On Tue, Feb 7, 2017 at 5:59 PM, Isuru Haththotuwa <[email protected]> wrote:
> Hi Johann, > > On Tue, Feb 7, 2017 at 3:36 PM, Johann Nallathamby <[email protected]> > wrote: > >> >> >> On Tue, Feb 7, 2017 at 2:36 PM, Dulanja Liyanage <[email protected]> >> wrote: >> >>> SPs and IdPs represent real world entities. For example, if the IdP >>> supports multiple authentication mechanisms, we should represent it in a >>> single IdP config with multiple authenticators. Else, you will have to >>> duplicate metadata of that IdP. >>> >> We were trying to find why someone would need to configure multiple >> protocols for an IDP. Ideally protocol should be independent from what user >> is going to communicate with the IDP. Even though IDP represents a real >> world entity, in the real world one SP should not need to use multiple >> protocols when communicating with one IDP. >> > Wouldn't there be valid usecases where one authenticator uses one protocol > for an IDP, an another authenticator uses a different protocol for the same > IDP? In such a case, support for multiple outbound authenticators for a > single IDP will reduce the coupling between SPs and IDPs further IMHO. > It is not clear what you are trying to say. Actually one SP use one outbound authenticator in a given time. Can you explain little more about your thought, may be valid use case. Sorry for asking again, because i couldn't realize what you suggested. > >>> On 7 Feb 2017 2:19 p.m., "Darshana Gunawardana" <[email protected]> >>> wrote: >>> >>> Hi Harsha, >>> >>> It make sense to have that in some cases like "SAML 2.0 bearer grant" in >>> OAuth flow. Same SP application which used Identity Server with SAML 2.0 >>> web sso (which requires inbound saml config) also need to get access tokens >>> (which requires inbound oauth config). >>> >>> >> This seems to be valid as of the current architecture we have in IS >> 5.3.0, because we don't treat OAuth2 specially, but we consider that also >> as an inbound authenticator, although OAuth2 is not an authentication >> protocol. >> >> >>> Thanks, >>> >>> On Tue, Feb 7, 2017 at 2:07 PM, Harsha Thirimanna <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> In current IS 5.3.0 design, we can configure multiple inbound >>>> authenticator for one SP and multiple outbound authenticator for one IDP. >>>> Since we are representing one application from one SP, do we need to allow >>>> to create multiple inbound authenticator for one SP ? >>>> And same as what would be the advantages of having multiple outbound >>>> authenticator for one IDP config ? >>>> >>>> >>>> WDYT ? >>>> >>>> *Harsha Thirimanna* >>>> *Associate Tech Lead | WSO2* >>>> >>>> Email: [email protected] >>>> Mob: +94715186770 <+94%2071%20518%206770> >>>> Blog: http://harshathirimanna.blogspot.com/ >>>> Twitter: http://twitter.com/harshathirimann >>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>> rsha-thirimanna/10/ab8/122 >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: [email protected] <[email protected]>* >>> *Mobile: +94718566859 <071%20856%206859>*Lean . Enterprise . Middleware >>> >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks and Regards, > > Isuru H. > +94 716 358 048 <+94%2071%20635%208048>* <http://wso2.com/>* > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
