Hi Ruwan, The API will have the tenant scope however currently the authenticator configurations needs to be done globally using the application-authentication.xml file. In the future we can provide database support for storing tenant wise authenticator configurations.
On Wed, Mar 18, 2020 at 12:41 PM Ruwan Abeykoon <[email protected]> wrote: > Hi Thanuja, > These API needs to be functional on tenant scope too, and the > "Authenticator" configuration needs to be done per each tenant. > If not we have to add the capability to configure the authentication per > each tenant in future quite soon. > > Cheers, > Ruwan A > > On Wed, Mar 18, 2020 at 12:08 PM Thanuja Jayasinghe <[email protected]> > wrote: > >> Hi Ruwan, >> >> >> On Wed, Mar 18, 2020 at 9:36 AM Ruwan Abeykoon <[email protected]> wrote: >> >>> Hi Sathya, >>> If this is only used for authenticating SOAP calls, then we need not >>> worry about managing it with REST. >>> SOAP services is going to be deprecated in favor of REST API. It is all >>> right to keep file based config and/or SOAP services to manage this. >>> >> >> The purpose of this API is not to provide authentication for SOAP calls, >> rather it is designed to fulfill the following limitations with local >> authenticators and related properties, >> - No API to return basic attributes of a local authenticator (ex: >> whether the basic authenticator is enabled) >> - Can't create and manage multiple instances of a local >> authenticator (ex: If we take Facebook federated authenticator, we can >> create multiple instances with different configurations by creating >> multiple IdPs, but this option is not available for local authenticators.) >> - No API to update server own configurations for authentication, >> etc.(ex: session idle time for the tenant) >> >> As the first step, we are creating this API to get the basic attributes >> of local authenticators and it is essential for the new developer portal. >> >> >>> >>> Also, it is generally not a good idea to have API or Services to change >>> "configs". Configs only to be done via file system. >>> API is needed to change runtime data, in our case (SP, IdP, UserStore, >>> etc) >>> >> >> As this manages local authenticators(in future) and related properties, >> it will be run-time data. But yes, "configs" doesn't seem to be matched >> with the purpose. >> > Highly appreciate your suggestions for the context of this API. We have evaluated following options as well in addition to "configs". - resident - local-identity-provider >> >>> >>> Cheers, >>> Ruwan A >>> >>> >>> On Wed, Mar 18, 2020 at 9:20 AM Sathya Bandara <[email protected]> wrote: >>> >>>> Hi all, >>>> >>>> WSO2 Identity Server currently supports server local authenticator >>>> related operations using SOAP APIs. I'm currently working on introducing a >>>> REST API layer for this purpose in 5.11.0. In the initial phase only GET >>>> operations will be supported in the API level since we do not allow to >>>> add/update local authenticators from the backend OSGi service. >>>> >>>> - API for listing authenticators >>>> >>>> >>>> * api/server/v1/configs/authenticators * >>>> - API to retrieve authenticator by ID >>>> * api/server/v1/configs/authenticators/{authenticator-id}* >>>> >>>> Please find the complete API definition in [1]. >>>> >>>> Furthermore, since currently we do not have a REST API for managing >>>> configurations available under the Resident IDP section e.g. idle session >>>> timeout, going forward, we can introduce new APIs under >>>> api/server/v1/configs context. >>>> >>>> Highly appreciate your valuable suggestions on this. >>>> >>>> [1] https://app.swaggerhub.com/apis/emswbandara/IAM_CONFIGS/0.1.0 >>>> >>>> Thanks, >>>> Sathya >>>> -- >>>> Sathya Bandara >>>> Senior Software Engineer >>>> Blog: https://medium.com/@technospace >>>> WSO2 Inc. http://wso2.com >>>> Mobile: (+94) 715 360 421 >>>> >>>> <+94%2071%20411%205032> >>>> >>> >>> >>> -- >>> Ruwan Abeykoon | Director/Architect | WSO2 Inc. >>> (w) +947435800 | Email: [email protected] >>> >>> >> Thanks, >> Thanuja >> -- >> *Thanuja Lakmal* >> Technical Lead >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 >> > > > -- > Ruwan Abeykoon | Director/Architect | WSO2 Inc. > (w) +947435800 | Email: [email protected] > > -- Sathya Bandara Senior Software Engineer Blog: https://medium.com/@technospace WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
