Would there be any security issues in persisting the tokens? e.g. if someone got hold of them?
Paul On 25 June 2013 09:31, Suresh Attanayaka <[email protected]> wrote: > Hi, > > On Tue, Jun 25, 2013 at 1:50 PM, Prabath Siriwardena <[email protected]>wrote: > >> No we do not AFAIK.. >> >> Why do you think we need to persist..? >> > > I'm not saying we should persist them, but if we can have at > least extensions to handle those tokens then we can use the information in > the tokens in various cases. For example to create user accounts if the IDP > is a third party (a form of user provisioning) or even in the case of ID > Token generation in OpenID Connect. I assume now we discard the SAML token > after the access token is generated. > > Thanks, > -Suresh > >> >> Thanks & regards, >> -Prabath >> >> >> On Tue, Jun 25, 2013 at 1:48 PM, Suresh Attanayaka <[email protected]>wrote: >> >>> Hi, >>> >>> Do we persist those SAML2 tokens or do we have extension points to >>> handle these tokens ? >>> >>> Thanks, >>> -Suresh >>> >>> -- >>> Suresh Attanayake >>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>> Blog : http://sureshatt.blogspot.com/ >>> Web : http://www.ssoarcade.com/ >>> Facebook : https://www.facebook.com/IdentityWorld >>> Twitter : https://twitter.com/sureshatt >>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>> Mobile : +94755012060 >>> Mobile : +01-616-617-1172 >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > Suresh Attanayake > Senior Software Engineer; WSO2 Inc. http://wso2.com/ > Blog : http://sureshatt.blogspot.com/ > Web : http://www.ssoarcade.com/ > Facebook : https://www.facebook.com/IdentityWorld > Twitter : https://twitter.com/sureshatt > LinkedIn : http://lk.linkedin.com/in/sureshatt > Mobile : +94755012060 > Mobile : +01-616-617-1172 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo [email protected] wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
