.currentKnownSubject;\",\" if (!validateCookie(context, subject)) {\",\" Log.debug('New device login for ' + subject.identifier);\",\"\",\" if (sendNotification === true) {\",\" var templatePlaceholders = {\",\" 'username': subject.identifier,\",\" 'login-time': new Date().toUTCString()\",\" };\",\" var isSent = sendEmail(subject, emailTemplate, templatePlaceholders);\",\" if (isSent) {\",\" Log.debug('New device login notification sent to ' + subject.identifier);\",\" } else {\",\" Log.debug('New device login notification sending failed to ' + subject.identifier);\",\" }\",\" }\",\"\",\" if (stepUpAuthentication === true) {\",\" Log.debug('Stepping up authentication due to a new device login for ' + subject.identifier);\",\" executeStep(2, {\",\" onSuccess: function (context) {\",\" setCookie(context.response, cookieName, subject.identifier, {\",\" 'sign': true,\",\" 'max-age': deviceRememberPeriod,\",\" 'sameSite': 'LAX'\",\" });\",\" }\",\" });\",\" }\",\" }\",\" }\",\" });\",\"};\",\"\",\"//Validate if the user has a valid cookie with the value as subject's username\",\"var validateCookie = function(context, subject) {\",\" var cookieVal = getCookieValue(context.request, cookieName, {'validateSignature': true});\",\" return subject.identifier === cookieVal;\",\"};\",\"\"],\"parametersDescription\":{\"sendNotification\":\"Whether to send email notifications to the users\",\"stepUpAuthentication\":\"Whether to step up the authentication\",\"cookieName\":\"Cookie name to be used for device identification\",\"deviceRememberPeriod\":\"How long should this device be remembered as trusted. Once this time passed, login attempts will be considered as new device logins\"},\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"title\":\"New-Device-Based Authentication Template\",\"authenticationSteps\":2,\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+New-Device-Based+Adaptive+Authentication\",\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"name\":\"New-Device-Based\",\"runTime\":\"any\",\"category\":\"AdaptiveMFA\"},{\"summary\":\"Prompts 2FA to the users who are from one of the given tenants.\",\"preRequisites\":[\"Service provider should be registered as a SAAS Application.\",\"Change the tenantsToStepUp parameter to an array of tenant domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Tenant-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected\",\"// set of tenants.\",\"// The app is assumed to be a SAAS app here which can be accessed by any tenant\",\"\",\"// If the user is in one of the following tenants, user will be prompted 2FA\",\"var tenantsToStepUp = ['abc.com', 'xyz.com'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting tenant domain of authenticated subject from the first step\",\" var userTenantDomain = context.currentKnownSubject.tenantDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (tenantsToStepUp.indexOf(userTenantDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"tenantsToStepUp\":\"An array of tenants of which users are required to use 2FA\"},\"name\":\"Tenant-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Tenant-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are successfully logging after specific number of failed login attempts.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will step up authentication for any user who has exceeded 3 invalid login attempts continuously.\",\"// This variable is used to define the number of invalid attempts allowed before prompting the second facto.\",\"var invalidAttemptsToStepup = 3;\",\"\",\"var failedLoginAttemptsBeforeSuccessClaim= 'http://wso2.org/claims/identity/failedLoginAttemptsBeforeSuccess';\",\"var onLoginRequest = function(context) {\",\" doLogin(context);\",\"};\",\"\",\"var doLogin = function(context) {\",\" executeStep(1, {\",\" onSuccess : function(context){\",\" var user = context.steps[1].subject;\",\" if (isExceedInvalidAttempts(user)) {\",\" executeStep(2, {\",\" onSuccess : function(context) {\",\" var user = context.steps[1].subject;\",\" user.localClaims[failedLoginAttemptsBeforeSuccessClaim] = \\\"0\\\";\",\" }\",\" });\",\" }\",\" },\",\" onFail : function(context) {\",\" // Retry the login..\",\" doLogin(context);\",\" }\",\" });\",\"};\",\"\",\"var isExceedInvalidAttempts = function(user) {\",\" if (user.localClaims[failedLoginAttemptsBeforeSuccessClaim] >= invalidAttemptsToStepup) {\",\" return true;\",\" } else {\",\" return false;\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"invalidAttemptsToStepup\":\"Minimum number of attempts made by a user to prompt 2FA.\"},\"name\":\"Login-Attempts-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Login-Attempts-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belongs to any of the given set of roles which are associated to the application.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/role-based-template/\",\"code\":[\"// This script will step up authentication for any user belonging\",\"// to one of the given roles\",\"// If the user has any of the below roles, authentication will be stepped up\",\"var rolesToStepUp = ['admin', 'manager'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users need to enforce 2FA.\"},\"name\":\"Role-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Role-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Define conditional authentication by risk score value calculated from ELK.\",\"preRequisites\":[\"Change elasticsearch domain with the port.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/learn/configuring-risk-based-adaptive-authentication/\",\"code\":[\"// Define conditional authentication by risk score value calculated from ELK analytics.\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callElastic({'username': username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.risk_score);\",\" if (data.risk_score > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call ELK');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"duration\":\"[optional] Aggregation time period from current timestamp. (Default: '5m')\",\"riskLogic\":\"[optional] Elastic map script to calculate the summation of values. (Default: 'state.sum.add(doc['amount'].value);')\",\"index\":\"[optional] Elasticsearch index to calculate the risk score. (Default: 'transaction')\",\"threshold\":\"[optional] Threshold summation value to identify as a risk. (Default: '10000')\",\"username\":\"Current login context username.\"},\"name\":\"ELK-Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ELK Risk-Based 2FA Template\",\"authenticationSteps\":2}],\"icon\":\"./images/adaptive-mfa-template.png\",\"order\":2},\"uncategorized\":{\"displayName\":\"Uncategorized\",\"order\":10000},\"AccessControl\":{\"displayName\":\"Access Control\",\"templates\":[{\"summary\":\"Allow login to application if the user's age is over configured value. User's age is calculated using the user's date of birth attribute.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User-Age-Based+Adaptive+Authentication\",\"code\":[\"// This script will only allow login to application if the user's age is over configured value\",\"// The user will be redirected to an error page if the date of birth is not present or user is below configured value\",\"\",\"var ageLimit = 18;\",\"\",\"// Error page to redirect unauthorized users,\",\"// can be either an absolute url or relative url to server root, or empty/null\",\"// null/empty value will redirect to the default error page\",\"var errorPage = '';\",\"\",\"// Additional query params to be added to the above url.\",\"// Hint: Use i18n keys for error messages\",\"var errorPageParameters = {\",\" 'status': 'Unauthorized',\",\" 'statusMsg': 'You need to be over ' + ageLimit + ' years to login to this application.'\",\"};\",\"\",\"// Date of birth attribute at the client side\",\"var dateOfBirthClaim = 'http://wso2.org/claims/dob';\",\"\",\"// The validator function for DOB. Default validation check if the DOB is in YYYY-MM-dd format\",\"var validateDOB = function (dob) {\",\" return dob.match(/^(\\\\d{4})-(\\\\d{2})-(\\\\d{2})$/);\",\"};\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var underAge = true;\",\" // Extracting user store domain of authenticated subject from the first step\",\" var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];\",\" Log.debug('DOB of user ' + context.currentKnownSubject.identifier + ' is : ' + dob);\",\" if (dob && validateDOB(dob)) {\",\" var birthDate = new Date(dob);\",\" if (getAge(birthDate) >= ageLimit) {\",\" underAge = false;\",\" }\",\" }\",\" if (underAge === true) {\",\" Log.debug('User ' + context.currentKnownSubject.identifier + ' is under aged. Hence denied to login.');\",\" sendError(errorPage, errorPageParameters);\",\" }\",\" }\",\" });\",\"};\",\"\",\"var getAge = function(birthDate) {\",\" var today = new Date();\",\" var age = today.getFullYear() - birthDate.getFullYear();\",\" var m = today.getMonth() - birthDate.getMonth();\",\" if (m < 0 || (m === 0 && today.getDate() < birthDate.getDate())) {\",\" age--;\",\" }\",\" return age;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\"},\"parametersDescription\":{\"ageLimit\":\"Minimum age required for the user to login to the application\",\"errorPage\":\"Error page to redirect user, if the age limit is below ageLimit\",\"errorPageParameters\":\"Parameters to be passed to the error page\"},\"name\":\"User-Age-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"AccessControl\",\"title\":\"User-Age-Based Authentication Template\",\"authenticationSteps\":1},{\"summary\":\"Prompts session handling to the users who belongs to any of the given set of roles which are associated to the application based on currently active session count.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to prompt for session handling.\",\"Modify the maxSessionCount parameter as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/concurrent-session-based-template/\",\"code\":[\"// This script will prompt concurrent session handling\",\"// to one of the given roles\",\"// If the user has any of the below roles, concurrent session handling will be prompted\",\"// and it will either kill sessions or abort login based on number of active concurrent user sessions\",\"var rolesToStepUp = ['admin', 'manager'];\",\"var maxSessionCount = 1;\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\"\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2, {\",\" authenticatorParams: {\",\" local: {\",\" SessionExecutor: {\",\" MaxSessionCount: '1'\",\" }\",\" }\",\" }\",\" }, {});\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users should be prompted for session handling.\",\"MaxSessionCount\":\"Maximum number of allowed concurrent sessions for the role which a particular user belongs to.\"},\"name\":\"Session-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"SessionExecutor\"]}},\"category\":\"AccessControl\",\"title\":\"Concurrent Session Management Template with Roles\",\"authenticationSteps\":1}],\"icon\":\"./images/access-control-template.png\",\"order\":1},\"PasskeyEnrollment\":{\"displayName\":\"Passkey Enrollment\",\"templates\":[{\"summary\":\"If Passkey is set as a 1st authentication factor and there is a need to enable progressive Passkey enrollment, this adaptive script, along with the relevant connections configurations, should be added.\",\"preRequisites\":[\"Modify the 1st factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/passwordless-login/add-passwordless-login-with-passkey\",\"code\":[\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onFail: function(context) {\",\" var authenticatorStatus = context.request.params.scenario;\",\"\",\" // If it is a passkey progressive enrollment request trigger the following flow.\",\" if (authenticatorStatus != null && authenticatorStatus[0] == 'INIT_FIDO_ENROLL') {\",\" var filteredAuthenticationOptions = filterAuthenticators(context.steps[1].options, 'FIDOAuthenticator');\",\" executeStep(1, {\",\" stepOptions: {\",\" markAsSubjectIdentifierStep: 'true',\",\" markAsSubjectAttributeStep: 'true'\",\" },\",\" authenticationOptions: filteredAuthenticationOptions\",\" }, {\",\" onSuccess: function(context) {\",\" // If user got successfully authenticated \",\" executeStep(1, {\",\" stepOptions: {\",\" forceAuth: 'true'\",\" },\",\" authenticationOptions: [{\",\" authenticator: 'FIDOAuthenticator'\",\" }]\",\" }, {});\",\" },\",\" });\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Passkey and Basic (Password) authenticator.\"},\"name\":\"Passkey Progressive Enrollment\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\",\"FIDOAuthenticator\"]}},\"category\":\"PasskeyEnrollment\",\"title\":\"Passkey Progressive Enrollment Template\",\"authenticationSteps\":1}],\"icon\":\"./images/passkey-enrollment-template.png\",\"order\":4},\"UserAttributes\":{\"displayName\":\"User Attributes\",\"templates\":[{\"summary\":\"Office365 integration of WSO2 IS require role based, on-demand user provisioning. Therefore assign a given role specific to office365 for successfully authenticated users if not already assigned, in order to trigger the role based user provisioning.\",\"preRequisites\":[\"Create a new role specific for Office365.\",\"Change the assigningRoles parameter to a single element array with the role specific to office365.\",\"Modify the 1st factor authentication option from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will assign the below Office365 specific role to any user if not already assigned\",\"var roleToBeAssigned = ['Internal/office365Role'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is already assigned to the given Office365 specific role\",\" var hasRole = hasAnyOfTheRolesV2(context, roleToBeAssigned);\",\" if (!hasRole) {\",\" Log.info('Assigning role: ' + roleToBeAssigned.toString() + ' for the user:' + user.username);\",\" assignUserRolesV2(context, roleToBeAssigned);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"roleToBeAssigned\":\"A single element array with a given role specific for Office365.\"},\"name\":\"Update Office365 role\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"UserAttributes\",\"title\":\"Office365-Based Authentication Template\",\"authenticationSteps\":1}],\"icon\":\"./images/user-attributes-template.png\",\"order\":3}}" -} + "templatesJSON":"{\"AdaptiveMFA\":{\"displayName\":\"Adaptive MFA\",\"templates\":[{\"summary\":\"Define conditional authentication by passing one or many Authentication Context Class References as comma separated values.\",\"preRequisites\":[\"Change the supportedAcrValues parameter to an array of ACR Levels.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+ACR-Based+Adaptive+Authentication\",\"code\":[\"// Define conditional authentication by passing one or many Authentication Context Class References \",\"// as comma separated values.\",\"\",\"// Specify the ordered list of ACR here.\",\"var supportedAcrValues = ['acr1', 'acr2', 'acr3'];\",\"\",\"var onLoginRequest = function(context) {\",\" var selectedAcr = selectAcrFrom(context, supportedAcrValues);\",\" Log.info('--------------- ACR selected: ' + selectedAcr);\",\" context.selectedAcr = selectedAcr;\",\" switch (selectedAcr) {\",\" case supportedAcrValues[0] :\",\" executeStep(1);\",\" break;\",\" case supportedAcrValues[1] :\",\" executeStep(1);\",\" executeStep(2);\",\" break;\",\" case supportedAcrValues[2] :\",\" executeStep(1);\",\" executeStep(3);\",\" break;\",\" default :\",\" executeStep(1);\",\" executeStep(2);\",\" executeStep(3);\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\",\"Step 3\":\"FIDO authenticator\"},\"parametersDescription\":{\"supportedAcrValues\":\"An array of ACRs ordered by the level\"},\"name\":\"ACR-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]},\"3\":{\"federated\":[],\"local\":[\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ACR-Based 2FA Template\",\"authenticationSteps\":3},{\"summary\":\"Define conditional authentication by risk score value calculated from analytics engine.\",\"preRequisites\":[\"Change the siddhiApplication and siddhiInputStream according to the Siddhi application you have deployed in the Stream Processor.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Risk-Based+Adaptive+Authentication\",\"code\":[\"// [Deprecated - Use ELK-Risk-Based with ELK analytics integration]\",\"\",\"// Define conditional authentication by risk score value calculated from analytics engine.\",\"\",\"// Specify the Siddhi application name.\",\"var siddhiApplication = 'RiskBasedLogin';\",\"// Specify the Siddhi input stream name.\",\"var siddhiInputStream = 'InputStream';\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callAnalytics({'Application':siddhiApplication,'InputStream':siddhiInputStream}, {'username':username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.event.riskScore);\",\" if (data.event.riskScore > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call analytics engine');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"siddhiApplication\":\"Name of the Siddhi application in the Stream processor\",\"siddhiInputStream\":\"Name of the input stream in the above Siddhi application\"},\"name\":\"[Deprecated] Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Risk-Based 2FA Template [Deprecated]\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belong to any of the given sets of groups.\",\"preRequisites\":[\"Change the groupList parameter to an array of groups for which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"code\":[\"// This script will step up authentication for any user who belongs\",\"// to one of the given groups.\",\"// If the user is a member of the following groups, authentication will be stepped up\",\"var groupsToStepUp = ['manager','employee'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step.\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given groups.\",\" var isMember = isMemberOfAnyOfGroups(user, groupsToStepUp);\",\" if (isMember) {\",\" Log.info(user.username + ' is a member of one of the groups: ' + groupsToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"groupsToStepUp\":\"An array of groups for which users need to enforce 2FA.\"},\"name\":\"Group-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Group-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are logging outside of the given ip range.\",\"preRequisites\":[\"Change the corpNetwork parameter to an array of ip ranges that should bypass 2FA\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+IP-Based+Adaptive+Authentication\",\"code\":[\"// This script will step up authentication for any user who are trying to log in outside from the configured network\",\"\",\"// Configure the network ranges here\",\"var corpNetwork = ['192.168.1.0/24', '10.100.0.0/16'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var user = context.currentKnownSubject;\",\" // Extracting the origin IP of the request\",\" var loginIp = context.request.ip;\",\" Log.info('User: ' + user.username + ' logged in from IP: ' + loginIp);\",\" // Checking if the IP is within the allowed range\",\" if (!isCorporateIP(loginIp, corpNetwork)) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\",\"\",\"// Function to convert ip address string to long value\",\"var convertIpToLong = function(ip) {\",\" var components = ip.split('.');\",\" if (components) {\",\" var ipAddr = 0, pow = 1;\",\" for (var i = 3; i >= 0; i -= 1) {\",\" ipAddr += pow * parseInt(components[i]);\",\" pow *= 256;\",\" }\",\" return ipAddr;\",\" } else {\",\" return -1;\",\" }\",\"};\",\"\",\"// Function to check if the ip address is within the given subnet\",\"var isCorporateIP = function(ip, subnets) {\",\" var subnetLength = subnets.length;\",\" for (var i = 0; i < subnetLength; i++) {\",\" var subnetComponents = subnets[i].split('/');\",\" var minHost = convertIpToLong(subnetComponents[0]);\",\" var ipAddr = convertIpToLong(ip);\",\" var mask = subnetComponents[1];\",\" if (subnetComponents && minHost >= 0) {\",\" var numHosts = Math.pow(2, 32 - parseInt(mask));\",\" if ((ipAddr >= minHost) && (ipAddr <= minHost + numHosts - 1)) {\",\" return true;\",\" }\",\" }\",\" }\",\" return false;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"corpNetwork\":\"An array of ip ranges which should bypass 2FA\"},\"name\":\"IP-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"IP-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are from one of the given user store domains.\",\"preRequisites\":[\"Change the userStoresToStepUp parameter to an array of user store domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User+Store-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected set of user stores.\",\"// If the user is in one of the following user stores, user will be prompted 2FA\",\"var userStoresToStepUp = ['EMPLOYEES', 'CONTRACTORS'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting user store domain of authenticated subject from the first step\",\" var userStoreDomain = context.currentKnownSubject.userStoreDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (userStoresToStepUp.indexOf(userStoreDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"userStoresToStepUp\":\"An array of user store domains of which users are required to use 2FA\"},\"name\":\"User Store-Based\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"runTime\":\"any\",\"category\":\"AdaptiveMFA\",\"title\":\"User Store-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Send an email notification and/or prompts 2FA to the users who is logging in from a previously unused device. A cookie is used to identify whether the device has been used before.\",\"preRequisites\":[\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\",\"Change the parameters detailed below to reflect your requirements\"],\"img\":\"./images/user.png\",\"code\":[\"// This script will step up authentication and send email notification in case of\",\"// a user being logging in from a new device (identified by a cookie).\",\"\",\"// Amount of time in seconds to remember a device. Set to 2 years below.\",\"var deviceRememberPeriod = 60 * 60 * 24 * 365 * 2;\",\"\",\"// Cookie name to be set\",\"var cookieName = 'deviceAuth';\",\"\",\"// Whether to send a notification on new device login\",\"var sendNotification = true;\",\"\",\"// Whether to step up authentication for new device login\",\"var stepUpAuthentication = true;\",\"\",\"// Email template to be used for new device login notification\",\"var emailTemplate = 'UnseenDeviceLogin';\",\"\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" subject = context.currentKnownSubject;\",\" if (!validateCookie(context, subject)) {\",\" Log.debug('New device login for ' + subject.identifier);\",\"\",\" if (sendNotification === true) {\",\" var templatePlaceholders = {\",\" 'username': subject.identifier,\",\" 'login-time': new Date().toUTCString()\",\" };\",\" var isSent = sendEmail(subject, emailTemplate, templatePlaceholders);\",\" if (isSent) {\",\" Log.debug('New device login notification sent to ' + subject.identifier);\",\" } else {\",\" Log.debug('New device login notification sending failed to ' + subject.identifier);\",\" }\",\" }\",\"\",\" if (stepUpAuthentication === true) {\",\" Log.debug('Stepping up authentication due to a new device login for ' + subject.identifier);\",\" executeStep(2, {\",\" onSuccess: function (context) {\",\" setCookie(context.response, cookieName, subject.identifier, {\",\" 'sign': true,\",\" 'max-age': deviceRememberPeriod,\",\" 'sameSite': 'LAX'\",\" });\",\" }\",\" });\",\" }\",\" }\",\" }\",\" });\",\"};\",\"\",\"//Validate if the user has a valid cookie with the value as subject's username\",\"var validateCookie = function(context, subject) {\",\" var cookieVal = getCookieValue(context.request, cookieName, {'validateSignature': true});\",\" return subject.identifier === cookieVal;\",\"};\",\"\"],\"parametersDescription\":{\"sendNotification\":\"Whether to send email notifications to the users\",\"stepUpAuthentication\":\"Whether to step up the authentication\",\"cookieName\":\"Cookie name to be used for device identification\",\"deviceRememberPeriod\":\"How long should this device be remembered as trusted. Once this time passed, login attempts will be considered as new device logins\"},\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"title\":\"New-Device-Based Authentication Template\",\"authenticationSteps\":2,\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+New-Device-Based+Adaptive+Authentication\",\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"name\":\"New-Device-Based\",\"runTime\":\"any\",\"category\":\"AdaptiveMFA\"},{\"summary\":\"Prompts 2FA to the users who are from one of the given tenants.\",\"preRequisites\":[\"Service provider should be registered as a SAAS Application.\",\"Change the tenantsToStepUp parameter to an array of tenant domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Tenant-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected\",\"// set of tenants.\",\"// The app is assumed to be a SAAS app here which can be accessed by any tenant\",\"\",\"// If the user is in one of the following tenants, user will be prompted 2FA\",\"var tenantsToStepUp = ['abc.com', 'xyz.com'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting tenant domain of authenticated subject from the first step\",\" var userTenantDomain = context.currentKnownSubject.tenantDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (tenantsToStepUp.indexOf(userTenantDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"tenantsToStepUp\":\"An array of tenants of which users are required to use 2FA\"},\"name\":\"Tenant-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Tenant-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are successfully logging after specific number of failed login attempts.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will step up authentication for any user who has exceeded 3 invalid login attempts continuously.\",\"// This variable is used to define the number of invalid attempts allowed before prompting the second facto.\",\"var invalidAttemptsToStepup = 3;\",\"\",\"var failedLoginAttemptsBeforeSuccessClaim= 'http://wso2.org/claims/identity/failedLoginAttemptsBeforeSuccess';\",\"var onLoginRequest = function(context) {\",\" doLogin(context);\",\"};\",\"\",\"var doLogin = function(context) {\",\" executeStep(1, {\",\" onSuccess : function(context){\",\" var user = context.steps[1].subject;\",\" if (isExceedInvalidAttempts(user)) {\",\" executeStep(2, {\",\" onSuccess : function(context) {\",\" var user = context.steps[1].subject;\",\" user.localClaims[failedLoginAttemptsBeforeSuccessClaim] = \\\"0\\\";\",\" }\",\" });\",\" }\",\" },\",\" onFail : function(context) {\",\" // Retry the login..\",\" doLogin(context);\",\" }\",\" });\",\"};\",\"\",\"var isExceedInvalidAttempts = function(user) {\",\" if (user.localClaims[failedLoginAttemptsBeforeSuccessClaim] >= invalidAttemptsToStepup) {\",\" return true;\",\" } else {\",\" return false;\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"invalidAttemptsToStepup\":\"Minimum number of attempts made by a user to prompt 2FA.\"},\"name\":\"Login-Attempts-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Login-Attempts-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belongs to any of the given set of roles which are associated to the application.