When a service provider created in IS, a role is created for that service provider. If you want only user1 to access the app1 you can assign the role only to the user1, and remove the role from super admin role list.
On Mon, Sep 15, 2014 at 4:34 AM, Asok Perera <[email protected]> wrote: > Thank you Pushpalanka ! > But there is another clarification needed. > What if a user needs to isolate two web apps ? Meaning, what if there > 'cannot' be a super user sort of a logging (admin credentials) for two web > apps which is secured through a single IS ? > > BR > > > > *Asok Aravinda Perera* > Software Engineer > WSO2, Inc.;http://wso2.com/ > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> > lean.enterprise.middleware > > Mobile: +94722241032 > > On Fri, Sep 12, 2014 at 10:15 AM, Pushpalanka Jayawardhana <[email protected] > > wrote: > >> Hi Asok, >> >> This comes with the behavior of SSO. >> When you register travelocity.com as a service provider in IS and point >> travelocity.com webapp to use IS as the identity provider, >> authentication process of webapp is totally handled by IS. >> Even the page you enter username/password is submitted by IS. Webapp does >> not have any idea on the valid user name and password of the user trying to >> login as all these details are captured and authenticated at IS side. IS >> then just let the webapp knows whether the user is authenticated or not. >> >> This helps to keep the user passwords in a secured centralized place than >> saving it in each webapp and helps to provide a better user experience by >> not asking users to type username/password several times(If you are logged >> into IS, you are automatically logged into travelocity.com as well.). >> >> Therefore any other user in IS also can login to travelocity.com webapp >> with his/her credentials. >> This article[1] will provide more insight. >> Hope this helps. >> >> [1] - >> http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/ >> >> Thanks, >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >> >> >> On Fri, Sep 12, 2014 at 9:54 AM, Asok Perera <[email protected]> wrote: >> >>> Hi, >>> >>> This is a question occurred to me while working on 'Configuring SAML2 >>> SSO' sample in Identity server. (link below) >>> https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO >>> >>> According to that sample, a user can log into service provider's >>> site/portal with Identity server's admin credentials. In this case, one can >>> use admin/admin username/password to log into travelocity.com. >>> >>> The question is, can I assume that IS admin is treated as a super user >>> who can log into all the service providers' web apps / services ? >>> If not, can somebody explain me why we can use admin credentials in the >>> above sample ? >>> >>> BR >>> >>> *Asok Aravinda Perera* >>> Software Engineer >>> WSO2, Inc.;http://wso2.com/ >>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> >>> lean.enterprise.middleware >>> >>> Mobile: +94722241032 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Prasad Tissera Software Engineer. Mobile : +94777223444
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
