On Tue, Jun 25, 2013 at 2:04 PM, Paul Fremantle <[email protected]> wrote:
> Would there be any security issues in persisting the tokens? e.g. if > someone got hold of them? > Yes.. persisting tokens would not be good idea.. we can given an extension to handle the token in any custom manner as Suresh suggested..... Thanks & regards, -Prabath > > Paul > > > On 25 June 2013 09:31, Suresh Attanayaka <[email protected]> wrote: > >> Hi, >> >> On Tue, Jun 25, 2013 at 1:50 PM, Prabath Siriwardena <[email protected]>wrote: >> >>> No we do not AFAIK.. >>> >>> Why do you think we need to persist..? >>> >> >> I'm not saying we should persist them, but if we can have at >> least extensions to handle those tokens then we can use the information in >> the tokens in various cases. For example to create user accounts if the IDP >> is a third party (a form of user provisioning) or even in the case of ID >> Token generation in OpenID Connect. I assume now we discard the SAML token >> after the access token is generated. >> >> Thanks, >> -Suresh >> >>> >>> Thanks & regards, >>> -Prabath >>> >>> >>> On Tue, Jun 25, 2013 at 1:48 PM, Suresh Attanayaka <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> Do we persist those SAML2 tokens or do we have extension points to >>>> handle these tokens ? >>>> >>>> Thanks, >>>> -Suresh >>>> >>>> -- >>>> Suresh Attanayake >>>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>>> Blog : http://sureshatt.blogspot.com/ >>>> Web : http://www.ssoarcade.com/ >>>> Facebook : https://www.facebook.com/IdentityWorld >>>> Twitter : https://twitter.com/sureshatt >>>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>>> Mobile : +94755012060 >>>> Mobile : +01-616-617-1172 >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >> >> >> >> -- >> Suresh Attanayake >> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >> Blog : http://sureshatt.blogspot.com/ >> Web : http://www.ssoarcade.com/ >> Facebook : https://www.facebook.com/IdentityWorld >> Twitter : https://twitter.com/sureshatt >> LinkedIn : http://lk.linkedin.com/in/sureshatt >> Mobile : +94755012060 >> Mobile : +01-616-617-1172 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair, VP, Apache Synapse > > UK: +44 207 096 0336 > US: +1 646 595 7614 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > [email protected] > > wso2.com Lean Enterprise Middleware > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
