Hi, Thanks for the feedback. Please find the inline comments.
On Wed, Jul 18, 2018 at 9:58 AM, Thanuja Jayasinghe <[email protected]> wrote: > Hi, > On Wed, Jul 18, 2018 at 6:47 AM Indunil Upeksha Rathnayake < > [email protected]> wrote: > >> Hi, >> >> In WSO2 Identity Server, we are planning to include Service Provider >> Template Support which will be exposed a way to create service providers >> with pre-configured and reusable templates. There will be several business >> use cases for this and following is an example. >> >> - In API subscription of APIM, an OAuth service provider will be >> created, but with only the SP basic information and OAuth inbound >> configurations. >> >> >> - If we need to include claim configurations, authentication >> configurations etc, those should be added manually from management >> console. >> >> >> - If there are multiple service providers with same configurations, >> it will be a huge burden (ex: every SP in a tenant should be authenticated >> with TOTP as the second step). >> >> >> - With the use of DCR endpoint and SP template support, a template >> with the necessary pre-configured values can be used when creating the SP. >> >> >> >> Please find the following approach which will be taken to achieve this >> requirement. >> >> Service providers can be added in IS, using following ways and we will be >> including the template support for those as follows. >> >> 1. From management console >> 2. Using admin services >> 3. Using DCR endpoint >> >> *SP templates from Management Console* >> >> SP templates can be added from the management console where templates >> will be with a set of properties of SP, which can be pre-configured (ex: SP >> name cannot be pre-configured which will be unique for each SP. So >> eventhough it's configured in the template, when loading the template it >> should not be considered). Template name and a description has to be >> provided when creating a template. >> >> A default SP template for a tenant can be added from management console >> which will be named as "default". >> > > Would it be a good idea to create a default service provider template for > a tenant during the tenant creation using a template file(in the conf > folder)? > In this stage, we have decided not to do this. Instead of allow creating the default template from management console with the name "default". > > >> >> *Store SP Templates in Database* >> >> The configured SP templates will be stored in database table, which is >> with following database schema. >> >> >> >> > Template name needs to be unique. So we need to have a unique constraint > for tenant_id and name combination. > > >> *Template selection in SP creation* >> >> User can select a specific SP template when creating a SP. In SP >> creation, SP configurations will be populated with the pre-configured >> details in the selected template and empty fields for other configurations. >> > > What are the exact service provider configurations which will be supported > by the template? > As per the initial stage, we are not considering the inbound auth configurations and all the other SP configurations will be considered. > > >> >> In the authentication steps, if the specified IDP in the template is not >> exists, pop up an error message in UI mentioning that this is an invalid >> template and send appropriate error message in DCR. >> > > Is there a way to recover the template if it is invalid, maybe removing > invalid elements from it? > Will consider this in the implementation. > > >> >> *Template selection in DCR endpoint* >> >> DCR endpoint will be invoked with template name as a custom client >> metadata parameter(i.e. "sp_template"). Based on that the corresponding >> template will be selected for SP creation. >> >> If template with that name is not exists, will be using the tenant >> default template and if the tenant default template is not exists, will be >> using the global authentication sequence configuration in >> application-authentication.xml. >> > > Instead of using the default template, don't we need to send an error > response back? As the "sp_template" input parameter is invalid? > Sorry for the confusion. An error response will sent, if the requesting template is not exists. And if a template is not requested, consider the tenant wise template, and if that is not exists, select the system wide template. > > > >> >> >> Highly appreciate your thoughts and suggestions over the suggested >> approach. >> >> >> Thanks and Regards >> -- >> Indunil Upeksha Rathnayake >> Senior Software Engineer | WSO2 Inc >> Email [email protected] >> Mobile 0772182255 >> > > Thanks, > Thanuja > -- > *Thanuja Lakmal* > Associate Technical Lead > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 > -- Indunil Upeksha Rathnayake Senior Software Engineer | WSO2 Inc Email [email protected] Mobile 0772182255
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
