Hi Nuwan, IS already has IdentitySAMLSSOConfigService for that purpose.
Thanks & Regards, Dulanja On Mon, Sep 23, 2013 at 5:47 PM, Nuwan Bandara <[email protected]> wrote: > Hi Dulanja > > > On Mon, Sep 23, 2013 at 5:43 PM, Dulanja Liyanage <[email protected]>wrote: > >> Hi All, >> >> AFAIK, AF and UES products are currently using the 'sso-idp-config.xml' >> file to store the SAML SSO Service Provider (SP) configurations. The main >> purpose of that is to write SP configuration *once* and use it for all >> the tenants. This removes the burden of adding the *same set* of SPs for >> each Tenant via the IdP UI. >> >> However, the downsides of this is, when a new feature/option is added to >> the Identity Server's SP registration page, this file should be >> *also*changed and the file read logic should be modified accordingly. To >> avoid >> this, we are looking at the possibility of removing the usage of that file >> - allowing changes to be incorporated with minimum effort. >> >> One plausible way is to always save the tenant-shared configurations via >> the SP registration UI of the Super Admin. Since sso-idp-config.xml is also >> configured by the Super Admin, there shouldn't be any harm doing this. >> >> So, to validate the SP when a SAML request comes for a tenant user, code >> logic should first check tenant's own configurations in his registry, and >> if no relevant SP is found (by using the issuer ID), then check Super >> Admin's configuration from the registry for the shared SPs. >> >> But, what if Super Admin wants to maintain a set of SPs only for his >> users. (i.e non-shareable SPs) ? >> >> To cater this, we can introduce a new option to SP registration UI to >> specify whether a particular SP is shared or not. >> >> This would be the first step of improving the tenant story in SAML SSO. >> Appreciate your ideas on this. >> > > +1, for the idea, please provide a service to register SPs, because not > always we use the mgt-console UI to register new SPs. > > Regards, > /Nuwan > > >> >> Thanks & Regards, >> Dulanja >> >> -- >> Dulanja Liyanage >> Senior Software Engineer - WSO2 Inc. >> M: +94776764717 >> > > > > -- > *Thanks & Regards, > > Nuwan Bandara > Technical Lead; **WSO2 Inc. * > *lean . enterprise . middleware | http://wso2.com * > *blog : http://nuwanbando.com; email: [email protected]; phone: +94 11 214 > 5345 > * > <http://www.nuwanbando.com/> > -- Dulanja Liyanage Senior Software Engineer - WSO2 Inc. M: +94776764717
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
