On Thu, May 18, 2017 at 12:09 AM, Ishara Karunarathna <isha...@wso2.com> wrote:
> Hi, > > On Wed, May 17, 2017 at 10:14 PM, Prabath Siriwardena <prab...@wso2.com> > wrote: > >> At the moment we can't delete an identity provider, if its associated >> with one or more service providers. >> >> Also - for the user there is no way to find out the associated service >> providers for a given identity provider - without going through each and >> every service provider config. >> >> This is fine (or just okay) if we have 2 or 3 service providers in the >> system - but its not the case today. >> >> Can we provide a feature to force delete an identity provider? If not at >> the UI - at least at the API level.. >> > There are some issues if we delete IDP forcefully. > Ex : As Farasath raised off line how we changed the already configured > authentication flow it its the only authenticator in that flow. > And these authentication steps may be configured according to organization > requirements, So I think there can be issues if we change automatically. > Thats their requirement by deleting the IdP. We need to give them a warning - and probably show the associated IdPs - and then after confirmation delete. > > As I understand the issue. > We configure authentication configuration in each SP. > So If we delete a IDP or authenticator we need to change all SP > configuration. > And in a organization most of the time they will use same authentication > chain in all SPs or there can be few templates. > > My suggestion is. We can define authentication chains and associate those > with SP configurations. > Then it would be easy to manage even there are 100s of SPs. > Yes - reusable steps is something we plan to do in the future. But that change has to wait some time. Even in the same case - if IdP is in multiple chains - still we need to provide the IdP delete functionality - but yes - in that case number of chains would be minimal in practice. Thanks & regards, -Prabath > > In future we are going to Add ACR support for OIDC (We can implement it > for SAML as well), then also we have to came up with pre defined > authentication chains. > > -Ishara > > > >> >> If we agree - can we please prioritize this...? >> >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 <(650)%20625-7950> >> >> http://facilelogin.com >> > > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: > +94717996791 <071%20799%206791> > > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://facilelogin.com
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture