On Tue, Jul 17, 2018 at 6:57 PM Johann Nallathamby <[email protected]> wrote:
> Hi Dinali, > > *"IdP initiated SSO"* is something we already support between WSO2 IS and > service providers registered in WSO2 IS. > > The names I can suggest for this feature are: > *1. "IdP initiated inbound federation"* > *2. "Federated IdP initiated SSO"* > +1 for #2 I also confused with the feature title.. "Federated IdP initiated SSO " solution should implicitly be cross protocol, otherwise we haven't implemented that properly. > And I have a question on why we decided to introduce a new inbound > endpoint. > > From SAML PoV, redirecting from the federated IdP to the /samlsso endpoint > of IS with a IdP initiated SSO request and writing a request path > authenticator to validate the SAML or JWT assertion will also work right? > > And in your diagram also as the last step you are anyway initiating > another IdP initiated login request to the /samlsso endpoint if SAML is > selected in the configuration. > > So what I understand is, the intension of introducing a new endpoint is to > make this flow generic for any protocol right? > > That being said, OIDC doesn't anyway have an IdP initiated concept. > OIDC doesn't needed to have separate IdP initiated concept, the authorise request (to federated idp) itself can be used to initiate IdP initiated login for the OIDC flow. SAML does not have this capability and that's why its needed to have separate IdP initiated concept. That doesn't imply, OIDC does not have IdP initiated flows. Thanks, > I am struggling to understanding how this would work with OIDC a service > provider. Would you care to explain? > > Regards, > Johann. > > On Tue, Jul 17, 2018 at 10:18 PM Dinali Dabarera <[email protected]> wrote: > >> Hi Chinthana, >> >> On Tue, Jul 17, 2018 at 10:01 PM Chintana Wilamuna <[email protected]> >> wrote: >> >>> Hi, >>> >>> I'm assuming if there was no tenantId then we default to super tenant? >>> >> >> Yes we can do that. If the response we get does not contain any tenant >> domain, we can consider it as carbon.super. >> >> >> >>> Also can we make the query param of the tenantId configurable? >>> >> >> Do you mean like, provide a configuration to add the tenant domain, >> similar to protocol configuration? >> >> >>> Another change on UI - since we're only supporting SAML and OIDC shall >>> we make this field a drop-down instead of a text field? >>> >> >> It would be nice to see some radio buttons instead of drop dows as we >> have only two options. WDYT ? >> >> >> Thanks! >> Dinali >> >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : [email protected] >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > -- > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile: *+94 77 7776950* > LinkedIn: *http://www.linkedin.com/in/johann-nallathamby > <http://www.linkedin.com/in/johann-nallathamby>* > Medium: *https://medium.com/@johann_nallathamby > <https://medium.com/@johann_nallathamby>* > Twitter: *@dj_nallaa* > -- Regards, *Darshana Gunawardana*Technical Lead WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
