wso2 / identity-apps Goto Github PK

Affected - wso2is 5.10 m8

Expected outcome: The user portal should support for offset.

Describe the bug
Multiple requests to the Gravatar API endpoint is sent with no email hash appended (null).

To Reproduce
Steps to reproduce the behavior:

1. Log in using a user account and observe the console.

Expected behavior
The gravatar request should only be sent once, ideally. If there is no gravatar image associated with the first email, only then additional requests should be sent iteratively until a gravatar image is found for an email address.
Screenshots

Affected IAM version : 5.10 m9
Identity -app version : 0.1.152-SNAPSHOT
Type: Improvement
Severity: Medium
Priority: High

Description
After filling in all the data and clicking on the "Register", it will move to an empty page.

Expected improvement :
it is better if we can display a conformation message box
EX: Confirmation link has been sent to your email

Affected version:
wso2is: wso2is-5.10.0-alpha3-SNAPSHOT
Identity -app: 0.9.11-SNAPSHOT

Describe the bug

1. Initially, Log in with a user who has permission to view operations(e.g admin),
   and initiate a new user account association but that user has only the login permission.
2. switch between associated user account that user has only the login permission.
3. again switch to the initial user who has permission to view operations(e.g admin)
   Issue: the application does not display the "operations" in the left side but ser who has permission to view operations (e.g admin),

Screenshots:
Initially, Log in with a user who has permission to view operations(e.g admin),

2. switch between associated user account that user has only the login permission.
   

3. switch to the initial user who has permission to view operations(e.g admin)
   

Description

User able to Register user and will get email confirmation message without checking "Privacy Policy" checkbox

Scenario: Self user registration -> Create New Account (https://localhost:9443/accountrecoveryendpoint/signup.do)

Step to reproduce:
Enter all required fields, and try to click Register without checking "I hereby confirm that I have read and understood the Privacy Policy"

Describe the bug
From the user-portal, we can associate users who do not have login permission. Then when we try to switch to that user, user-portal goes to the logout page.

Expected behavior
The current behavior is somewhat ok, but we can improve the experience in the following ways,

• Do not allow the association of the user accounts which do not have login permission?
• Since the permission later can be removed, during the switch time if the required scopes did not get returned, switch back to the previous account showing a warning message?

Describe the bug
Footer is overlapping the App content body content.

To Reproduce
Steps to reproduce the behavior:

1. Open the admin portal.
2. Scroll down to the end of the page
3. Will see overlap of the footer

Expected behavior
Shouldn't overlap the Body content.

Desktop (please complete the following information):

• MacOS Catelina
• Chrome
• 79.0.3945.117

Describe the bug
$subject. Built a product on top of wso2/product-is@d0302d0.

To Reproduce
Steps to reproduce the behavior:

1. Create two idps.
2. Edit "User Portal" service provider. Click on "Local & Outbound Authentication Configuration" section. Click on "Advanced Configuration" option button.
3. Add created two idps as login options.
4. Click update.
5. Try to login to user portal SP.

If you add basic authentication in step 3 above, it would looks like following,

To Reproduce
Steps to reproduce the behavior:

1. Login to management console, click edit on User Portal SP. Expand Local & Outbound Authentication Configuration section and click on Advanced Configuration option button.
2. Click on Add Authentication Step and select identifier-first from the Local Authenticators section and click on Add Authenticator button.
3. Click on Add Authentication Step again and select basic from the Local Authenticators section and click on Add Authenticator button.
4. Click on update to save Advanced Authentication Configurations and click update on the next page to save all changes to the 'Service Provider`
5. Try to login to the User Portal.
6. It will show following page,

Expected behavior
Issue 1: Type user name and click on continue. It will ended up with an error page,

TID: [-1234] [authenticationendpoint] [2019-12-15 19:46:12,418] [04aa31ab-e829-4624-af3f-86a415e6a718] ERROR {org.wso2.carbon.identity.application.authentication.endpoint.util.AuthContextAPIClient} - Sending GET request to URL : https://localhost:9443/api/identity/auth/v1.1/context/48f11a36-6f64-4a59-b53a-ca4ba8ee0dc1failed. java.io.IOException: Server returned HTTP response code: 401 for URL: https://localhost:9443/api/identity/auth/v1.1/context/48f11a36-6f64-4a59-b53a-ca4ba8ee0dc1
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.AuthContextAPIClient.getContextProperties(AuthContextAPIClient.java:69)
	at org.apache.jsp.login_jsp._jspService(login_jsp.java:374)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:179)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

