Hi,
We are planning to provide support for the $subject to cater the
requirements where we may need to filter out some options of a step based
on some conditions.
*Example use case:*
We have an authentication step with following options.
- Basic authentication
- IWA authentication
We'll need to show the IWA option only if the user is coming from company's
network and from a windows desktop.
*Proposed approach:*
We'll be changing the 'executeStep' function to accept an optional argument
to define pre-conditions for the step. In this precondition section we'll
be providing authentication options that need to be made available for the
user.
executeStep(<id>,<optional_preconditions>,<optional_eventHandlers>)
*Examples:*
- Execute step without preconditions or event handlers (existing)
executeStep(2);
- Execute step without preconditions, but with event handlers (existing)
executeStep(2, {
onSuccess: function(){....},
onFail: function(){....}});
- Execute step with preconditions and event handlers (proposed)
executeStep (2,
{authenticationOptions:[
{authenticator:'basic'},
{idp:'Twitter'},
{idp:'myIdp',authenticator:'samlsso'}]},
{onSuccess: function(){....}, onFail: function(){....}});
In the last example, If we assume that the step 2 is already configured
with following options,
- Basic authenticator
- IWA authenticator
- Twitter authenticator (Twitter IDP)
- Google authenticator (Google IDP)
- OIDC Authenticator (myIdp)
The user will only be shown with the basic and twitter options, as the
others don't match the authenticationOptions provided in the preconditions.
Additional notes:
- Authenticators will be specified in the script by the display name
instead of the actual authenticator name since it's the display name that
is visible to identity admin at the configuration page
- If none of the precondition options match any configured options,
we'll leave all the options unchanged with a warn log
- If 'idp' is omitted in an option it will be assumed as a local
authenticator
- If 'authenticator' is omitted in an option it will be assumed as the
default authenticator of idp
- Any precondition steps that are not in the configured options will be
ignored.
- If 'precondition' parameter is present, 'eventHandler' parameter will
be mandatory but can be an empty map.
Please let us know of any concerns/suggestions.
--
*Pulasthi Mahawithana*
Associate Technical Lead
WSO2 Inc., http://wso2.com/
Mobile: +94-71-5179022
Blog: https://medium.com/@pulasthi7/
<https://wso2.com/signature>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
