Hi Prabath, On Mon, Sep 21, 2015 at 8:25 PM, Prabath Siriwardena <[email protected]> wrote:
> > > On Mon, Sep 21, 2015 at 12:49 AM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi Prabath, >> >> On Mon, Sep 21, 2015 at 12:09 PM, Prabath Siriwardena <[email protected]> >> wrote: >> >>> It looks like from the architecture, whether its a dumb or smart is a >>> decision made at the SCIM level, not at the provisioning framework level.. >>> Is that right..? >>> >> Yes. >> With the current implementation provisioning framework engages in >> outbound provisioning only (Works as outbound provisioning framework). In >> that case each Inbound provisioning connector has to decide for each SP >> configurations whether it works in dumb mode or in smart mode. >> And this is only available for SCIM provisioning as It was implemented >> from IS 4.6.0 onwards. >> > > This we need to fix. That decision has to be made by the provisioning > framework - not by the individual provisioning connector... > Yes thats true. In that case all in bound provisioning has to be done through provisioning framework ( Via SOAP, SCIM and JIT). But current implementation, it directly invoke the CarbonUserManager, and there are set of UserOperation Event listeners Who engaged in this flow. In that case I think it need more time with design and API changes with inbound provisioning which is better to implement in future release. Until that comes I think this implementation is ok. WDYT ? > Thanks & regards, > -Prabath > > >> >>> Also - I could not find the 'Enable Dumb Mode' option in alpha... >>> >> Yes this UI option is not yet merged. >> >> >> Thanks, >> Ishara >> >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Sun, Sep 20, 2015 at 10:33 PM, Gayan Gunawardana <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> In WSO2IS 4.6.0 for SCIM, both inbound and outbound provisioning >>>> handled by SCIM provider components. At that time SCIM supported for both >>>> Smart and Dumb mode identity provisioning. >>>> >>>> In WSO2IS 5.0.0 with the introduction of provisioning framework, >>>> outbound provisioning was handled by provisioning framework with the >>>> support of provisioning connectors. But this dumb mode capability did not >>>> move to provisioning framework or SCIM outbound connector. >>>> >>>> [IDENTITY-3495] We did a refactoring on SCIM provider for WSO2IS 5.1.0 >>>> and removed dumb mode implementation from SCIM provider. And here we are >>>> going to merge that capability to provisioning framework. >>>> >>>> >>>> Smart Mode SCIM Outbound Provisioning (Green Colour flaw ) >>>> >>>> In smart mode SCIMUserManager invokes CarbonUserManager to do user >>>> operations and meantime DefaultInboundUserProvisioningListener will be >>>> fired. DefaultInboundUserProvisioningListener invoke OutboundProvisioning >>>> Manager to get list of associated provisioning connectors (Salesforce, >>>> Google, SCIM) and execute provisioning via connectors. In this case all >>>> SCIM inbound requests deal with Internal user stores as well as send >>>> provisions request to outside as well. >>>> >>>> Dumb Mode SCIM Outbound Provisioning >>>> >>>> Dumb mode provisioning is useful if there is a requirement to send >>>> provisioning request to only outside (via provisioning connectors like >>>> Salesforce, Google, SCIM) without store them where WSO2IS act as a >>>> provisioning hub. In this case SCIMUserManager directly talk to >>>> OutboundProvisioningManager to execute provisioning via provisioning >>>> connectors. >>>> >>>> >>>> >>>> [image: dumb.png] >>>> >>>> >>>> Service provider vise we can configure whether it operate in dumb mode >>>> or smart mode. >>>> >>>> >>>> >>>> [image: Screen Shot 2015-09-20 at 9.13.05 AM.png] >>>> >>>> >>>> And in Hub identity server keep track of all identities in connected >>>> IDPs with a unique ID specific to each IDP (SCIM_ID, username etc), IDP >>>> name, Local unique id, Local user name. >>>> >>>> For both smart mode and dumb mode we keep this data which will help us >>>> to implement a distributed user view of the user in future. >>>> >>>> >>>> -- >>>> Gayan Gunawardana >>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>> Email: [email protected] >>>> Mobile: +94 (71) 8020933 >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> Ishara Karunarathna >> Senior Software Engineer >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Ishara Karunarathna Senior Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