TID: [-1234] [authenticationendpoint] [2019-12-15 19:46:12,427] [04aa31ab-e829-4624-af3f-86a415e6a718] ERROR {org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/authenticationendpoint].[oauth2_login.do]} - Servlet.service() for servlet [oauth2_login.do] threw exception java.lang.NullPointerException
	at org.apache.jsp.login_jsp._jspService(login_jsp.java:377)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:179)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

TID: [-1234] [authenticationendpoint] [2019-12-15 19:46:12,480] [04aa31ab-e829-4624-af3f-86a415e6a718] ERROR {org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/authenticationendpoint].[default]} - Servlet.service() for servlet [default] in context with path [/authenticationendpoint] threw exception [An exception occurred processing [login.jsp] at line [106]

103:         String contextProperties = AuthContextAPIClient.getContextProperties(authAPIURL);
104:         Gson gson = new Gson();
105:         Map<String, Object> parameters = gson.fromJson(contextProperties, Map.class);
106:         username = (String) parameters.get("username");
107:     }
108: %>
109: 


Stacktrace:] with root cause java.lang.NullPointerException
	at org.apache.jsp.login_jsp._jspService(login_jsp.java:377)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
	at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:179)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

Issue 2: In the identifier first step, type username and press enter. It's redirect user to registration page.

Is your feature request related to a problem? Please describe.
The label of the claims in the profile page don/t support translation.

Describe the solution you'd like
Since the profile page obtains the label to be displayed for claims from the displayName attribute of the schema attributes, translated versions of the display names should be available to support localization.

Affected version: wso2is-5.10.m7 (DEV)

Description
If there are no filers, Applications page shows that "No results found"

Affected Version:
-IAM version: 5.10 m9

• Identity -app version - 0.1.152-SNAPSHOT

• Type: Bug
  -Severity: Medium

• Priority : High

Description
The consent page does not redirect to the home page when clicking on cancel.

Tested Environment:

• OS: macOS
• Browser Chrome, Firefox

Affected Version:
-IAM version: 5.10 m9
-Identity -app version - 0.1.152-SNAPSHOT
-Type: Bug
-Severity: Medium
-Priority: High

Description
Appearing both Error and success messages when revoking consent- user portal

Screenshot attached:

Describe the bug
When SCIM not enabled for the user-store user-portal goes to an inconsistent state after the login.

To Reproduce
Steps to reproduce the behavior:

1. Create a secondary user-store.
2. Create a user and add the required roles.
3. Login to the user-portal.
4. We can see the inconsistent state as in the screenshot.

Expected behavior
The user-portal should relay on the id_token for user attributes and disable any features which use the SCIM.

Screenshots

Note below image, User Portal app showing in the application list page.

Affected product version: wso2is-5.10.0-alpha2-SNAPSHOT
Identity -App: 0.9.8-SNAPSHOT

Description
Unable to view Personal Infor: when user creates via SCIM 2.0

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Response :
{"emails":
[
{"type":"work","value":"[email protected]"},{"type":"home","value":"[email protected]"}
],
"meta":{"created":"2020-01-10T16:24:15.279577Z","location":"https://localhost:9443/scim2/Users/fcd8c49a-1fb4-4ae8-a41a-60026fe26117","lastModified":"2020-01-10T16:24:15.279577Z","resourceType":"User"},
"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"roles":[
{"type":"default","value":"Internal/everyone"}
],
"name":{
"givenName":"kim",
"familyName":"jackson"
},
"id":"fcd8c49a-1fb4-4ae8-a41a-60026fe26117","userName":"kim"
}

followed document : https://is.docs.wso2.com/en/5.9.0/develop/using-the-scim-2.0-rest-apis/#post-create-user

Screenshot:

