Hi Rushmin, On Mon, Aug 8, 2016 at 5:26 PM, Rushmin Fernando <[email protected]> wrote:
> Hi Ishara, > > We are currently using the following two admin services to create service > providers. > > IdentitySAMLSSOConfigService > IdentityApplicationManagementService > admin/manage permission should be there for both services > > If we are to follow the above SAML authenticator method for this as well, > what are the permissions should a role have ? > > Regards > Rushmin > > On Mon, Aug 8, 2016 at 5:18 PM, Lahiru Cooray <[email protected]> wrote: > >> Hi Ishara, >> Thanks a lot for the info.. >> >> On Mon, Aug 8, 2016 at 4:04 PM, Ishara Karunarathna <[email protected]> >> wrote: >> >>> Hi Dinusha, >>> >>> In this case I think publisher user should be able to create those SP, >>> XACML policies etc. >>> Since publisher use is within the publisher role you can assign >>> necessary permission to that role. >>> Once user login (SSO) to publisher with his credential he can get a >>> cookie for that >>> and he can use that cookie to authenticate to the admin services. >>> >>> @Rushmin, >>> We don't have a authenticator for OAuth token. Better to get a ID token >>> using OIDC or after validating OAuth token >>> and create a carbon authenticator like saml carbon authenticator. >>> >>> Thanks, >>> Ishara >>> >>> >>> >>> >>> On Mon, Aug 8, 2016 at 3:47 PM, Rushmin Fernando <[email protected]> >>> wrote: >>> >>>> In addition to creating these entries from the UI, we need to create >>>> the same using our ReST API as well. And the API is OAuth protected. >>>> >>>> Is there an authenticator which gives back a cookie for an OAuth token >>>> as well ? >>>> >>>> On Mon, Aug 8, 2016 at 3:29 PM, Ishara Karunarathna <[email protected]> >>>> wrote: >>>> >>>>> Hi Lahiru. >>>>> >>>>> >>>>> Its not the admin user.User trying to do this operation should have >>>>> enough permission to do this. >>>>> >>>>> Use >>>>> >>>>> >>>>> >>>>> *entitlement/policy/view* >>>>> >>>>> Add this permission to the user who is trying to view those policies. >>>>> >>>>> >>>>> BR, >>>>> >>>>> Ishara >>>>> >>>>> >>>>> On Mon, Aug 8, 2016 at 3:20 PM, Lahiru Cooray <[email protected]> >>>>> wrote: >>>>> >>>>>> + [DEV] >>>>>> >>>>>> On Mon, Aug 8, 2016 at 3:19 PM, Lahiru Cooray <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> *Current behaviour:* >>>>>>> Currently in AppM, when we are creating XACML policies/Service >>>>>>> Providers via IS admin services, we are providing the super tenant admin >>>>>>> credentials (where the credentials are stored in a config) to get >>>>>>> authenticated. Further, XACML policies/Service providers are only >>>>>>> created >>>>>>> in super tenant and marked as a SAAS app to be used in tenants. >>>>>>> >>>>>>> *Problem:* >>>>>>> As we are moving for AppM - Cloud integration, we are trying to >>>>>>> deploy these in relevant tenant spaces. So as a solution we have tried >>>>>>> to >>>>>>> use *SAML2SSOAuthenticator*[1] (retrieving a cookie passing the >>>>>>> SAML response and use the same in subsequent service calls) but figured >>>>>>> that this is not applicable for non admin users. >>>>>>> (*eg:* In AppM user story, non admin users should be allowed to >>>>>>> create apps with XAML policies) >>>>>>> >>>>>>> Any suggestions for this would be highly appreciated! >>>>>>> >>>>>>> >>>>>>> [1] https://github.com/wso2/carbon-identity/blob/8cd996c1dc6 >>>>>>> d9e7c0df491322af6e9ddf1cf3709/components/carbon-authenticato >>>>>>> rs/saml2-sso-authenticator/org.wso2.carbon.identity.authenti >>>>>>> cator.saml2.sso/src/main/java/org/wso2/carbon/identity/authe >>>>>>> nticator/saml2/sso/SAML2SSOAuthenticator.java >>>>>>> >>>>>>> -- >>>>>>> *Lahiru Cooray* >>>>>>> Software Engineer >>>>>>> WSO2, Inc.;http://wso2.com/ >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> Mobile: +94 715 654154 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Lahiru Cooray* >>>>>> Software Engineer >>>>>> WSO2, Inc.;http://wso2.com/ >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile: +94 715 654154 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Associate Technical Lead >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Best Regards* >>>> >>>> *Rushmin Fernando* >>>> *Technical Lead* >>>> >>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>>> >>>> mobile : +94772891266 >>>> >>>> >>>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >> >> >> -- >> *Lahiru Cooray* >> Software Engineer >> WSO2, Inc.;http://wso2.com/ >> lean.enterprise.middleware >> >> Mobile: +94 715 654154 >> > > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94772891266 > > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
