On Fri, Feb 3, 2017 at 1:01 PM, Nuwandi Wickramasinghe <[email protected]> wrote:
> Hi, > > Shall we implement $subject for next release? > > The requirement to define mandatory claims for JIT provisioning and prompt > for the missing claims at the user login time was raised in [1] by Asela. > It is possible in IS 5.3.0 with PostAuthenticationHandler extension point. > But there's no proper place to define mandatory claims for JIT provisioning > in UI. So in order to define mandatory claims, we will have to use service > provider claim configuration. This is not a good approach since the Service > Provider mandatory claims are defined to send mandatory claims to the SP > side. It does not make sense to define other claims as mandatory there. > Also, in this case we will have to configure these claims in every SP > separately whenever those SPs use a particular IdP which has JIT > provisioning configured. (Assuming there are mandatory claims for > provisioned local profile) > > IMO these claims should be able to be defined from Identity Provider side > when we enable JIT for federated authenticators. WDYT?\ > +1 This is a basic requirement of JIT. User must be allowed to change IDP federated claims or provide additional required claims. Claims uris must be configurable in IDP side. Please try to implement this for IS 6.0.0. > > [1] "Identity Server 5.3.0 New Feature - Prompt for missing predefined > user attributes in the authentication flow" architecture@ > > thanks > Nuwandi > -- > > Best Regards, > > Nuwandi Wickramasinghe > > Software Engineer > > WSO2 Inc. > > Web : http://wso2.com > > Mobile : 0719214873 > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
