+1 Thanks & regards, -Prabath
On Mon, Sep 21, 2015 at 8:46 PM, Ishara Karunarathna <[email protected]> wrote: > Hi Prabath, > > On Mon, Sep 21, 2015 at 8:25 PM, Prabath Siriwardena <[email protected]> > wrote: > >> >> >> On Mon, Sep 21, 2015 at 12:49 AM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi Prabath, >>> >>> On Mon, Sep 21, 2015 at 12:09 PM, Prabath Siriwardena <[email protected]> >>> wrote: >>> >>>> It looks like from the architecture, whether its a dumb or smart is a >>>> decision made at the SCIM level, not at the provisioning framework level.. >>>> Is that right..? >>>> >>> Yes. >>> With the current implementation provisioning framework engages in >>> outbound provisioning only (Works as outbound provisioning framework). In >>> that case each Inbound provisioning connector has to decide for each SP >>> configurations whether it works in dumb mode or in smart mode. >>> And this is only available for SCIM provisioning as It was implemented >>> from IS 4.6.0 onwards. >>> >> >> This we need to fix. That decision has to be made by the provisioning >> framework - not by the individual provisioning connector... >> > Yes thats true. > In that case all in bound provisioning has to be done through provisioning > framework ( Via SOAP, SCIM and JIT). > But current implementation, it directly invoke the CarbonUserManager, and > there are set of UserOperation Event listeners > Who engaged in this flow. > In that case I think it need more time with design and API changes with > inbound provisioning which is better to implement in future > release. > > Until that comes I think this implementation is ok. > WDYT ? > > >> Thanks & regards, >> -Prabath >> >> >>> >>>> Also - I could not find the 'Enable Dumb Mode' option in alpha... >>>> >>> Yes this UI option is not yet merged. >>> >>> >>> Thanks, >>> Ishara >>> >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> On Sun, Sep 20, 2015 at 10:33 PM, Gayan Gunawardana <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> In WSO2IS 4.6.0 for SCIM, both inbound and outbound provisioning >>>>> handled by SCIM provider components. At that time SCIM supported for both >>>>> Smart and Dumb mode identity provisioning. >>>>> >>>>> In WSO2IS 5.0.0 with the introduction of provisioning framework, >>>>> outbound provisioning was handled by provisioning framework with the >>>>> support of provisioning connectors. But this dumb mode capability did not >>>>> move to provisioning framework or SCIM outbound connector. >>>>> >>>>> [IDENTITY-3495] We did a refactoring on SCIM provider for WSO2IS 5.1.0 >>>>> and removed dumb mode implementation from SCIM provider. And here we are >>>>> going to merge that capability to provisioning framework. >>>>> >>>>> >>>>> Smart Mode SCIM Outbound Provisioning (Green Colour flaw ) >>>>> >>>>> In smart mode SCIMUserManager invokes CarbonUserManager to do user >>>>> operations and meantime DefaultInboundUserProvisioningListener will be >>>>> fired. DefaultInboundUserProvisioningListener invoke OutboundProvisioning >>>>> Manager to get list of associated provisioning connectors (Salesforce, >>>>> Google, SCIM) and execute provisioning via connectors. In this case all >>>>> SCIM inbound requests deal with Internal user stores as well as send >>>>> provisions request to outside as well. >>>>> >>>>> Dumb Mode SCIM Outbound Provisioning >>>>> >>>>> Dumb mode provisioning is useful if there is a requirement to send >>>>> provisioning request to only outside (via provisioning connectors like >>>>> Salesforce, Google, SCIM) without store them where WSO2IS act as a >>>>> provisioning hub. In this case SCIMUserManager directly talk to >>>>> OutboundProvisioningManager to execute provisioning via provisioning >>>>> connectors. >>>>> >>>>> >>>>> >>>>> [image: dumb.png] >>>>> >>>>> >>>>> Service provider vise we can configure whether it operate in dumb mode >>>>> or smart mode. >>>>> >>>>> >>>>> >>>>> [image: Screen Shot 2015-09-20 at 9.13.05 AM.png] >>>>> >>>>> >>>>> And in Hub identity server keep track of all identities in connected >>>>> IDPs with a unique ID specific to each IDP (SCIM_ID, username etc), IDP >>>>> name, Local unique id, Local user name. >>>>> >>>>> For both smart mode and dumb mode we keep this data which will help us >>>>> to implement a distributed user view of the user in future. >>>>> >>>>> >>>>> -- >>>>> Gayan Gunawardana >>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>> Email: [email protected] >>>>> Mobile: +94 (71) 8020933 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +1 650 625 7950 >>>> >>>> http://blog.facilelogin.com >>>> http://blog.api-security.org >>>> >>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Senior Software Engineer >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > Ishara Karunarathna > Senior Software Engineer > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