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/role-based-template/\",\"code\":[\"// This script will step up authentication for any user belonging\",\"// to one of the given roles\",\"// If the user has any of the below roles, authentication will be stepped up\",\"var rolesToStepUp = ['admin', 'manager'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users need to enforce 2FA.\"},\"name\":\"Role-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Role-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Define conditional authentication by risk score value calculated from ELK.\",\"preRequisites\":[\"Change elasticsearch domain with the port.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/learn/configuring-risk-based-adaptive-authentication/\",\"code\":[\"// Define conditional authentication by risk score value calculated from ELK analytics.\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callElastic({'username': username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.risk_score);\",\" if (data.risk_score > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call ELK');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"duration\":\"[optional] Aggregation time period from current timestamp. (Default: '5m')\",\"riskLogic\":\"[optional] Elastic map script to calculate the summation of values. (Default: 'state.sum.add(doc['amount'].value);')\",\"index\":\"[optional] Elasticsearch index to calculate the risk score. (Default: 'transaction')\",\"threshold\":\"[optional] Threshold summation value to identify as a risk. (Default: '10000')\",\"username\":\"Current login context username.\"},\"name\":\"ELK-Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ELK Risk-Based 2FA Template\",\"authenticationSteps\":2}],\"icon\":\"./images/adaptive-mfa-template.png\",\"order\":2},\"uncategorized\":{\"displayName\":\"Uncategorized\",\"order\":10000},\"AccessControl\":{\"displayName\":\"Access Control\",\"templates\":[{\"summary\":\"Allow login to application if the user's age is over configured value. User's age is calculated using the user's date of birth attribute.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User-Age-Based+Adaptive+Authentication\",\"code\":[\"// This script will only allow login to application if the user's age is over configured value\",\"// The user will be redirected to an error page if the date of birth is not present or user is below configured value\",\"\",\"var ageLimit = 18;\",\"\",\"// Error page to redirect unauthorized users,\",\"// can be either an absolute url or relative url to server root, or empty/null\",\"// null/empty value will redirect to the default error page\",\"var errorPage = '';\",\"\",\"// Additional query params to be added to the above url.\",\"// Hint: Use i18n keys for error messages\",\"var errorPageParameters = {\",\" 'status': 'Unauthorized',\",\" 'statusMsg': 'You need to be over ' + ageLimit + ' years to login to this application.'\",\"};\",\"\",\"// Date of birth attribute at the client side\",\"var dateOfBirthClaim = 'http://wso2.org/claims/dob';\",\"\",\"// The validator function for DOB. Default validation check if the DOB is in YYYY-MM-dd format\",\"var validateDOB = function (dob) {\",\" return dob.match(/^(\\\\d{4})-(\\\\d{2})-(\\\\d{2})$/);\",\"};\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var underAge = true;\",\" // Extracting user store domain of authenticated subject from the first step\",\" var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];\",\" Log.debug('DOB of user ' + context.currentKnownSubject.identifier + ' is : ' + dob);\",\" if (dob && validateDOB(dob)) {\",\" var birthDate = new Date(dob);\",\" if (getAge(birthDate) >= ageLimit) {\",\" underAge = false;\",\" }\",\" }\",\" if (underAge === true) {\",\" Log.debug('User ' + context.currentKnownSubject.identifier + ' is under aged. Hence denied to login.');\",\" sendError(errorPage, errorPageParameters);\",\" }\",\" }\",\" });\",\"};\",\"\",\"var getAge = function(birthDate) {\",\" var today = new Date();\",\" var age = today.getFullYear() - birthDate.getFullYear();\",\" var m = today.getMonth() - birthDate.getMonth();\",\" if (m < 0 || (m === 0 && today.getDate() < birthDate.getDate())) {\",\" age--;\",\" }\",\" return age;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\"},\"parametersDescription\":{\"ageLimit\":\"Minimum age required for the user to login to the application\",\"errorPage\":\"Error page to redirect user, if the age limit is below ageLimit\",\"errorPageParameters\":\"Parameters to be passed to the error page\"},\"name\":\"User-Age-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"AccessControl\",\"title\":\"User-Age-Based Authentication Template\",\"authenticationSteps\":1},{\"summary\":\"Prompts session handling to the users who belongs to any of the given set of roles which are associated to the application based on currently active session count.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to prompt for session handling.\",\"Modify the maxSessionCount parameter as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/concurrent-session-based-template/\",\"code\":[\"// This script will prompt concurrent session handling\",\"// to one of the given roles\",\"// If the user has any of the below roles, concurrent session handling will be prompted\",\"// and it will either kill sessions or abort login based on number of active concurrent user sessions\",\"var rolesToStepUp = ['admin', 'manager'];\",\"var maxSessionCount = 1;\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\"\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2, {\",\" authenticatorParams: {\",\" local: {\",\" SessionExecutor: {\",\" MaxSessionCount: '1'\",\" }\",\" }\",\" }\",\" }, {});\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users should be prompted for session handling.\",\"MaxSessionCount\":\"Maximum number of allowed concurrent sessions for the role which a particular user belongs to.\"},\"name\":\"Session-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"SessionExecutor\"]}},\"category\":\"AccessControl\",\"title\":\"Concurrent Session Management Template with Roles\",\"authenticationSteps\":1}],\"icon\":\"./images/access-control-template.png\",\"order\":1},\"PasskeyEnrollment\":{\"displayName\":\"Passkey Enrollment\",\"templates\":[{\"summary\":\"If Passkey is set as a 1st authentication factor and there is a need to enable progressive Passkey enrollment, this adaptive script, along with the relevant connections configurations, should be added.\",\"preRequisites\":[\"Modify the 1st factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/passwordless-login/add-passwordless-login-with-passkey\",\"code\":[\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onFail: function(context) {\",\" var authenticatorStatus = context.request.params.scenario;\",\"\",\" // If it is a passkey progressive enrollment request trigger the following flow.\",\" if (authenticatorStatus != null && authenticatorStatus[0] == 'INIT_FIDO_ENROLL') {\",\" var filteredAuthenticationOptions = filterAuthenticators(context.steps[1].options, 'FIDOAuthenticator');\",\" executeStep(1, {\",\" stepOptions: {\",\" markAsSubjectIdentifierStep: 'true',\",\" markAsSubjectAttributeStep: 'true'\",\" },\",\" authenticationOptions: filteredAuthenticationOptions\",\" }, {\",\" onSuccess: function(context) {\",\" // If user got successfully authenticated \",\" executeStep(1, {\",\" stepOptions: {\",\" forceAuth: 'true'\",\" },\",\" authenticationOptions: [{\",\" authenticator: 'FIDOAuthenticator'\",\" }]\",\" }, {});\",\" },\",\" });\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Passkey and Basic (Password) authenticator.\"},\"name\":\"Passkey Progressive Enrollment\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\",\"FIDOAuthenticator\"]}},\"category\":\"PasskeyEnrollment\",\"title\":\"Passkey Progressive Enrollment Template\",\"authenticationSteps\":1}],\"icon\":\"./images/passkey-enrollment-template.png\",\"order\":4},\"UserAttributes\":{\"displayName\":\"User Attributes\",\"templates\":[{\"summary\":\"Office365 integration of WSO2 IS require role based, on-demand user provisioning. Therefore assign a given role specific to office365 for successfully authenticated users if not already assigned, in order to trigger the role based user provisioning.\",\"preRequisites\":[\"Create a new role specific for Office365.\",\"Change the assigningRoles parameter to a single element array with the role specific to office365.\",\"Modify the 1st factor authentication option from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/\",\"code\":[\"// This script will assign the below Office365 specific role to any user if not already assigned\",\"var roleToBeAssigned = ['Internal/office365Role'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is already assigned to the given Office365 specific role\",\" var hasRole = hasAnyOfTheRolesV2(context, roleToBeAssigned);\",\" if (!hasRole) {\",\" Log.info('Assigning role: ' + roleToBeAssigned.toString() + ' for the user:' + user.username);\",\" assignUserRolesV2(context, roleToBeAssigned);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"roleToBeAssigned\":\"A single element array with a given role specific for Office365.\"},\"name\":\"Update Office365 role\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"UserAttributes\",\"title\":\"Office365-Based Authentication Template\",\"authenticationSteps\":1}],\"icon\":\"./images/user-attributes-template.png\",\"order\":3}}" +} \ No newline at end of file From 23c7aa88db7241add4c7828065e0ae7072d60da1 Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Tue, 19 Dec 2023 06:07:40 +0000 Subject: [PATCH 10/42] Bump dependencies from IS_dependency_updater_github_action/7257456505 --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 533218290ba..da5ff01652f 100755 --- a/pom.xml +++ b/pom.xml @@ -2253,7 +2253,7 @@ 2.5.2 - 1.8.98 + 1.8.99 5.8.5 @@ -2365,9 +2365,9 @@ 1.2.40 - 2.10.31 - 2.2.65 - 2.0.101 + 2.10.38 + 2.2.68 + 2.0.105 1.6.373 From d2f7a6ddeeb6ac3406b9a41e0dce80f6be8a5a7a Mon Sep 17 00:00:00 2001 From: sahandilshan Date: Tue, 19 Dec 2023 12:29:24 +0530 Subject: [PATCH 11/42] Bump framework version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e1e8ed535ab..f573cffcd75 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.622 + 5.25.626 [5.14.67, 6.0.0] From f8a728c47c86c04c15abfec905f9919da9a76cc5 Mon Sep 17 00:00:00 2001 From: Nipun Thennakoon Date: Tue, 19 Dec 2023 12:52:15 +0530 Subject: [PATCH 12/42] Bump console version to 2.10.40 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index da5ff01652f..c7360942ab8 100755 --- a/pom.xml +++ b/pom.xml @@ -2365,7 +2365,7 @@ 1.2.40 - 2.10.38 + 2.10.40 2.2.68 2.0.105 1.6.373 From 5e290ab6c379ac50a2ef493ff30881383f8df5e3 Mon Sep 17 00:00:00 2001 From: sahandilshan Date: Tue, 19 Dec 2023 13:16:45 +0530 Subject: [PATCH 13/42] Bump framework version into 5.25.627 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index da5ff01652f..9ad18f0b73e 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.626 + 5.25.627 [5.14.67, 6.0.0] From 5e99a25bdcfc4a53e3296b3cb7f30b0a2c2809a7 Mon Sep 17 00:00:00 2001 From: sahandilshan Date: Tue, 19 Dec 2023 14:40:15 +0530 Subject: [PATCH 14/42] Fix review suggestions --- .../test/oauth2/OAuth2ServiceImplicitGrantTestCase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java index e6193ebec29..237c7276016 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/OAuth2ServiceImplicitGrantTestCase.java @@ -239,6 +239,6 @@ public void testValidateAccessToken() throws Exception { Assert.assertNotNull(responseObj, "Validate access token failed. response is invalid."); Assert.assertEquals(responseObj.get("active"), true, "Token Validation failed"); // Only the allowed scopes should be returned and Random Scope should not be returned. - Assert.assertTrue(StringUtils.equals((String) responseObj.get("scope"), VALID_SCOPES), "Token Validation failed"); + Assert.assertTrue(StringUtils.equals((String) responseObj.get("scope"), VALID_SCOPES), "Scope Validation failed"); } } From 69c5ccd93eefe67ebc768c31347cc1f6f577040c Mon Sep 17 00:00:00 2001 From: Amanda Ariyaratne Date: Wed, 20 Dec 2023 08:34:36 +0530 Subject: [PATCH 15/42] Bump framework version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4435d20e6c0..9b92c053918 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.627 + 5.25.629 [5.14.67, 6.0.0] From fe927a51bed38968a5ab7af627c8d6c5ed1cadc7 Mon Sep 17 00:00:00 2001 From: kanapriya Date: Wed, 20 Dec 2023 12:03:03 +0530 Subject: [PATCH 16/42] Bump the organization management version Minor changes --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9b92c053918..4e526cab8db 100755 --- a/pom.xml +++ b/pom.xml @@ -2341,7 +2341,7 @@ 1.0.14 1.0.2 - 1.3.139 + 1.3.141 1.0.95 1.1.24 1.1.20 From 65c7e2bc95edff860328a03326936191e97b6bd4 Mon Sep 17 00:00:00 2001 From: sadilchamishka Date: Wed, 20 Dec 2023 19:28:28 +0530 Subject: [PATCH 17/42] Bump oauth version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9b92c053918..829d242424a 100755 --- a/pom.xml +++ b/pom.xml @@ -2264,7 +2264,7 @@ 5.11.30 - 6.11.229 + 6.11.230 5.9.5 5.10.19 5.7.4 From e1d7aeb39e498bc85a112de8dfc98e3e742cc7a1 Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Wed, 20 Dec 2023 16:24:09 +0000 Subject: [PATCH 18/42] Bump dependencies from IS_dependency_updater_github_action/7277128303 --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 4e526cab8db..80c99159c9c 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.629 + 5.25.632 [5.14.67, 6.0.0] @@ -2264,7 +2264,7 @@ 5.11.30 - 6.11.229 + 6.11.230 5.9.5 5.10.19 5.7.4 @@ -2365,8 +2365,8 @@ 1.2.40 - 2.10.40 - 2.2.68 + 2.10.41 + 2.2.70 2.0.105 1.6.373 From eabd34e27d86f74d34f0e8e568648900e39b1f28 Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Thu, 21 Dec 2023 01:02:54 +0000 Subject: [PATCH 19/42] Bump dependencies from IS_dependency_updater_github_action/7281967118 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 80c99159c9c..d3cf4852201 100755 --- a/pom.xml +++ b/pom.xml @@ -2365,9 +2365,9 @@ 1.2.40 - 2.10.41 + 2.10.42 2.2.70 - 2.0.105 + 2.0.106 1.6.373 From 5694430c4df460d63a15a61db6b51982df653f42 Mon Sep 17 00:00:00 2001 From: Thisara-Welmilla Date: Thu, 21 Dec 2023 12:08:37 +0530 Subject: [PATCH 20/42] Bump carbon.kernel.version to 4.9.20. --- modules/p2-profile-gen/carbon.product | 4 ++-- pom.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/p2-profile-gen/carbon.product b/modules/p2-profile-gen/carbon.product index 3bef6ee9052..ad0d4971883 100644 --- a/modules/p2-profile-gen/carbon.product +++ b/modules/p2-profile-gen/carbon.product @@ -2,7 +2,7 @@ +version="4.9.20" useFeatures="true" includeLaunchers="true"> @@ -14,7 +14,7 @@ version="4.9.19" useFeatures="true" includeLaunchers="true"> - + diff --git a/pom.xml b/pom.xml index d3cf4852201..b00a1f8201d 100755 --- a/pom.xml +++ b/pom.xml @@ -2374,7 +2374,7 @@ 3.4.1 - 4.9.19 + 4.9.20 1.0.6 From 687988982a72b107087f8a1c33ce47efaa33c024 Mon Sep 17 00:00:00 2001 From: Pasindu Yeshan <61885844+PasinduYeshan@users.noreply.github.com> Date: Thu, 21 Dec 2023 14:44:21 +0530 Subject: [PATCH 21/42] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d3cf4852201..a0b6fd67c3a 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.632 + 5.25.634 [5.14.67, 6.0.0] From 836a51337f51efe9addc40dbfb8e820152e476d3 Mon Sep 17 00:00:00 2001 From: Nipun Thennakoon Date: Thu, 21 Dec 2023 18:09:55 +0530 Subject: [PATCH 22/42] Bump console version to 2.10.47 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 75e08cb1bfb..6b9f73315f8 100755 --- a/pom.xml +++ b/pom.xml @@ -2365,7 +2365,7 @@ 1.2.40 - 2.10.42 + 2.10.47 2.2.70 2.0.106 1.6.373 From 7106fee642493cd5624a706a3e383895033aef8c Mon Sep 17 00:00:00 2001 From: UdeshAthukorala Date: Fri, 22 Dec 2023 08:44:08 +0530 Subject: [PATCH 23/42] Update identity.inbound.auth.sts version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6b9f73315f8..1f9dd74c177 100755 --- a/pom.xml +++ b/pom.xml @@ -2266,7 +2266,7 @@ 5.11.30 6.11.230 5.9.5 - 5.10.19 + 5.10.20 5.7.4 3.4.52 From 2fbe016908e5963ed0961dc450e6759291ef4494 Mon Sep 17 00:00:00 2001 From: sahandilshan Date: Fri, 22 Dec 2023 08:44:16 +0530 Subject: [PATCH 24/42] Update the authentication templates helpLinks --- .../api/server/application/management/v1/adaptive-metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json index 40b1381f0d9..b2291b419df 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/org/wso2/identity/integration/test/rest/api/server/application/management/v1/adaptive-metadata.json @@ -1,3 +1,3 @@ { - "templatesJSON":"{\"AdaptiveMFA\":{\"displayName\":\"Adaptive MFA\",\"templates\":[{\"summary\":\"Define conditional authentication by passing one or many Authentication Context Class References as comma separated values.\",\"preRequisites\":[\"Change the supportedAcrValues parameter to an array of ACR Levels.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+ACR-Based+Adaptive+Authentication\",\"code\":[\"// Define conditional authentication by passing one or many Authentication Context Class References \",\"// as comma separated values.\",\"\",\"// Specify the ordered list of ACR here.\",\"var supportedAcrValues = ['acr1', 'acr2', 'acr3'];\",\"\",\"var onLoginRequest = function(context) {\",\" var selectedAcr = selectAcrFrom(context, supportedAcrValues);\",\" Log.info('--------------- ACR selected: ' + selectedAcr);\",\" context.selectedAcr = selectedAcr;\",\" switch (selectedAcr) {\",\" case supportedAcrValues[0] :\",\" executeStep(1);\",\" break;\",\" case supportedAcrValues[1] :\",\" executeStep(1);\",\" executeStep(2);\",\" break;\",\" case supportedAcrValues[2] :\",\" executeStep(1);\",\" executeStep(3);\",\" break;\",\" default :\",\" executeStep(1);\",\" executeStep(2);\",\" executeStep(3);\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\",\"Step 3\":\"FIDO authenticator\"},\"parametersDescription\":{\"supportedAcrValues\":\"An array of ACRs ordered by the level\"},\"name\":\"ACR-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]},\"3\":{\"federated\":[],\"local\":[\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ACR-Based 2FA Template\",\"authenticationSteps\":3},{\"summary\":\"Define conditional authentication by risk score value calculated from analytics engine.\",\"preRequisites\":[\"Change the siddhiApplication and siddhiInputStream according to the Siddhi application you have deployed in the Stream Processor.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Risk-Based+Adaptive+Authentication\",\"code\":[\"// [Deprecated - Use ELK-Risk-Based with ELK analytics integration]\",\"\",\"// Define conditional authentication by risk score value calculated from analytics engine.\",\"\",\"// Specify the Siddhi application name.\",\"var siddhiApplication = 'RiskBasedLogin';\",\"// Specify the Siddhi input stream name.\",\"var siddhiInputStream = 'InputStream';\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callAnalytics({'Application':siddhiApplication,'InputStream':siddhiInputStream}, {'username':username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.event.riskScore);\",\" if (data.event.riskScore > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call analytics engine');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"siddhiApplication\":\"Name of the Siddhi application in the Stream processor\",\"siddhiInputStream\":\"Name of the input stream in the above Siddhi application\"},\"name\":\"[Deprecated] Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Risk-Based 2FA Template [Deprecated]\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belong to any of the given sets of groups.\",\"preRequisites\":[\"Change the groupList parameter to an array of groups for which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"code\":[\"// This script will step up authentication for any user who belongs\",\"// to one of the given groups.\",\"// If the user is a member of the following groups, authentication will be stepped up\",\"var groupsToStepUp = ['manager','employee'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step.\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given groups.\",\" var isMember = isMemberOfAnyOfGroups(user, groupsToStepUp);\",\" if (isMember) {\",\" Log.info(user.username + ' is a member of one of the groups: ' + groupsToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"groupsToStepUp\":\"An array of groups for which users need to enforce 2FA.\"},\"name\":\"Group-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Group-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are logging outside of the given ip range.\",\"preRequisites\":[\"Change the corpNetwork parameter to an array of ip ranges that should bypass 2FA\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+IP-Based+Adaptive+Authentication\",\"code\":[\"// This script will step up authentication for any user who are trying to log in outside from the configured network\",\"\",\"// Configure the network ranges here\",\"var corpNetwork = ['192.168.1.0/24', '10.100.0.0/16'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var user = context.currentKnownSubject;\",\" // Extracting the origin IP of the request\",\" var loginIp = context.request.ip;\",\" Log.info('User: ' + user.username + ' logged in from IP: ' + loginIp);\",\" // Checking if the IP is within the allowed range\",\" if (!isCorporateIP(loginIp, corpNetwork)) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\",\"\",\"// Function to convert ip address string to long value\",\"var convertIpToLong = function(ip) {\",\" var components = ip.split('.');\",\" if (components) {\",\" var ipAddr = 0, pow = 1;\",\" for (var i = 3; i >= 0; i -= 1) {\",\" ipAddr += pow * parseInt(components[i]);\",\" pow *= 256;\",\" }\",\" return ipAddr;\",\" } else {\",\" return -1;\",\" }\",\"};\",\"\",\"// Function to check if the ip address is within the given subnet\",\"var isCorporateIP = function(ip, subnets) {\",\" var subnetLength = subnets.length;\",\" for (var i = 0; i < subnetLength; i++) {\",\" var subnetComponents = subnets[i].split('/');\",\" var minHost = convertIpToLong(subnetComponents[0]);\",\" var ipAddr = convertIpToLong(ip);\",\" var mask = subnetComponents[1];\",\" if (subnetComponents && minHost >= 0) {\",\" var numHosts = Math.pow(2, 32 - parseInt(mask));\",\" if ((ipAddr >= minHost) && (ipAddr <= minHost + numHosts - 1)) {\",\" return true;\",\" }\",\" }\",\" }\",\" return false;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"corpNetwork\":\"An array of ip ranges which should bypass 2FA\"},\"name\":\"IP-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"IP-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are from one of the given user store domains.\",\"preRequisites\":[\"Change the userStoresToStepUp parameter to an array of user store domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User+Store-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected set of user stores.\",\"// If the user is in one of the following user stores, user will be prompted 2FA\",\"var userStoresToStepUp = ['EMPLOYEES', 'CONTRACTORS'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting user store domain of authenticated subject from the first step\",\" var userStoreDomain = context.currentKnownSubject.userStoreDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (userStoresToStepUp.indexOf(userStoreDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"userStoresToStepUp\":\"An array of user store domains of which users are required to use 2FA\"},\"name\":\"User Store-Based\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"runTime\":\"any\",\"category\":\"AdaptiveMFA\",\"title\":\"User Store-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Send an email notification and/or prompts 2FA to the users who is logging in from a previously unused device. A cookie is used to identify whether the device has been used before.\",\"preRequisites\":[\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\",\"Change the parameters detailed below to reflect your requirements\"],\"img\":\"./images/user.png\",\"code\":[\"// This script will step up authentication and send email notification in case of\",\"// a user being logging in from a new device (identified by a cookie).\",\"\",\"// Amount of time in seconds to remember a device. Set to 2 years below.\",\"var deviceRememberPeriod = 60 * 60 * 24 * 365 * 2;\",\"\",\"// Cookie name to be set\",\"var cookieName = 'deviceAuth';\",\"\",\"// Whether to send a notification on new device login\",\"var sendNotification = true;\",\"\",\"// Whether to step up authentication for new device login\",\"var stepUpAuthentication = true;\",\"\",\"// Email template to be used for new device login notification\",\"var emailTemplate = 'UnseenDeviceLogin';\",\"\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" subject = context.currentKnownSubject;\",\" if (!validateCookie(context, subject)) {\",\" Log.debug('New device login for ' + subject.identifier);\",\"\",\" if (sendNotification === true) {\",\" var templatePlaceholders = {\",\" 'username': subject.identifier,\",\" 'login-time': new Date().toUTCString()\",\" };\",\" var isSent = sendEmail(subject, emailTemplate, templatePlaceholders);\",\" if (isSent) {\",\" Log.debug('New device login notification sent to ' + subject.identifier);\",\" } else {\",\" Log.debug('New device login notification sending failed to ' + subject.identifier);\",\" }\",\" }\",\"\",\" if (stepUpAuthentication === true) {\",\" Log.debug('Stepping up authentication due to a new device login for ' + subject.identifier);\",\" executeStep(2, {\",\" onSuccess: function (context) {\",\" setCookie(context.response, cookieName, subject.identifier, {\",\" 'sign': true,\",\" 'max-age': deviceRememberPeriod,\",\" 'sameSite': 'LAX'\",\" });\",\" }\",\" });\",\" }\",\" }\",\" }\",\" });\",\"};\",\"\",\"//Validate if the user has a valid cookie with the value as subject's username\",\"var validateCookie = function(context, subject) {\",\" var cookieVal = getCookieValue(context.request, cookieName, {'validateSignature': true});\",\" return subject.identifier === cookieVal;\",\"};\",\"\"],\"parametersDescription\":{\"sendNotification\":\"Whether to send email notifications to the users\",\"stepUpAuthentication\":\"Whether to step up the authentication\",\"cookieName\":\"Cookie name to be used for device identification\",\"deviceRememberPeriod\":\"How long should this device be remembered as trusted. Once this time passed, login attempts will be considered as new device logins\"},\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"title\":\"New-Device-Based Authentication Template\",\"authenticationSteps\":2,\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+New-Device-Based+Adaptive+Authentication\",\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"name\":\"New-Device-Based\",\"runTime\":\"any\",\"category\":\"AdaptiveMFA\"},{\"summary\":\"Prompts 2FA to the users who are from one of the given tenants.\",\"preRequisites\":[\"Service provider should be registered as a SAAS Application.