Hi, Shall we implement $subject for next release?
The requirement to define mandatory claims for JIT provisioning and prompt for the missing claims at the user login time was raised in [1] by Asela. It is possible in IS 5.3.0 with PostAuthenticationHandler extension point. But there's no proper place to define mandatory claims for JIT provisioning in UI. So in order to define mandatory claims, we will have to use service provider claim configuration. This is not a good approach since the Service Provider mandatory claims are defined to send mandatory claims to the SP side. It does not make sense to define other claims as mandatory there. Also, in this case we will have to configure these claims in every SP separately whenever those SPs use a particular IdP which has JIT provisioning configured. (Assuming there are mandatory claims for provisioned local profile) IMO these claims should be able to be defined from Identity Provider side when we enable JIT for federated authenticators. WDYT? [1] "Identity Server 5.3.0 New Feature - Prompt for missing predefined user attributes in the authentication flow" architecture@ thanks Nuwandi -- Best Regards, Nuwandi Wickramasinghe Software Engineer WSO2 Inc. Web : http://wso2.com Mobile : 0719214873
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
