Hi All,
I thought of introducing a new Authenticator config to
repository/conf/security/authenticators.xml
And it will use only below properties to do the $Subject.
<Authenticator name="JITPSAML2SSOAuthenticator" disabled="false">
<Priority>9</Priority>
<Config>
<Parameter name="RoleClaimAttribute">http://wso2.org/claims/role
</Parameter>
<Parameter name="AttributeValueSeparator">,</Parameter>
<Parameter name="JITUserProvisioning">true</Parameter>
<Parameter name="ProvisioningDefaultUserstore">
PRIMARY</Parameter>
</Config>
</Authenticator>
Any objections?
Thanks & Regards,
Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware
On Wed, Aug 31, 2016 at 1:43 PM, Ishara Cooray <[email protected]> wrote:
> + Prabath, Johann
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Wed, Aug 31, 2016 at 1:27 PM, Pamod Sylvester <[email protected]> wrote:
>
>> Would it make sense to have it under "user-mgt.xml" ?
>>
>> On Wed, Aug 31, 2016 at 1:00 PM, Ishara Cooray <[email protected]> wrote:
>>
>>> Hi,
>>> I am working on the $Subject.
>>>
>>> *Motivation:*
>>> I have a use case where i want to authorize users who are logged into
>>> API publisher/ store but APIM does not have the access to underline user
>>> store.
>>>
>>> *Plan:*
>>> The plan is to write an osgi service that should do the Just In Time
>>> provisioning before the permission check to authorize the user. And it will
>>> get the roles from the SAML response and do the provisioning.
>>>
>>> But we will have to do the same role/permission mapping manually for now.
>>>
>>> If we write a generic service we can plug it into any wso2 product that
>>> need JIT provision initiated by the Service provider.
>>> However we need to maintain few configurations here.
>>>
>>> 1. isServiceProvierInitiatedJITProvisioningEnabled
>>> 2. User store to be provisioned
>>> 3. Implementation class (extension point)
>>>
>>> What could be the best place to maintain this configuration if the
>>> component is written as a generic component to any wso2 product?
>>>
>>>
>>> Thanks & Regards,
>>> Ishara Cooray
>>> Senior Software Engineer
>>> Mobile : +9477 262 9512
>>> WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> *Pamod Sylvester *
>>
>> *WSO2 Inc.; http://wso2.com <http://wso2.com>*
>> cell: +94 77 7779495
>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