\",\"Change the tenantsToStepUp parameter to an array of tenant domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+Tenant-Based+Adaptive+Authentication\",\"code\":[\"// This script will prompt 2FA to the app only for a selected\",\"// set of tenants.\",\"// The app is assumed to be a SAAS app here which can be accessed by any tenant\",\"\",\"// If the user is in one of the following tenants, user will be prompted 2FA\",\"var tenantsToStepUp = ['abc.com', 'xyz.com'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting tenant domain of authenticated subject from the first step\",\" var userTenantDomain = context.currentKnownSubject.tenantDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (tenantsToStepUp.indexOf(userTenantDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"tenantsToStepUp\":\"An array of tenants of which users are required to use 2FA\"},\"name\":\"Tenant-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Tenant-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are successfully logging after specific number of failed login attempts.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Adaptive+Authentication+Scenarios\",\"code\":[\"// This script will step up authentication for any user who has exceeded 3 invalid login attempts continuously.\",\"// This variable is used to define the number of invalid attempts allowed before prompting the second facto.\",\"var invalidAttemptsToStepup = 3;\",\"\",\"var failedLoginAttemptsBeforeSuccessClaim= 'http://wso2.org/claims/identity/failedLoginAttemptsBeforeSuccess';\",\"var onLoginRequest = function(context) {\",\" doLogin(context);\",\"};\",\"\",\"var doLogin = function(context) {\",\" executeStep(1, {\",\" onSuccess : function(context){\",\" var user = context.steps[1].subject;\",\" if (isExceedInvalidAttempts(user)) {\",\" executeStep(2, {\",\" onSuccess : function(context) {\",\" var user = context.steps[1].subject;\",\" user.localClaims[failedLoginAttemptsBeforeSuccessClaim] = \\\"0\\\";\",\" }\",\" });\",\" }\",\" },\",\" onFail : function(context) {\",\" // Retry the login..\",\" doLogin(context);\",\" }\",\" });\",\"};\",\"\",\"var isExceedInvalidAttempts = function(user) {\",\" if (user.localClaims[failedLoginAttemptsBeforeSuccessClaim] >= invalidAttemptsToStepup) {\",\" return true;\",\" } else {\",\" return false;\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"invalidAttemptsToStepup\":\"Minimum number of attempts made by a user to prompt 2FA.\"},\"name\":\"Login-Attempts-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Login-Attempts-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belongs to any of the given set of roles which are associated to the application.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/role-based-template/\",\"code\":[\"// This script will step up authentication for any user belonging\",\"// to one of the given roles\",\"// If the user has any of the below roles, authentication will be stepped up\",\"var rolesToStepUp = ['admin', 'manager'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users need to enforce 2FA.\"},\"name\":\"Role-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Role-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Define conditional authentication by risk score value calculated from ELK.\",\"preRequisites\":[\"Change elasticsearch domain with the port.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/learn/configuring-risk-based-adaptive-authentication/\",\"code\":[\"// Define conditional authentication by risk score value calculated from ELK analytics.\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callElastic({'username': username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.risk_score);\",\" if (data.risk_score > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call ELK');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"duration\":\"[optional] Aggregation time period from current timestamp. (Default: '5m')\",\"riskLogic\":\"[optional] Elastic map script to calculate the summation of values. (Default: 'state.sum.add(doc['amount'].value);')\",\"index\":\"[optional] Elasticsearch index to calculate the risk score. (Default: 'transaction')\",\"threshold\":\"[optional] Threshold summation value to identify as a risk. (Default: '10000')\",\"username\":\"Current login context username.\"},\"name\":\"ELK-Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ELK Risk-Based 2FA Template\",\"authenticationSteps\":2}],\"icon\":\"./images/adaptive-mfa-template.png\",\"order\":2},\"uncategorized\":{\"displayName\":\"Uncategorized\",\"order\":10000},\"AccessControl\":{\"displayName\":\"Access Control\",\"templates\":[{\"summary\":\"Allow login to application if the user's age is over configured value. User's age is calculated using the user's date of birth attribute.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://docs.wso2.com/display/IS570/Configuring+User-Age-Based+Adaptive+Authentication\",\"code\":[\"// This script will only allow login to application if the user's age is over configured value\",\"// The user will be redirected to an error page if the date of birth is not present or user is below configured value\",\"\",\"var ageLimit = 18;\",\"\",\"// Error page to redirect unauthorized users,\",\"// can be either an absolute url or relative url to server root, or empty/null\",\"// null/empty value will redirect to the default error page\",\"var errorPage = '';\",\"\",\"// Additional query params to be added to the above url.\",\"// Hint: Use i18n keys for error messages\",\"var errorPageParameters = {\",\" 'status': 'Unauthorized',\",\" 'statusMsg': 'You need to be over ' + ageLimit + ' years to login to this application.'\",\"};\",\"\",\"// Date of birth attribute at the client side\",\"var dateOfBirthClaim = 'http://wso2.org/claims/dob';\",\"\",\"// The validator function for DOB. Default validation check if the DOB is in YYYY-MM-dd format\",\"var validateDOB = function (dob) {\",\" return dob.match(/^(\\\\d{4})-(\\\\d{2})-(\\\\d{2})$/);\",\"};\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var underAge = true;\",\" // Extracting user store domain of authenticated subject from the first step\",\" var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];\",\" Log.debug('DOB of user ' + context.currentKnownSubject.identifier + ' is : ' + dob);\",\" if (dob && validateDOB(dob)) {\",\" var birthDate = new Date(dob);\",\" if (getAge(birthDate) >= ageLimit) {\",\" underAge = false;\",\" }\",\" }\",\" if (underAge === true) {\",\" Log.debug('User ' + context.currentKnownSubject.identifier + ' is under aged. Hence denied to login.');\",\" sendError(errorPage, errorPageParameters);\",\" }\",\" }\",\" });\",\"};\",\"\",\"var getAge = function(birthDate) {\",\" var today = new Date();\",\" var age = today.getFullYear() - birthDate.getFullYear();\",\" var m = today.getMonth() - birthDate.getMonth();\",\" if (m < 0 || (m === 0 && today.getDate() < birthDate.getDate())) {\",\" age--;\",\" }\",\" return age;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\"},\"parametersDescription\":{\"ageLimit\":\"Minimum age required for the user to login to the application\",\"errorPage\":\"Error page to redirect user, if the age limit is below ageLimit\",\"errorPageParameters\":\"Parameters to be passed to the error page\"},\"name\":\"User-Age-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"AccessControl\",\"title\":\"User-Age-Based Authentication Template\",\"authenticationSteps\":1},{\"summary\":\"Prompts session handling to the users who belongs to any of the given set of roles which are associated to the application based on currently active session count.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to prompt for session handling.\",\"Modify the maxSessionCount parameter as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/concurrent-session-based-template/\",\"code\":[\"// This script will prompt concurrent session handling\",\"// to one of the given roles\",\"// If the user has any of the below roles, concurrent session handling will be prompted\",\"// and it will either kill sessions or abort login based on number of active concurrent user sessions\",\"var rolesToStepUp = ['admin', 'manager'];\",\"var maxSessionCount = 1;\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\"\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2, {\",\" authenticatorParams: {\",\" local: {\",\" SessionExecutor: {\",\" MaxSessionCount: '1'\",\" }\",\" }\",\" }\",\" }, {});\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users should be prompted for session handling.\",\"MaxSessionCount\":\"Maximum number of allowed concurrent sessions for the role which a particular user belongs to.\"},\"name\":\"Session-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"SessionExecutor\"]}},\"category\":\"AccessControl\",\"title\":\"Concurrent Session Management Template with Roles\",\"authenticationSteps\":1}],\"icon\":\"./images/access-control-template.png\",\"order\":1},\"PasskeyEnrollment\":{\"displayName\":\"Passkey Enrollment\",\"templates\":[{\"summary\":\"If Passkey is set as a 1st authentication factor and there is a need to enable progressive Passkey enrollment, this adaptive script, along with the relevant connections configurations, should be added.\",\"preRequisites\":[\"Modify the 1st factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/passwordless-login/add-passwordless-login-with-passkey\",\"code\":[\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onFail: function(context) {\",\" var authenticatorStatus = context.request.params.scenario;\",\"\",\" // If it is a passkey progressive enrollment request trigger the following flow.\",\" if (authenticatorStatus != null && authenticatorStatus[0] == 'INIT_FIDO_ENROLL') {\",\" var filteredAuthenticationOptions = filterAuthenticators(context.steps[1].options, 'FIDOAuthenticator');\",\" executeStep(1, {\",\" stepOptions: {\",\" markAsSubjectIdentifierStep: 'true',\",\" markAsSubjectAttributeStep: 'true'\",\" },\",\" authenticationOptions: filteredAuthenticationOptions\",\" }, {\",\" onSuccess: function(context) {\",\" // If user got successfully authenticated \",\" executeStep(1, {\",\" stepOptions: {\",\" forceAuth: 'true'\",\" },\",\" authenticationOptions: [{\",\" authenticator: 'FIDOAuthenticator'\",\" }]\",\" }, {});\",\" },\",\" });\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Passkey and Basic (Password) authenticator.\"},\"name\":\"Passkey Progressive Enrollment\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\",\"FIDOAuthenticator\"]}},\"category\":\"PasskeyEnrollment\",\"title\":\"Passkey Progressive Enrollment Template\",\"authenticationSteps\":1}],\"icon\":\"./images/passkey-enrollment-template.png\",\"order\":4},\"UserAttributes\":{\"displayName\":\"User Attributes\",\"templates\":[{\"summary\":\"Office365 integration of WSO2 IS require role based, on-demand user provisioning. Therefore assign a given role specific to office365 for successfully authenticated users if not already assigned, in order to trigger the role based user provisioning.\",\"preRequisites\":[\"Create a new role specific for Office365.\",\"Change the assigningRoles parameter to a single element array with the role specific to office365.\",\"Modify the 1st factor authentication option from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/\",\"code\":[\"// This script will assign the below Office365 specific role to any user if not already assigned\",\"var roleToBeAssigned = ['Internal/office365Role'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is already assigned to the given Office365 specific role\",\" var hasRole = hasAnyOfTheRolesV2(context, roleToBeAssigned);\",\" if (!hasRole) {\",\" Log.info('Assigning role: ' + roleToBeAssigned.toString() + ' for the user:' + user.username);\",\" assignUserRolesV2(context, roleToBeAssigned);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"roleToBeAssigned\":\"A single element array with a given role specific for Office365.\"},\"name\":\"Update Office365 role\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"UserAttributes\",\"title\":\"Office365-Based Authentication Template\",\"authenticationSteps\":1}],\"icon\":\"./images/user-attributes-template.png\",\"order\":3}}" + "templatesJSON":"{\"AdaptiveMFA\":{\"displayName\":\"Adaptive MFA\",\"templates\":[{\"summary\":\"Define conditional authentication by passing one or many Authentication Context Class References as comma separated values.\",\"preRequisites\":[\"Change the supportedAcrValues parameter to an array of ACR Levels.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/acr-based-adaptive-auth/\",\"code\":[\"// Define conditional authentication by passing one or many Authentication Context Class References \",\"// as comma separated values.\",\"\",\"// Specify the ordered list of ACR here.\",\"var supportedAcrValues = ['acr1', 'acr2', 'acr3'];\",\"\",\"var onLoginRequest = function(context) {\",\" var selectedAcr = selectAcrFrom(context, supportedAcrValues);\",\" Log.info('--------------- ACR selected: ' + selectedAcr);\",\" context.selectedAcr = selectedAcr;\",\" switch (selectedAcr) {\",\" case supportedAcrValues[0] :\",\" executeStep(1);\",\" break;\",\" case supportedAcrValues[1] :\",\" executeStep(1);\",\" executeStep(2);\",\" break;\",\" case supportedAcrValues[2] :\",\" executeStep(1);\",\" executeStep(3);\",\" break;\",\" default :\",\" executeStep(1);\",\" executeStep(2);\",\" executeStep(3);\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\",\"Step 3\":\"FIDO authenticator\"},\"parametersDescription\":{\"supportedAcrValues\":\"An array of ACRs ordered by the level\"},\"name\":\"ACR-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]},\"3\":{\"federated\":[],\"local\":[\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ACR-Based 2FA Template\",\"authenticationSteps\":3},{\"summary\":\"Define conditional authentication by risk score value calculated from analytics engine.\",\"preRequisites\":[\"Change the siddhiApplication and siddhiInputStream according to the Siddhi application you have deployed in the Stream Processor.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/\",\"code\":[\"// [Deprecated - Use ELK-Risk-Based with ELK analytics integration]\",\"\",\"// Define conditional authentication by risk score value calculated from analytics engine.\",\"\",\"// Specify the Siddhi application name.\",\"var siddhiApplication = 'RiskBasedLogin';\",\"// Specify the Siddhi input stream name.\",\"var siddhiInputStream = 'InputStream';\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callAnalytics({'Application':siddhiApplication,'InputStream':siddhiInputStream}, {'username':username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.event.riskScore);\",\" if (data.event.riskScore > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call analytics engine');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"siddhiApplication\":\"Name of the Siddhi application in the Stream processor\",\"siddhiInputStream\":\"Name of the input stream in the above Siddhi application\"},\"name\":\"[Deprecated] Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Risk-Based 2FA Template [Deprecated]\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belong to any of the given sets of groups.\",\"preRequisites\":[\"Change the groupList parameter to an array of groups for which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/group-based-template/\",\"code\":[\"// This script will step up authentication for any user who belongs\",\"// to one of the given groups.\",\"// If the user is a member of the following groups, authentication will be stepped up\",\"var groupsToStepUp = ['manager','employee'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step.\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given groups.\",\" var isMember = isMemberOfAnyOfGroups(user, groupsToStepUp);\",\" if (isMember) {\",\" Log.info(user.username + ' is a member of one of the groups: ' + groupsToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"groupsToStepUp\":\"An array of groups for which users need to enforce 2FA.\"},\"name\":\"Group-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Group-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are logging outside of the given ip range.\",\"preRequisites\":[\"Change the corpNetwork parameter to an array of ip ranges that should bypass 2FA\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/ip-based-template/\",\"code\":[\"// This script will step up authentication for any user who are trying to log in outside from the configured network\",\"\",\"// Configure the network ranges here\",\"var corpNetwork = ['192.168.1.0/24', '10.100.0.0/16'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var user = context.currentKnownSubject;\",\" // Extracting the origin IP of the request\",\" var loginIp = context.request.ip;\",\" Log.info('User: ' + user.username + ' logged in from IP: ' + loginIp);\",\" // Checking if the IP is within the allowed range\",\" if (!isCorporateIP(loginIp, corpNetwork)) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\",\"\",\"// Function to convert ip address string to long value\",\"var convertIpToLong = function(ip) {\",\" var components = ip.split('.');\",\" if (components) {\",\" var ipAddr = 0, pow = 1;\",\" for (var i = 3; i >= 0; i -= 1) {\",\" ipAddr += pow * parseInt(components[i]);\",\" pow *= 256;\",\" }\",\" return ipAddr;\",\" } else {\",\" return -1;\",\" }\",\"};\",\"\",\"// Function to check if the ip address is within the given subnet\",\"var isCorporateIP = function(ip, subnets) {\",\" var subnetLength = subnets.length;\",\" for (var i = 0; i < subnetLength; i++) {\",\" var subnetComponents = subnets[i].split('/');\",\" var minHost = convertIpToLong(subnetComponents[0]);\",\" var ipAddr = convertIpToLong(ip);\",\" var mask = subnetComponents[1];\",\" if (subnetComponents && minHost >= 0) {\",\" var numHosts = Math.pow(2, 32 - parseInt(mask));\",\" if ((ipAddr >= minHost) && (ipAddr <= minHost + numHosts - 1)) {\",\" return true;\",\" }\",\" }\",\" }\",\" return false;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"corpNetwork\":\"An array of ip ranges which should bypass 2FA\"},\"name\":\"IP-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"IP-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are from one of the given user store domains.\",\"preRequisites\":[\"Change the userStoresToStepUp parameter to an array of user store domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/user-store-based-template/\",\"code\":[\"// This script will prompt 2FA to the app only for a selected set of user stores.\",\"// If the user is in one of the following user stores, user will be prompted 2FA\",\"var userStoresToStepUp = ['EMPLOYEES', 'CONTRACTORS'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting user store domain of authenticated subject from the first step\",\" var userStoreDomain = context.currentKnownSubject.userStoreDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (userStoresToStepUp.indexOf(userStoreDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"userStoresToStepUp\":\"An array of user store domains of which users are required to use 2FA\"},\"name\":\"User Store-Based\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"runTime\":\"any\",\"category\":\"AdaptiveMFA\",\"title\":\"User Store-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Send an email notification and/or prompts 2FA to the users who is logging in from a previously unused device. A cookie is used to identify whether the device has been used before.\",\"preRequisites\":[\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\",\"Change the parameters detailed below to reflect your requirements\"],\"img\":\"./images/user.png\",\"code\":[\"// This script will step up authentication and send email notification in case of\",\"// a user being logging in from a new device (identified by a cookie).\",\"\",\"// Amount of time in seconds to remember a device. Set to 2 years below.\",\"var deviceRememberPeriod = 60 * 60 * 24 * 365 * 2;\",\"\",\"// Cookie name to be set\",\"var cookieName = 'deviceAuth';\",\"\",\"// Whether to send a notification on new device login\",\"var sendNotification = true;\",\"\",\"// Whether to step up authentication for new device login\",\"var stepUpAuthentication = true;\",\"\",\"// Email template to be used for new device login notification\",\"var emailTemplate = 'UnseenDeviceLogin';\",\"\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" subject = context.currentKnownSubject;\",\" if (!validateCookie(context, subject)) {\",\" Log.debug('New device login for ' + subject.identifier);\",\"\",\" if (sendNotification === true) {\",\" var templatePlaceholders = {\",\" 'username': subject.identifier,\",\" 'login-time': new Date().toUTCString()\",\" };\",\" var isSent = sendEmail(subject, emailTemplate, templatePlaceholders);\",\" if (isSent) {\",\" Log.debug('New device login notification sent to ' + subject.identifier);\",\" } else {\",\" Log.debug('New device login notification sending failed to ' + subject.identifier);\",\" }\",\" }\",\"\",\" if (stepUpAuthentication === true) {\",\" Log.debug('Stepping up authentication due to a new device login for ' + subject.identifier);\",\" executeStep(2, {\",\" onSuccess: function (context) {\",\" setCookie(context.response, cookieName, subject.identifier, {\",\" 'sign': true,\",\" 'max-age': deviceRememberPeriod,\",\" 'sameSite': 'LAX'\",\" });\",\" }\",\" });\",\" }\",\" }\",\" }\",\" });\",\"};\",\"\",\"//Validate if the user has a valid cookie with the value as subject's username\",\"var validateCookie = function(context, subject) {\",\" var cookieVal = getCookieValue(context.request, cookieName, {'validateSignature': true});\",\" return subject.identifier === cookieVal;\",\"};\",\"\"],\"parametersDescription\":{\"sendNotification\":\"Whether to send email notifications to the users\",\"stepUpAuthentication\":\"Whether to step up the authentication\",\"cookieName\":\"Cookie name to be used for device identification\",\"deviceRememberPeriod\":\"How long should this device be remembered as trusted. Once this time passed, login attempts will be considered as new device logins\"},\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"title\":\"New-Device-Based Authentication Template\",\"authenticationSteps\":2,\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/new-device-based-template/\",\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"name\":\"New-Device-Based\",\"runTime\":\"any\",\"category\":\"AdaptiveMFA\"},{\"summary\":\"Prompts 2FA to the users who are from one of the given tenants.\",\"preRequisites\":[\"Service provider should be registered as a SAAS Application.\",\"Change the tenantsToStepUp parameter to an array of tenant domains that should require 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/\",\"code\":[\"// This script will prompt 2FA to the app only for a selected\",\"// set of tenants.\",\"// The app is assumed to be a SAAS app here which can be accessed by any tenant\",\"\",\"// If the user is in one of the following tenants, user will be prompted 2FA\",\"var tenantsToStepUp = ['abc.com', 'xyz.com'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting tenant domain of authenticated subject from the first step\",\" var userTenantDomain = context.currentKnownSubject.tenantDomain;\",\" // Checking if the user is from whitelisted tenant domain\",\" if (tenantsToStepUp.indexOf(userTenantDomain) >= 0) {\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"tenantsToStepUp\":\"An array of tenants of which users are required to use 2FA\"},\"name\":\"Tenant-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Tenant-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who are successfully logging after specific number of failed login attempts.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/login-attempt-based-template/\",\"code\":[\"// This script will step up authentication for any user who has exceeded 3 invalid login attempts continuously.\",\"// This variable is used to define the number of invalid attempts allowed before prompting the second facto.\",\"var invalidAttemptsToStepup = 3;\",\"\",\"var failedLoginAttemptsBeforeSuccessClaim= 'http://wso2.org/claims/identity/failedLoginAttemptsBeforeSuccess';\",\"var onLoginRequest = function(context) {\",\" doLogin(context);\",\"};\",\"\",\"var doLogin = function(context) {\",\" executeStep(1, {\",\" onSuccess : function(context){\",\" var user = context.steps[1].subject;\",\" if (isExceedInvalidAttempts(user)) {\",\" executeStep(2, {\",\" onSuccess : function(context) {\",\" var user = context.steps[1].subject;\",\" user.localClaims[failedLoginAttemptsBeforeSuccessClaim] = \\\"0\\\";\",\" }\",\" });\",\" }\",\" },\",\" onFail : function(context) {\",\" // Retry the login..\",\" doLogin(context);\",\" }\",\" });\",\"};\",\"\",\"var isExceedInvalidAttempts = function(user) {\",\" if (user.localClaims[failedLoginAttemptsBeforeSuccessClaim] >= invalidAttemptsToStepup) {\",\" return true;\",\" } else {\",\" return false;\",\" }\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"invalidAttemptsToStepup\":\"Minimum number of attempts made by a user to prompt 2FA.\"},\"name\":\"Login-Attempts-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Login-Attempts-Based Authentication Template\",\"authenticationSteps\":2},{\"summary\":\"Prompts 2FA to the users who belongs to any of the given set of roles which are associated to the application.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to enforce 2FA.\",\"Modify the 1st and 2nd factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/role-based-template/\",\"code\":[\"// This script will step up authentication for any user belonging\",\"// to one of the given roles\",\"// If the user has any of the below roles, authentication will be stepped up\",\"var rolesToStepUp = ['admin', 'manager'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\",\"Step 2\":\"Either of TOTP or FIDO\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users need to enforce 2FA.\"},\"name\":\"Role-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\",\"FIDOAuthenticator\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"Role-Based 2FA Template\",\"authenticationSteps\":2},{\"summary\":\"Define conditional authentication by risk score value calculated from ELK.\",\"preRequisites\":[\"Change elasticsearch domain with the port.\",\"Modify the default authentication steps and option(s) as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/elk-risk-based-template/\",\"code\":[\"// Define conditional authentication by risk score value calculated from ELK analytics.\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var username = context.currentKnownSubject.username;\",\" callElastic({'username': username}, {\",\" onSuccess : function(context, data) {\",\" Log.info('--------------- Received risk score value: ' + data.risk_score);\",\" if (data.risk_score > 0) {\",\" executeStep(2);\",\" }\",\" }, onFail : function(context, data) {\",\" Log.info('--------------- Failed to call ELK');\",\" executeStep(2);\",\" }\",\" });\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\",\"Step 2\":\"TOTP authenticator\"},\"parametersDescription\":{\"duration\":\"[optional] Aggregation time period from current timestamp. (Default: '5m')\",\"riskLogic\":\"[optional] Elastic map script to calculate the summation of values. (Default: 'state.sum.add(doc['amount'].value);')\",\"index\":\"[optional] Elasticsearch index to calculate the risk score. (Default: 'transaction')\",\"threshold\":\"[optional] Threshold summation value to identify as a risk. (Default: '10000')\",\"username\":\"Current login context username.