On Tue, Apr 5, 2011 at 3:20 PM, Thilina Buddhika <[email protected]> wrote:
> > > On Tue, Apr 5, 2011 at 3:52 AM, Amila Suriarachchi <[email protected]> wrote: > >> >> >> On Mon, Apr 4, 2011 at 11:04 PM, Thilina Buddhika <[email protected]>wrote: >> >>> Hi Amila, >>> >>> On Mon, Apr 4, 2011 at 9:40 PM, Amila Suriarachchi <[email protected]>wrote: >>> >>>> >>>> On Mon, Apr 4, 2011 at 1:15 PM, Thilina Buddhika <[email protected]>wrote: >>>> >>>>> This is a sample configuration of the authenticators.xml. >>>>> >>>>> It contains a list of authenticator elements where each of them >>>>> describes a different authenticator. Attribute "name" is a mandatory attr >>>>> which is used to identify each of the authenticator. It is possible to >>>>> disable an installed authenticator. The optional attribute "disabled" is >>>>> used for that purpose and it defaults to 'false' if not >>>>> mentioned specifically. >>>>> >>>>> Each authenticator has a priority level, which is used in runtime to >>>>> identify the authenticator with the highest priority which can handle a >>>>> particular authentication request. >>>>> >>>> >>>> How this implementation happen? When a request received by any carbon >>>> product does that goes through a this authenticates in the give order and >>>> will authenticate with the relevant hander and that sets the user name? >>>> >>> >>> When there is an authentication request (these authenticators are only >>> for login to the management console) it picks the authenticator with the >>> highest priority who can handle that particular request from the set of >>> enabled authenticators. There is a method in the CarbonUIAuthenticator >>> interface to identify whether a particular request can be handled by a given >>> authenticator. >>> >> >> Then this file should be named as ManagementConsoleAuthentictors or some >> thing which clearly describes its functionality. Otherwise people will >> confuse this as a normal service authenticator. >> > > How about mgt-console-authenticators.xml ? > +1. thanks, Amila. > > Thanks, > Thilina > > >> >> thanks, >> Amila. >> >>> >>> >>> >>>> >>>>> 'Config' element is used for the authenticator specific configurations. >>>>> These configurations are given as parameter elements. >>>>> >>>>> <Authenticators xmlns=" >>>>> http://wso2.org/projects/carbon/authenticators.xml";> >>>>> >>>>> <!-- Authenticator Configurations for TokenUIAuthenticator --> >>>>> <Authenticator name="TokenUIAuthenticator" disabled="true"> >>>>> <priority>5</priority> >>>>> </Authenticator> >>>>> >>>>> <!-- Authenticator Configurations for SAML2SSOAuthenticator --> >>>>> <Authenticator name="SAML2SSOAuthenticator"> >>>>> <priority>10</priority> >>>>> <config> >>>>> <parameter >>>>> name="LoginPage">/carbon/admin/login.jsp</parameter> >>>>> <parameter >>>>> name="ServiceProviderID">carbonServer</parameter> >>>>> >>>> >>>> is this a specification requirement? instead of this can't we pass the >>>> Assersion consumer url? in that case IS can simply send the response to >>>> that >>>> url and there is no need to configure the serviceProviderID separately at >>>> IS. >>>> >>> >>> According to the SAML2 Web Browser SSO Specification, this issuer ID is a >>> mandatory element. It is sent as the <Issuer> element in the Authentication >>> Request. Assertion Consumer URL is optional. >>> >>> Apart from that requirement, there are some other reasons which enforces >>> the pre-registration of relying parties at the IS end like the certificates >>> to be used for signature validation, custom logout pages, etc. >>> >>> Thanks, >>> Thilina >>> >>> >>>> >>>> -- >>> Thilina Buddhika >>> Senior Software Engineer >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >> >> > > > -- > Thilina Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
