Hi, Task breakdown and time-line for the SP template support implementation is in [1]. There are few design level changes, which were discussed during the initial review and included those in the time-line which will be consider further after completing the milestone1.
As per the milestone1, following tasks will be completed. - UI to add/list/delete SP templates - Store the SP templates - SP template selection and loading in SP creation - UI to export SP templates - DCR endpoint to support SP templates - Unit/Integration Tests and Documentation [1] https://docs.google.com/spreadsheets/d/1zOfJCPIs4ZDl6rGzhmA9mAM5E5Qhxm1Ozef2ON6rhR0/edit?usp=sharing Thanks and Regards On Wed, Aug 1, 2018 at 10:18 AM, Indunil Upeksha Rathnayake < [email protected]> wrote: > Hi, > > Thanks for the feedback. Please find the inline comments. > > On Wed, Jul 18, 2018 at 9:58 AM, Thanuja Jayasinghe <[email protected]> > wrote: > >> Hi, >> On Wed, Jul 18, 2018 at 6:47 AM Indunil Upeksha Rathnayake < >> [email protected]> wrote: >> >>> Hi, >>> >>> In WSO2 Identity Server, we are planning to include Service Provider >>> Template Support which will be exposed a way to create service providers >>> with pre-configured and reusable templates. There will be several business >>> use cases for this and following is an example. >>> >>> - In API subscription of APIM, an OAuth service provider will be >>> created, but with only the SP basic information and OAuth inbound >>> configurations. >>> >>> >>> - If we need to include claim configurations, authentication >>> configurations etc, those should be added manually from management >>> console. >>> >>> >>> - If there are multiple service providers with same configurations, >>> it will be a huge burden (ex: every SP in a tenant should be >>> authenticated >>> with TOTP as the second step). >>> >>> >>> - With the use of DCR endpoint and SP template support, a template >>> with the necessary pre-configured values can be used when creating the >>> SP. >>> >>> >>> >>> Please find the following approach which will be taken to achieve this >>> requirement. >>> >>> Service providers can be added in IS, using following ways and we will >>> be including the template support for those as follows. >>> >>> 1. From management console >>> 2. Using admin services >>> 3. Using DCR endpoint >>> >>> *SP templates from Management Console* >>> >>> SP templates can be added from the management console where templates >>> will be with a set of properties of SP, which can be pre-configured (ex: SP >>> name cannot be pre-configured which will be unique for each SP. So >>> eventhough it's configured in the template, when loading the template it >>> should not be considered). Template name and a description has to be >>> provided when creating a template. >>> >>> A default SP template for a tenant can be added from management console >>> which will be named as "default". >>> >> >> Would it be a good idea to create a default service provider template for >> a tenant during the tenant creation using a template file(in the conf >> folder)? >> > > In this stage, we have decided not to do this. Instead of allow creating > the default template from management console with the name "default". > > >> >> >>> >>> *Store SP Templates in Database* >>> >>> The configured SP templates will be stored in database table, which is >>> with following database schema. >>> >>> >>> >>> >> Template name needs to be unique. So we need to have a unique constraint >> for tenant_id and name combination. >> >> >>> *Template selection in SP creation* >>> >>> User can select a specific SP template when creating a SP. In SP >>> creation, SP configurations will be populated with the pre-configured >>> details in the selected template and empty fields for other configurations. >>> >> >> What are the exact service provider configurations which will be >> supported by the template? >> > > As per the initial stage, we are not considering the inbound auth > configurations and all the other SP configurations will be considered. > > >> >> >>> >>> In the authentication steps, if the specified IDP in the template is not >>> exists, pop up an error message in UI mentioning that this is an invalid >>> template and send appropriate error message in DCR. >>> >> >> Is there a way to recover the template if it is invalid, maybe removing >> invalid elements from it? >> > > Will consider this in the implementation. > > >> >> >>> >>> *Template selection in DCR endpoint* >>> >>> DCR endpoint will be invoked with template name as a custom client >>> metadata parameter(i.e. "sp_template"). Based on that the corresponding >>> template will be selected for SP creation. >>> >>> If template with that name is not exists, will be using the tenant >>> default template and if the tenant default template is not exists, will be >>> using the global authentication sequence configuration in >>> application-authentication.xml. >>> >> >> Instead of using the default template, don't we need to send an error >> response back? As the "sp_template" input parameter is invalid? >> > > Sorry for the confusion. An error response will sent, if the requesting > template is not exists. And if a template is not requested, consider the > tenant wise template, and if that is not exists, select the system wide > template. > > >> >> >> >>> >>> >>> Highly appreciate your thoughts and suggestions over the suggested >>> approach. >>> >>> >>> Thanks and Regards >>> -- >>> Indunil Upeksha Rathnayake >>> Senior Software Engineer | WSO2 Inc >>> Email [email protected] >>> Mobile 0772182255 >>> >> >> Thanks, >> Thanuja >> -- >> *Thanuja Lakmal* >> Associate Technical Lead >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 >> > > > > -- > Indunil Upeksha Rathnayake > Senior Software Engineer | WSO2 Inc > Email [email protected] > Mobile 0772182255 > -- Indunil Upeksha Rathnayake Senior Software Engineer | WSO2 Inc Email [email protected] Mobile 0772182255
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