\"},\"name\":\"ELK-Risk-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"totp\"]}},\"category\":\"AdaptiveMFA\",\"title\":\"ELK Risk-Based 2FA Template\",\"authenticationSteps\":2}],\"icon\":\"./images/adaptive-mfa-template.png\",\"order\":2},\"uncategorized\":{\"displayName\":\"Uncategorized\",\"order\":10000},\"AccessControl\":{\"displayName\":\"Access Control\",\"templates\":[{\"summary\":\"Allow login to application if the user's age is over configured value. User's age is calculated using the user's date of birth attribute.\",\"preRequisites\":[\"Change the parameters at the top of the script as needed to match the requirements.\",\"Modify the authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/user-age-based-template/\",\"code\":[\"// This script will only allow login to application if the user's age is over configured value\",\"// The user will be redirected to an error page if the date of birth is not present or user is below configured value\",\"\",\"var ageLimit = 18;\",\"\",\"// Error page to redirect unauthorized users,\",\"// can be either an absolute url or relative url to server root, or empty/null\",\"// null/empty value will redirect to the default error page\",\"var errorPage = '';\",\"\",\"// Additional query params to be added to the above url.\",\"// Hint: Use i18n keys for error messages\",\"var errorPageParameters = {\",\" 'status': 'Unauthorized',\",\" 'statusMsg': 'You need to be over ' + ageLimit + ' years to login to this application.'\",\"};\",\"\",\"// Date of birth attribute at the client side\",\"var dateOfBirthClaim = 'http://wso2.org/claims/dob';\",\"\",\"// The validator function for DOB. Default validation check if the DOB is in YYYY-MM-dd format\",\"var validateDOB = function (dob) {\",\" return dob.match(/^(\\\\d{4})-(\\\\d{2})-(\\\\d{2})$/);\",\"};\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" var underAge = true;\",\" // Extracting user store domain of authenticated subject from the first step\",\" var dob = context.currentKnownSubject.localClaims[dateOfBirthClaim];\",\" Log.debug('DOB of user ' + context.currentKnownSubject.identifier + ' is : ' + dob);\",\" if (dob && validateDOB(dob)) {\",\" var birthDate = new Date(dob);\",\" if (getAge(birthDate) >= ageLimit) {\",\" underAge = false;\",\" }\",\" }\",\" if (underAge === true) {\",\" Log.debug('User ' + context.currentKnownSubject.identifier + ' is under aged. Hence denied to login.');\",\" sendError(errorPage, errorPageParameters);\",\" }\",\" }\",\" });\",\"};\",\"\",\"var getAge = function(birthDate) {\",\" var today = new Date();\",\" var age = today.getFullYear() - birthDate.getFullYear();\",\" var m = today.getMonth() - birthDate.getMonth();\",\" if (m < 0 || (m === 0 && today.getDate() < birthDate.getDate())) {\",\" age--;\",\" }\",\" return age;\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator\"},\"parametersDescription\":{\"ageLimit\":\"Minimum age required for the user to login to the application\",\"errorPage\":\"Error page to redirect user, if the age limit is below ageLimit\",\"errorPageParameters\":\"Parameters to be passed to the error page\"},\"name\":\"User-Age-Based\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"AccessControl\",\"title\":\"User-Age-Based Authentication Template\",\"authenticationSteps\":1},{\"summary\":\"Prompts session handling to the users who belongs to any of the given set of roles which are associated to the application based on currently active session count.\",\"preRequisites\":[\"Change the rolesList parameter to an array of roles of which users need to prompt for session handling.\",\"Modify the maxSessionCount parameter as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/concurrent-session-based-template/\",\"code\":[\"// This script will prompt concurrent session handling\",\"// to one of the given roles\",\"// If the user has any of the below roles, concurrent session handling will be prompted\",\"// and it will either kill sessions or abort login based on number of active concurrent user sessions\",\"var rolesToStepUp = ['admin', 'manager'];\",\"var maxSessionCount = 1;\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is assigned to one of the given roles\",\" var hasRole = hasAnyOfTheRolesV2(context, rolesToStepUp);\",\"\",\" if (hasRole) {\",\" Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());\",\" executeStep(2, {\",\" authenticatorParams: {\",\" local: {\",\" SessionExecutor: {\",\" MaxSessionCount: '1'\",\" }\",\" }\",\" }\",\" }, {});\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"rolesToStepUp\":\"An array of roles of which users should be prompted for session handling.\",\"MaxSessionCount\":\"Maximum number of allowed concurrent sessions for the role which a particular user belongs to.\"},\"name\":\"Session-Based\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]},\"2\":{\"federated\":[],\"local\":[\"SessionExecutor\"]}},\"category\":\"AccessControl\",\"title\":\"Concurrent Session Management Template with Roles\",\"authenticationSteps\":1}],\"icon\":\"./images/access-control-template.png\",\"order\":1},\"PasskeyEnrollment\":{\"displayName\":\"Passkey Enrollment\",\"templates\":[{\"summary\":\"If Passkey is set as a 1st authentication factor and there is a need to enable progressive Passkey enrollment, this adaptive script, along with the relevant connections configurations, should be added.\",\"preRequisites\":[\"Modify the 1st factor authentication option(s) from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/7.0.0/guides/authentication/conditional-auth/passkey-progressive-enrollment-based-template/\",\"code\":[\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onFail: function(context) {\",\" var authenticatorStatus = context.request.params.scenario;\",\"\",\" // If it is a passkey progressive enrollment request trigger the following flow.\",\" if (authenticatorStatus != null && authenticatorStatus[0] == 'INIT_FIDO_ENROLL') {\",\" var filteredAuthenticationOptions = filterAuthenticators(context.steps[1].options, 'FIDOAuthenticator');\",\" executeStep(1, {\",\" stepOptions: {\",\" markAsSubjectIdentifierStep: 'true',\",\" markAsSubjectAttributeStep: 'true'\",\" },\",\" authenticationOptions: filteredAuthenticationOptions\",\" }, {\",\" onSuccess: function(context) {\",\" // If user got successfully authenticated \",\" executeStep(1, {\",\" stepOptions: {\",\" forceAuth: 'true'\",\" },\",\" authenticationOptions: [{\",\" authenticator: 'FIDOAuthenticator'\",\" }]\",\" }, {});\",\" },\",\" });\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Passkey and Basic (Password) authenticator.\"},\"name\":\"Passkey Progressive Enrollment\",\"runtime\":\"any\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\",\"FIDOAuthenticator\"]}},\"category\":\"PasskeyEnrollment\",\"title\":\"Passkey Progressive Enrollment Template\",\"authenticationSteps\":1}],\"icon\":\"./images/passkey-enrollment-template.png\",\"order\":4},\"UserAttributes\":{\"displayName\":\"User Attributes\",\"templates\":[{\"summary\":\"Office365 integration of WSO2 IS require role based, on-demand user provisioning. Therefore assign a given role specific to office365 for successfully authenticated users if not already assigned, in order to trigger the role based user provisioning.\",\"preRequisites\":[\"Create a new role specific for Office365.\",\"Change the assigningRoles parameter to a single element array with the role specific to office365.\",\"Modify the 1st factor authentication option from defaults as required.\"],\"helpLink\":\"https://is.docs.wso2.com/en/latest/guides/authentication/conditional-auth/\",\"code\":[\"// This script will assign the below Office365 specific role to any user if not already assigned\",\"var roleToBeAssigned = ['Internal/office365Role'];\",\"\",\"var onLoginRequest = function(context) {\",\" executeStep(1, {\",\" onSuccess: function (context) {\",\" // Extracting authenticated subject from the first step\",\" var user = context.currentKnownSubject;\",\" // Checking if the user is already assigned to the given Office365 specific role\",\" var hasRole = hasAnyOfTheRolesV2(context, roleToBeAssigned);\",\" if (!hasRole) {\",\" Log.info('Assigning role: ' + roleToBeAssigned.toString() + ' for the user:' + user.username);\",\" assignUserRolesV2(context, roleToBeAssigned);\",\" }\",\" }\",\" });\",\"};\"],\"defaultStepsDescription\":{\"Step 1\":\"Basic (Password) authenticator.\"},\"parametersDescription\":{\"roleToBeAssigned\":\"A single element array with a given role specific for Office365.\"},\"name\":\"Update Office365 role\",\"runtime\":\"new\",\"defaultAuthenticators\":{\"1\":{\"federated\":[],\"local\":[\"BasicAuthenticator\"]}},\"category\":\"UserAttributes\",\"title\":\"Office365-Based Authentication Template\",\"authenticationSteps\":1}],\"icon\":\"./images/user-attributes-template.png\",\"order\":3}}" } \ No newline at end of file From 88c4f794854edadf336c917fecff620e307d5429 Mon Sep 17 00:00:00 2001 From: sahandilshan Date: Fri, 22 Dec 2023 08:52:46 +0530 Subject: [PATCH 25/42] Bump framework version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6b9f73315f8..c0fdb4468d4 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.634 + 5.25.635 [5.14.67, 6.0.0] From b5b5d41f0acd68f84eb5107547e2c248178061ca Mon Sep 17 00:00:00 2001 From: kanapriya Date: Fri, 22 Dec 2023 09:03:01 +0530 Subject: [PATCH 26/42] Bump the identity org management version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6b9f73315f8..b1372bd1f72 100755 --- a/pom.xml +++ b/pom.xml @@ -2341,7 +2341,7 @@ 1.0.14 1.0.2 - 1.3.141 + 1.3.143 1.0.95 1.1.24 1.1.20 From 1fb7b7575a4c4bc400be51b812ac58f17e66f8f1 Mon Sep 17 00:00:00 2001 From: ChanikaRuchini Date: Thu, 21 Dec 2023 17:04:56 +0530 Subject: [PATCH 27/42] Upgrade versions --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 75e08cb1bfb..92874c7d444 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.634 + 5.25.635 [5.14.67, 6.0.0] @@ -2341,7 +2341,7 @@ 1.0.14 1.0.2 - 1.3.141 + 1.3.142 1.0.95 1.1.24 1.1.20 @@ -2355,7 +2355,7 @@ 2.0.13 1.3.30 - 1.2.143 + 1.2.144 5.5.9 5.5.7 From cfa87a0d124d716517c2b89657f116d48ce9e7d5 Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Fri, 22 Dec 2023 06:08:56 +0000 Subject: [PATCH 28/42] Bump dependencies from IS_dependency_updater_github_action/7296289498 --- pom.xml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pom.xml b/pom.xml index c7b4b993976..3a5042b3432 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.635 + 5.25.637 [5.14.67, 6.0.0] @@ -2253,7 +2253,7 @@ 2.5.2 - 1.8.99 + 1.8.100 5.8.5 @@ -2264,9 +2264,9 @@ 5.11.30 - 6.11.230 + 6.11.232 5.9.5 - 5.10.19 + 5.10.20 5.7.4 3.4.52 @@ -2355,19 +2355,19 @@ 2.0.13 1.3.30 - 1.2.143 + 1.2.144 5.5.9 5.5.7 2.3.1 2.4.36 1.1.3 - 1.2.40 + 1.2.41 - 2.10.47 - 2.2.70 - 2.0.106 + 2.10.49 + 2.2.72 + 2.0.109 1.6.373 From e6836427bbbc89bb02d9aaf16ea5842ffb158c04 Mon Sep 17 00:00:00 2001 From: Thisara-Welmilla Date: Fri, 22 Dec 2023 11:39:58 +0530 Subject: [PATCH 29/42] Update LICENSE.txt --- LICENSE.txt | 842 +++++++++++++++++++++++----------------------------- 1 file changed, 376 insertions(+), 466 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index 6bd985b78dd..7e8595e0859 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -36,208 +36,173 @@ jsr305-1.3.9.jar opencensus-api-0.30.0.jar jarinbundle apache2 jackson-core-2.9.9.jar jarinbundle apache2 grpc-context-1.43.2.jar jarinbundle apache2 -org.wso2.carbon.identity.application.authenticator.facebook-5.2.10.jar bundle apache2 +org.wso2.carbon.identity.application.authenticator.facebook-5.2.11.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.passive.sts-5.5.0.jar bundle apache2 -callhome-4.5.x_1.0.14.jar bundle apache2 -core-1.0.14.jar jarinbundle apache2 org.wso2.carbon.extension.identity.authenticator.office365.connector-2.1.2.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.samlsso-5.8.7.jar bundle apache2 org.wso2.carbon.identity.oauth2.token.handler.clientauth.mutualtls-2.4.36.jar bundle apache2 +org.wso2.carbon.identity.application.authenticator.fido-5.4.7.jar bundle apache2 +u2flib-server-core-0.14.0.jar jarinbundle bsd org.wso2.carbon.identity.provisioning.connector.salesforce-5.2.4.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.basicauth.jwt-6.7.30.jar bundle apache2 -org.wso2.carbon.identity.application.authenticator.fido-5.4.4.jar bundle apache2 -u2flib-server-core-0.14.0.jar jarinbundle bsd org.wso2.carbon.identity.application.authenticator.iwa-5.4.3.jar bundle apache2 org.wso2.carbon.identity.local.auth.api.core-2.5.8.jar bundle apache2 org.wso2.carbon.extension.identity.authenticator.x509Certificate.connector-3.1.12.jar bundle apache2 org.wso2.carbon.extension.identity.authenticator.github.connector-1.1.12.jar bundle apache2 pdepublishing-ant.jar jar epl1 pdepublishing.jar jar epl1 +org.wso2.carbon.identity.entitlement_5.25.637.jar bundle apache2 commons-text_1.10.0.wso2v2.jar bundle apache2 -org.wso2.carbon.event.output.adapter.websocket_5.2.53.jar bundle apache2 -org.wso2.carbon.extension.identity.authenticator.totp.connector_3.3.22.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.analytics_1.2.41.jar bundle apache2 org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar bundle epl1 -org.wso2.carbon.claim.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.oauth.ui_6.11.211.jar bundle apache2 +org.wso2.carbon.identity.authz.service_1.8.37.jar bundle apache2 org.wso2.carbon.ui.menu.tools_4.9.15.jar bundle apache2 +org.wso2.carbon.identity.password.expiry_1.8.100.jar bundle apache2 +org.wso2.carbon.identity.input.validation.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.event.output.adapter.email_5.2.56.jar bundle apache2 org.eclipse.equinox.preferences_3.6.0.v20160120-1756.jar bundle epl1 -org.wso2.carbon.identity.governance_1.8.87.jar bundle apache2 google-api-client_2.2.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.authenticator.thrift_5.25.542.jar bundle apache2 -org.wso2.carbon.user.mgt.common_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.query.saml_5.11.30.jar bundle apache2 cglib_2.2.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.secret.mgt.core_5.25.542.jar bundle apache2 -org.wso2.carbon.admin.advisory.mgt_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.client.attestation.mgt_5.25.637.jar bundle apache2 org.wso2.charon.core_2.1.6.jar bundle apache2 -org.wso2.carbon.identity.application.mgt_5.25.542.jar bundle apache2 org.wso2.orbit.sun.xml.bind.jaxb_2.3.2.wso2v1.jar bundle apache2 -org.wso2.carbon.bpel.deployer_4.5.66.jar bundle apache2 -geronimo-connector_2.0.1.wso2v1.jar bundle apache2 +org.wso2.carbon.security.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.user.store.configuration_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.core.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.registry.core_4.9.20.jar bundle apache2 com.fasterxml.jackson.core.jackson-annotations_2.15.2.jar bundle apache2 -org.wso2.carbon.identity.application.authentication.framework_5.25.542.jar bundle apache2 -org.wso2.carbon.feature.mgt.services_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.oidc.session_6.11.211.jar bundle apache2 +org.wso2.identity.styles_7.0.0.beta4.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso.ui_5.8.5.jar bundle apache2 -axiom_1.2.11.wso2v27.jar bundle apache2 -org.wso2.carbon.identity.entitlement.stub_5.25.542.jar bundle apache2 -org.apache.openjpa_2.2.0.wso2v1.jar bundle apache2 -org.wso2.carbon.directory.server.manager_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.password.policy_1.8.100.jar bundle apache2 +org.wso2.identity.apps.common_2.0.109.jar bundle apache2 org.wso2.carbon.registry.properties.ui_4.8.15.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso.common_5.8.5.jar bundle apache2 -org.wso2.carbon.identity.workflow.impl.ui_5.5.5.jar bundle apache2 -org.wso2.carbon.identity.recovery.stub_1.8.87.jar bundle apache2 -org.wso2.carbon.idp.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.cors.mgt.core_5.25.637.jar bundle apache2 +org.wso2.carbon.event.output.adapter.wso2event_5.2.56.jar bundle apache2 woden_1.0.0.M9-wso2v1.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.141.jar bundle apache2 org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar bundle epl1 com.fasterxml.jackson.core.jackson-databind_2.15.2.jar bundle apache2 org.wso2.carbon.logging.appender.service_4.10.7.jar bundle apache2 org.wso2.carbon.identity.data.publisher.oauth_1.6.8.jar bundle apache2 org.wso2.carbon.webapp.deployer_4.12.20.jar bundle apache2 -org.wso2.carbon.server.admin.common_4.9.18.jar bundle apache2 org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar bundle apache2 +org.wso2.carbon.server.admin.ui_4.9.20.jar bundle apache2 org.wso2.carbon.identity.saml.common.util_1.3.0.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.elk_1.2.36.jar bundle apache2 +org.wso2.carbon.application.deployer_4.9.20.jar bundle apache2 org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar bundle epl1 -org.wso2.carbon.ndatasource.common_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.extension.identity.verification.provider_1.0.6.jar bundle apache2 org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar bundle epl1 -org.wso2.carbon.event.output.adapter.sms_5.2.53.jar bundle apache2 +org.wso2.carbon.identity.sts.passive.ui_5.10.20.jar bundle apache2 +org.wso2.carbon.directory.server.manager.common_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.user.profile.stub_5.25.637.jar bundle apache2 svn-client-adapter_1.10.9.wso2v1.jar bundle apache2 -org.wso2.carbon.event.publisher.core_5.2.53.jar bundle apache2 -org.wso2.carbon.user.mgt.workflow_5.6.0.jar bundle apache2 -org.wso2.carbon.identity.consent.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.organization.config.service_1.3.129.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.jwt.decode_1.2.41.jar bundle apache2 tomcat-el-api_9.0.82.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.query.saml_5.11.27.jar bundle apache2 org.eclipse.equinox.p2.director.app_1.0.300.v20150129-0838.jar bundle epl1 org.wso2.carbon.identity.tools.saml.validator_5.5.7.jar bundle apache2 -org.wso2.carbon.captcha.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.application.default.auth.sequence.mgt.stub_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.organization.management.authz.service_1.3.141.jar bundle apache2 csrfguard_3.1.0.wso2v4.jar bundle apache2 +org.wso2.carbon.user.mgt.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.role.mgt.core_5.25.637.jar bundle apache2 org.eclipse.equinox.frameworkadmin.equinox_1.0.700.v20160102-2223.jar bundle epl1 -org.wso2.carbon.identity.claim.metadata.mgt.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.governance.stub_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.webfinger_6.11.232.jar bundle apache2 +org.wso2.carbon.event.output.adapter.http_5.2.56.jar bundle apache2 nimbus-jose-jwt_7.9.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.oauth.par_6.11.211.jar bundle apache2 -org.wso2.carbon.user.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.ndatasource.rdbms_4.9.20.jar bundle apache2 tomcat_9.0.82.wso2v1.jar bundle apache2 commons-lang3_3.4.0.wso2v1.jar bundle apache2 org.wso2.carbon.registry.properties_4.8.15.jar bundle apache2 org.wso2.carbon.registry.resource.ui_4.8.15.jar bundle apache2 +org.wso2.carbon.event.output.adapter.jms_5.2.56.jar bundle apache2 com.fasterxml.jackson.dataformat.jackson-dataformat-cbor_2.15.2.jar bundle apache2 +org.wso2.carbon.identity.discovery_6.11.232.jar bundle apache2 org.eclipse.jdt.core.compiler.batch_3.28.0.v20211117-1416.jar bundle epl1 opensaml_3.3.1.wso2v7.jar bundle apache2 esapi-2.4.0.0.jar jarinbundle bsd2 + cc-by-sa3 -org.wso2.carbon.user.mgt.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.sts.passive.ui_5.10.18.jar bundle apache2 org.eclipse.equinox.p2.updatesite_1.0.400.v20131211-1531.jar bundle epl1 org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar bundle epl1 -org.wso2.carbon.identity.authz.service_1.8.35.jar bundle apache2 org.eclipse.core.runtime_3.9.0.v20130326-1255.jar bundle epl1 -org.wso2.carbon.identity.conditional.auth.functions.choreo_1.2.36.jar bundle apache2 -org.wso2.carbon.identity.user.store.count_5.25.542.jar bundle apache2 -org.wso2.carbon.humantask.coordination.module_4.5.66.jar bundle apache2 -org.wso2.carbon.humantask.deployer_4.5.66.jar bundle apache2 +org.wso2.carbon.event.output.adapter.rdbms_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.notification_1.2.41.jar bundle apache2 +org.wso2.carbon.extension.identity.authenticator.totp.connector_3.3.24.jar bundle apache2 +org.wso2.carbon.identity.template.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.event.publisher.core_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.api.resource.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.event.output.adapter.sms_5.2.56.jar bundle apache2 org.wso2.carbon.registry.properties.stub_4.8.15.jar bundle apache2 +org.wso2.carbon.identity.api.resource.collection.mgt_5.25.637.jar bundle apache2 org.wso2.carbon.event.admin_4.10.7.jar bundle apache2 -org.wso2.carbon.ndatasource.rdbms_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.user.registration.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.piicontroller_1.8.87.jar bundle apache2 +org.wso2.carbon.identity.scim2.common_3.4.52.jar bundle apache2 org.wso2.carbon.statistics.stub_4.10.7.jar bundle apache2 -org.wso2.carbon.security.mgt.ui_5.25.542.jar bundle apache2 -org.objectweb.asm.commons_9.2.0.jar bundle bsd3 org.wso2.carbon.registry.search_4.8.15.jar bundle apache2 -org.wso2.carbon.directory.server.manager.stub_5.25.542.jar bundle apache2 org.wso2.carbon.registry.indexing_4.8.15.jar bundle apache2 -org.wso2.carbon.event.output.adapter.http_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.functions.library.mgt.stub_5.25.542.jar bundle apache2 org.wso2.carbon.identity.sso.saml.stub_5.7.0.jar bundle apache2 org.apache.felix.gogo.shell_0.10.0.v201212101605.jar bundle apache2 -org.wso2.carbon.identity.multi.attribute.login.resolver.regex_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.functions.library.mgt.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.event.output.adapter.jms_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.core_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.entitlement.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.user.profile_5.25.637.jar bundle apache2 +org.wso2.carbon.tenant.theme.mgt_4.11.17.jar bundle apache2 +org.wso2.carbon.identity.extension.mgt_5.25.637.jar bundle apache2 lucene_8.11.1.wso2v1.jar bundle apache2 spatial4j-0.8.jar jarinbundle apache2 +org.wso2.carbon.ndatasource.common_4.9.20.jar bundle apache2 org.wso2.balana_1.2.13.jar bundle apache2 +org.wso2.carbon.identity.user.store.configuration.deployer_5.25.637.jar bundle apache2 cors-filter_1.7.0.wso2v1.jar bundle apache2 -org.wso2.carbon.event.output.adapter.rdbms_5.2.53.jar bundle apache2 org.eclipse.equinox.common_3.8.0.v20160509-1230.jar bundle epl1 -org.wso2.carbon.application.deployer_4.9.18.jar bundle apache2 -org.wso2.carbon.server.admin.ui_4.9.18.jar bundle apache2 xmlbeans_3.1.0.wso2v1.jar bundle apache2 +org.wso2.carbon.server.admin.common_4.9.20.jar bundle apache2 org.wso2.carbon.identity.idp.metadata.saml2_1.7.7.jar bundle apache2 json-simple_1.1.0.wso2v1.jar bundle apache2 -org.wso2.identity.apps.common_2.0.65.jar bundle apache2 -org.wso2.carbon.claim.mgt.ui_5.25.542.jar bundle apache2 +org.wso2.carbon.event.output.adapter.websocket_5.2.56.jar bundle apache2 client.wso2_7.10.0.wso2v1.jar bundle apache2 client-7.10.0.jar jarinbundle apache2 -org.wso2.carbon.identity.tenant.resource.manager_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.workflow.impl.stub_5.5.5.jar bundle apache2 -org.wso2.carbon.tenant.theme.mgt_4.11.15.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.common_1.2.36.jar bundle apache2 +bcpkix-jdk18on_1.74.0.wso2v1.jar bundle bouncy +bcpkix-jdk18on-1.74.jar jarinbundle bouncy +bcutil-jdk18on-1.74.jar jarinbundle bouncy waffle-jna_1.6.0.wso2v6.jar bundle epl1 -org.wso2.carbon.event.output.adapter.email_5.2.53.jar bundle apache2 org.wso2.carbon.identity.user.store.remote_5.2.5.jar bundle apache2 org.wso2.carbon.event.client_4.10.7.jar bundle apache2 org.wso2.carbon.registry.profiles_4.8.15.jar bundle apache2 org.eclipse.core.contenttype_3.4.200.v20130326-1255.jar bundle epl1 -org.wso2.carbon.identity.central.log.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.sts.passive.stub_5.10.20.jar bundle apache2 hector-core_1.1.4.wso2v2.jar bundle apache2 org.wso2.carbon.registry.profiles.stub_4.8.15.jar bundle apache2 +org.wso2.carbon.identity.organization.management.ext_1.3.141.jar bundle apache2 org.apache.commons.configuration_1.10.0.jar bundle apache2 +org.wso2.carbon.feature.mgt.services_4.9.20.jar bundle apache2 axis2-jibx_1.6.1.wso2v11.jar bundle apache2 -org.wso2.carbon.identity.oauth.dcr_6.11.211.jar bundle apache2 org.eclipse.equinox.event_1.5.100.v20190528-1257.jar bundle epl1 -org.wso2.carbon.bpel_4.5.66.jar bundle apache2 org.wso2.carbon.tenant.common_4.10.7.jar bundle apache2 commons-io_2.7.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.user.store.configuration.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.registry.core_4.9.18.jar bundle apache2 org.wso2.carbon.identity.data.publisher.authentication.audit_5.6.6.jar bundle apache2 -org.wso2.carbon.identity.account.suspension.notification.task_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.user.store.count.stub_5.25.542.jar bundle apache2 -geronimo-j2ee-connector_1.5_spec_1.0.0.wso2v1.jar bundle apache2 +org.wso2.carbon.identity.functions.library.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.organization.management.governance.connector_1.3.141.jar bundle apache2 org.eclipse.equinox.registry_3.6.0.v20150318-1503.jar bundle epl1 -org.wso2.carbon.identity.provisioning_5.25.542.jar bundle apache2 +org.wso2.carbon.admin.advisory.mgt_4.9.20.jar bundle apache2 org.wso2.carbon.deployment.synchronizer.subversion_4.10.7.jar bundle apache2 +org.wso2.carbon.identity.template.mgt.ui_5.25.637.jar bundle apache2 org.wso2.carbon.webapp.mgt_4.12.20.jar bundle apache2 webauthn4j_0.21.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.sts.passive.stub_5.10.18.jar bundle apache2 antlr_3.2.0.wso2v1.jar bundle bsd -org.wso2.carbon.bpel.cluster.notifier_4.5.66.jar bundle apache2 -org.wso2.carbon.identity.organization.discovery.service_1.3.129.jar bundle apache2 +org.wso2.carbon.idp.mgt.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.oidc.dcr_6.11.232.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.oauth2_1.0.11.jar bundle apache2 -org.wso2.carbon.event.output.adapter.wso2event_5.2.53.jar bundle apache2 +org.wso2.carbon.identity.user.profile.