Hi Ishara, On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray <[email protected]> wrote:
> Hi All, > > I thought of introducing a new Authenticator config to > repository/conf/security/authenticators.xml > And it will use only below properties to do the $Subject. > > <Authenticator name="JITPSAML2SSOAuthenticator" disabled="false"> > <Priority>9</Priority> > <Config> > <Parameter name="RoleClaimAttribute">http > ://wso2.org/claims/role</Parameter> > <Parameter name="AttributeValueSeparator">,</Parameter> > <Parameter name="JITUserProvisioning">true</Parameter> > <Parameter name="ProvisioningDefaultUsers > tore">PRIMARY</Parameter> > </Config> > </Authenticator> > > Any objections? > I think the existing SAMLSSOAuthenticator should allow JIT provisioning when we switch on a configuration. If we keep adding more and more Authenticators for small functionalities it will be cluttered collection in the end. The same happened to Carbon components. We have so many components and can't make the head or tail out of it. thanks, Dimuthu > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > On Wed, Aug 31, 2016 at 1:43 PM, Ishara Cooray <[email protected]> wrote: > >> + Prabath, Johann >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Wed, Aug 31, 2016 at 1:27 PM, Pamod Sylvester <[email protected]> wrote: >> >>> Would it make sense to have it under "user-mgt.xml" ? >>> >>> On Wed, Aug 31, 2016 at 1:00 PM, Ishara Cooray <[email protected]> wrote: >>> >>>> Hi, >>>> I am working on the $Subject. >>>> >>>> *Motivation:* >>>> I have a use case where i want to authorize users who are logged into >>>> API publisher/ store but APIM does not have the access to underline user >>>> store. >>>> >>>> *Plan:* >>>> The plan is to write an osgi service that should do the Just In Time >>>> provisioning before the permission check to authorize the user. And it will >>>> get the roles from the SAML response and do the provisioning. >>>> >>>> But we will have to do the same role/permission mapping manually for >>>> now. >>>> >>>> If we write a generic service we can plug it into any wso2 product >>>> that need JIT provision initiated by the Service provider. >>>> However we need to maintain few configurations here. >>>> >>>> 1. isServiceProvierInitiatedJITProvisioningEnabled >>>> 2. User store to be provisioned >>>> 3. Implementation class (extension point) >>>> >>>> What could be the best place to maintain this configuration if the >>>> component is written as a generic component to any wso2 product? >>>> >>>> >>>> Thanks & Regards, >>>> Ishara Cooray >>>> Senior Software Engineer >>>> Mobile : +9477 262 9512 >>>> WSO2, Inc. | http://wso2.com/ >>>> Lean . Enterprise . Middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Pamod Sylvester * >>> >>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>> cell: +94 77 7779495 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Director, Solutions Architecture WSO2, Inc. (http://wso2.com) email: [email protected] Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
