On Wed, Jul 18, 2018 at 12:07 PM Farasath Ahamed <[email protected]> wrote:
> > > On Wed, Jul 18, 2018 at 7:27 AM, Johann Nallathamby <[email protected]> > wrote: > >> Hi Dinali, >> >> *"IdP initiated SSO"* is something we already support between WSO2 IS >> and service providers registered in WSO2 IS. >> >> The names I can suggest for this feature are: >> *1. "IdP initiated inbound federation"* >> *2. "Federated IdP initiated SSO"* >> >> And I have a question on why we decided to introduce a new inbound >> endpoint. >> >> From SAML PoV, redirecting from the federated IdP to the /samlsso >> endpoint of IS with a IdP initiated SSO request and writing a request path >> authenticator to validate the SAML or JWT assertion will also work right? >> > > We do not have to write new request path authenticators. The SAML/OIDC > federated authenticator can validate the SAML/OIDC Response if it is > available in the initial request handled by the authenticator. So > implicitly they will work as request path authenticators as well. > Understood. I think it will be good if we can do the same for other authenticators as well. Then we can engage them in any step, and the sequence doesn't have to be limited to one step. Anyway that's a different conversation. Regards, Johann. > > >> >> And in your diagram also as the last step you are anyway initiating >> another IdP initiated login request to the /samlsso endpoint if SAML is >> selected in the configuration. >> >> So what I understand is, the intension of introducing a new endpoint is >> to make this flow generic for any protocol right? >> >> That being said, OIDC doesn't anyway have an IdP initiated concept. I am >> struggling to understanding how this would work with OIDC a service >> provider. Would you care to explain? >> >> Regards, >> Johann. >> >> On Tue, Jul 17, 2018 at 10:18 PM Dinali Dabarera <[email protected]> wrote: >> >>> Hi Chinthana, >>> >>> On Tue, Jul 17, 2018 at 10:01 PM Chintana Wilamuna <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I'm assuming if there was no tenantId then we default to super tenant? >>>> >>> >>> Yes we can do that. If the response we get does not contain any tenant >>> domain, we can consider it as carbon.super. >>> >>> >>> >>>> Also can we make the query param of the tenantId configurable? >>>> >>> >>> Do you mean like, provide a configuration to add the tenant domain, >>> similar to protocol configuration? >>> >>> >>>> Another change on UI - since we're only supporting SAML and OIDC shall >>>> we make this field a drop-down instead of a text field? >>>> >>> >>> It would be nice to see some radio buttons instead of drop dows as we >>> have only two options. WDYT ? >>> >>> >>> Thanks! >>> Dinali >>> >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Software Engineer >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : [email protected] >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> -- >> >> *Johann Dilantha Nallathamby* >> Senior Lead Solutions Engineer >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile: *+94 77 7776950* >> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >> <http://www.linkedin.com/in/johann-nallathamby>* >> Medium: *https://medium.com/@johann_nallathamby >> <https://medium.com/@johann_nallathamby>* >> Twitter: *@dj_nallaa* >> > > > > -- > Farasath Ahamed > Senior Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https://medium.com/@johann_nallathamby>* Twitter: *@dj_nallaa*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