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.mgt_5.25.637.jar bundle apache2 httpclient_4.5.13.wso2v1.jar bundle apache2 org.eclipse.equinox.jsp.jasper_1.1.200.v20190214-1948.jar bundle epl1 org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar bundle epl1 -org.wso2.carbon.roles.mgt.ui_4.9.18.jar bundle apache2 -org.wso2.carbon.event.stream.admin_5.2.53.jar bundle apache2 +org.wso2.carbon.user.mgt_5.25.637.jar bundle apache2 org.eclipse.osgi.compatibility.state_1.0.200.v20160504-1419.jar bundle epl1 tomcat-catalina-ha_9.0.82.wso2v1.jar bundle apache2 -org.wso2.carbon.ui.menu.general_4.9.18.jar bundle apache2 -org.wso2.carbon.user.mgt.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.role.mgt.core_5.25.542.jar bundle apache2 -org.eclipse.ecf.filetransfer_5.0.0.v20130604-1622.jar bundle epl1 -org.wso2.carbon.identity.data.publisher.audit.user.operation_1.4.3.jar bundle apache2 -org.wso2.carbon.identity.organization.management.ext_1.3.129.jar bundle apache2 -twilio.wso2_9.14.0.wso2v1.jar bundle apache2 -twilio-9.14.0.jar jarinbundle mit -org.wso2.carbon.user.core_4.9.18.jar bundle apache2 -org.wso2.carbon.registry.profiles.ui_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.remotefetch.core.ui_0.8.4.jar bundle apache2 -org.wso2.carbon.identity.workflow.mgt.stub_5.25.542.jar bundle apache2 -org.eclipse.ecf_3.2.0.v20130604-1622.jar bundle epl1 -org.eclipse.equinox.security_1.2.100.v20150423-1356.jar bundle epl1 -org.wso2.carbon.identity.organization.management.governance.connector_1.3.129.jar bundle apache2 -org.wso2.carbon.identity.application.authenticator.magiclink_1.1.17.jar bundle apache2 -jsch_0.1.54.wso2v1.jar bundle bsd -org.wso2.carbon.identity.user.profile.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.directory.server.manager.common_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.mgt.stub_5.25.542.jar bundle apache2 -XmlSchema_1.4.7.wso2v6.jar bundle apache2 -org.wso2.carbon.identity.sts.passive_5.10.18.jar bundle apache2 +org.wso2.carbon.identity.governance.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.claim.metadata.mgt.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.addressing_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.application.default.auth.sequence.mgt.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.sts.passive_5.10.20.jar bundle apache2 cxf-rt-frontend-jaxws-3.5.5.jar jarinbundle apache2 xmlsec-2.1.7.jar jarinbundle apache2 cxf-core-3.5.5.jar jarinbundle apache2 @@ -247,382 +212,347 @@ cxf-rt-ws-security-3.5.5.jar wss4j-ws-security-dom-2.2.5.jar jarinbundle apache2 cxf-rt-security-3.5.5.jar jarinbundle apache2 wss4j-ws-security-common-2.2.5.jar jarinbundle apache2 +org.eclipse.ecf.filetransfer_5.0.0.v20130604-1622.jar bundle epl1 +org.wso2.carbon.identity.data.publisher.audit.user.operation_1.4.3.jar bundle apache2 +twilio.wso2_9.14.0.wso2v1.jar bundle apache2 +twilio-9.14.0.jar jarinbundle mit +org.wso2.carbon.user.mgt.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.context.rewrite.valve_1.8.37.jar bundle apache2 +org.wso2.carbon.registry.profiles.ui_4.8.15.jar bundle apache2 +org.eclipse.ecf_3.2.0.v20130604-1622.jar bundle epl1 +org.eclipse.equinox.security_1.2.100.v20150423-1356.jar bundle epl1 +org.wso2.carbon.tenant.mgt.stub_4.11.17.jar bundle apache2 +org.wso2.carbon.event.output.adapter.websocket.local_5.2.56.jar bundle apache2 +XmlSchema_1.4.7.wso2v6.jar bundle apache2 +org.wso2.carbon.core.services_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.sso.saml.stub_5.11.30.jar bundle apache2 +org.wso2.carbon.identity.captcha_1.8.100.jar bundle apache2 org.wso2.carbon.logging.remote.config.stub_4.10.7.jar bundle apache2 org.eclipse.core.expressions_3.4.500.v20130515-1343.jar bundle epl1 org.wso2.carbon.identity.provider_5.9.5.jar bundle apache2 commons-collections4_4.4.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.analytics_1.2.36.jar bundle apache2 -axion_1.0.0.M3-dev-wso2v1.jar bundle apache2 -org.wso2.carbon.databridge.commons_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.notification_1.2.36.jar bundle apache2 +org.wso2.carbon.captcha.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.organization.discovery.service_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.oauth_6.11.232.jar bundle apache2 +org.wso2.carbon.admin.advisory.mgt.stub_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.consent.mgt_5.25.637.jar bundle apache2 org.wso2.carbon.xfer_4.2.0.jar bundle apache2 +org.wso2.carbon.identity.entitlement.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.core_4.9.20.jar bundle apache2 +commons-collections-3.2.2.wso2v1.jar bundle apache2 +org.wso2.carbon.identity.application.authentication.framework_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.auth.attribute.handler_1.8.100.jar bundle apache2 +org.wso2.carbon.identity.local.auth.emailotp_1.0.16.jar bundle apache2 org.wso2.carbon.consent.mgt.core_2.5.2.jar bundle apache2 jstl_1.2.1.wso2v3.jar bundle cddl1 + gpl2 -org.wso2.carbon.identity.core.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.cors.mgt.core_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.oauth.common_6.11.232.jar bundle apache2 +org.wso2.carbon.idp.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.user.onboard.core.service_1.8.100.jar bundle apache2 bcel_6.7.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.oauth.stub_6.11.211.jar bundle apache2 -org.wso2.carbon.mex2_5.10.18.jar bundle apache2 +org.wso2.carbon.framework.exporter_4.9.20.jar bundle apache2 org.wso2.carbon.identity.local.auth.smsotp.provider_1.0.3.jar bundle apache2 org.objectweb.asm.all_5.2.0.jar bundle asm google-http-client_1.43.3.wso2v1.jar bundle apache2 -org.wso2.carbon.tenant.mgt.stub_4.11.15.jar bundle apache2 net.minidev.accessors-smart_2.4.7.jar bundle apache2 -org.wso2.carbon.bpel.b4p_4.5.66.jar bundle apache2 -org.wso2.carbon.admin.advisory.mgt.ui_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.context.rewrite.valve_1.8.35.jar bundle apache2 -org.wso2.carbon.identity.input.validation.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.directory.server.manager_5.25.637.jar bundle apache2 +org.wso2.carbon.mex2_5.10.20.jar bundle apache2 org.wso2.carbon.crypto.provider_1.1.14.jar bundle apache2 +org.wso2.carbon.identity.recovery_1.8.100.jar bundle apache2 +org.wso2.carbon.claim.mgt_5.25.637.jar bundle apache2 org.wso2.carbon.logging.updater_4.10.7.jar bundle apache2 -org.wso2.carbon.identity.sso.saml.stub_5.11.27.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.jwt.decode_1.2.36.jar bundle apache2 -org.wso2.carbon.identity.entitlement_5.25.542.jar bundle apache2 -org.wso2.carbon.security.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.user.store.configuration_5.25.542.jar bundle apache2 -commons-primitives_1.0.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.workflow.template_5.5.0.jar bundle apache2 +org.wso2.carbon.event.output.adapter.kafka_5.2.56.jar bundle apache2 +org.wso2.carbon.databridge.commons.binary_5.2.56.jar bundle apache2 +org.wso2.carbon.tomcat_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.application.authenticator.oidc_5.11.30.jar bundle apache2 +org.wso2.carbon.event.stream.core_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.application.mgt_5.25.637.jar bundle apache2 tiles-jsp_2.0.5.wso2v2.jar bundle apache2 commons-beanutils-1.9.4.jar jarinbundle apache2 commons-collections-3.2.2.jar jarinbundle apache2 commons-digester-1.8.jar jarinbundle apache2 -org.wso2.carbon.identity.client.attestation.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.feature.mgt.core_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.organization.management.service_1.0.95.jar bundle apache2 +org.wso2.carbon.identity.secret.mgt.core_5.25.637.jar bundle apache2 +org.wso2.carbon.user.mgt.common_5.25.637.jar bundle apache2 abdera_1.0.0.wso2v3.jar bundle apache2 -org.wso2.carbon.identity.branding.preference.resolver_1.0.13.jar bundle apache2 -js_1.7.0.R4wso2v1.jar bundle mpl10 -org.wso2.carbon.event.processor.manager.core_5.2.53.jar bundle apache2 -org.wso2.carbon.idp.mgt.stub_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.authenticator.thrift_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.elk_1.2.41.jar bundle apache2 +org.wso2.carbon.identity.user.export.core_1.8.100.jar bundle apache2 +org.wso2.carbon.tenant.keystore.mgt_4.11.17.jar bundle apache2 disruptor_3.4.2.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.template.mgt.ui_5.25.542.jar bundle apache2 +org.wso2.carbon.feature.mgt.core_4.9.20.jar bundle apache2 axis2-transport-mail_2.0.0.wso2v42.jar bundle apache2 org.ops4j.pax.logging.pax-logging-log4j2_2.1.0.wso2v4.jar bundle apache2 org.wso2.carbon.consent.mgt.ui_2.5.2.jar bundle apache2 -org.wso2.carbon.tenant.mgt.core_4.11.15.jar bundle apache2 -org.wso2.carbon.tomcat_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.oauth.ciba_6.11.211.jar bundle apache2 -org.wso2.carbon.identity.functions.library.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.provisioning_5.25.637.jar bundle apache2 org.eclipse.equinox.console_1.3.300.v20190516-1504.jar bundle epl1 org.wso2.carbon.healthcheck.api.core_1.3.0.jar bundle apache2 +org.wso2.carbon.identity.organization.config.service_1.3.141.jar bundle apache2 org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar bundle epl1 org.restlet_2.3.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.password.history_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.auth.service_1.8.35.jar bundle apache2 -org.wso2.carbon.user.mgt.workflow.stub_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.idle.account.identification_1.8.100.jar bundle apache2 spatial4j_0.4.1.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.mgt_5.25.542.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso_5.8.5.jar bundle apache2 -org.wso2.carbon.identity.user.profile.ui_5.25.542.jar bundle apache2 -bcprov-jdk15on_1.70.0.wso2v1.jar bundle bouncy -bcprov-jdk15on-1.70.jar jarinbundle bouncy org.wso2.carbon.registry.search.stub_4.8.15.jar bundle apache2 -opencensus_0.31.1.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.organization.management.authz.service_1.3.129.jar bundle apache2 +org.wso2.carbon.admin.advisory.mgt.ui_4.9.20.jar bundle apache2 org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar bundle epl1 -org.wso2.carbon.framework.exporter_4.9.18.jar bundle apache2 -hsqldb_1.8.0.7wso2v1.jar bundle bsd +org.wso2.charon3.core_4.0.16.jar bundle apache2 +org.wso2.carbon.claim.mgt.ui_5.25.637.jar bundle apache2 org.wso2.carbon.identity.data.publisher.authentication.analytics.session_5.6.6.jar bundle apache2 org.eclipse.equinox.p2.touchpoint.eclipse_2.1.0.v20110511-wso2v1.jar bundle epl1 com.fasterxml.jackson.datatype.jackson-datatype-jdk8_2.15.2.jar bundle apache2 org.wso2.carbon.extension.identity.verification.mgt_1.0.6.jar bundle apache2 -org.wso2.carbon.event.output.adapter.kafka_5.2.53.jar bundle apache2 h2-engine_2.2.220.wso2v1.jar bundle epl1 + mpl20 h2-2.2.220.jar jarinbundle epl1 + mpl20 compass_2.0.1.wso2v2.jar bundle apache2 -org.wso2.carbon.databridge.commons.binary_5.2.53.jar bundle apache2 org.wso2.carbon.registry.common.ui_4.8.15.jar bundle apache2 +org.wso2.carbon.identity.user.store.count.stub_5.25.637.jar bundle apache2 org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar bundle epl1 httpmime_4.5.13.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.organization.management.service_1.0.90.jar bundle apache2 -org.objectweb.asm.tree_9.2.0.jar bundle bsd3 org.wso2.carbon.crypto.impl_1.1.14.jar bundle apache2 wsdl4j_1.6.2.wso2v4.jar bundle apache2 -org.wso2.carbon.event.stream.core_5.2.53.jar bundle apache2 +org.wso2.carbon.identity.user.store.configuration.ui_5.25.637.jar bundle apache2 org.ops4j.pax.logging.pax-logging-api_2.1.0.wso2v4.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.choreo_1.2.41.jar bundle apache2 org.wso2.carbon.statistics.ui_4.10.7.jar bundle apache2 -org.wso2.carbon.core_4.9.18.jar bundle apache2 -commons-collections-3.2.2.wso2v1.jar bundle apache2 +org.wso2.carbon.identity.multi.attribute.login.service_1.8.100.jar bundle apache2 +org.wso2.carbon.identity.central.log.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.notification.sender.tenant.config_1.7.30.jar bundle apache2 org.wso2.carbon.deployment.synchronizer_4.10.7.jar bundle apache2 +org.wso2.carbon.event.processor.manager.core_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.branding.preference.resolver_1.0.14.jar bundle apache2 +org.wso2.carbon.event.stream.admin_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.functions.library.mgt.ui_5.25.637.jar bundle apache2 org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar bundle epl1 -org.wso2.carbon.admin.advisory.mgt.stub_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.functions.library.mgt.stub_5.25.637.jar bundle apache2 org.eclipse.equinox.http.helper_1.1.0.wso2v1.jar bundle epl1 encoder_1.2.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.workflow.mgt.bps.stub_5.5.5.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.organization.login_1.1.24.jar bundle apache2 -org.wso2.carbon.identity.workflow.mgt.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.core.services_4.9.18.jar bundle apache2 org.wso2.carbon.crypto.api_1.1.14.jar bundle apache2 -org.wso2.carbon.identity.user.store.configuration.deployer_5.25.542.jar bundle apache2 poi-ooxml_5.2.3.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.extension.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.user.profile_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.entitlement.ui_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.core_5.25.637.jar bundle apache2 +opencensus_0.31.1.wso2v2.jar bundle apache2 libthrift_0.16.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.api.resource.mgt_5.25.542.jar bundle apache2 -org.wso2.charon3.core_4.0.15.jar bundle apache2 -org.wso2.carbon.event.output.adapter.websocket.local_5.2.53.jar bundle apache2 org.wso2.carbon.identity.local.auth.smsotp.authenticator_1.0.3.jar bundle apache2 -org.wso2.carbon.identity.template.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.user.core_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.user.store.count_5.25.637.jar bundle apache2 opencsv_1.8.0.wso2v1.jar bundle apache2 opencsv-1.8.jar jarinbundle apache2 poi-scratchpad_5.2.3.wso2v1.jar bundle apache2 +org.wso2.carbon.identity.auth.service_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.user.rename.core_1.8.100.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.requestpath.basicauth_5.5.4.jar bundle apache2 -org.wso2.carbon.addressing_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.local.auth.emailotp_1.0.11.jar bundle apache2 +org.wso2.carbon.tenant.mgt.core_4.11.17.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.common_1.2.41.jar bundle apache2 +org.wso2.carbon.directory.server.manager.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.ui.menu.general_4.9.20.jar bundle apache2 +org.wso2.carbon.security.mgt.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.user.registration.stub_5.25.637.jar bundle apache2 neethi_2.0.4.wso2v5.jar bundle apache2 -groovy-all_2.4.21.jar bundle apache2 -org.wso2.carbon.identity.notification.sender.tenant.config_1.7.27.jar bundle apache2 +org.wso2.carbon.roles.mgt.ui_4.9.20.jar bundle apache2 org.wso2.carbon.application.upload_4.7.39.jar bundle apache2 -org.wso2.carbon.tenant.keystore.mgt_4.11.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.129.jar bundle apache2 -org.wso2.carbon.identity.api.resource.collection.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.base_5.25.542.jar bundle apache2 +org.wso2.carbon.databridge.commons_5.2.56.jar bundle apache2 org.wso2.carbon.logging.service_4.10.7.jar bundle apache2 -org.wso2.carbon.identity.auth.attribute.handler_1.8.87.jar bundle apache2 -org.wso2.carbon.tenant.redirector.servlet.stub_4.11.15.jar bundle apache2 -org.wso2.carbon.directory.server.manager.ui_5.25.542.jar bundle apache2 -bcpkix-jdk15on_1.70.0.wso2v1.jar bundle bouncy -bcpkix-jdk15on-1.70.jar jarinbundle bouncy -bcutil-jdk15on-1.70.jar jarinbundle bouncy +org.wso2.carbon.identity.sso.saml_5.11.30.jar bundle apache2 org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar bundle epl1 org.wso2.carbon.identity.authenticator.mutualssl_5.5.0.jar bundle apache2 -org.wso2.carbon.identity.remotefetch.common_0.8.4.jar bundle apache2 +org.wso2.carbon.cluster.mgt.core_4.9.20.jar bundle apache2 org.sat4j.core_2.3.5.v201308161310.jar bundle epl1 + lgpl2 org.wso2.carbon.um.ws.api.stub_5.7.4.jar bundle apache2 -org.wso2.carbon.humantask_4.5.66.jar bundle apache2 +org.wso2.carbon.user.api_4.9.20.jar bundle apache2 noggit_0.6.0.wso2v1.jar bundle apache2 -org.wso2.carbon.tomcat.ext_4.9.18.jar bundle apache2 org.wso2.carbon.identity.user.account.association_5.5.6.jar bundle apache2 -soa.model.core_1.6.4.wso2v1.jar bundle apache2 -org.wso2.carbon.mex_5.10.18.jar bundle apache2 -org.wso2.carbon.identity.application.mgt.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.securevault_4.9.18.jar bundle apache2 +org.wso2.carbon.claim.mgt.stub_5.25.637.jar bundle apache2 com.google.gson_2.9.0.jar bundle apache2 -org.wso2.carbon.event.application.deployer_5.2.53.jar bundle apache2 -org.wso2.carbon.ndatasource.core_4.9.18.jar bundle apache2 org.eclipse.osgi_3.14.0.v20190517-1309.jar bundle apache2 org.eclipse.equinox.p2.publisher_1.2.0.v20110511.jar bundle epl1 -org.wso2.carbon.extension.identity.authenticator.backupcode.connector_0.0.16.jar bundle apache2 google-api-services-playintegrity_2.0.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.http_1.2.36.jar bundle apache2 -org.wso2.carbon.tenant.mgt_4.11.15.jar bundle apache2 -org.wso2.carbon.identity.recovery_1.8.87.jar bundle apache2 -org.wso2.carbon.osgi.security_4.9.18.jar bundle apache2 +org.wso2.carbon.event.output.adapter.mqtt_5.2.56.jar bundle apache2 +org.wso2.carbon.extension.identity.authenticator.backupcode.connector_0.0.17.jar bundle apache2 org.wso2.carbon.identity.data.publisher.application.authentication_5.6.6.jar bundle apache2 -org.wso2.carbon.identity.configuration.mgt.core_5.25.542.jar bundle apache2 -geronimo-kernel_3.0.1.wso2v1.jar bundle apache2 +org.wso2.carbon.tenant.redirector.servlet_4.11.17.jar bundle apache2 org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar bundle epl1 -org.wso2.carbon.i18n_4.9.18.jar bundle apache2 +org.wso2.carbon.mex_5.10.20.jar bundle apache2 javasysmon_0.3.3.wso2v1.jar bundle bsd org.wso2.carbon.logging.view_4.10.7.jar bundle apache2 +org.wso2.carbon.email.mgt.stub_1.7.30.jar bundle apache2 +org.wso2.carbon.identity.claim.metadata.mgt_5.25.637.jar bundle apache2 org.eclipse.ecf.identity_3.2.0.v20130604-1622.jar bundle epl1 +org.wso2.carbon.identity.conditional.auth.functions.user.store_1.2.41.jar bundle apache2 +org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.141.jar bundle apache2 step2_1.0.0.wso2v2.jar bundle apache2 step2-consumer-1.0.0-wso2v2.jar bundle apache2 step2-common-1.0.0-wso2v2.jar bundle apache2 +org.wso2.carbon.identity.branding.preference.management.core_1.0.14.jar bundle apache2 httpcore_4.4.16.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.oauth_6.11.211.jar bundle apache2 -org.wso2.carbon.roles.mgt.stub_4.9.18.jar bundle apache2 -org.wso2.carbon.base_4.9.18.jar bundle apache2 -org.wso2.carbon.humantask.cleanup.scheduler_4.5.66.jar bundle apache2 -org.wso2.carbon.identity.user.export.core_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.workflow.impl_5.5.5.jar bundle apache2 +org.wso2.carbon.identity.user.store.configuration.stub_5.25.637.jar bundle apache2 org.wso2.carbon.identity.scim.common_5.7.4.jar bundle apache2 -org.apache.geronimo.specs.geronimo-jpa_2.0_spec_1.1.0.jar bundle apache2 -org.wso2.carbon.identity.sso.saml_5.11.27.jar bundle apache2 ua-parser_1.5.4.wso2v2.jar bundle apache2 -org.wso2.carbon.databridge.agent_5.2.53.jar bundle apache2 org.wso2.carbon.registry.servlet_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.mgt.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.oauth.common_6.11.211.jar bundle apache2 jibx_1.2.1.wso2v1.jar bundle apache2 -org.wso2.carbon.tenant.redirector.servlet_4.11.15.jar bundle apache2 -org.wso2.carbon.registry.server_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.provisioning.connector.scim2_2.0.5.jar bundle apache2 +org.wso2.carbon.extension.identity.scim2.client-2.0.2.jar bundle apache2 +okio-3.6.0.jar jarinbundle apache2 +org.wso2.carbon.identity.multi.attribute.login.mgt_5.25.637.jar bundle apache2 commons-pool_1.5.6.wso2v1.jar bundle apache2 java-property-utils_1.9.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.user_1.2.36.jar bundle apache2 +org.wso2.carbon.policyeditor_5.25.637.jar bundle apache2 org.objectweb.asm_9.2.0.jar bundle bsd3 +org.wso2.carbon.policyeditor.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.core.commons.stub_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.oauth.stub_6.11.232.jar bundle apache2 com.google.guava_31.0.1.jre.jar bundle apache2 -org.wso2.carbon.idp.mgt.ui_5.25.542.jar bundle apache2 +org.wso2.carbon.tenant.mgt_4.11.17.jar bundle apache2 jettison_1.3.4.wso2v1.jar bundle apache2 commons-codec_1.16.0.wso2v1.jar bundle apache2 -org.wso2.carbon.email.mgt.stub_1.7.27.jar bundle apache2 -org.wso2.carbon.identity.provisioning.connector.scim2_2.0.4.jar bundle apache2 -org.wso2.carbon.extension.identity.scim2.client-2.0.1.jar bundle apache2 -okio-3.6.0.jar jarinbundle apache2 -org.wso2.carbon.identity.captcha_1.8.87.jar bundle apache2 -org.wso2.carbon.authenticator.stub_4.9.18.jar bundle apache2 +org.wso2.carbon.utils_4.9.20.jar bundle apache2 org.wso2.carbon.statistics_4.10.7.jar bundle apache2 gdata-core_1.47.0.wso2v1.jar bundle apache2 -org.wso2.carbon.humantask.skeleton_4.5.66.jar bundle apache2 +org.wso2.carbon.tenant.redirector.servlet.stub_4.11.17.jar bundle apache2 +org.wso2.carbon.core.common_4.9.20.jar bundle apache2 org.eclipse.ecf.provider.filetransfer.httpclient_4.0.200.v20120319-0616.jar bundle epl1 -org.wso2.carbon.core.common_4.9.18.jar bundle apache2 grpc-context_1.59.0.wso2v1.jar bundle apache2 -org.wso2.carbon.user.mgt.workflow.ui_5.6.0.jar bundle apache2 -org.wso2.carbon.identity.user.functionality.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tenant.association_1.3.129.jar bundle apache2 +org.wso2.carbon.databridge.agent_5.2.56.jar bundle apache2 org.wso2.carbon.identity.application.authz.xacml_2.3.1.jar bundle apache2 -org.wso2.carbon.identity.application.authentication.framework.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.organization.management.claim.provider_1.3.129.jar bundle apache2 -org.wso2.carbon.identity.organization.management.role.management.service_1.3.129.jar bundle apache2 -org.wso2.carbon.identity.notification.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.application.mgt.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.user.registration_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.oauth.ciba_6.11.232.jar bundle apache2 xmlbeans_5.1.1.wso2v1.jar bundle apache2 -org.wso2.carbon.utils_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.branding.preference.management.core_1.0.13.jar bundle apache2 +org.wso2.carbon.authenticator.stub_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.cors.valve_1.8.37.jar bundle apache2 org.wso2.carbon.identity.oauth2.grant.organizationswitch_1.1.20.jar bundle apache2 +org.wso2.carbon.identity.application.authenticator.fido2_5.4.7.jar bundle apache2 org.wso2.carbon.identity.data.publisher.audit.common_1.4.3.jar bundle apache2 org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar bundle epl1 -commons-cli_1.2.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.organization.management.handler_1.3.129.jar bundle apache2 +org.wso2.carbon.identity.application.authenticator.magiclink_1.1.19.jar bundle apache2 guice_3.0.0.wso2v1.jar bundle apache2 org.wso2.balana.utils_1.2.13.jar bundle apache2 -org.eclipse.jgit_5.0.0.201805301535-rc2.jar bundle bsd + edl1 -org.wso2.carbon.core.commons.stub_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.workflow.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.user.rename.core_1.8.87.jar bundle apache2 +org.wso2.carbon.identity.organization.user.invitation.management_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.claim.metadata.mgt.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.registry.server_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.organization.management.application_1.3.141.jar bundle apache2 org.wso2.carbon.identity.user.account.association.stub_5.5.6.jar bundle apache2 -org.wso2.carbon.identity.application.authenticator.oidc_5.11.28.jar bundle apache2 +org.wso2.carbon.identity.unique.claim.mgt_5.25.637.jar bundle apache2 google-auth-library-oauth2-http_1.20.0.wso2v1.jar bundle bsd3 org.eclipse.equinox.frameworkadmin_2.0.300.v20160504-1450.jar bundle epl1 com.google.guava_32.1.1.jre.jar bundle apache2 -org.wso2.carbon.identity.event.handler.notification_1.7.27.jar bundle apache2 -velocity_2.3.0.wso2v1.jar bundle apache2 org.wso2.carbon.database.utils_2.1.7.jar bundle apache2 org.wso2.carbon.identity.hash.provider.pbkdf2_0.1.4.jar bundle apache2 kaptcha_2.3.0.wso2v1.jar bundle apache2 org.wso2.carbon.uuid.generator_4.10.7.jar bundle apache2 commons-lang_2.6.0.wso2v1.jar bundle apache2 org.wso2.carbon.registry.resource.stub_4.8.15.jar bundle apache2 -org.wso2.carbon.attachment.mgt_4.5.66.jar bundle apache2 +org.wso2.carbon.identity.event_5.25.637.jar bundle apache2 +org.wso2.carbon.base_4.9.20.jar bundle apache2 +org.wso2.carbon.roles.mgt.stub_4.9.20.jar bundle apache2 commons-io_2.11.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.idle.account.identification_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.application.authenticator.fido2_5.4.4.jar bundle apache2 +org.wso2.carbon.identity.entitlement.common_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.password.history_1.8.100.jar bundle apache2 +org.wso2.carbon.security.mgt.stub_5.25.637.jar bundle apache2 +org.wso2.carbon.i18n_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.role.v2.mgt.core_5.25.637.jar bundle apache2 +org.wso2.carbon.event.application.deployer_5.2.56.jar bundle apache2 +org.wso2.carbon.osgi.security_4.9.20.jar bundle apache2 tomcat-jsp-api_9.0.82.wso2v1.jar bundle apache2 -org.wso2.identity.styles_7.0.0.beta.jar bundle apache2 -org.wso2.carbon.bpel.skeleton_4.5.66.jar bundle apache2 +org.wso2.carbon.identity.application.common_5.25.637.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.requestpath.oauth_5.5.4.jar bundle apache2 -org.wso2.carbon.event.output.adapter.mqtt_5.2.53.jar bundle apache2 +org.wso2.carbon.identity.consent.server.configs.