Please follow the attached document: ( issues are highlighted)

https://docs.google.com/document/d/17WeJPSUOzDf8kf8woSNZmKZxqVmQ1MPfu2xzYr74f_A/edit

Affected Version:
-IAM version: 5.10 m9
-Identity -app version - 0.1.152-SNAPSHOT
-Type: Bug
-Severity: Medium
-Priority : High

**Description **

Either user created with mobile number, via management console or
the mobile number updated via user portal, it is not updated in the "Complete your profile"->"optional fields completed" section

Test Environment

• OS: Mac OS
• Browser Chrome, Firefox

Affected version: is_5 10 m9, -Identity -app version - 0.1.152-SNAPSHOT

Description
Default user Profile (management console) claims are not synced with Personal info-> user profile claims.

**
management console, by using wso2 http://wso2.org/claims, but in user profile get claims through scim dialect, so this may be the cause of this issue.

Note the below image,

When there are mix of applications,

• Ones that have a description and
• Ones that doesn't have description

it can see following issues,

1. Recent Application section has an inconsistency with the size of tiles
2. All Application section also has the same consistency as above which is only visible when hover over the mouse pointer on different applications
3. Description is not properly showing in the application listing. Have to revisit on how to show the description in there.
4. In All Application section, in applications that does not have descriptions, the application name seems to be more positioned towards the top, compared to ones that have the descriptions.

Test environment :
Affected IS version: wso2is-5.10.0-alpha2-SNAPSHOT
Browser: Google chrome

Describe the bug

In the user portal, sessions can be terminated by extending the corresponding session description and clicking on the Terminate button or by clicking on Terminate All button from the user sessions section in the security page. Once either action is performed the sessions list is not getting updated.

To Reproduce
Steps to reproduce the behavior:

1. Go to security page in the user portal and navigate to the Active user sessions section.
2. Click on any session's show more button.
3. Scroll down to the Danger zone and click on the Terminate button.

Expected behavior

The details section should get retracted and the sessions list should be updated. The terminated session should not be on the list.

Screenshots

Desktop

• OS: macOS version 10.14
• Browser: Google Chrome
• Version 78.0.3904

Affected Version: wso2is-5.10.0-alpha2-SNAPSHOT, identity app- 0.9.8-SNAPSHOT

Please refer screenshot :

Describe the bug
As the SaaS application option is getting removed, tenant wise support for user-portal has to be implemented.

Refer the image below,

characters in other languages not showing properly.

Note the text WSO2 Identity Server © 2019 in the left side of footer, it also have weird charactor.

Affected version :
wso2is-5.10.0-m10-SNAPSHOT
identity app - 0.1.167-SNAPSHOT

Describe the bug
If you log in using non-admin user security page is not loading properly

To Reproduce
Steps to reproduce the behavior:

1. Sign in using non-admin user
2. Go to the security page

Expected behavior
Flow should work without any issues

Screenshots

Describe the bug
npm audit report will give a moderate security vulnerability for the webpack plugin uglifyjs-webpack-plugin which has an outdated dependency serialize-javascript in it's dependency list.

Vulnerability Report

To Reproduce
Steps to reproduce the behavior:

1. Go to the root of ìdentity-app` repository.
2. Run command npm audit to get the report.

Expected behavior
The npm audit command shouldn't have any vulnerabilities listed.

Screenshots

Desktop (please complete the following information):

• OS: MacOs Catelina
• Browser: N/A
• Version: N/A

Is your feature request related to a problem? Please describe.

Tried SMS OTP flow where I have basic authenticator as the step 1 and SMS OTP IDP as the step 2.

Step-1 basic login page looks like this,

while the step-2 SMS OTP page looks like this,

Cannot have disconnected UX, hence as the first iteration it should have all the OOTB shipped endpoints to use same styling pattern.

As of 5.10.0-m9, following endpoints are available OOTB.

accountrecoveryendpoint
authenticationendpoint
emailotpauthenticationendpoint
smsotpauthenticationendpoint
totpauthenticationendpoint
user-portal
x509certificateauthenticationendpoint

Then should have a plan to update all other endpoints that product supports.

Product IS: wso2is-5.10.0-m3
Priority: Medium
Severity : Low

Describe the bug
Links to "profile data" JSON downloads the file twice.

