Hi Malintha, Based on my understanding these configs are applicable only if WSO2 IS/KM is configured as external IDP(If the external IDP is a 3rd party IDP, sending authorization request with locally registered client details won't work). It was not apparent by looking at the configuration naming. In that case, we need to document it or else for better the config name should reflect that fact, otherwise, it will confuse users.
Thanks, Ajanthan. On Mon, Jan 6, 2020 at 10:50 PM Malintha Amarasinghe <[email protected]> wrote: > Hi, > > Currently, we do not support $subject and we always use the local IDP as > the login/logout URLs (/authorize and /oidc/logout). In normal cases, this > works without issues. But when it comes to configuring federated login with > facebook, google etc, it is required to use IS (IS as KM) as the > intermediate IDP which has the required authenticators to support > facebook/google logins. In those cases, we need to point the local IDP to > the IS/KM and the IS/KM points to Facebook as a federated login. But this > flow has unnecessary one additional hop caused by the local IDP. > > As a solution, we plan to support externalizing the IDP URL (used for > /authorize and /oidc/logout). > > [image: image.png] > > The plan is to introduce new configs as below: > > *api-manager.xml* > > {% if apim.idp is defined %} > <IdentityProvider> > <!-- Server URL of the Identity Provider used for login/logout > operations in API Publisher and API Developer Portal --> > > <AuthorizeEndpoint>{{apim.idp.authorize_endpoint}}</AuthorizeEndpoint> > <OIDCLogoutEndpoint>{{apim.idp.oidc_logout_endpoint}}</OIDCLogoutEndpoint> > > </IdentityProvider> > {% endif %} > > *deployment.toml* > > #[api.idp] > #authorize_endpoint = "https://localhost:9444/oauth2/authorize"; > #oidc_logout_endpoint = "https://localhost:9444/oidc/logout"; > > By default, the server will use the local IDP for login/logout. Only, if > the above URLs are configured, they will be used instead of the default > ones. > > Thoughts are highly appreciated. > > Thanks! > Malintha > > -- > Malintha Amarasinghe > *WSO2, Inc. - lean | enterprise | middleware* > http://wso2.com/ > > Mobile : +94 712383306 > -- Ajanthan Senior Lead Solutions Engineer; WSO2, Inc.; http://wso2.com/ email: ajanthan <http://goog_595075977>@wso2.com; cell: +1 425 919 8630 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