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.ndatasource.core_4.9.20.jar bundle apache2 org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar bundle epl1 -org.wso2.carbon.identity.cors.valve_1.8.35.jar bundle apache2 -geronimo-spec-javamail_1.3.0.rc51-wso2v1.jar bundle apache2 +org.wso2.carbon.securevault_4.9.20.jar bundle apache2 org.eclipse.equinox.p2.transport.ecf_1.0.100.v20110902-0807.jar bundle epl1 -org.wso2.carbon.user.api_4.9.18.jar bundle apache2 -org.wso2.carbon.cluster.mgt.core_4.9.18.jar bundle apache2 +org.wso2.carbon.tomcat.ext_4.9.20.jar bundle apache2 commons-httpclient_3.1.0.wso2v6.jar bundle apache2 -org.wso2.carbon.identity.multi.attribute.login.service_1.8.87.jar bundle apache2 org.wso2.carbon.registry.admin.api_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.remotefetch.core_0.8.4.jar bundle apache2 +org.wso2.carbon.identity.event.handler.notification_1.7.30.jar bundle apache2 poi_5.2.3.wso2v1.jar bundle apache2 org.wso2.carbon.event.client.stub_4.10.7.jar bundle apache2 org.wso2.carbon.identity.authenticator.emailotp_4.1.21.jar bundle apache2 org.wso2.carbon.extension.identity.x509Certificate.validation_1.1.3.jar bundle apache2 -serp_1.13.1.wso2v1.jar bundle bsd org.sat4j.pb_2.3.5.v201308161310.jar bundle epl1 + lgpl2 org.wso2.carbon.tenant.common.stub_4.10.7.jar bundle apache2 +org.wso2.carbon.identity.oauth.ui_6.11.232.jar bundle apache2 openid4java_1.0.0.wso2v6.jar bundle apache2 nekohtml-1.9.22.noko2.jar jarinbundle apache2 openxri-client-1.2.0.jar jarinbundle apache2 openxri-syntax-1.2.0.jar jarinbundle apache2 -org.wso2.carbon.authenticator.proxy_4.9.18.jar bundle apache2 +org.wso2.carbon.idp.mgt.ui_5.25.637.jar bundle apache2 jdbc-pool_9.0.65.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.sso.saml.common_5.11.27.jar bundle apache2 jsr105_1.0.1.wso2v1.jar bundle apache2 -geronimo-spec-jms_1.1.0.rc4-wso2v1.jar bundle apache2 httpcore_4.4.14.wso2v1.jar bundle apache2 -org.wso2.carbon.email.mgt_1.7.27.jar bundle apache2 -org.wso2.carbon.identity.conditional.auth.functions.user.store_1.2.36.jar bundle apache2 -org.wso2.carbon.tenant.dispatcher_4.11.15.jar bundle apache2 -org.apache.santuario.xmlsec_2.3.0.jar bundle apache2 +org.wso2.carbon.event.output.adapter.ui_5.2.56.jar bundle apache2 +org.wso2.carbon.databridge.commons.thrift_5.2.56.jar bundle apache2 org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar bundle epl1 +org.wso2.carbon.identity.sso.saml.ui_5.11.30.jar bundle apache2 org.wso2.carbon.identity.tools.saml.validator.ui_5.5.7.jar bundle apache2 org.eclipse.equinox.simpleconfigurator_1.1.200.v20160504-1450.jar bundle epl1 +org.wso2.carbon.email.mgt.ui_1.7.30.jar bundle apache2 org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt_2.4.36.jar bundle apache2 +org.wso2.carbon.server.admin_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.http_1.2.41.jar bundle apache2 org.eclipse.osgi.services_3.5.100.v20160504-1419.jar bundle epl1 -org.wso2.carbon.roles.mgt_4.9.18.jar bundle apache2 +commons-compress_1.25.0.wso2v1.jar bundle apache2 org.wso2.carbon.event.common_4.10.7.jar bundle apache2 -org.wso2.carbon.server.admin.stub_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.auth.otp.core_1.0.1.jar bundle apache2 -commons-compress_1.22.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.scim2.common_3.4.48.jar bundle apache2 +org.wso2.carbon.feature.mgt.stub_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.mgt.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.oidc.session_6.11.232.jar bundle apache2 +json_3.0.0.wso2v4.jar bundle apache2 +org.wso2.carbon.tenant.mgt.ui_4.11.17.jar bundle apache2 oltu_1.0.0.wso2v3.jar bundle apache2 org.eclipse.equinox.app_1.3.100.v20130327-1442.jar bundle epl1 tomcat-servlet-api_9.0.82.wso2v1.jar bundle apache2 org.wso2.carbon.identity.local.auth.smsotp.event.handler_1.0.3.jar bundle apache2 org.eclipse.core.jobs_3.5.300.v20130429-1813.jar bundle epl1 -org.wso2.carbon.policyeditor.ui_5.25.542.jar bundle apache2 -org.wso2.carbon.policyeditor_5.25.542.jar bundle apache2 +org.wso2.carbon.registry.api_4.9.20.jar bundle apache2 org.wso2.carbon.identity.data.publisher.authentication.analytics.login_5.6.6.jar bundle apache2 -org.wso2.carbon.event.processor.manager.commons_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.multi.attribute.login.mgt_5.25.542.jar bundle apache2 +org.wso2.carbon.event.output.adapter.soap_5.2.56.jar bundle apache2 backport-util-concurrent_3.1.0.wso2v1.jar bundle apache2 -ode_1.3.5.wso2v26.jar bundle apache2 -ode-bpel-connector-1.3.5-wso2v26.jar bundle apache2 -ode-dao-jpa-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-api-jca-1.3.5-wso2v26.jar bundle apache2 -ode-axis2-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-api-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-epr-1.3.5-wso2v26.jar bundle apache2 -ode-utils-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-dao-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-obj-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-extensions-long-running-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-compiler-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-schemas-1.3.5-wso2v26.jar bundle apache2 -spring.framework-5.3.21.wso2v1.jar bundle apache2 -ode-scheduler-simple-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-runtime-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-store-1.3.5-wso2v26.jar bundle apache2 -ode-jca-server-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-extensions-e4x-1.3.5-wso2v26.jar bundle apache2 -ode-bpel-ql-1.3.5-wso2v26.jar bundle apache2 -ode-jacob-1.3.5-wso2v26.jar bundle apache2 -ode-jca-ra-1.3.5-wso2v26.jar bundle apache2 -ode-dao-hibernate-1.3.5-wso2v26.jar bundle apache2 -ode-agents-1.3.5-wso2v26.jar bundle apache2 -ode-dao-hibernate-db-1.3.5-wso2v26.jar bundle apache2 org.wso2.carbon.registry.resource_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.claim.metadata.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.event.output.adapter.logger_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.password.expiry_1.8.87.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tenant.association_1.3.141.jar bundle apache2 +org.wso2.carbon.ui_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.configuration.mgt.core_5.25.637.jar bundle apache2 +org.wso2.carbon.identity.organization.management.claim.provider_1.3.141.jar bundle apache2 org.wso2.carbon.logging.appender.http_4.10.7.jar bundle apache2 org.eclipse.equinox.cm_1.3.100.v20180827-1235.jar bundle epl1 +org.wso2.carbon.identity.organization.management.role.management.service_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.governance_1.8.100.jar bundle apache2 org.wso2.carbon.ui.menu.registry_4.5.3.jar bundle apache2 +javax.cache.wso2_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.sso.saml.common_5.11.30.jar bundle apache2 +org.wso2.carbon.email.mgt_1.7.30.jar bundle apache2 org.apache.felix.gogo.command_0.10.0.v201209301215.jar bundle apache2 -org.wso2.carbon.tenant.mgt.ui_4.11.15.jar bundle apache2 -org.wso2.carbon.identity.recovery.ui_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.sso.saml.ui_5.11.27.jar bundle apache2 -org.wso2.carbon.email.mgt.ui_1.7.27.jar bundle apache2 -org.wso2.carbon.pax-logging-log4j2-plugins_4.9.18.jar bundle apache2 -org.wso2.carbon.event.publisher.admin_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.user.store.configuration.stub_5.25.542.jar bundle apache2 +bcprov-jdk18on_1.74.0.wso2v1.jar bundle bouncy +bcprov-jdk18on-1.74.jar jarinbundle bouncy +org.wso2.carbon.identity.organization.management.handler_1.3.141.jar bundle apache2 com.google.guava.failureaccess_1.0.1.jar bundle apache2 axis2_1.6.1.wso2v76.jar bundle apache2 xmlbeans-3.1.0.jar jarinbundle apache2 org.wso2.carbon.identity.sp.metadata.saml2_1.7.7.jar bundle apache2 -org.wso2.carbon.identity.organization.user.invitation.management_1.3.129.jar bundle apache2 org.wso2.carbon.um.ws.api_5.7.4.jar bundle apache2 -org.wso2.carbon.identity.webfinger_6.11.211.jar bundle apache2 -org.wso2.carbon.unifiedendpoint.core_4.5.66.jar bundle apache2 +org.wso2.carbon.core.bootup.validator_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.user_1.2.41.jar bundle apache2 +org.wso2.carbon.identity.auth.otp.core_1.0.2.jar bundle apache2 axis2-json_1.6.1.wso2v76.jar bundle apache2 -com.googlecode.javaewah.JavaEWAH_1.1.6.jar bundle apache2 -org.wso2.carbon.identity.password.policy_1.8.87.jar bundle apache2 -org.wso2.carbon.identity.organization.management.application_1.3.129.jar bundle apache2 +org.wso2.carbon.directory.server.manager.ui_5.25.637.jar bundle apache2 +org.wso2.carbon.tenant.dispatcher_4.11.17.jar bundle apache2 +org.wso2.carbon.identity.oauth.par_6.11.232.jar bundle apache2 +org.wso2.carbon.queuing_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.base_5.25.637.jar bundle apache2 org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar bundle epl1 -org.wso2.carbon.identity.discovery_6.11.211.jar bundle apache2 axis2-jaxbri_1.6.1.wso2v42.jar bundle apache2 net.minidev.json-smart_2.4.10.jar bundle apache2 +org.wso2.carbon.event.output.adapter.core_5.2.56.jar bundle apache2 org.wso2.carbon.extension.identity.verification.ui_1.0.6.jar bundle apache2 org.wso2.carbon.qpid.stub_4.10.7.jar bundle apache2 -tranql-connector_1.8.0.wso2v1.jar bundle apache2 -org.wso2.carbon.claim.mgt.stub_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.application.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.identity.handler.event.account.lock_1.8.13.jar bundle apache2 +org.wso2.carbon.identity.cors.service_1.8.37.jar bundle apache2 org.wso2.carbon.registry.common_4.8.15.jar bundle apache2 -org.wso2.carbon.attachment.mgt.skeleton_4.5.66.jar bundle apache2 +org.wso2.carbon.event.output.adapter.logger_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.tenant.resource.manager_1.8.100.jar bundle apache2 org.eclipse.equinox.util_1.0.500.v20130404-1337.jar bundle epl1 -org.wso2.carbon.identity.application.common_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.consent.server.configs.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.queuing_4.9.18.jar bundle apache2 -geronimo-transaction_2.0.1.wso2v1.jar bundle apache2 org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar bundle epl1 -org.wso2.carbon.core.bootup.validator_4.9.18.jar bundle apache2 +org.wso2.carbon.event.publisher.admin_5.2.56.jar bundle apache2 +org.wso2.carbon.identity.account.suspension.notification.task_1.8.100.jar bundle apache2 solr_8.11.1.wso2v7.jar bundle apache2 rrd4j-3.8.1.jar jarinbundle apache2 metrics-core-4.2.9.jar jarinbundle apache2 @@ -640,28 +570,19 @@ jetty-io-9.4.48.v20220622.jar commons-collections4-4.4.wso2v1.jar bundle apache2 caffeine-2.9.2.jar jarinbundle apache2 annogen_0.1.0.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.entitlement.common_5.25.542.jar bundle apache2 +org.wso2.carbon.pax-logging-log4j2-plugins_4.9.20.jar bundle apache2 org.wso2.carbon.event.core_4.10.7.jar bundle apache2 -json_3.0.0.wso2v2.jar bundle apache2 -org.wso2.carbon.identity.event_5.25.542.jar bundle apache2 -javax.cache.wso2_4.9.18.jar bundle apache2 +org.wso2.carbon.tenant.sso.redirector.ui_4.11.17.jar bundle apache2 +org.wso2.carbon.identity.authz.valve_1.8.37.jar bundle apache2 +axiom_1.2.11.wso2v28.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso.stub_5.8.5.jar bundle apache2 -org.wso2.carbon.tenant.redirector.servlet.ui_4.11.15.jar bundle apache2 org.eclipse.equinox.ds_1.4.400.v20160226-2036.jar bundle epl1 -org.wso2.carbon.event.output.adapter.core_5.2.53.jar bundle apache2 org.wso2.carbon.logging.remote.config.ui_4.10.7.jar bundle apache2 commons-fileupload_1.5.0.wso2v2.jar bundle apache2 httpasyncclient_4.1.3.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.role.v2.mgt.core_5.25.542.jar bundle apache2 -org.wso2.carbon.ui_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.auth.valve_1.8.37.jar bundle apache2 org.wso2.carbon.identity.oauth2.grant.token.exchange_1.1.5.jar bundle apache2 siddhi-core_3.2.9.jar bundle apache2 -org.wso2.carbon.security.mgt.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.bpel.common_4.5.66.jar bundle apache2 -org.wso2.carbon.identity.auth.valve_1.8.35.jar bundle apache2 -org.wso2.carbon.identity.claim.metadata.mgt.stub_5.25.542.jar bundle apache2 -org.wso2.carbon.registry.api_4.9.18.jar bundle apache2 -saxon.he_9.4.0.wso2v1.jar bundle mpl10 org.wso2.carbon.event.ws_4.10.7.jar bundle apache2 yubico-webauthn_2.4.0.wso2v1.jar bundle bsd jackson-datatype-jsr310-2.14.2.jar jarinbundle apache2 @@ -675,35 +596,33 @@ webauthn-server-attestation-2.4.0.jar cose-java-1.1.0.jar jarinbundle bsd3 yubico-util-2.4.0.jar jarinbundle bsd eddsa-0.3.0.jar jarinbundle ccpd-universal -xmlbeans_2.3.0.wso2v1.jar bundle apache2 -org.wso2.carbon.event.output.adapter.ui_5.2.53.jar bundle apache2 -org.wso2.carbon.databridge.commons.thrift_5.2.53.jar bundle apache2 -org.wso2.carbon.identity.authz.valve_1.8.35.jar bundle apache2 +org.wso2.carbon.tenant.redirector.servlet.ui_4.11.17.jar bundle apache2 +org.wso2.carbon.identity.piicontroller_1.8.100.jar bundle apache2 org.wso2.carbon.um.ws.service_5.7.4.jar bundle apache2 -org.wso2.carbon.tenant.sso.redirector.ui_4.11.15.jar bundle apache2 -org.wso2.carbon.feature.mgt.stub_4.9.18.jar bundle apache2 +org.wso2.carbon.identity.oauth.dcr_6.11.232.jar bundle apache2 +org.wso2.carbon.server.admin.stub_4.9.20.jar bundle apache2 org.eclipse.equinox.p2.repository.tools_2.1.0.v20131211-1531.jar bundle epl1 org.wso2.stratos.identity.dashboard.ui_2.2.1.jar bundle apache2 org.wso2.orbit.javax.xml.bind.jaxb-api_2.3.1.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.unique.claim.mgt_5.25.542.jar bundle apache2 -org.wso2.carbon.identity.user.registration_5.25.542.jar bundle apache2 -org.wso2.carbon.server.admin_4.9.18.jar bundle apache2 -org.wso2.carbon.identity.application.mgt.ui_5.25.542.jar bundle apache2 +org.wso2.carbon.identity.notification.mgt_5.25.637.jar bundle apache2 +org.wso2.carbon.roles.mgt_4.9.20.jar bundle apache2 +org.wso2.carbon.identity.conditional.auth.functions.utils_1.2.41.jar bundle apache2 +org.wso2.carbon.identity.application.authentication.framework.stub_5.25.637.jar bundle apache2 org.eclipse.ecf.provider.filetransfer_3.2.0.v20130604-1622.jar bundle epl1 ehcache_1.5.0.wso2v3.jar bundle apache2 -json_3.0.0.wso2v1.jar bundle apache2 +org.wso2.carbon.identity.multi.attribute.login.resolver.regex_1.8.100.jar bundle apache2 +org.wso2.carbon.identity.user.functionality.mgt_5.25.637.jar bundle apache2 com.fasterxml.jackson.core.jackson-core_2.15.2.jar bundle apache2 -org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.129.jar bundle apache2 -org.wso2.carbon.identity.oidc.dcr_6.11.211.jar bundle apache2 +org.apache.santuario.xmlsec_2.3.4.jar bundle apache2 org.wso2.carbon.extension.identity.helper_1.0.14.jar bundle apache2 org.wso2.carbon.identity.tools.saml.validator.stub_5.5.7.jar bundle apache2 org.wso2.securevault_1.1.7.jar bundle apache2 +org.wso2.carbon.authenticator.proxy_4.9.20.jar bundle apache2 org.wso2.carbon.registry.search.ui_4.8.15.jar bundle apache2 tyrus-standalone-client_1.7.0.wso2v1.jar bundle cddl1 +org.wso2.carbon.event.processor.manager.commons_5.2.56.jar bundle apache2 hazelcast_5.3.2.wso2v1.jar bundle apache2 org.eclipse.equinox.simpleconfigurator.manipulator_2.0.200.v20160504-1450.jar bundle epl1 -org.wso2.carbon.identity.cors.service_1.8.35.jar bundle apache2 -org.wso2.carbon.event.output.adapter.soap_5.2.53.jar bundle apache2 geronimo-activation_1.1_spec-1.1.jar bundle apache2 jaxen-1.2.0.jar bundle bsd2 org.wso2.identity.apps.taglibs.layout.controller-1.4.34.jar bundle apache2 @@ -720,9 +639,9 @@ commons-cli-1.0.jar encoder-1.2.2.jar jar bsd3 org.wso2.securevault-1.1.3.jar bundle apache2 axiom-api-1.2.11-wso2v16.jar bundle apache2 -org.wso2.carbon.identity.oauth.extension-6.11.211.jar bundle apache2 java-property-utils-1.9.jar jar apache2 cors-filter-1.7.jar jar apache2 +org.wso2.carbon.identity.oauth.extension-6.11.232.jar bundle apache2 swagger-jaxrs-1.6.2.jar bundle apache2 swagger-core-1.6.2.jar bundle apache2 javassist-3.21.0-GA.jar bundle apache2 + lgpl2 + mpl11 @@ -731,112 +650,105 @@ swagger-annotations-1.6.2.jar validation-api-1.1.0.Final.jar bundle apache2 commons-lang3-3.2.1.jar bundle apache2 reflections-0.9.11.jar bundle bsd2 -org.wso2.carbon.identity.api.user.recovery.commons-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.extension.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.secret.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.approval.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.script.library.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.configs.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.email.template.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.extension.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.fido2.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.expired.password.identification.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.session.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.fetch.remote.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.session.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.permission.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.branding.preference.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.user.invitation.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.idp.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.server.workflow.engine.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.role.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.userstore.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.configs.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.challenge.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.mfa.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.application.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.cors.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.configs.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.recovery.v2-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.challenge.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.server.claim.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.cors.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.authorized.apps.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.association.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.notification.sender.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.admin.advisory.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.idv.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.application.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.oidc.scope.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.backupcode.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.api.resource.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.challenge.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.idle.account.identification.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.idp.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.idv.provider.common-1.2.127.jar bundle apache2 +org.wso2.carbon.identity.api.server.dcr-6.11.232.jar bundle apache2 +org.wso2.carbon.identity.api.server.oidc.scope.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.application.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.expired.password.identification.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.recovery.commons-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.permission.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.idv.provider.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.idp.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.idle.account.identification.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.api.resource.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.server.claim.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.configs.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.cors.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.application.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.mfa.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.admin.advisory.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.fido2.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.session.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.user.session.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.notification.sender.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.cors.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.idp.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.user.invitation.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.branding.preference.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.authorized.apps.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.permission.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.association.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.expired.password.identification.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.governance-1.8.100.jar bundle apache2 +org.wso2.carbon.identity.api.server.oauth.scope-6.11.232.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.recovery.v2-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.user.onboard.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.configs.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.userstore.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.role.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.backupcode.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.user.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.extension.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.secret.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.recovery-1.8.100.jar bundle apache2 +org.wso2.carbon.identity.api.user.fido2-5.4.7.jar bundle apache2 +org.wso2.carbon.identity.api.server.email.template.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.extension.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.idv.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.configs.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.script.library.v1-1.2.144.jar bundle apache2 org.wso2.carbon.api.server.local.auth.api-2.5.8.jar bundle apache2 -org.wso2.carbon.identity.api.server.permission.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.fido2-5.4.4.jar bundle apache2 -org.wso2.carbon.identity.api.expired.password.identification.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.input.validation.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.script.library.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.mfa.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.rest.api.server.email.template.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.userstore.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.application.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.user.functionality.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.tenant.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.oauth.scope-6.11.211.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.fido2.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.user.governance-1.8.87.jar bundle apache2 -org.wso2.carbon.identity.api.server.authenticators.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.keystore.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.input.validation.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.recovery.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.admin.advisory.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.idv.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.authenticators.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.oidc.scope.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.branding.preference.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.backupcode.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.keystore.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.notification.sender.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.user.recovery-1.8.87.jar bundle apache2 -org.wso2.carbon.identity.api.server.entitlement-5.25.542.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.authorized.apps.v2-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.tenant.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.idv.provider.v1-1.2.127.jar bundle apache2 +org.wso2.carbon.identity.api.user.functionality.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.selfservice.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.idle.account.identification.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.fido2.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.mfa.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.claim.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.application.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.identity.governance.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.identity.governance.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.role.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.backupcode.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.api.resource.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.idv.provider.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.tenant.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.authorized.apps.v2-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.selfservice.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.recovery.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.user.invitation.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.secret.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.idv.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.configuration.mgt-5.25.637.jar bundle apache2 +org.wso2.carbon.identity.api.server.organization.configs.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.organization.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.authenticators.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.totp.v1-1.3.30.jar bundle apache2 org.wso2.carbon.api.server.consent.mgt-2.5.2.jar bundle apache2 -org.wso2.carbon.identity.rest.api.server.challenge.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.api.resource.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.dcr-6.11.211.jar bundle apache2 -org.wso2.carbon.identity.api.user.organization.common-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.role.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.identity.governance.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.organization.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.fetch.remote.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.totp.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.configs.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.secret.management.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.functionality.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.user.invitation.management.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.approval.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.selfservice.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.configuration.mgt-5.25.542.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.totp.common-1.3.27.jar bundle apache2 +org.wso2.carbon.identity.api.user.onboard.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.admin.advisory.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.functionality.v1-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.input.validation.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.keystore.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.notification.sender.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.user.organization.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.keystore.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.oidc.scope.management.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.branding.preference.management.