On Tue, Apr 5, 2011 at 3:52 AM, Amila Suriarachchi <[email protected]> wrote:
> > > On Mon, Apr 4, 2011 at 11:04 PM, Thilina Buddhika <[email protected]>wrote: > >> Hi Amila, >> >> On Mon, Apr 4, 2011 at 9:40 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> On Mon, Apr 4, 2011 at 1:15 PM, Thilina Buddhika <[email protected]>wrote: >>> >>>> This is a sample configuration of the authenticators.xml. >>>> >>>> It contains a list of authenticator elements where each of them >>>> describes a different authenticator. Attribute "name" is a mandatory attr >>>> which is used to identify each of the authenticator. It is possible to >>>> disable an installed authenticator. The optional attribute "disabled" is >>>> used for that purpose and it defaults to 'false' if not >>>> mentioned specifically. >>>> >>>> Each authenticator has a priority level, which is used in runtime to >>>> identify the authenticator with the highest priority which can handle a >>>> particular authentication request. >>>> >>> >>> How this implementation happen? When a request received by any carbon >>> product does that goes through a this authenticates in the give order and >>> will authenticate with the relevant hander and that sets the user name? >>> >> >> When there is an authentication request (these authenticators are only for >> login to the management console) it picks the authenticator with the highest >> priority who can handle that particular request from the set of enabled >> authenticators. There is a method in the CarbonUIAuthenticator interface to >> identify whether a particular request can be handled by a given >> authenticator. >> > > Then this file should be named as ManagementConsoleAuthentictors or some > thing which clearly describes its functionality. Otherwise people will > confuse this as a normal service authenticator. > How about mgt-console-authenticators.xml ? Thanks, Thilina > > thanks, > Amila. > >> >> >> >>> >>>> 'Config' element is used for the authenticator specific configurations. >>>> These configurations are given as parameter elements. >>>> >>>> <Authenticators xmlns=" >>>> http://wso2.org/projects/carbon/authenticators.xml";> >>>> >>>> <!-- Authenticator Configurations for TokenUIAuthenticator --> >>>> <Authenticator name="TokenUIAuthenticator" disabled="true"> >>>> <priority>5</priority> >>>> </Authenticator> >>>> >>>> <!-- Authenticator Configurations for SAML2SSOAuthenticator --> >>>> <Authenticator name="SAML2SSOAuthenticator"> >>>> <priority>10</priority> >>>> <config> >>>> <parameter >>>> name="LoginPage">/carbon/admin/login.jsp</parameter> >>>> <parameter name="ServiceProviderID">carbonServer</parameter> >>>> >>> >>> is this a specification requirement? instead of this can't we pass the >>> Assersion consumer url? in that case IS can simply send the response to that >>> url and there is no need to configure the serviceProviderID separately at >>> IS. >>> >> >> According to the SAML2 Web Browser SSO Specification, this issuer ID is a >> mandatory element. It is sent as the <Issuer> element in the Authentication >> Request. Assertion Consumer URL is optional. >> >> Apart from that requirement, there are some other reasons which enforces >> the pre-registration of relying parties at the IS end like the certificates >> to be used for signature validation, custom logout pages, etc. >> >> Thanks, >> Thilina >> >> >>> >>> -- >> Thilina Buddhika >> Senior Software Engineer >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> > > -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
