On Wed, Jul 18, 2018 at 7:27 AM, Johann Nallathamby <[email protected]> wrote:
> Hi Dinali, > > *"IdP initiated SSO"* is something we already support between WSO2 IS and > service providers registered in WSO2 IS. > > The names I can suggest for this feature are: > *1. "IdP initiated inbound federation"* > *2. "Federated IdP initiated SSO"* > > And I have a question on why we decided to introduce a new inbound > endpoint. > > From SAML PoV, redirecting from the federated IdP to the /samlsso endpoint > of IS with a IdP initiated SSO request and writing a request path > authenticator to validate the SAML or JWT assertion will also work right? > We do not have to write new request path authenticators. The SAML/OIDC federated authenticator can validate the SAML/OIDC Response if it is available in the initial request handled by the authenticator. So implicitly they will work as request path authenticators as well. > > And in your diagram also as the last step you are anyway initiating > another IdP initiated login request to the /samlsso endpoint if SAML is > selected in the configuration. > > So what I understand is, the intension of introducing a new endpoint is to > make this flow generic for any protocol right? > > That being said, OIDC doesn't anyway have an IdP initiated concept. I am > struggling to understanding how this would work with OIDC a service > provider. Would you care to explain? > > Regards, > Johann. > > On Tue, Jul 17, 2018 at 10:18 PM Dinali Dabarera <[email protected]> wrote: > >> Hi Chinthana, >> >> On Tue, Jul 17, 2018 at 10:01 PM Chintana Wilamuna <[email protected]> >> wrote: >> >>> Hi, >>> >>> I'm assuming if there was no tenantId then we default to super tenant? >>> >> >> Yes we can do that. If the response we get does not contain any tenant >> domain, we can consider it as carbon.super. >> >> >> >>> Also can we make the query param of the tenantId configurable? >>> >> >> Do you mean like, provide a configuration to add the tenant domain, >> similar to protocol configuration? >> >> >>> Another change on UI - since we're only supporting SAML and OIDC shall >>> we make this field a drop-down instead of a text field? >>> >> >> It would be nice to see some radio buttons instead of drop dows as we >> have only two options. WDYT ? >> >> >> Thanks! >> Dinali >> >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : [email protected] >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > -- > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile: *+94 77 7776950* > LinkedIn: *http://www.linkedin.com/in/johann-nallathamby > <http://www.linkedin.com/in/johann-nallathamby>* > Medium: *https://medium.com/@johann_nallathamby > <https://medium.com/@johann_nallathamby>* > Twitter: *@dj_nallaa* > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
