great
On Mon, Sep 23, 2013 at 5:57 PM, Dulanja Liyanage <[email protected]> wrote: > Hi Nuwan, > > IS already has IdentitySAMLSSOConfigService for that purpose. > > Thanks & Regards, > Dulanja > > > On Mon, Sep 23, 2013 at 5:47 PM, Nuwan Bandara <[email protected]> wrote: > >> Hi Dulanja >> >> >> On Mon, Sep 23, 2013 at 5:43 PM, Dulanja Liyanage <[email protected]>wrote: >> >>> Hi All, >>> >>> AFAIK, AF and UES products are currently using the 'sso-idp-config.xml' >>> file to store the SAML SSO Service Provider (SP) configurations. The main >>> purpose of that is to write SP configuration *once* and use it for all >>> the tenants. This removes the burden of adding the *same set* of SPs >>> for each Tenant via the IdP UI. >>> >>> However, the downsides of this is, when a new feature/option is added to >>> the Identity Server's SP registration page, this file should be >>> *also*changed and the file read logic should be modified accordingly. To >>> avoid >>> this, we are looking at the possibility of removing the usage of that file >>> - allowing changes to be incorporated with minimum effort. >>> >>> One plausible way is to always save the tenant-shared configurations via >>> the SP registration UI of the Super Admin. Since sso-idp-config.xml is also >>> configured by the Super Admin, there shouldn't be any harm doing this. >>> >>> So, to validate the SP when a SAML request comes for a tenant user, code >>> logic should first check tenant's own configurations in his registry, and >>> if no relevant SP is found (by using the issuer ID), then check Super >>> Admin's configuration from the registry for the shared SPs. >>> >>> But, what if Super Admin wants to maintain a set of SPs only for his >>> users. (i.e non-shareable SPs) ? >>> >>> To cater this, we can introduce a new option to SP registration UI to >>> specify whether a particular SP is shared or not. >>> >>> This would be the first step of improving the tenant story in SAML SSO. >>> Appreciate your ideas on this. >>> >> >> +1, for the idea, please provide a service to register SPs, because not >> always we use the mgt-console UI to register new SPs. >> >> Regards, >> /Nuwan >> >> >>> >>> Thanks & Regards, >>> Dulanja >>> >>> -- >>> Dulanja Liyanage >>> Senior Software Engineer - WSO2 Inc. >>> M: +94776764717 >>> >> >> >> >> -- >> *Thanks & Regards, >> >> Nuwan Bandara >> Technical Lead; **WSO2 Inc. * >> *lean . enterprise . middleware | http://wso2.com * >> *blog : http://nuwanbando.com; email: [email protected]; phone: +94 11 214 >> 5345 >> * >> <http://www.nuwanbando.com/> >> > > > > -- > Dulanja Liyanage > Senior Software Engineer - WSO2 Inc. > M: +94776764717 > -- *Thanks & Regards, Nuwan Bandara Technical Lead; **WSO2 Inc. * *lean . enterprise . middleware | http://wso2.com * *blog : http://nuwanbando.com; email: [email protected]; phone: +94 11 214 5345 * <http://www.nuwanbando.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