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.userstore.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.application.v1-1.3.30.jar bundle apache2 org.wso2.carbon.identity.api.dispatcher.core-2.0.13.jar bundle apache2 -org.wso2.carbon.identity.api.idle.account.identification.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.organization.selfservice.v1-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.api.server.identity.governance.common-1.2.127.jar bundle apache2 -org.wso2.carbon.identity.rest.api.user.application.v1-1.3.27.jar bundle apache2 -org.wso2.carbon.identity.api.server.claim.management.common-1.2.127.jar bundle apache2 +org.wso2.carbon.identity.api.server.entitlement-5.25.637.jar bundle apache2 +org.wso2.carbon.identity.rest.api.server.email.template.v1-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.script.library.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.input.validation.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.api.server.authenticators.common-1.2.144.jar bundle apache2 +org.wso2.carbon.identity.rest.api.user.totp.common-1.3.30.jar bundle apache2 +org.wso2.carbon.identity.api.server.tenant.management.common-1.2.144.jar bundle apache2 commons-logging-1.2.jar bundle apache2 addressing-1.6.1-wso2v76.mar bundle apache2 -org.wso2.carbon.bootstrap-4.9.18.jar bundle apache2 +org.wso2.carbon.bootstrap-4.9.20.jar bundle apache2 tomcat-juli-9.0.82.jar bundle apache2 jackson-dataformat-yaml-2.13.2.jar bundle apache2 olingo-odata2-api-incubating-1.1.0.jar bundle apache2 @@ -847,9 +759,9 @@ jersey-core-1.19.1.jar jersey-multipart-1.19.1.jar bundle cddl1 jackson-databind-2.13.4.2.jar bundle apache2 javax.ws.rs-api-2.1.1.jar bundle epl2 + gpl2 +org.wso2.carbon.identity.oauth.client.authn.filter-6.11.232.jar bundle apache2 validation-api-2.0.1.Final.jar bundle apache2 jackson-module-jaxb-annotations-2.13.2.jar bundle apache2 -org.wso2.carbon.identity.client.attestation.filter-6.11.211.jar bundle apache2 jersey-client-1.19.1.jar bundle epl2 cxf-rt-rs-extension-providers-3.5.5.jar bundle apache2 cxf-rt-frontend-jaxrs-3.5.5.jar bundle apache2 @@ -858,38 +770,39 @@ spring-aop-5.3.21.jar jackson-core-2.13.2.jar bundle apache2 jackson-jaxrs-base-2.13.2.jar bundle apache2 hibernate-validator-6.2.0.Final.jar bundle apache2 -org.wso2.carbon.identity.mgt.endpoint.util-5.25.542.jar bundle apache2 -org.wso2.carbon.identity.oauth.client.authn.filter-6.11.211.jar bundle apache2 +org.wso2.carbon.identity.client.attestation.filter-6.11.232.jar bundle apache2 +org.wso2.carbon.identity.application.authentication.endpoint.util-5.25.637.jar bundle apache2 spring-beans-5.3.21.jar jar apache2 spring-jcl-5.3.21.jar jar apache2 cxf-rt-transports-http-3.5.5.jar bundle apache2 +org.wso2.carbon.identity.mgt.endpoint.util-5.25.637.jar bundle apache2 spring-context-5.3.21.jar jar apache2 jackson-jaxrs-json-provider-2.13.2.jar bundle apache2 javax.annotation-api-1.3.2.jar bundle cddl1 cxf-rt-rs-extension-search-3.5.5.jar bundle apache2 spring-core-5.3.21.jar jar apache2 -org.wso2.carbon.identity.application.authentication.endpoint.util-5.25.542.jar bundle apache2 cxf-rt-rs-client-3.5.5.jar bundle apache2 cxf-rt-rs-service-description-3.5.5.jar bundle apache2 spring-web-5.3.21.jar jar apache2 olingo-odata2-core-incubating-1.1.0.jar bundle apache2 -org.wso2.ciphertool-1.2.4.jar bundle apache2 jackson-dataformat-yaml-2.15.2.jar bundle apache2 woodstox-core-asl-4.4.1.jar bundle apache2 slf4j-simple-1.7.28.jar bundle mit xercesImpl-2.12.2.wso2v1.jar bundle apache2 +org.wso2.ciphertool-1.1.21.jar bundle apache2 saaj-impl-1.5.0.jar jar apache2 re2j-1.2.jar jar golang guava-32.1.1-jre.jar bundle apache2 jinjava-2.6.0.jar jar apache2 istack-commons-runtime-3.0.8.jar bundle edl1 +config-mapper-1.0.22.jar jar apache2 jsoup-1.15.3.jar bundle mit +org.wso2.carbon.server-4.9.20.jar bundle apache2 ant-contrib-1.0b3.jar jar apache2 xml-apis-1.4.01.jar jar apache2 jaxb-api-2.4.0-b180830.0359.jar bundle cddl1 xalan-2.7.3.wso2v1.jar bundle apache2 stax2-api-3.1.4.jar bundle bsd -org.wso2.carbon.server-4.9.18.jar bundle apache2 commons-codec-1.12.jar bundle apache2 xml-resolver-1.2.jar jar apache2 jaxb-impl-2.4.0-b180830.0438.jar bundle cddl1 @@ -899,7 +812,6 @@ log4j-jcl-2.17.1.jar log4j-core-2.17.1.jar bundle apache2 geronimo-jta_1.1_spec-1.1.jar jar apache2 jaxws-ri-2.3.2.wso2v1.jar bundle apache2 + edl1 -config-mapper-1.0.13.jar jar apache2 slf4j-api-1.7.25.jar bundle mit activation-1.1.1.jar jar cddl1 log4j-api-2.17.1.jar bundle apache2 @@ -920,8 +832,8 @@ bsd2 Berkeley License - 2 https://opensource.org/licenses/BSD-2-Clause cc-by-sa3 Creative Commons Attribution-ShareAlike Version 3.0 https://creativecommons.org/licenses/by-sa/3.0/ -bsd3 Berkeley License - 3 - http://opensource.org/licenses/BSD-3-Clause +bouncy Bouncy Castle License + http://www.bouncycastle.org/licence.html mit MIT License http://www.opensource.org/licenses/mit-license.php cddl1 Common Development and Distribution License @@ -930,16 +842,12 @@ gpl2 General Public License Version 2.0 https://www.gnu.org/licenses/old-licenses/gpl-2.0.html asm ASM License http://asm.objectweb.org/license.html -mpl10 Mozilla Public License Version 1.0 - http://www.mozilla.org/MPL/ -bouncy Bouncy Castle License - http://www.bouncycastle.org/licence.html mpl20 Mozilla Public License Version 2.0 http://www.mozilla.org/MPL/2.0/ lgpl2 Lesser General Public License Version 2.1 http://www.gnu.org/licenses/lgpl-2.1.php -edl1 Eclipse Distribution License Version 1.0 - http://www.eclipse.org/org/documents/edl-v10.php +bsd3 Berkeley License - 3 + http://opensource.org/licenses/BSD-3-Clause ccpd Creative Commons Public Domain http://creativecommons.org/licenses/publicdomain ccpd-universal CC0 1.0 Universal (CC0 1.0) Public Domain Dedication @@ -950,3 +858,5 @@ epl2 Eclipse Public License Version 2.0 https://www.eclipse.org/legal/epl-2.0/ golang Go Lang https://golang.org/LICENSE +edl1 Eclipse Distribution License Version 1.0 + http://www.eclipse.org/org/documents/edl-v10.php From 4fccc6085c00c01bf286535f238066756b25460c Mon Sep 17 00:00:00 2001 From: Thisara-Welmilla Date: Fri, 22 Dec 2023 12:04:13 +0530 Subject: [PATCH 30/42] Update LICENSE.txt --- LICENSE.txt | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index 7e8595e0859..88b652ca249 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -81,7 +81,7 @@ org.wso2.carbon.identity.authenticator.saml2.sso.common_5.8.5.jar org.wso2.carbon.identity.cors.mgt.core_5.25.637.jar bundle apache2 org.wso2.carbon.event.output.adapter.wso2event_5.2.56.jar bundle apache2 woden_1.0.0.M9-wso2v1.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.143.jar bundle apache2 org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar bundle epl1 com.fasterxml.jackson.core.jackson-databind_2.15.2.jar bundle apache2 org.wso2.carbon.logging.appender.service_4.10.7.jar bundle apache2 @@ -103,7 +103,7 @@ org.wso2.carbon.identity.conditional.auth.functions.jwt.decode_1.2.41.jar tomcat-el-api_9.0.82.wso2v1.jar bundle apache2 org.eclipse.equinox.p2.director.app_1.0.300.v20150129-0838.jar bundle epl1 org.wso2.carbon.identity.tools.saml.validator_5.5.7.jar bundle apache2 -org.wso2.carbon.identity.organization.management.authz.service_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.authz.service_1.3.143.jar bundle apache2 csrfguard_3.1.0.wso2v4.jar bundle apache2 org.wso2.carbon.user.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.identity.role.mgt.core_5.25.637.jar bundle apache2 @@ -170,7 +170,7 @@ org.eclipse.core.contenttype_3.4.200.v20130326-1255.jar org.wso2.carbon.identity.sts.passive.stub_5.10.20.jar bundle apache2 hector-core_1.1.4.wso2v2.jar bundle apache2 org.wso2.carbon.registry.profiles.stub_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.ext_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.ext_1.3.143.jar bundle apache2 org.apache.commons.configuration_1.10.0.jar bundle apache2 org.wso2.carbon.feature.mgt.services_4.9.20.jar bundle apache2 axis2-jibx_1.6.1.wso2v11.jar bundle apache2 @@ -179,7 +179,7 @@ org.wso2.carbon.tenant.common_4.10.7.jar commons-io_2.7.0.wso2v1.jar bundle apache2 org.wso2.carbon.identity.data.publisher.authentication.audit_5.6.6.jar bundle apache2 org.wso2.carbon.identity.functions.library.mgt_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.management.governance.connector_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.governance.connector_1.3.143.jar bundle apache2 org.eclipse.equinox.registry_3.6.0.v20150318-1503.jar bundle epl1 org.wso2.carbon.admin.advisory.mgt_4.9.20.jar bundle apache2 org.wso2.carbon.deployment.synchronizer.subversion_4.10.7.jar bundle apache2 @@ -232,7 +232,7 @@ org.eclipse.core.expressions_3.4.500.v20130515-1343.jar org.wso2.carbon.identity.provider_5.9.5.jar bundle apache2 commons-collections4_4.4.0.wso2v1.jar bundle apache2 org.wso2.carbon.captcha.mgt_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.discovery.service_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.discovery.service_1.3.143.jar bundle apache2 org.wso2.carbon.identity.oauth_6.11.232.jar bundle apache2 org.wso2.carbon.admin.advisory.mgt.stub_4.9.20.jar bundle apache2 org.wso2.carbon.identity.consent.mgt_5.25.637.jar bundle apache2 @@ -286,7 +286,7 @@ org.wso2.carbon.consent.mgt.ui_2.5.2.jar org.wso2.carbon.identity.provisioning_5.25.637.jar bundle apache2 org.eclipse.equinox.console_1.3.300.v20190516-1504.jar bundle epl1 org.wso2.carbon.healthcheck.api.core_1.3.0.jar bundle apache2 -org.wso2.carbon.identity.organization.config.service_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.config.service_1.3.143.jar bundle apache2 org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar bundle epl1 org.restlet_2.3.0.wso2v1.jar bundle apache2 org.wso2.carbon.identity.idle.account.identification_1.8.100.jar bundle apache2 @@ -378,7 +378,7 @@ org.wso2.carbon.email.mgt.stub_1.7.30.jar org.wso2.carbon.identity.claim.metadata.mgt_5.25.637.jar bundle apache2 org.eclipse.ecf.identity_3.2.0.v20130604-1622.jar bundle epl1 org.wso2.carbon.identity.conditional.auth.functions.user.store_1.2.41.jar bundle apache2 -org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.143.jar bundle apache2 step2_1.0.0.wso2v2.jar bundle apache2 step2-consumer-1.0.0-wso2v2.jar bundle apache2 step2-common-1.0.0-wso2v2.jar bundle apache2 @@ -426,10 +426,10 @@ org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar org.wso2.carbon.identity.application.authenticator.magiclink_1.1.19.jar bundle apache2 guice_3.0.0.wso2v1.jar bundle apache2 org.wso2.balana.utils_1.2.13.jar bundle apache2 -org.wso2.carbon.identity.organization.user.invitation.management_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.user.invitation.management_1.3.143.jar bundle apache2 org.wso2.carbon.identity.claim.metadata.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.registry.server_4.9.20.jar bundle apache2 -org.wso2.carbon.identity.organization.management.application_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.application_1.3.143.jar bundle apache2 org.wso2.carbon.identity.user.account.association.stub_5.5.6.jar bundle apache2 org.wso2.carbon.identity.unique.claim.mgt_5.25.637.jar bundle apache2 google-auth-library-oauth2-http_1.20.0.wso2v1.jar bundle bsd3 @@ -507,13 +507,13 @@ org.wso2.carbon.identity.data.publisher.authentication.analytics.login_5.6.6.jar org.wso2.carbon.event.output.adapter.soap_5.2.56.jar bundle apache2 backport-util-concurrent_3.1.0.wso2v1.jar bundle apache2 org.wso2.carbon.registry.resource_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tenant.association_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tenant.association_1.3.143.jar bundle apache2 org.wso2.carbon.ui_4.9.20.jar bundle apache2 org.wso2.carbon.identity.configuration.mgt.core_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.management.claim.provider_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.claim.provider_1.3.143.jar bundle apache2 org.wso2.carbon.logging.appender.http_4.10.7.jar bundle apache2 org.eclipse.equinox.cm_1.3.100.v20180827-1235.jar bundle epl1 -org.wso2.carbon.identity.organization.management.role.management.service_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.role.management.service_1.3.143.jar bundle apache2 org.wso2.carbon.identity.governance_1.8.100.jar bundle apache2 org.wso2.carbon.ui.menu.registry_4.5.3.jar bundle apache2 javax.cache.wso2_4.9.20.jar bundle apache2 @@ -522,7 +522,7 @@ org.wso2.carbon.email.mgt_1.7.30.jar org.apache.felix.gogo.command_0.10.0.v201209301215.jar bundle apache2 bcprov-jdk18on_1.74.0.wso2v1.jar bundle bouncy bcprov-jdk18on-1.74.jar jarinbundle bouncy -org.wso2.carbon.identity.organization.management.handler_1.3.141.jar bundle apache2 +org.wso2.carbon.identity.organization.management.handler_1.3.143.jar bundle apache2 com.google.guava.failureaccess_1.0.1.jar bundle apache2 axis2_1.6.1.wso2v76.jar bundle apache2 xmlbeans-3.1.0.jar jarinbundle apache2 From e1bfcfdfeb8766e75ad7a1cadd8028023355fa91 Mon Sep 17 00:00:00 2001 From: Brion Date: Fri, 22 Dec 2023 12:04:23 +0530 Subject: [PATCH 31/42] Bump app versions --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 3a5042b3432..1f4f5e815e5 100755 --- a/pom.xml +++ b/pom.xml @@ -2365,9 +2365,9 @@ 1.2.41 - 2.10.49 - 2.2.72 - 2.0.109 + 2.10.50 + 2.2.73 + 2.0.110 1.6.373 From 1b72a1523272b7d1608e3ae8cf3787c11959714d Mon Sep 17 00:00:00 2001 From: sadilchamishka Date: Fri, 22 Dec 2023 12:37:54 +0530 Subject: [PATCH 32/42] Bump auth rest and organization management version --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 3a5042b3432..4412b021013 100755 --- a/pom.xml +++ b/pom.xml @@ -2259,7 +2259,7 @@ 5.8.5 5.5.0 5.5.0 - 1.8.37 + 1.8.38 @@ -2341,7 +2341,7 @@ 1.0.14 1.0.2 - 1.3.143 + 1.3.144 1.0.95 1.1.24 1.1.20 From 0ef4227fc2054c3bb558bdeac88bdf562cc70ed9 Mon Sep 17 00:00:00 2001 From: sadilchamishka Date: Fri, 22 Dec 2023 12:42:31 +0530 Subject: [PATCH 33/42] Update LICENSE.txt --- LICENSE.txt | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index 88b652ca249..2a1aff628b2 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -55,7 +55,7 @@ org.wso2.carbon.identity.entitlement_5.25.637.jar commons-text_1.10.0.wso2v2.jar bundle apache2 org.wso2.carbon.identity.conditional.auth.functions.analytics_1.2.41.jar bundle apache2 org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar bundle epl1 -org.wso2.carbon.identity.authz.service_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.authz.service_1.8.38.jar bundle apache2 org.wso2.carbon.ui.menu.tools_4.9.15.jar bundle apache2 org.wso2.carbon.identity.password.expiry_1.8.100.jar bundle apache2 org.wso2.carbon.identity.input.validation.mgt_5.25.637.jar bundle apache2 @@ -81,7 +81,7 @@ org.wso2.carbon.identity.authenticator.saml2.sso.common_5.8.5.jar org.wso2.carbon.identity.cors.mgt.core_5.25.637.jar bundle apache2 org.wso2.carbon.event.output.adapter.wso2event_5.2.56.jar bundle apache2 woden_1.0.0.M9-wso2v1.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.144.jar bundle apache2 org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar bundle epl1 com.fasterxml.jackson.core.jackson-databind_2.15.2.jar bundle apache2 org.wso2.carbon.logging.appender.service_4.10.7.jar bundle apache2 @@ -103,7 +103,7 @@ org.wso2.carbon.identity.conditional.auth.functions.jwt.decode_1.2.41.jar tomcat-el-api_9.0.82.wso2v1.jar bundle apache2 org.eclipse.equinox.p2.director.app_1.0.300.v20150129-0838.jar bundle epl1 org.wso2.carbon.identity.tools.saml.validator_5.5.7.jar bundle apache2 -org.wso2.carbon.identity.organization.management.authz.service_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.authz.service_1.3.144.jar bundle apache2 csrfguard_3.1.0.wso2v4.jar bundle apache2 org.wso2.carbon.user.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.identity.role.mgt.core_5.25.637.jar bundle apache2 @@ -170,7 +170,7 @@ org.eclipse.core.contenttype_3.4.200.v20130326-1255.jar org.wso2.carbon.identity.sts.passive.stub_5.10.20.jar bundle apache2 hector-core_1.1.4.wso2v2.jar bundle apache2 org.wso2.carbon.registry.profiles.stub_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.ext_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.ext_1.3.144.jar bundle apache2 org.apache.commons.configuration_1.10.0.jar bundle apache2 org.wso2.carbon.feature.mgt.services_4.9.20.jar bundle apache2 axis2-jibx_1.6.1.wso2v11.jar bundle apache2 @@ -179,7 +179,7 @@ org.wso2.carbon.tenant.common_4.10.7.jar commons-io_2.7.0.wso2v1.jar bundle apache2 org.wso2.carbon.identity.data.publisher.authentication.audit_5.6.6.jar bundle apache2 org.wso2.carbon.identity.functions.library.mgt_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.management.governance.connector_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.governance.connector_1.3.144.jar bundle apache2 org.eclipse.equinox.registry_3.6.0.v20150318-1503.jar bundle epl1 org.wso2.carbon.admin.advisory.mgt_4.9.20.jar bundle apache2 org.wso2.carbon.deployment.synchronizer.subversion_4.10.7.jar bundle apache2 @@ -217,7 +217,7 @@ org.wso2.carbon.identity.data.publisher.audit.user.operation_1.4.3.jar twilio.wso2_9.14.0.wso2v1.jar bundle apache2 twilio-9.14.0.jar jarinbundle mit org.wso2.carbon.user.mgt.ui_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.context.rewrite.valve_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.context.rewrite.valve_1.8.38.jar bundle apache2 org.wso2.carbon.registry.profiles.ui_4.8.15.jar bundle apache2 org.eclipse.ecf_3.2.0.v20130604-1622.jar bundle epl1 org.eclipse.equinox.security_1.2.100.v20150423-1356.jar bundle epl1 @@ -232,7 +232,7 @@ org.eclipse.core.expressions_3.4.500.v20130515-1343.jar org.wso2.carbon.identity.provider_5.9.5.jar bundle apache2 commons-collections4_4.4.0.wso2v1.jar bundle apache2 org.wso2.carbon.captcha.mgt_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.discovery.service_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.discovery.service_1.3.144.jar bundle apache2 org.wso2.carbon.identity.oauth_6.11.232.jar bundle apache2 org.wso2.carbon.admin.advisory.mgt.stub_4.9.20.jar bundle apache2 org.wso2.carbon.identity.consent.mgt_5.25.637.jar bundle apache2 @@ -286,7 +286,7 @@ org.wso2.carbon.consent.mgt.ui_2.5.2.jar org.wso2.carbon.identity.provisioning_5.25.637.jar bundle apache2 org.eclipse.equinox.console_1.3.300.v20190516-1504.jar bundle epl1 org.wso2.carbon.healthcheck.api.core_1.3.0.jar bundle apache2 -org.wso2.carbon.identity.organization.config.service_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.config.service_1.3.144.jar bundle apache2 org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar bundle epl1 org.restlet_2.3.0.wso2v1.jar bundle apache2 org.wso2.carbon.identity.idle.account.identification_1.8.100.jar bundle apache2 @@ -338,7 +338,7 @@ org.wso2.carbon.identity.user.store.count_5.25.637.jar opencsv_1.8.0.wso2v1.jar bundle apache2 opencsv-1.8.jar jarinbundle apache2 poi-scratchpad_5.2.3.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.auth.service_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.auth.service_1.8.38.jar bundle apache2 org.wso2.carbon.identity.user.rename.core_1.8.100.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.requestpath.basicauth_5.5.4.jar bundle apache2 org.wso2.carbon.tenant.mgt.core_4.11.17.jar bundle apache2 @@ -378,7 +378,7 @@ org.wso2.carbon.email.mgt.stub_1.7.30.jar org.wso2.carbon.identity.claim.metadata.mgt_5.25.637.jar bundle apache2 org.eclipse.ecf.identity_3.2.0.v20130604-1622.jar bundle epl1 org.wso2.carbon.identity.conditional.auth.functions.user.store_1.2.41.jar bundle apache2 -org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.144.jar bundle apache2 step2_1.0.0.wso2v2.jar bundle apache2 step2-consumer-1.0.0-wso2v2.jar bundle apache2 step2-common-1.0.0-wso2v2.jar bundle apache2 @@ -418,7 +418,7 @@ org.wso2.carbon.identity.user.registration_5.25.637.jar org.wso2.carbon.identity.oauth.ciba_6.11.232.jar bundle apache2 xmlbeans_5.1.1.wso2v1.jar bundle apache2 org.wso2.carbon.authenticator.stub_4.9.20.jar bundle apache2 -org.wso2.carbon.identity.cors.valve_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.cors.valve_1.8.38.jar bundle apache2 org.wso2.carbon.identity.oauth2.grant.organizationswitch_1.1.20.jar bundle apache2 org.wso2.carbon.identity.application.authenticator.fido2_5.4.7.jar bundle apache2 org.wso2.carbon.identity.data.publisher.audit.common_1.4.3.jar bundle apache2 @@ -426,10 +426,10 @@ org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar org.wso2.carbon.identity.application.authenticator.magiclink_1.1.19.jar bundle apache2 guice_3.0.0.wso2v1.jar bundle apache2 org.wso2.balana.utils_1.2.13.jar bundle apache2 -org.wso2.carbon.identity.organization.user.invitation.management_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.user.invitation.management_1.3.144.jar bundle apache2 org.wso2.carbon.identity.claim.metadata.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.registry.server_4.9.20.jar bundle apache2 -org.wso2.carbon.identity.organization.management.application_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.application_1.3.144.jar bundle apache2 org.wso2.carbon.identity.user.account.association.stub_5.5.6.jar bundle apache2 org.wso2.carbon.identity.unique.claim.mgt_5.25.637.jar bundle apache2 google-auth-library-oauth2-http_1.20.0.wso2v1.jar bundle bsd3 @@ -507,13 +507,13 @@ org.wso2.carbon.identity.data.publisher.authentication.analytics.login_5.6.6.jar org.wso2.carbon.event.output.adapter.soap_5.2.56.jar bundle apache2 backport-util-concurrent_3.1.0.wso2v1.jar bundle apache2 org.wso2.carbon.registry.resource_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tenant.association_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tenant.association_1.3.144.jar bundle apache2 org.wso2.carbon.ui_4.9.20.jar bundle apache2 org.wso2.carbon.identity.configuration.mgt.core_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.management.claim.provider_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.claim.provider_1.3.144.jar bundle apache2 org.wso2.carbon.logging.appender.http_4.10.7.jar bundle apache2 org.eclipse.equinox.cm_1.3.100.v20180827-1235.jar bundle epl1 -org.wso2.carbon.identity.organization.management.role.management.service_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.role.management.service_1.3.144.jar bundle apache2 org.wso2.carbon.identity.governance_1.8.100.jar bundle apache2 org.wso2.carbon.ui.menu.registry_4.5.3.jar bundle apache2 javax.cache.wso2_4.9.20.jar bundle apache2 @@ -522,7 +522,7 @@ org.wso2.carbon.email.mgt_1.7.30.jar org.apache.felix.gogo.command_0.10.0.v201209301215.jar bundle apache2 bcprov-jdk18on_1.74.0.wso2v1.jar bundle bouncy bcprov-jdk18on-1.74.jar jarinbundle bouncy -org.wso2.carbon.identity.organization.management.handler_1.3.143.jar bundle apache2 +org.wso2.carbon.identity.organization.management.handler_1.3.144.jar bundle apache2 com.google.guava.failureaccess_1.0.1.jar bundle apache2 axis2_1.6.1.wso2v76.jar bundle apache2 xmlbeans-3.1.0.jar jarinbundle apache2 @@ -545,7 +545,7 @@ org.wso2.carbon.extension.identity.verification.ui_1.0.6.jar org.wso2.carbon.qpid.stub_4.10.7.jar bundle apache2 org.wso2.carbon.identity.application.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.identity.handler.event.account.lock_1.8.13.jar bundle apache2 -org.wso2.carbon.identity.cors.service_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.cors.service_1.8.38.jar bundle apache2 org.wso2.carbon.registry.common_4.8.15.jar bundle apache2 org.wso2.carbon.event.output.adapter.logger_5.2.56.jar bundle apache2 org.wso2.carbon.identity.tenant.resource.manager_1.8.100.jar bundle apache2 @@ -573,14 +573,14 @@ annogen_0.1.0.wso2v1.jar org.wso2.carbon.pax-logging-log4j2-plugins_4.9.20.jar bundle apache2 org.wso2.carbon.event.core_4.10.7.jar bundle apache2 org.wso2.carbon.tenant.sso.redirector.ui_4.11.17.jar bundle apache2 -org.wso2.carbon.identity.authz.valve_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.authz.valve_1.8.38.jar bundle apache2 axiom_1.2.11.wso2v28.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso.stub_5.8.5.jar bundle apache2 org.eclipse.equinox.ds_1.4.400.v20160226-2036.jar bundle epl1 org.wso2.carbon.logging.remote.config.ui_4.10.7.jar bundle apache2 commons-fileupload_1.5.0.wso2v2.jar bundle apache2 httpasyncclient_4.1.3.wso2v1.jar bundle apache2 -org.wso2.carbon.identity.auth.valve_1.8.37.jar bundle apache2 +org.wso2.carbon.identity.auth.valve_1.8.38.jar bundle apache2 org.wso2.carbon.identity.oauth2.grant.token.exchange_1.1.5.jar bundle apache2 siddhi-core_3.2.9.jar bundle apache2 org.wso2.carbon.event.ws_4.10.7.jar bundle apache2 From 8cdc0b092878f6bed8c12e0cee0d7ed4c9d0b8eb Mon Sep 17 00:00:00 2001 From: Thisara-Welmilla Date: Fri, 22 Dec 2023 14:46:22 +0530 Subject: [PATCH 34/42] Update LICENSE.txt --- LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.txt b/LICENSE.txt index 2a1aff628b2..e932ee54612 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -75,7 +75,7 @@ com.fasterxml.jackson.core.jackson-annotations_2.15.2.jar org.wso2.identity.styles_7.0.0.beta4.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso.ui_5.8.5.jar bundle apache2 org.wso2.carbon.identity.password.policy_1.8.100.jar bundle apache2 -org.wso2.identity.apps.common_2.0.109.jar bundle apache2 +org.wso2.identity.apps.common_2.0.110.jar bundle apache2 org.wso2.carbon.registry.properties.ui_4.8.15.jar bundle apache2 org.wso2.carbon.identity.authenticator.saml2.sso.common_5.8.5.jar bundle apache2 org.wso2.carbon.identity.cors.mgt.core_5.25.637.jar bundle apache2 From f7563bb487980c009a12980e8beb81d0dbe13d72 Mon Sep 17 00:00:00 2001 From: sadilchamishka Date: Fri, 22 Dec 2023 17:11:49 +0530 Subject: [PATCH 35/42] Bump organization management service version --- LICENSE.txt | 26 +++++++++++++------------- pom.xml | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index e932ee54612..b558af2e289 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -81,7 +81,7 @@ org.wso2.carbon.identity.authenticator.saml2.sso.common_5.8.5.jar org.wso2.carbon.identity.cors.mgt.core_5.25.637.jar bundle apache2 org.wso2.carbon.event.output.adapter.wso2event_5.2.56.jar bundle apache2 woden_1.0.0.M9-wso2v1.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tomcat.ext.tenant.resolver_1.3.145.jar bundle apache2 org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar bundle epl1 com.fasterxml.jackson.core.jackson-databind_2.15.2.jar bundle apache2 org.wso2.carbon.logging.appender.service_4.10.7.jar bundle apache2 @@ -103,7 +103,7 @@ org.wso2.carbon.identity.conditional.auth.functions.jwt.decode_1.2.41.jar tomcat-el-api_9.0.82.wso2v1.jar bundle apache2 org.eclipse.equinox.p2.director.app_1.0.300.v20150129-0838.jar bundle epl1 org.wso2.carbon.identity.tools.saml.validator_5.5.7.jar bundle apache2 -org.wso2.carbon.identity.organization.management.authz.service_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.authz.service_1.3.145.jar bundle apache2 csrfguard_3.1.0.wso2v4.jar bundle apache2 org.wso2.carbon.user.