Expected behavior
It should only do once.

Desktop (please complete the following information):

• OS: Mac OS, Windows-Server-2016-standard-64bit
• Browser: Google Chrome-Version 78.0.3904.70, Firefox 70.0 (64-bit)

Describe the bug
UI Issue after minimizing the Browser

Screenshot attached:

Test Environment

• Product IS : wso2is-5.10.0-m4
• Browser : Safari- Version 13.0.3 (13608.3.10.10.1), Google Chrome Version 78.0.3904.97 (Official Build) (64-bit)

IAM Product : wso2is-5.10.0-m3
Priority : Low
Severity : Low

Describe the bug
When click on the "Logout" button, error logs are displayed in Firefox browser console

To Reproduce
Steps to reproduce the behavior:

1. Login with proper credentials
2. Scroll down to. 'user-dropdown'
3. Click on 'Logout' button
4. See error in console

Expected behavior
User should successfully logout without any error.

Screenshots

• OS: Mac OS , Windows-Server-2016-standard-64bit
• Browser Firefox 70.0 (64-bit) & 70.0.1 (64-bit

Describe the bug

Claims are get translated in the Profile page though,

Additionally, lets get URL and other possible claims also translated by default. So if anyone enabled supported by default for OOTB claims shipped in the product, usability be intact.

Environment
A product-is m10-snapshot pack with identity-apps: 0.1.149.

Affected : wso2is-5.10.0-m6
Description
There is no option to remove Linked account- user portal
personal-info→Linked accounts

Expected behavior
There should be an ability to remove proffered linked account

Describe the bug
If the email address is not set when refreshing, portal is not working as expected.

To Reproduce
Steps to reproduce the behavior:

1. Go to security menu
2. Refresh the page

Expected behavior
Page should be refreshed

Screenshots
Following is the console log

Please refer:
wso2-product-is wso2/product-is#7425

Description

1. All the Tasks authorized to a particular Role/user, will not be listed on the grid ("Operations → Pending approvals"), when added more than 50 user tasks for the workflow. even there are no pagination to view all tasks.

2. Only the added task at the end is shown

Type: BUG
Severity : High
Priority : High

Steps to reproduce the behavior:

1. Add more than 50 user tasks for the workflow
2. Navigate to user portal → Operations → Pending approvals

Test Environment :

• OS: Mac OS
• Browser Safari- Version 13.0.3 (13608.3.10.10.1), Google Chrome Version 78.0.3904.97 (Official Build) (64-bit), Firefox 70.0.1 (64-bit)

Describe the bug
$subject. Refer below image,

To Reproduce
Steps to reproduce the behavior:
Built a pack on wso2/product-is@e0c67d6 updating identity-apps version as 0.1.166

1. Login to management console.
2. Mark User Portal SP as discoverable.
3. Login to user-portal and click on Applications menu.
4. It does not have any applications.

Describe the bug
Mobile claim showing a Incomplete Claim even it have a value.

To Reproduce
Steps to reproduce the behavior:

1. Login to user portal
2. Fill all profile attributes. See below image,

3. Go to overview page. It shows Mobile claim as Incomplete Claim

Environment
A product-is m10-snapshot pack with identity-apps: 0.1.149.

Description
User Poratal
Scenario: Create New Account (https://localhost:9443/accountrecoveryendpoint/signup.do)

It is better required/mandatory fields are marked with * against the field, then the user can easily identify required/mandatory fields.

Type/BUG
Affected/5.10.0
Severity/Major
Priority/High

Screenshots attached
Response comparing

SCIM 2.0 REST API
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Affected version: is_5 10 m9, -Identity -app version - 0.1.152-SNAPSHOT
-Type: Bug
-Severity: Low
-Priority: High

Description
Even user sets challenge questions, consent, but those details are missing in user-profile.json

But we already mentioned in an Export profile grid,
"Download all your profile data including personal data, security questions, and consents"

Affected IS version: wso2is-5.10.0-alpha2-SNAPSHOT
Identity App: 0.9.8-SNAPSHOT

Description
Scenario: self user registration
Even password does not match with Confirm password, user can successfully register.

