Hi Amila, On Mon, Apr 4, 2011 at 9:40 PM, Amila Suriarachchi <[email protected]> wrote:
> > On Mon, Apr 4, 2011 at 1:15 PM, Thilina Buddhika <[email protected]>wrote: > >> This is a sample configuration of the authenticators.xml. >> >> It contains a list of authenticator elements where each of them describes >> a different authenticator. Attribute "name" is a mandatory attr which is >> used to identify each of the authenticator. It is possible to disable an >> installed authenticator. The optional attribute "disabled" is used for that >> purpose and it defaults to 'false' if not mentioned specifically. >> >> Each authenticator has a priority level, which is used in runtime to >> identify the authenticator with the highest priority which can handle a >> particular authentication request. >> > > How this implementation happen? When a request received by any carbon > product does that goes through a this authenticates in the give order and > will authenticate with the relevant hander and that sets the user name? > When there is an authentication request (these authenticators are only for login to the management console) it picks the authenticator with the highest priority who can handle that particular request from the set of enabled authenticators. There is a method in the CarbonUIAuthenticator interface to identify whether a particular request can be handled by a given authenticator. > >> 'Config' element is used for the authenticator specific configurations. >> These configurations are given as parameter elements. >> >> <Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml >> "> >> >> <!-- Authenticator Configurations for TokenUIAuthenticator --> >> <Authenticator name="TokenUIAuthenticator" disabled="true"> >> <priority>5</priority> >> </Authenticator> >> >> <!-- Authenticator Configurations for SAML2SSOAuthenticator --> >> <Authenticator name="SAML2SSOAuthenticator"> >> <priority>10</priority> >> <config> >> <parameter >> name="LoginPage">/carbon/admin/login.jsp</parameter> >> <parameter name="ServiceProviderID">carbonServer</parameter> >> > > is this a specification requirement? instead of this can't we pass the > Assersion consumer url? in that case IS can simply send the response to that > url and there is no need to configure the serviceProviderID separately at > IS. > According to the SAML2 Web Browser SSO Specification, this issuer ID is a mandatory element. It is sent as the <Issuer> element in the Authentication Request. Assertion Consumer URL is optional. Apart from that requirement, there are some other reasons which enforces the pre-registration of relying parties at the IS end like the certificates to be used for signature validation, custom logout pages, etc. Thanks, Thilina > > -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
