On Mon, Apr 4, 2011 at 11:04 PM, Thilina Buddhika <[email protected]> wrote:
> Hi Amila, > > On Mon, Apr 4, 2011 at 9:40 PM, Amila Suriarachchi <[email protected]> wrote: > >> >> On Mon, Apr 4, 2011 at 1:15 PM, Thilina Buddhika <[email protected]>wrote: >> >>> This is a sample configuration of the authenticators.xml. >>> >>> It contains a list of authenticator elements where each of them describes >>> a different authenticator. Attribute "name" is a mandatory attr which is >>> used to identify each of the authenticator. It is possible to disable an >>> installed authenticator. The optional attribute "disabled" is used for that >>> purpose and it defaults to 'false' if not mentioned specifically. >>> >>> Each authenticator has a priority level, which is used in runtime to >>> identify the authenticator with the highest priority which can handle a >>> particular authentication request. >>> >> >> How this implementation happen? When a request received by any carbon >> product does that goes through a this authenticates in the give order and >> will authenticate with the relevant hander and that sets the user name? >> > > When there is an authentication request (these authenticators are only for > login to the management console) it picks the authenticator with the highest > priority who can handle that particular request from the set of enabled > authenticators. There is a method in the CarbonUIAuthenticator interface to > identify whether a particular request can be handled by a given > authenticator. > Then this file should be named as ManagementConsoleAuthentictors or some thing which clearly describes its functionality. Otherwise people will confuse this as a normal service authenticator. thanks, Amila. > > > >> >>> 'Config' element is used for the authenticator specific configurations. >>> These configurations are given as parameter elements. >>> >>> <Authenticators xmlns=" >>> http://wso2.org/projects/carbon/authenticators.xml";> >>> >>> <!-- Authenticator Configurations for TokenUIAuthenticator --> >>> <Authenticator name="TokenUIAuthenticator" disabled="true"> >>> <priority>5</priority> >>> </Authenticator> >>> >>> <!-- Authenticator Configurations for SAML2SSOAuthenticator --> >>> <Authenticator name="SAML2SSOAuthenticator"> >>> <priority>10</priority> >>> <config> >>> <parameter >>> name="LoginPage">/carbon/admin/login.jsp</parameter> >>> <parameter name="ServiceProviderID">carbonServer</parameter> >>> >> >> is this a specification requirement? instead of this can't we pass the >> Assersion consumer url? in that case IS can simply send the response to that >> url and there is no need to configure the serviceProviderID separately at >> IS. >> > > According to the SAML2 Web Browser SSO Specification, this issuer ID is a > mandatory element. It is sent as the <Issuer> element in the Authentication > Request. Assertion Consumer URL is optional. > > Apart from that requirement, there are some other reasons which enforces > the pre-registration of relying parties at the IS end like the certificates > to be used for signature validation, custom logout pages, etc. > > Thanks, > Thilina > > >> >> -- > Thilina Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
