Hi Thanuja, These API needs to be functional on tenant scope too, and the "Authenticator" configuration needs to be done per each tenant. If not we have to add the capability to configure the authentication per each tenant in future quite soon.
Cheers, Ruwan A On Wed, Mar 18, 2020 at 12:08 PM Thanuja Jayasinghe <[email protected]> wrote: > Hi Ruwan, > > > On Wed, Mar 18, 2020 at 9:36 AM Ruwan Abeykoon <[email protected]> wrote: > >> Hi Sathya, >> If this is only used for authenticating SOAP calls, then we need not >> worry about managing it with REST. >> SOAP services is going to be deprecated in favor of REST API. It is all >> right to keep file based config and/or SOAP services to manage this. >> > > The purpose of this API is not to provide authentication for SOAP calls, > rather it is designed to fulfill the following limitations with local > authenticators and related properties, > - No API to return basic attributes of a local authenticator (ex: > whether the basic authenticator is enabled) > - Can't create and manage multiple instances of a local authenticator > (ex: If we take Facebook federated authenticator, we can create multiple > instances with different configurations by creating multiple IdPs, but this > option is not available for local authenticators.) > - No API to update server own configurations for authentication, > etc.(ex: session idle time for the tenant) > > As the first step, we are creating this API to get the basic attributes of > local authenticators and it is essential for the new developer portal. > > >> >> Also, it is generally not a good idea to have API or Services to change >> "configs". Configs only to be done via file system. >> API is needed to change runtime data, in our case (SP, IdP, UserStore, >> etc) >> > > As this manages local authenticators(in future) and related properties, it > will be run-time data. But yes, "configs" doesn't seem to be matched with > the purpose. > > >> >> Cheers, >> Ruwan A >> >> >> On Wed, Mar 18, 2020 at 9:20 AM Sathya Bandara <[email protected]> wrote: >> >>> Hi all, >>> >>> WSO2 Identity Server currently supports server local authenticator >>> related operations using SOAP APIs. I'm currently working on introducing a >>> REST API layer for this purpose in 5.11.0. In the initial phase only GET >>> operations will be supported in the API level since we do not allow to >>> add/update local authenticators from the backend OSGi service. >>> >>> - API for listing authenticators >>> >>> >>> * api/server/v1/configs/authenticators * >>> - API to retrieve authenticator by ID >>> * api/server/v1/configs/authenticators/{authenticator-id}* >>> >>> Please find the complete API definition in [1]. >>> >>> Furthermore, since currently we do not have a REST API for managing >>> configurations available under the Resident IDP section e.g. idle session >>> timeout, going forward, we can introduce new APIs under >>> api/server/v1/configs context. >>> >>> Highly appreciate your valuable suggestions on this. >>> >>> [1] https://app.swaggerhub.com/apis/emswbandara/IAM_CONFIGS/0.1.0 >>> >>> Thanks, >>> Sathya >>> -- >>> Sathya Bandara >>> Senior Software Engineer >>> Blog: https://medium.com/@technospace >>> WSO2 Inc. http://wso2.com >>> Mobile: (+94) 715 360 421 >>> >>> <+94%2071%20411%205032> >>> >> >> >> -- >> Ruwan Abeykoon | Director/Architect | WSO2 Inc. >> (w) +947435800 | Email: [email protected] >> >> > Thanks, > Thanuja > -- > *Thanuja Lakmal* > Technical Lead > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 > -- Ruwan Abeykoon | Director/Architect | WSO2 Inc. (w) +947435800 | Email: [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
