+1 for this approach in general... On Thu, Feb 9, 2017 at 12:04 AM, Harsha Thirimanna <[email protected]> wrote:
> Hi All, > > Since we are moving to file base deployment for sp/idp, we have to create > these files using yaml. While doing that we thought to resolve some issues > and generalize the sp/idp files. > As we have now in IS 5.3.0, we configure local authenticator in SP and > federated authenticator in IDP file. > But just to clarify the earlier behaviour in IS 5.x.x versions, no; it's not define local authenticator configs in SP.. rather we associate local authenticators to the SP.. The issue we had was, there is no way to configure local authenticators from the UI.. In IS 5.3.0 we provided a way to generate UI elements to resident IdP section, so someone need, they can write a new local authenticator and configure it from the resident idp.. Basically you propose the same approach for the IS 6.0.0 with the file based configs.. One improvement we can do is, rather than limiting to *idpName* and *authenticatorName* parameters in *authenticatorConfig*, allow it to pass any additional parameters to IdP (from that SP) so we won't ended up with the need of multiple resident idp to adequate different service providers requirements. > But it doesn't make sense to specially treat to the local authenticator in > SP side and we can consider it also as another idp. > We can name it as resident-idp and SP authenticator can point the idp name > when it want to use local one as same as it use federated one. > We can keep other resident identity provider configuration like password > policies, login policies, etc.. in separate config file that is decouple > with the outbound authentication flow. > What about provisioning configurations? where does that configs going to be in.. If the file name going to be *resident-idp* then all the configurations should be in that file when IS acting as a IdP. WDYT? Regards, Darshana. > This will not effect for the existing framework implementation but only > change the user experience that is more cleaner than now. I have attached > the sample sp file, sample idp file and resident idp file with this, it > would be great if i can get more feedbacks about this. > > thanks > > *Harsha Thirimanna* > *Associate Tech Lead | WSO2* > > Email: [email protected] > Mob: +94715186770 <+94%2071%20518%206770> > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > -- Regards, *Darshana Gunawardana*Associate Technical Lead WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
