Hi Jerad,
On Sat, Jun 9, 2018 at 10:53 AM Jerad Rutnam <je...@wso2.com> wrote:
> Hi Pulasthi,
>
> A minor suggestion on the below configuration part readability.
>
> {authenticationOptions:[
>
> {authenticator:'basic'},
> {idp:'Twitter'},
> {idp:'myIdp', authenticator:'samlsso'}]},
>
> So in the options array first object we have the key "authenticator" with
> the value "basic". And next one just start with the key "idp" with the
> value "Twitter".
> I feel its bit inconsistent WDYT? Can we make it something like below?
>
Sorry for the confusion. As I mentioned in the 'Additional notes' section,
this is a shorthand. If we omit 'idp' it will be considered as the local
IDP, and if we omit authenticator, it will assumed to be the default
authenticator of the given Idp. These were included just to explain those 3
options. By default we'd recommend to use both idp/authenticator
combination as we already do in configuration UI.
>
> {
>
> "authenticationOptions": [
> {
>
> "authenticator": "basic"
>
> },
>
> {
>
> "authenticator": "IDP",
>
> "options": {
>
> "type": "Twitter"
>
> }
>
> },
>
> {
>
> "authenticator": "IDP",
>
> "options": {
>
> "type": "OIDC",
>
> "name": "myIdp",
>
> "method": "samlsso"
>
> }
>
> }
>
> ]
>
> }
>
>
> I'm not sure if the terminology is correct above and correct me if i'm
> wrong. This is just a suggestion by overlook.
>
> Thanks,
>
> --
>
> On Fri, Jun 8, 2018 at 11:13 AM Pulasthi Mahawithana <pulast...@wso2.com>
> wrote:
>
>> Hi,
>>
>> We are planning to provide support for the $subject to cater the
>> requirements where we may need to filter out some options of a step based
>> on some conditions.
>>
>> *Example use case:*
>> We have an authentication step with following options.
>>
>> - Basic authentication
>> - IWA authentication
>>
>> We'll need to show the IWA option only if the user is coming from
>> company's network and from a windows desktop.
>>
>> *Proposed approach:*
>> We'll be changing the 'executeStep' function to accept an optional
>> argument to define pre-conditions for the step. In this precondition
>> section we'll be providing authentication options that need to be made
>> available for the user.
>>
>> executeStep(<id>,<optional_preconditions>,<optional_eventHandlers>)
>>
>> *Examples:*
>>
>> - Execute step without preconditions or event handlers (existing)
>>
>> executeStep(2);
>>
>>
>> - Execute step without preconditions, but with event
>> handlers (existing)
>>
>> executeStep(2, {
>>
>> onSuccess: function(){....},
>> onFail: function(){....}});
>>
>>
>> - Execute step with preconditions and event handlers (proposed)
>>
>> executeStep (2,
>>
>> {authenticationOptions:[
>>
>> {authenticator:'basic'},
>> {idp:'Twitter'},
>> {idp:'myIdp',authenticator:'samlsso'}]},
>>
>> {onSuccess: function(){....}, onFail: function(){....}});
>>
>>
>> In the last example, If we assume that the step 2 is already configured
>> with following options,
>>
>> - Basic authenticator
>> - IWA authenticator
>> - Twitter authenticator (Twitter IDP)
>> - Google authenticator (Google IDP)
>> - OIDC Authenticator (myIdp)
>>
>> The user will only be shown with the basic and twitter options, as the
>> others don't match the authenticationOptions provided in the preconditions.
>>
>> Additional notes:
>>
>> - Authenticators will be specified in the script by the display name
>> instead of the actual authenticator name since it's the display name that
>> is visible to identity admin at the configuration page
>> - If none of the precondition options match any configured options,
>> we'll leave all the options unchanged with a warn log
>> - If 'idp' is omitted in an option it will be assumed as a local
>> authenticator
>> - If 'authenticator' is omitted in an option it will be assumed as
>> the default authenticator of idp
>> - Any precondition steps that are not in the configured options will
>> be ignored.
>> - If 'precondition' parameter is present, 'eventHandler' parameter
>> will be mandatory but can be an empty map.
>>
>> Please let us know of any concerns/suggestions.
>>
>> --
>> *Pulasthi Mahawithana*
>> Associate Technical Lead
>> WSO2 Inc., http://wso2.com/
>> Mobile: +94-71-5179022
>> Blog: https://medium.com/@pulasthi7/
>>
>> <https://wso2.com/signature>
>>
>
>
> --
> *Jerad Rutnam*
> *Senior Software Engineer*
>
> WSO2 Inc.
> lean | enterprise | middleware
> M : +94 77 959 1609 | E : je...@wso2.com | W : www.wso2.com
>
> <https://wso2.com/signature>
>
--
*Pulasthi Mahawithana*
Associate Technical Lead
WSO2 Inc., http://wso2.com/
Mobile: +94-71-5179022
Blog: https://medium.com/@pulasthi7/
<https://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
