HI Venura, SAML Response would not be available for every subsequent requests though the user is successfully authenticated. Best way would be to check the session ID, and have a map for the authenticated session and the username. This way, you do not need to know how the user was authenticated, it can be SAML, OAuth or OpenID.
And if the app is configured in a such a way that do not require authentication, then throttling should be done as for anonymous user. If the app requires authentication and the request doesn't have an authenticated session, user should be redirected to the IDP. Thanks, -Suresh On Tue, Feb 11, 2014 at 12:33 PM, Venura Kahawala <[email protected]> wrote: > Hi, > > One way of doing this is based on the authentication mechanism. For > example, a web application publisher can decide what is the authentication > mechanism that is going to be used for the web application. Let's take SAML > as an example [1]. With the subject of the saml response, user can be > identified and can apply the throttling. If the web application publisher > decides that the web app need not to be authenticated, then user based > throttling is not applicable. > > Please share your thoughts. > > [1] > https://docs.google.com/a/wso2.com/drawings/d/1yYe6n17sBGhegEyu8aym-C44gsZEkfsZDR3ZUTzj38k/edit?usp=sharing > > Regards, > Venura > > > > On Mon, Feb 10, 2014 at 10:05 PM, Venura Kahawala <[email protected]> wrote: > >> Hi Suresh, >> >> I meant the user, not the web browser. >> >> Regards, >> Venura >> >> >> On Mon, Feb 10, 2014 at 9:56 PM, Suresh Attanayaka <[email protected]>wrote: >> >>> Hi Venura, >>> >>> I'm confused, are we going to throttle based on User or Client or both ? >>> I assume a client is a web browser. >>> >>> Thanks, >>> -Suresh >>> >>> >>> On Mon, Feb 10, 2014 at 6:58 PM, Venura Kahawala <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> As you may be already aware 'App manager' is capable of providing a >>>> gateway for web applications. Web Apps can be registered in the publisher >>>> and can be published to the store so the users can subscribe and consume >>>> web applications. >>>> >>>> Currently we are in the stage of implementing throttling for the >>>> gateway. This is a bit different from API Manager since, consumer/ client >>>> of the web application is not capable of sending a unique identifier to the >>>> gateway (In AM this unique identifier is OAuth token which is given for a >>>> client application). This is because, client should be able to type the >>>> gateway URL in the browser and access the web app. >>>> >>>> We need to identify the client who is calling the gateway and throttle >>>> based on the client. >>>> >>>> Any ideas on this are most welcome. >>>> >>>> Regards, >>>> Venura >>>> >>>> -- >>>> Senior Software Engineer >>>> >>>> Mobile: +94 71 82 300 20 >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Suresh Attanayake >>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>> Blog : http://sureshatt.blogspot.com/ >>> Web : http://www.ssoarcade.com/ >>> Facebook : https://www.facebook.com/IdentityWorld >>> Twitter : https://twitter.com/sureshatt >>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>> Mobile : +94755012060 >>> Mobile : +016166171172 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Senior Software Engineer >> >> Mobile: +94 71 82 300 20 >> >> > > > -- > Senior Software Engineer > > Mobile: +94 71 82 300 20 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Suresh Attanayake Senior Software Engineer; WSO2 Inc. http://wso2.com/ Blog : http://sureshatt.blogspot.com/ Web : http://www.ssoarcade.com/ Facebook : https://www.facebook.com/IdentityWorld Twitter : https://twitter.com/sureshatt LinkedIn : http://lk.linkedin.com/in/sureshatt Mobile : +94755012060 Mobile : +016166171172
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
