Thank you Pushpalanka ! But there is another clarification needed. What if a user needs to isolate two web apps ? Meaning, what if there 'cannot' be a super user sort of a logging (admin credentials) for two web apps which is secured through a single IS ?
BR *Asok Aravinda Perera* Software Engineer WSO2, Inc.;http://wso2.com/ <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> lean.enterprise.middleware Mobile: +94722241032 On Fri, Sep 12, 2014 at 10:15 AM, Pushpalanka Jayawardhana <[email protected]> wrote: > Hi Asok, > > This comes with the behavior of SSO. > When you register travelocity.com as a service provider in IS and point > travelocity.com webapp to use IS as the identity provider, authentication > process of webapp is totally handled by IS. > Even the page you enter username/password is submitted by IS. Webapp does > not have any idea on the valid user name and password of the user trying to > login as all these details are captured and authenticated at IS side. IS > then just let the webapp knows whether the user is authenticated or not. > > This helps to keep the user passwords in a secured centralized place than > saving it in each webapp and helps to provide a better user experience by > not asking users to type username/password several times(If you are logged > into IS, you are automatically logged into travelocity.com as well.). > > Therefore any other user in IS also can login to travelocity.com webapp > with his/her credentials. > This article[1] will provide more insight. > Hope this helps. > > [1] - > http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/ > > Thanks, > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: > lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka > > > On Fri, Sep 12, 2014 at 9:54 AM, Asok Perera <[email protected]> wrote: > >> Hi, >> >> This is a question occurred to me while working on 'Configuring SAML2 >> SSO' sample in Identity server. (link below) >> https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO >> >> According to that sample, a user can log into service provider's >> site/portal with Identity server's admin credentials. In this case, one can >> use admin/admin username/password to log into travelocity.com. >> >> The question is, can I assume that IS admin is treated as a super user >> who can log into all the service providers' web apps / services ? >> If not, can somebody explain me why we can use admin credentials in the >> above sample ? >> >> BR >> >> *Asok Aravinda Perera* >> Software Engineer >> WSO2, Inc.;http://wso2.com/ >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> >> lean.enterprise.middleware >> >> Mobile: +94722241032 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