Step to reproduced:
Enable Self User Registration - Identity Providers > Resident and expand the Account Management Policies section.(management Console)
2. Click on "Create Account" in user portal
3. Add proper user name and click on Proceed to self Register
4. Fill fields which required, in "Create New Account" section
5. enter that, Password != Confirm password
6. Click Register

Application allow user to continue, process even password != conform password

Tested version: identity-app: 0.9.17-SNAPSHOT
Describe the bug

1. Login as admin/ admin by selecting "Remember me on this computer" option
2. sign out
3. enter password as "admin"

Issue: "Remember me" is not working in user portal

Need to look in how this can be implemented in a secure manner.

Tested Environment: wso2is m8 DEV mode

Please refer attached screenshots :

Issue 1:

Issue 2:
Select, "Select All" then it will only select the particular checkbox.

Issue3:
Asterisk (*) symbol which uses for identity mandatory fields should be red color.

Issue 4 : Environment -windows 2016 server, Google chrome browser
When click on "Continue" without selecting any radio button

Describe the bug
Some characters in Application Name get stripped off from the below in the Applications view in the user portal.

To Reproduce
Steps to reproduce the behavior:

1. Create a service provide with the name Google Drive and mark it as discoverable app.
2. Login to user portal and got to the Application view.

This issue observed with both Firefox and Safari, but not with Chrome.

Expected behavior
Application name should be showed without stripping out characters in edges.

Screenshots

Note the letter 'g' got stripped off in the bottom.

Desktop (please complete the following information):

• OS: iOS
• Browser: Firefox 71.0 (64-bit) (Have the issue)
• Browser: Safari 13.0 (14608.1.49) (Have the issue)
• Browser: Chrome 78.0.3904.108 (Don't have the issue)

When login to the user profile with valid user credentials, "Profile information" are not populated properly.
Priority : High
Severity : High

Affected Product version: wso2is-5.10.0-m3
Tested Environment:
Browser- Google chrome Version 78.0.3904.70 , Firefox 69.0.1 (64-bit),68.0.2 (64-bit), Opera mini, Microsoft Edge-Version 78.0.276.20, Safari

Database:MySQL 5.7, H2
User Store- JDBC, LDAP

OS- Mac OS, Windows Server 2016

Microsoft Edge

Opera mini

Fire fox

Tested Environment: wso2is m8, Dev mode,
Browsers: Google-Version 78.0.3904.108 (Official Build) (64-bit) and Firefox 70.0.1 (64-bit)

Description
Getting an error, when trying to add a biometric device via User portal
"Error occurred while retrieving the device"

:9443/api/users/v1/me/webauthn/start-registration?appId=https:%2F%2Flocalhost:9000:1 GET https://localhost:9443/api/users/v1/me/webauthn/start-registration?appId=https:%2F%2Flocalhost:9000 500

Added below in identity.xml j2
"

{{fido.webauthn.enable}}


{% for origin in fido.trusted.origins %}
{{origin}}
https://localhost:9000/
https://localhost
{% endfor %}


"

Description
Step to reproduce:
Forgot password use case Login screen user portal
Initially, Management Console

1. Configure the email configurations in deployment.toml
   [output_adapter.email]
   from_address= "<email_address>"
   username=""
   password=""

2. Click on Resident found under the Identity Providers section on the Main tab of the management console.

3. Expand the Account Management Policies tab, then the Account Recovery tab and select the Enable Notification Based Password Recovery.

In User portal,
Click on the Forgot password link and enter a non-existing user name, select the "Recover with Email" option and submit it.

Then, the Application display an invalid confirmation message

Please refer screenshots :
1.

Expected Behaviour: if the user enters the non-existing or invalid or deleted user name then there should be a display validation message for “Invalid username” or “User not exist.”

Additional context
But there is proper Error log is displaying in wso2carbon log

ERROR {org.wso2.carbon.identity.recovery.endpoint.impl.RecoverPasswordApiServiceImpl} - Unable to find an user with username: Nonexistentuser in the system.

There are some language mistakes containing WSO2 IDENTITY SERVER - COOKIE POLICY page.

Sent PR- https://github.com/wso2/identity-apps/pull/180/files