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.identity.role.mgt.core_5.25.637.jar bundle apache2 @@ -170,7 +170,7 @@ org.eclipse.core.contenttype_3.4.200.v20130326-1255.jar org.wso2.carbon.identity.sts.passive.stub_5.10.20.jar bundle apache2 hector-core_1.1.4.wso2v2.jar bundle apache2 org.wso2.carbon.registry.profiles.stub_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.ext_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.ext_1.3.145.jar bundle apache2 org.apache.commons.configuration_1.10.0.jar bundle apache2 org.wso2.carbon.feature.mgt.services_4.9.20.jar bundle apache2 axis2-jibx_1.6.1.wso2v11.jar bundle apache2 @@ -179,7 +179,7 @@ org.wso2.carbon.tenant.common_4.10.7.jar commons-io_2.7.0.wso2v1.jar bundle apache2 org.wso2.carbon.identity.data.publisher.authentication.audit_5.6.6.jar bundle apache2 org.wso2.carbon.identity.functions.library.mgt_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.management.governance.connector_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.governance.connector_1.3.145.jar bundle apache2 org.eclipse.equinox.registry_3.6.0.v20150318-1503.jar bundle epl1 org.wso2.carbon.admin.advisory.mgt_4.9.20.jar bundle apache2 org.wso2.carbon.deployment.synchronizer.subversion_4.10.7.jar bundle apache2 @@ -232,7 +232,7 @@ org.eclipse.core.expressions_3.4.500.v20130515-1343.jar org.wso2.carbon.identity.provider_5.9.5.jar bundle apache2 commons-collections4_4.4.0.wso2v1.jar bundle apache2 org.wso2.carbon.captcha.mgt_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.discovery.service_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.discovery.service_1.3.145.jar bundle apache2 org.wso2.carbon.identity.oauth_6.11.232.jar bundle apache2 org.wso2.carbon.admin.advisory.mgt.stub_4.9.20.jar bundle apache2 org.wso2.carbon.identity.consent.mgt_5.25.637.jar bundle apache2 @@ -286,7 +286,7 @@ org.wso2.carbon.consent.mgt.ui_2.5.2.jar org.wso2.carbon.identity.provisioning_5.25.637.jar bundle apache2 org.eclipse.equinox.console_1.3.300.v20190516-1504.jar bundle epl1 org.wso2.carbon.healthcheck.api.core_1.3.0.jar bundle apache2 -org.wso2.carbon.identity.organization.config.service_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.config.service_1.3.145.jar bundle apache2 org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar bundle epl1 org.restlet_2.3.0.wso2v1.jar bundle apache2 org.wso2.carbon.identity.idle.account.identification_1.8.100.jar bundle apache2 @@ -378,7 +378,7 @@ org.wso2.carbon.email.mgt.stub_1.7.30.jar org.wso2.carbon.identity.claim.metadata.mgt_5.25.637.jar bundle apache2 org.eclipse.ecf.identity_3.2.0.v20130604-1622.jar bundle epl1 org.wso2.carbon.identity.conditional.auth.functions.user.store_1.2.41.jar bundle apache2 -org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.organization.user.sharing_1.3.145.jar bundle apache2 step2_1.0.0.wso2v2.jar bundle apache2 step2-consumer-1.0.0-wso2v2.jar bundle apache2 step2-common-1.0.0-wso2v2.jar bundle apache2 @@ -426,10 +426,10 @@ org.eclipse.equinox.http.servlet_1.1.400.v20130418-1354.jar org.wso2.carbon.identity.application.authenticator.magiclink_1.1.19.jar bundle apache2 guice_3.0.0.wso2v1.jar bundle apache2 org.wso2.balana.utils_1.2.13.jar bundle apache2 -org.wso2.carbon.identity.organization.user.invitation.management_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.user.invitation.management_1.3.145.jar bundle apache2 org.wso2.carbon.identity.claim.metadata.mgt.stub_5.25.637.jar bundle apache2 org.wso2.carbon.registry.server_4.9.20.jar bundle apache2 -org.wso2.carbon.identity.organization.management.application_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.application_1.3.145.jar bundle apache2 org.wso2.carbon.identity.user.account.association.stub_5.5.6.jar bundle apache2 org.wso2.carbon.identity.unique.claim.mgt_5.25.637.jar bundle apache2 google-auth-library-oauth2-http_1.20.0.wso2v1.jar bundle bsd3 @@ -507,13 +507,13 @@ org.wso2.carbon.identity.data.publisher.authentication.analytics.login_5.6.6.jar org.wso2.carbon.event.output.adapter.soap_5.2.56.jar bundle apache2 backport-util-concurrent_3.1.0.wso2v1.jar bundle apache2 org.wso2.carbon.registry.resource_4.8.15.jar bundle apache2 -org.wso2.carbon.identity.organization.management.tenant.association_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.tenant.association_1.3.145.jar bundle apache2 org.wso2.carbon.ui_4.9.20.jar bundle apache2 org.wso2.carbon.identity.configuration.mgt.core_5.25.637.jar bundle apache2 -org.wso2.carbon.identity.organization.management.claim.provider_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.claim.provider_1.3.145.jar bundle apache2 org.wso2.carbon.logging.appender.http_4.10.7.jar bundle apache2 org.eclipse.equinox.cm_1.3.100.v20180827-1235.jar bundle epl1 -org.wso2.carbon.identity.organization.management.role.management.service_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.role.management.service_1.3.145.jar bundle apache2 org.wso2.carbon.identity.governance_1.8.100.jar bundle apache2 org.wso2.carbon.ui.menu.registry_4.5.3.jar bundle apache2 javax.cache.wso2_4.9.20.jar bundle apache2 @@ -522,7 +522,7 @@ org.wso2.carbon.email.mgt_1.7.30.jar org.apache.felix.gogo.command_0.10.0.v201209301215.jar bundle apache2 bcprov-jdk18on_1.74.0.wso2v1.jar bundle bouncy bcprov-jdk18on-1.74.jar jarinbundle bouncy -org.wso2.carbon.identity.organization.management.handler_1.3.144.jar bundle apache2 +org.wso2.carbon.identity.organization.management.handler_1.3.145.jar bundle apache2 com.google.guava.failureaccess_1.0.1.jar bundle apache2 axis2_1.6.1.wso2v76.jar bundle apache2 xmlbeans-3.1.0.jar jarinbundle apache2 diff --git a/pom.xml b/pom.xml index 341d4542473..4820ffd2fe6 100755 --- a/pom.xml +++ b/pom.xml @@ -2341,7 +2341,7 @@ 1.0.14 1.0.2 - 1.3.144 + 1.3.145 1.0.95 1.1.24 1.1.20 From d599ecb598231fd45b03ecbe5c69d26b53012909 Mon Sep 17 00:00:00 2001 From: WSO2 Builder Date: Fri, 22 Dec 2023 13:26:19 +0000 Subject: [PATCH 36/42] [maven-release-plugin] prepare release v7.0.0-beta4 --- modules/api-resources/api-resources-full/pom.xml | 4 ++-- modules/api-resources/pom.xml | 4 ++-- modules/authenticators/pom.xml | 2 +- modules/connectors/pom.xml | 2 +- modules/distribution/pom.xml | 2 +- modules/features/org.wso2.identity.styles.feature/pom.xml | 2 +- modules/features/org.wso2.identity.ui.feature/pom.xml | 2 +- modules/features/org.wso2.identity.utils.feature/pom.xml | 2 +- modules/features/pom.xml | 2 +- modules/integration/pom.xml | 2 +- modules/integration/tests-common/admin-clients/pom.xml | 2 +- modules/integration/tests-common/extensions/pom.xml | 2 +- .../integration/tests-common/integration-test-utils/pom.xml | 2 +- modules/integration/tests-common/pom.xml | 2 +- modules/integration/tests-common/ui-pages/pom.xml | 2 +- modules/integration/tests-integration/pom.xml | 2 +- modules/integration/tests-integration/tests-backend/pom.xml | 2 +- modules/local-authenticators/pom.xml | 2 +- modules/oauth2-grant-types/pom.xml | 2 +- modules/p2-profile-gen/pom.xml | 2 +- modules/provisioning-connectors/pom.xml | 2 +- modules/social-authenticators/pom.xml | 2 +- modules/styles/pom.xml | 2 +- modules/styles/product/pom.xml | 2 +- modules/tests-utils/admin-services/pom.xml | 2 +- modules/tests-utils/admin-stubs/pom.xml | 2 +- modules/tests-utils/pom.xml | 2 +- pom.xml | 4 ++-- 28 files changed, 31 insertions(+), 31 deletions(-) diff --git a/modules/api-resources/api-resources-full/pom.xml b/modules/api-resources/api-resources-full/pom.xml index c51c6ae0382..436cf6d63e6 100644 --- a/modules/api-resources/api-resources-full/pom.xml +++ b/modules/api-resources/api-resources-full/pom.xml @@ -23,12 +23,12 @@ org.wso2.is api-resources - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml api-resources-full - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 war WSO2 Identity Server - All Rest API diff --git a/modules/api-resources/pom.xml b/modules/api-resources/pom.xml index c843dc8bc65..0c8fe35a7eb 100644 --- a/modules/api-resources/pom.xml +++ b/modules/api-resources/pom.xml @@ -23,12 +23,12 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml api-resources - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 pom WSO2 Identity Server - Rest API diff --git a/modules/authenticators/pom.xml b/modules/authenticators/pom.xml index fdc9a1cbd7e..0a8556b046e 100644 --- a/modules/authenticators/pom.xml +++ b/modules/authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml 4.0.0 diff --git a/modules/connectors/pom.xml b/modules/connectors/pom.xml index 57bf71df670..532941276db 100644 --- a/modules/connectors/pom.xml +++ b/modules/connectors/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml 4.0.0 diff --git a/modules/distribution/pom.xml b/modules/distribution/pom.xml index 7ac3275d716..d8a2880a14e 100755 --- a/modules/distribution/pom.xml +++ b/modules/distribution/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/features/org.wso2.identity.styles.feature/pom.xml b/modules/features/org.wso2.identity.styles.feature/pom.xml index dc1c71c5438..9cea6c6fe50 100644 --- a/modules/features/org.wso2.identity.styles.feature/pom.xml +++ b/modules/features/org.wso2.identity.styles.feature/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-features - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/features/org.wso2.identity.ui.feature/pom.xml b/modules/features/org.wso2.identity.ui.feature/pom.xml index 9ea7f3a8c20..25372ba8d31 100644 --- a/modules/features/org.wso2.identity.ui.feature/pom.xml +++ b/modules/features/org.wso2.identity.ui.feature/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-features - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/features/org.wso2.identity.utils.feature/pom.xml b/modules/features/org.wso2.identity.utils.feature/pom.xml index 77328be3b5c..cd2f3c932e4 100644 --- a/modules/features/org.wso2.identity.utils.feature/pom.xml +++ b/modules/features/org.wso2.identity.utils.feature/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-features - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/features/pom.xml b/modules/features/pom.xml index 1f563e68e97..778842ffccb 100644 --- a/modules/features/pom.xml +++ b/modules/features/pom.xml @@ -17,7 +17,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/integration/pom.xml b/modules/integration/pom.xml index 9550561bfc9..50680bbfff6 100644 --- a/modules/integration/pom.xml +++ b/modules/integration/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/integration/tests-common/admin-clients/pom.xml b/modules/integration/tests-common/admin-clients/pom.xml index d58d0318bc1..c6e899ac944 100644 --- a/modules/integration/tests-common/admin-clients/pom.xml +++ b/modules/integration/tests-common/admin-clients/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/integration/tests-common/extensions/pom.xml b/modules/integration/tests-common/extensions/pom.xml index a9f7d074c9a..6191f900e39 100644 --- a/modules/integration/tests-common/extensions/pom.xml +++ b/modules/integration/tests-common/extensions/pom.xml @@ -22,7 +22,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/integration/tests-common/integration-test-utils/pom.xml b/modules/integration/tests-common/integration-test-utils/pom.xml index caeba225724..13bb50d1b48 100644 --- a/modules/integration/tests-common/integration-test-utils/pom.xml +++ b/modules/integration/tests-common/integration-test-utils/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/integration/tests-common/pom.xml b/modules/integration/tests-common/pom.xml index a756d133a73..6c60e9a14ea 100644 --- a/modules/integration/tests-common/pom.xml +++ b/modules/integration/tests-common/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/integration/tests-common/ui-pages/pom.xml b/modules/integration/tests-common/ui-pages/pom.xml index 3ce650538fd..6703fa29f70 100644 --- a/modules/integration/tests-common/ui-pages/pom.xml +++ b/modules/integration/tests-common/ui-pages/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/integration/tests-integration/pom.xml b/modules/integration/tests-integration/pom.xml index c68094fac02..bcb764d96cf 100644 --- a/modules/integration/tests-integration/pom.xml +++ b/modules/integration/tests-integration/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/integration/tests-integration/tests-backend/pom.xml b/modules/integration/tests-integration/tests-backend/pom.xml index 605f334b7eb..e7b84330a04 100644 --- a/modules/integration/tests-integration/tests-backend/pom.xml +++ b/modules/integration/tests-integration/tests-backend/pom.xml @@ -18,7 +18,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/local-authenticators/pom.xml b/modules/local-authenticators/pom.xml index bbf72fcce8f..fa08945c42c 100644 --- a/modules/local-authenticators/pom.xml +++ b/modules/local-authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml 4.0.0 diff --git a/modules/oauth2-grant-types/pom.xml b/modules/oauth2-grant-types/pom.xml index f7a12619dff..38d1305e9db 100644 --- a/modules/oauth2-grant-types/pom.xml +++ b/modules/oauth2-grant-types/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/p2-profile-gen/pom.xml b/modules/p2-profile-gen/pom.xml index 839ede366fc..61f2178904b 100644 --- a/modules/p2-profile-gen/pom.xml +++ b/modules/p2-profile-gen/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/provisioning-connectors/pom.xml b/modules/provisioning-connectors/pom.xml index 9542e8d6922..2340a44cc24 100644 --- a/modules/provisioning-connectors/pom.xml +++ b/modules/provisioning-connectors/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml 4.0.0 diff --git a/modules/social-authenticators/pom.xml b/modules/social-authenticators/pom.xml index bfedb06fe61..31194228c08 100644 --- a/modules/social-authenticators/pom.xml +++ b/modules/social-authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml 4.0.0 diff --git a/modules/styles/pom.xml b/modules/styles/pom.xml index bc8dbfed143..6f35f5a8129 100644 --- a/modules/styles/pom.xml +++ b/modules/styles/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/modules/styles/product/pom.xml b/modules/styles/product/pom.xml index 35af6fd92f2..22232e70b45 100644 --- a/modules/styles/product/pom.xml +++ b/modules/styles/product/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-server-styles-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/tests-utils/admin-services/pom.xml b/modules/tests-utils/admin-services/pom.xml index fddc59fcd21..ddaad1462cb 100644 --- a/modules/tests-utils/admin-services/pom.xml +++ b/modules/tests-utils/admin-services/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests-utils - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/tests-utils/admin-stubs/pom.xml b/modules/tests-utils/admin-stubs/pom.xml index c4b14dfa43d..b0fdf6766f7 100644 --- a/modules/tests-utils/admin-stubs/pom.xml +++ b/modules/tests-utils/admin-stubs/pom.xml @@ -21,7 +21,7 @@ org.wso2.is identity-integration-tests-utils - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../pom.xml diff --git a/modules/tests-utils/pom.xml b/modules/tests-utils/pom.xml index f906859f5d8..78c8dbd1e1f 100644 --- a/modules/tests-utils/pom.xml +++ b/modules/tests-utils/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 ../../pom.xml diff --git a/pom.xml b/pom.xml index 4820ffd2fe6..8858b8ce02e 100755 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ identity-server-parent pom WSO2 Identity Server - 7.0.0-beta4-SNAPSHOT + 7.0.0-beta4 WSO2 Identity Server http://wso2.org/projects/identity @@ -2556,7 +2556,7 @@ https://github.com/wso2/product-is.git scm:git:https://github.com/wso2/product-is.git scm:git:https://github.com/wso2/product-is.git - HEAD + v7.0.0-beta4 From 1efa5b7ad42e21f65ace05cac309ead625df3d28 Mon Sep 17 00:00:00 2001 From: WSO2 Builder Date: Fri, 22 Dec 2023 13:26:21 +0000 Subject: [PATCH 37/42] [maven-release-plugin] prepare for next development iteration --- modules/api-resources/api-resources-full/pom.xml | 4 ++-- modules/api-resources/pom.xml | 4 ++-- modules/authenticators/pom.xml | 2 +- modules/connectors/pom.xml | 2 +- modules/distribution/pom.xml | 2 +- modules/features/org.wso2.identity.styles.feature/pom.xml | 2 +- modules/features/org.wso2.identity.ui.feature/pom.xml | 2 +- modules/features/org.wso2.identity.utils.feature/pom.xml | 2 +- modules/features/pom.xml | 2 +- modules/integration/pom.xml | 2 +- modules/integration/tests-common/admin-clients/pom.xml | 2 +- modules/integration/tests-common/extensions/pom.xml | 2 +- .../integration/tests-common/integration-test-utils/pom.xml | 2 +- modules/integration/tests-common/pom.xml | 2 +- modules/integration/tests-common/ui-pages/pom.xml | 2 +- modules/integration/tests-integration/pom.xml | 2 +- modules/integration/tests-integration/tests-backend/pom.xml | 2 +- modules/local-authenticators/pom.xml | 2 +- modules/oauth2-grant-types/pom.xml | 2 +- modules/p2-profile-gen/pom.xml | 2 +- modules/provisioning-connectors/pom.xml | 2 +- modules/social-authenticators/pom.xml | 2 +- modules/styles/pom.xml | 2 +- modules/styles/product/pom.xml | 2 +- modules/tests-utils/admin-services/pom.xml | 2 +- modules/tests-utils/admin-stubs/pom.xml | 2 +- modules/tests-utils/pom.xml | 2 +- pom.xml | 4 ++-- 28 files changed, 31 insertions(+), 31 deletions(-) diff --git a/modules/api-resources/api-resources-full/pom.xml b/modules/api-resources/api-resources-full/pom.xml index 436cf6d63e6..a69cf2fd7e0 100644 --- a/modules/api-resources/api-resources-full/pom.xml +++ b/modules/api-resources/api-resources-full/pom.xml @@ -23,12 +23,12 @@ org.wso2.is api-resources - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml api-resources-full - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT war WSO2 Identity Server - All Rest API diff --git a/modules/api-resources/pom.xml b/modules/api-resources/pom.xml index 0c8fe35a7eb..3576873c4b0 100644 --- a/modules/api-resources/pom.xml +++ b/modules/api-resources/pom.xml @@ -23,12 +23,12 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml api-resources - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT pom WSO2 Identity Server - Rest API diff --git a/modules/authenticators/pom.xml b/modules/authenticators/pom.xml index 0a8556b046e..61ac6742894 100644 --- a/modules/authenticators/pom.xml +++ b/modules/authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/modules/connectors/pom.xml b/modules/connectors/pom.xml index 532941276db..d2a8884a301 100644 --- a/modules/connectors/pom.xml +++ b/modules/connectors/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/modules/distribution/pom.xml b/modules/distribution/pom.xml index d8a2880a14e..3e5bdde18d5 100755 --- a/modules/distribution/pom.xml +++ b/modules/distribution/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/features/org.wso2.identity.styles.feature/pom.xml b/modules/features/org.wso2.identity.styles.feature/pom.xml index 9cea6c6fe50..fd5f32b7f7b 100644 --- a/modules/features/org.wso2.identity.styles.feature/pom.xml +++ b/modules/features/org.wso2.identity.styles.feature/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-features - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/features/org.wso2.identity.ui.feature/pom.xml b/modules/features/org.wso2.identity.ui.feature/pom.xml index 25372ba8d31..2526913925e 100644 --- a/modules/features/org.wso2.identity.ui.feature/pom.xml +++ b/modules/features/org.wso2.identity.ui.feature/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-features - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/features/org.wso2.identity.utils.feature/pom.xml b/modules/features/org.wso2.identity.utils.feature/pom.xml index cd2f3c932e4..fdfa55d4e20 100644 --- a/modules/features/org.wso2.identity.utils.feature/pom.xml +++ b/modules/features/org.wso2.identity.utils.feature/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-features - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/features/pom.xml b/modules/features/pom.xml index 778842ffccb..3dc5fc541d7 100644 --- a/modules/features/pom.xml +++ b/modules/features/pom.xml @@ -17,7 +17,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/integration/pom.xml b/modules/integration/pom.xml index 50680bbfff6..0c9d544bbd5 100644 --- a/modules/integration/pom.xml +++ b/modules/integration/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/integration/tests-common/admin-clients/pom.xml b/modules/integration/tests-common/admin-clients/pom.xml index c6e899ac944..4552a7cd913 100644 --- a/modules/integration/tests-common/admin-clients/pom.xml +++ b/modules/integration/tests-common/admin-clients/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/integration/tests-common/extensions/pom.xml b/modules/integration/tests-common/extensions/pom.xml index 6191f900e39..88ffe3ec994 100644 --- a/modules/integration/tests-common/extensions/pom.xml +++ b/modules/integration/tests-common/extensions/pom.xml @@ -22,7 +22,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/integration/tests-common/integration-test-utils/pom.xml b/modules/integration/tests-common/integration-test-utils/pom.xml index 13bb50d1b48..df0158bc433 100644 --- a/modules/integration/tests-common/integration-test-utils/pom.xml +++ b/modules/integration/tests-common/integration-test-utils/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/integration/tests-common/pom.xml b/modules/integration/tests-common/pom.xml index 6c60e9a14ea..34897d7ce1f 100644 --- a/modules/integration/tests-common/pom.xml +++ b/modules/integration/tests-common/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/integration/tests-common/ui-pages/pom.xml b/modules/integration/tests-common/ui-pages/pom.xml index 6703fa29f70..905665beced 100644 --- a/modules/integration/tests-common/ui-pages/pom.xml +++ b/modules/integration/tests-common/ui-pages/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/integration/tests-integration/pom.xml b/modules/integration/tests-integration/pom.xml index bcb764d96cf..12e233618fc 100644 --- a/modules/integration/tests-integration/pom.xml +++ b/modules/integration/tests-integration/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/integration/tests-integration/tests-backend/pom.xml b/modules/integration/tests-integration/tests-backend/pom.xml index e7b84330a04..255225be66b 100644 --- a/modules/integration/tests-integration/tests-backend/pom.xml +++ b/modules/integration/tests-integration/tests-backend/pom.xml @@ -18,7 +18,7 @@ org.wso2.is identity-integration-tests - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/local-authenticators/pom.xml b/modules/local-authenticators/pom.xml index fa08945c42c..2ba9cf97df8 100644 --- a/modules/local-authenticators/pom.xml +++ b/modules/local-authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/modules/oauth2-grant-types/pom.xml b/modules/oauth2-grant-types/pom.xml index 38d1305e9db..a07735f7c3f 100644 --- a/modules/oauth2-grant-types/pom.xml +++ b/modules/oauth2-grant-types/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/p2-profile-gen/pom.xml b/modules/p2-profile-gen/pom.xml index 61f2178904b..5933e62f450 100644 --- a/modules/p2-profile-gen/pom.xml +++ b/modules/p2-profile-gen/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/provisioning-connectors/pom.xml b/modules/provisioning-connectors/pom.xml index 2340a44cc24..fa6c0d6f2d5 100644 --- a/modules/provisioning-connectors/pom.xml +++ b/modules/provisioning-connectors/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/modules/social-authenticators/pom.xml b/modules/social-authenticators/pom.xml index 31194228c08..e547d4d579e 100644 --- a/modules/social-authenticators/pom.xml +++ b/modules/social-authenticators/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml 4.0.0 diff --git a/modules/styles/pom.xml b/modules/styles/pom.xml index 6f35f5a8129..65b818945fa 100644 --- a/modules/styles/pom.xml +++ b/modules/styles/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/modules/styles/product/pom.xml b/modules/styles/product/pom.xml index 22232e70b45..9343176a099 100644 --- a/modules/styles/product/pom.xml +++ b/modules/styles/product/pom.xml @@ -20,7 +20,7 @@ org.wso2.is identity-server-styles-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/tests-utils/admin-services/pom.xml b/modules/tests-utils/admin-services/pom.xml index ddaad1462cb..c7d13dbcac6 100644 --- a/modules/tests-utils/admin-services/pom.xml +++ b/modules/tests-utils/admin-services/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-integration-tests-utils - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/tests-utils/admin-stubs/pom.xml b/modules/tests-utils/admin-stubs/pom.xml index b0fdf6766f7..a71a760e6a0 100644 --- a/modules/tests-utils/admin-stubs/pom.xml +++ b/modules/tests-utils/admin-stubs/pom.xml @@ -21,7 +21,7 @@ org.wso2.is identity-integration-tests-utils - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../pom.xml diff --git a/modules/tests-utils/pom.xml b/modules/tests-utils/pom.xml index 78c8dbd1e1f..7790d3e897b 100644 --- a/modules/tests-utils/pom.xml +++ b/modules/tests-utils/pom.xml @@ -19,7 +19,7 @@ org.wso2.is identity-server-parent - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT ../../pom.xml diff --git a/pom.xml b/pom.xml index 8858b8ce02e..a7dfdce49dc 100755 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ identity-server-parent pom WSO2 Identity Server - 7.0.0-beta4 + 7.0.0-beta5-SNAPSHOT WSO2 Identity Server http://wso2.org/projects/identity @@ -2556,7 +2556,7 @@ https://github.com/wso2/product-is.git scm:git:https://github.com/wso2/product-is.git scm:git:https://github.com/wso2/product-is.git - v7.0.0-beta4 + HEAD From 4a320d64a330857665cf3ccf907cbe9fb11de5aa Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Fri, 22 Dec 2023 16:20:51 +0000 Subject: [PATCH 38/42] Bump dependencies from IS_dependency_updater_github_action/7301201046 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index a7dfdce49dc..2e3752a6f63 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.637 + 5.25.638 [5.14.67, 6.0.0] @@ -2355,7 +2355,7 @@ 2.0.13 1.3.30 - 1.2.144 + 1.2.146 5.5.9 5.5.7 From 37b1dc63b500ec7d4864448148c42b6e897924ff Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Sat, 23 Dec 2023 16:24:55 +0000 Subject: [PATCH 39/42] Bump dependencies from IS_dependency_updater_github_action/7308927115 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 2e3752a6f63..2ef89d8be4e 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.638 + 5.25.639 [5.14.67, 6.0.0] @@ -2365,7 +2365,7 @@ 1.2.41 - 2.10.50 + 2.10.51 2.2.73 2.0.110 1.6.373 From b247c022d7e93976fea749a597547eb8855977cd Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Mon, 25 Dec 2023 16:29:02 +0000 Subject: [PATCH 40/42] Bump dependencies from IS_dependency_updater_github_action/7322602600 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 2ef89d8be4e..70d4733c627 100755 --- a/pom.xml +++ b/pom.xml @@ -2365,8 +2365,8 @@ 1.2.41 - 2.10.51 - 2.2.73 + 2.10.52 + 2.2.74 2.0.110 1.6.373 From 1d5abd5d14edeee378b496156b2dae6e8b86b306 Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Fri, 29 Dec 2023 16:20:16 +0000 Subject: [PATCH 41/42] Bump dependencies from IS_dependency_updater_github_action/7357668441 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 70d4733c627..af6cfc24859 100755 --- a/pom.xml +++ b/pom.xml @@ -2242,7 +2242,7 @@ - 5.25.639 + 5.25.640 [5.14.67, 6.0.0] From 5479da67228a1a19b255eee6771e94e46d9faf6b Mon Sep 17 00:00:00 2001 From: jenkins-is-staging Date: Mon, 1 Jan 2024 16:22:34 +0000 Subject: [PATCH 42/42] Bump dependencies from IS_dependency_updater_github_action/7378140794 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index af6cfc24859..1f78cf015cf 100755 --- a/pom.xml +++ b/pom.xml @@ -2264,7 +2264,7 @@ 5.11.30 - 6.11.232 + 6.11.233 5.9.5 5.10.20 5.7.4