Hi Johann, On Tue, Feb 7, 2017 at 3:36 PM, Johann Nallathamby <[email protected]> wrote:
> > > On Tue, Feb 7, 2017 at 2:36 PM, Dulanja Liyanage <[email protected]> wrote: > >> SPs and IdPs represent real world entities. For example, if the IdP >> supports multiple authentication mechanisms, we should represent it in a >> single IdP config with multiple authenticators. Else, you will have to >> duplicate metadata of that IdP. >> > We were trying to find why someone would need to configure multiple > protocols for an IDP. Ideally protocol should be independent from what user > is going to communicate with the IDP. Even though IDP represents a real > world entity, in the real world one SP should not need to use multiple > protocols when communicating with one IDP. > Wouldn't there be valid usecases where one authenticator uses one protocol for an IDP, an another authenticator uses a different protocol for the same IDP? In such a case, support for multiple outbound authenticators for a single IDP will reduce the coupling between SPs and IDPs further IMHO. > >> On 7 Feb 2017 2:19 p.m., "Darshana Gunawardana" <[email protected]> >> wrote: >> >> Hi Harsha, >> >> It make sense to have that in some cases like "SAML 2.0 bearer grant" in >> OAuth flow. Same SP application which used Identity Server with SAML 2.0 >> web sso (which requires inbound saml config) also need to get access tokens >> (which requires inbound oauth config). >> >> > This seems to be valid as of the current architecture we have in IS 5.3.0, > because we don't treat OAuth2 specially, but we consider that also as an > inbound authenticator, although OAuth2 is not an authentication protocol. > > >> Thanks, >> >> On Tue, Feb 7, 2017 at 2:07 PM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> Hi All, >>> >>> In current IS 5.3.0 design, we can configure multiple inbound >>> authenticator for one SP and multiple outbound authenticator for one IDP. >>> Since we are representing one application from one SP, do we need to allow >>> to create multiple inbound authenticator for one SP ? >>> And same as what would be the advantages of having multiple outbound >>> authenticator for one IDP config ? >>> >>> >>> WDYT ? >>> >>> *Harsha Thirimanna* >>> *Associate Tech Lead | WSO2* >>> >>> Email: [email protected] >>> Mob: +94715186770 <+94%2071%20518%206770> >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> >> *E-mail: [email protected] <[email protected]>* >> *Mobile: +94718566859 <071%20856%206859>*Lean . Enterprise . Middleware >> >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks and Regards, Isuru H. +94 716 358 048* <http://wso2.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
