On Tue, Jan 7, 2020 at 12:20 PM Malintha Amarasinghe <[email protected]>
wrote:
> Hi,
>
> Currently, we do not support $subject and we always use the local IDP as
> the login/logout URLs (/authorize and /oidc/logout). In normal cases, this
> works without issues. But when it comes to configuring federated login with
> facebook, google etc, it is required to use IS (IS as KM) as the
> intermediate IDP which has the required authenticators to support
> facebook/google logins. In those cases, we need to point the local IDP to
> the IS/KM and the IS/KM points to Facebook as a federated login. But this
> flow has unnecessary one additional hop caused by the local IDP.
>
> As a solution, we plan to support externalizing the IDP URL (used for
> /authorize and /oidc/logout).
>
> [image: image.png]
>
> The plan is to introduce new configs as below:
>
> *api-manager.xml*
>
> {% if apim.idp is defined %}
> <IdentityProvider>
> <!-- Server URL of the Identity Provider used for login/logout
> operations in API Publisher and API Developer Portal -->
>
> <AuthorizeEndpoint>{{apim.idp.authorize_endpoint}}</AuthorizeEndpoint>
> <OIDCLogoutEndpoint>{{apim.idp.oidc_logout_endpoint}}</OIDCLogoutEndpoint>
>
> </IdentityProvider>
> {% endif %}
>
> *deployment.toml*
>
> #[api.idp]
> #authorize_endpoint = "https://localhost:9444/oauth2/authorize";
> #oidc_logout_endpoint = "https://localhost:9444/oidc/logout";
>
Token endpoint will be pointed to gateway?
>
> By default, the server will use the local IDP for login/logout. Only, if
> the above URLs are configured, they will be used instead of the default
> ones.
>
> Thoughts are highly appreciated.
>
> Thanks!
> Malintha
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>
--
*Harsha Kumara*
Technical Lead, WSO2 Inc.
Mobile: +94775505618
Email: [email protected]
Blog: harshcreationz.blogspot.com
GET INTEGRATION AGILE
Integration Agility for Digitally Driven Business
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
