Hi, On Wed, Jul 18, 2018 at 6:47 AM Indunil Upeksha Rathnayake <[email protected]> wrote:
> Hi, > > In WSO2 Identity Server, we are planning to include Service Provider > Template Support which will be exposed a way to create service providers > with pre-configured and reusable templates. There will be several business > use cases for this and following is an example. > > - In API subscription of APIM, an OAuth service provider will be > created, but with only the SP basic information and OAuth inbound > configurations. > > > - If we need to include claim configurations, authentication > configurations etc, those should be added manually from management console. > > > - If there are multiple service providers with same configurations, it > will be a huge burden (ex: every SP in a tenant should be authenticated > with TOTP as the second step). > > > - With the use of DCR endpoint and SP template support, a template > with the necessary pre-configured values can be used when creating the SP. > > > > Please find the following approach which will be taken to achieve this > requirement. > > Service providers can be added in IS, using following ways and we will be > including the template support for those as follows. > > 1. From management console > 2. Using admin services > 3. Using DCR endpoint > > *SP templates from Management Console* > > SP templates can be added from the management console where templates will > be with a set of properties of SP, which can be pre-configured (ex: SP name > cannot be pre-configured which will be unique for each SP. So eventhough > it's configured in the template, when loading the template it should not be > considered). Template name and a description has to be provided when > creating a template. > > A default SP template for a tenant can be added from management console > which will be named as "default". > Would it be a good idea to create a default service provider template for a tenant during the tenant creation using a template file(in the conf folder)? > > *Store SP Templates in Database* > > The configured SP templates will be stored in database table, which is > with following database schema. > > > > Template name needs to be unique. So we need to have a unique constraint for tenant_id and name combination. > *Template selection in SP creation* > > User can select a specific SP template when creating a SP. In SP creation, > SP configurations will be populated with the pre-configured details in the > selected template and empty fields for other configurations. > What are the exact service provider configurations which will be supported by the template? > > In the authentication steps, if the specified IDP in the template is not > exists, pop up an error message in UI mentioning that this is an invalid > template and send appropriate error message in DCR. > Is there a way to recover the template if it is invalid, maybe removing invalid elements from it? > > *Template selection in DCR endpoint* > > DCR endpoint will be invoked with template name as a custom client > metadata parameter(i.e. "sp_template"). Based on that the corresponding > template will be selected for SP creation. > > If template with that name is not exists, will be using the tenant default > template and if the tenant default template is not exists, will be using > the global authentication sequence configuration in > application-authentication.xml. > Instead of using the default template, don't we need to send an error response back? As the "sp_template" input parameter is invalid? > > > Highly appreciate your thoughts and suggestions over the suggested > approach. > > > Thanks and Regards > -- > Indunil Upeksha Rathnayake > Senior Software Engineer | WSO2 Inc > Email [email protected] > Mobile 0772182255 > Thanks, Thanuja -- *Thanuja Lakmal* Associate Technical Lead WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
