Hi, In WSO2 Identity Server, we are planning to include Service Provider Template Support which will be exposed a way to create service providers with pre-configured and reusable templates. There will be several business use cases for this and following is an example.
- In API subscription of APIM, an OAuth service provider will be created, but with only the SP basic information and OAuth inbound configurations. - If we need to include claim configurations, authentication configurations etc, those should be added manually from management console. - If there are multiple service providers with same configurations, it will be a huge burden (ex: every SP in a tenant should be authenticated with TOTP as the second step). - With the use of DCR endpoint and SP template support, a template with the necessary pre-configured values can be used when creating the SP. Please find the following approach which will be taken to achieve this requirement. Service providers can be added in IS, using following ways and we will be including the template support for those as follows. 1. From management console 2. Using admin services 3. Using DCR endpoint *SP templates from Management Console* SP templates can be added from the management console where templates will be with a set of properties of SP, which can be pre-configured (ex: SP name cannot be pre-configured which will be unique for each SP. So eventhough it's configured in the template, when loading the template it should not be considered). Template name and a description has to be provided when creating a template. A default SP template for a tenant can be added from management console which will be named as "default". *Store SP Templates in Database* The configured SP templates will be stored in database table, which is with following database schema. *Template selection in SP creation* User can select a specific SP template when creating a SP. In SP creation, SP configurations will be populated with the pre-configured details in the selected template and empty fields for other configurations. In the authentication steps, if the specified IDP in the template is not exists, pop up an error message in UI mentioning that this is an invalid template and send appropriate error message in DCR. *Template selection in DCR endpoint* DCR endpoint will be invoked with template name as a custom client metadata parameter(i.e. "sp_template"). Based on that the corresponding template will be selected for SP creation. If template with that name is not exists, will be using the tenant default template and if the tenant default template is not exists, will be using the global authentication sequence configuration in application-authentication.xml. Highly appreciate your thoughts and suggestions over the suggested approach. Thanks and Regards -- Indunil Upeksha Rathnayake Senior Software Engineer | WSO2 Inc Email [email protected] Mobile 0772182255
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
