On Sat, Mar 11, 2017 at 8:58 AM, Thanuja Jayasinghe <[email protected]> wrote:
> Hi Johann, > > We use same "claim management" in SP configuration as well. So these > attributes will be available for them also. When it comes to "userid", two > SPs which use same claim configuration can have two different claims. > No. Two SPs can request two different claims as the Subject. But the unique user identifier claim must be specific to the dialect. E.g. SCIM 2.0 defines "userName" as the human-friendly unique identifier for the user. SCIM 2.0 in fact defines the "id" claim also which is a non-human-friendly unique identifier for a user. Although we don't need to support multiple unique identifiers we at least need to support one so that it will be the default subject if user doesn't select any other claim. > > So, to avoid the confusion shall we rename it to something like > "feduserid"? > If we go by my above explanation this is not required. > > Thanks, > > On Mon, Mar 6, 2017 at 3:09 AM, Johann Nallathamby <[email protected]> > wrote: > >> Hi All, >> >> Any foreign dialect that we define using claim management, must have two >> special attributes indicating the "userid" claim and the "role" claim. >> >> "userid" claim is required for use cases like authentication and >> provisioning. "role" claim is needed for role mapping and access control. >> >> In C4 we had this at the IDP configuration level. In C5, since we have >> extracted all the claim configuration from IDP to "claim management", and >> just refer to the dialect alone in IDP configuration, we need to identify >> these two special attributes also in the claim dialect management level. >> This configuration will be fixed for any real IDP. >> >> What are your ideas? >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
