+1 Thanks Dulanja and Asela
On Fri, Feb 20, 2015 at 6:53 PM, Asela Pathberiya <[email protected]> wrote: > On Fri, Feb 20, 2015 at 3:55 PM, Dulanja Liyanage <[email protected]> > wrote: > > IMO we should have a config like "strictClientCredentialValidation". > > > > true: must validate the credentials, > > false: validate only when credentials are available in the request. > > > > And this check should be done before hitting the > BasicAuthClientAuthHandler, > > at the authentication manager level. > > > > We can start from there and then think about integration to the UI, which > > would be required especially because for mutitenancy scenarios. > > +1 Sometimes we may need to enable/disable it based on the client > application... > > Thanks, > Asela. > > > > > On Fri, Feb 20, 2015 at 3:04 PM, Nuwandi Wickramasinghe < > [email protected]> > > wrote: > >> > >> Hi, > >> > >> I have some concerns regarding JIRA issue [1] > >> > >> If client credentials are unavailable, is it ok to skip client > >> authentication process in issue() method > >> (org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer) for SAML2 > bearer > >> type ? > >> > >> Also should we give an option for user to select whether client > >> credentials are optional or not? And fail authentication if no > credentials > >> are available and user says it's mandatory? > >> > >> [1] https://wso2.org/jira/browse/IDENTITY-3028 > >> -- > >> > >> Best Regards, > >> > >> Nuwandi Wickramasinghe > >> > >> Software Engineer > >> > >> WSO2 Inc. > >> > >> Web : http://wso2.com > >> > >> Mobile : 0719214873 > > > > > > > > > > -- > > Dulanja Liyanage > > WSO2 Inc. > > M: +94776764717 > > > > _______________________________________________ > > Dev mailing list > > [email protected] > > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > +358 449 228 979 > -- Best Regards, Nuwandi Wickramasinghe Software Engineer WSO2 Inc. Web : http://wso2.com Mobile : 0719214873
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
