Hi Ishara, I guess we can use application-authentication.xml for this purpose?
We are maintaining the configs for local authenticators from store. On Mon, Sep 5, 2016 at 10:21 AM, Dimuthu Leelarathne <[email protected]> wrote: > > Hi Ishara, > > On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray <[email protected]> wrote: > >> Hi All, >> >> I thought of introducing a new Authenticator config to >> repository/conf/security/authenticators.xml >> And it will use only below properties to do the $Subject. >> >> <Authenticator name="JITPSAML2SSOAuthenticator" disabled="false"> >> <Priority>9</Priority> >> <Config> >> <Parameter name="RoleClaimAttribute">http >> ://wso2.org/claims/role</Parameter> >> <Parameter name="AttributeValueSeparator">,</Parameter> >> <Parameter name="JITUserProvisioning">true</Parameter> >> <Parameter name="ProvisioningDefaultUsers >> tore">PRIMARY</Parameter> >> </Config> >> </Authenticator> >> >> Any objections? >> > > I think the existing SAMLSSOAuthenticator should allow JIT provisioning > when we switch on a configuration. If we keep adding more and more > Authenticators for small functionalities it will be cluttered collection in > the end. The same happened to Carbon components. We have so many components > and can't make the head or tail out of it. > > thanks, > Dimuthu > > >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Wed, Aug 31, 2016 at 1:43 PM, Ishara Cooray <[email protected]> wrote: >> >>> + Prabath, Johann >>> >>> Thanks & Regards, >>> Ishara Cooray >>> Senior Software Engineer >>> Mobile : +9477 262 9512 >>> WSO2, Inc. | http://wso2.com/ >>> Lean . Enterprise . Middleware >>> >>> On Wed, Aug 31, 2016 at 1:27 PM, Pamod Sylvester <[email protected]> wrote: >>> >>>> Would it make sense to have it under "user-mgt.xml" ? >>>> >>>> On Wed, Aug 31, 2016 at 1:00 PM, Ishara Cooray <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> I am working on the $Subject. >>>>> >>>>> *Motivation:* >>>>> I have a use case where i want to authorize users who are logged into >>>>> API publisher/ store but APIM does not have the access to underline user >>>>> store. >>>>> >>>>> *Plan:* >>>>> The plan is to write an osgi service that should do the Just In Time >>>>> provisioning before the permission check to authorize the user. And it >>>>> will >>>>> get the roles from the SAML response and do the provisioning. >>>>> >>>>> But we will have to do the same role/permission mapping manually for >>>>> now. >>>>> >>>>> If we write a generic service we can plug it into any wso2 product >>>>> that need JIT provision initiated by the Service provider. >>>>> However we need to maintain few configurations here. >>>>> >>>>> 1. isServiceProvierInitiatedJITProvisioningEnabled >>>>> 2. User store to be provisioned >>>>> 3. Implementation class (extension point) >>>>> >>>>> What could be the best place to maintain this configuration if the >>>>> component is written as a generic component to any wso2 product? >>>>> >>>>> >>>>> Thanks & Regards, >>>>> Ishara Cooray >>>>> Senior Software Engineer >>>>> Mobile : +9477 262 9512 >>>>> WSO2, Inc. | http://wso2.com/ >>>>> Lean . Enterprise . Middleware >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Pamod Sylvester * >>>> >>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>>> cell: +94 77 7779495 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Dimuthu Leelarathne > Director, Solutions Architecture > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile: +94773661935 > Blog: http://muthulee.blogspot.com > > Lean . Enterprise . Middleware > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
