Hi Nila/Ruwan, On Mon, May 21, 2018 at 6:42 PM Ruwan Abeykoon <[email protected]> wrote:
> Hi Nilashini, > > > On Mon, May 21, 2018 at 6:27 PM, Nilasini Thirunavukkarasu < > [email protected]> wrote: > >> Hi, >> >> I am going to introduce following APIs for script-based conditional >> authentication. >> >> 1. lockUserAccount(user) >> >> - locks the user account. Only the admin can unlock the account >> >> *Example:- *If the user A has logged in from a different country, then >> User A's account can be locked using the above function. >> >> >> 2. enableUserAccount(user) >> >> - When the user account is in disable state admin can enable the user >> account using the above function. >> >> If this needs to be called by Admin only, then there is no use of this > function in conditional authentication flow. > Conditional authentication happens in the context of the user who is being > authenticated or re-authenticated. > > +1, Enable/Disable user accounts are supposed to be done by admins manually. Since we already provide the lock function which provides same behaviour from user's POV, we can skip this one. > > > >> 3. getLocalUser(user,idp) >> >> - Get the local user. If it is a federation login, check whether the >> federated user is associated with a local user. If there is a user >> association then return the associated local user, if not return null. >> - Parameters:- user - federated user, idp - federated identity >> provider >> >> *Example:- *UserA has an association in IS with his Facebook account. >> If the UserA logs in from facebook, his associated local account can be >> retrieved using above function. >> > Let's return the same user here, in case the user is already a local user. > >> >> 4. associateUserAccount(localuser, fuser, fidp) >> >> - Associate the local user with the federated user. >> - Parameters:- fuser - federated user, fidp - federated identity >> provider >> >> *Example:- *If the user A has two accounts, an account in IS and an >> account on Facebook. We can use above function with the >> two-step authentication to associate those two accounts automatically. >> >> >> Any suggestions would be appreciated. >> >> Thanks, >> Nila. >> >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : [email protected] >> Mobile : +94775241823 >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> > > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > > -- *Pulasthi Mahawithana* Associate Technical Lead WSO2 Inc., http://wso2.com/ Mobile: +94-71-5179022 Blog: https://medium.com/@pulasthi7/ <https://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
