On Mon, Sep 5, 2016 at 1:19 PM, Malaka Silva <[email protected]> wrote:
> Hi Ishara, > > I guess we can use application-authentication.xml for this purpose? > > We are maintaining the configs for local authenticators from store. > This is the old carbon authenticators we are talking about. application-authentication.xml is for the new authentication framework. That won't work for this. > > On Mon, Sep 5, 2016 at 10:21 AM, Dimuthu Leelarathne <[email protected]> > wrote: > >> >> Hi Ishara, >> >> On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray <[email protected]> wrote: >> >>> Hi All, >>> >>> I thought of introducing a new Authenticator config to >>> repository/conf/security/authenticators.xml >>> And it will use only below properties to do the $Subject. >>> >>> <Authenticator name="JITPSAML2SSOAuthenticator" disabled="false"> >>> <Priority>9</Priority> >>> <Config> >>> <Parameter name="RoleClaimAttribute">http >>> ://wso2.org/claims/role</Parameter> >>> <Parameter name="AttributeValueSeparator">,</Parameter> >>> <Parameter name="JITUserProvisioning">true</Parameter> >>> <Parameter name="ProvisioningDefaultUsers >>> tore">PRIMARY</Parameter> >>> </Config> >>> </Authenticator> >>> >>> Any objections? >>> >> >> I think the existing SAMLSSOAuthenticator should allow JIT provisioning >> when we switch on a configuration. If we keep adding more and more >> Authenticators for small functionalities it will be cluttered collection in >> the end. The same happened to Carbon components. We have so many components >> and can't make the head or tail out of it. >> >> thanks, >> Dimuthu >> >> >>> Thanks & Regards, >>> Ishara Cooray >>> Senior Software Engineer >>> Mobile : +9477 262 9512 >>> WSO2, Inc. | http://wso2.com/ >>> Lean . Enterprise . Middleware >>> >>> On Wed, Aug 31, 2016 at 1:43 PM, Ishara Cooray <[email protected]> wrote: >>> >>>> + Prabath, Johann >>>> >>>> Thanks & Regards, >>>> Ishara Cooray >>>> Senior Software Engineer >>>> Mobile : +9477 262 9512 >>>> WSO2, Inc. | http://wso2.com/ >>>> Lean . Enterprise . Middleware >>>> >>>> On Wed, Aug 31, 2016 at 1:27 PM, Pamod Sylvester <[email protected]> >>>> wrote: >>>> >>>>> Would it make sense to have it under "user-mgt.xml" ? >>>>> >>>>> On Wed, Aug 31, 2016 at 1:00 PM, Ishara Cooray <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> I am working on the $Subject. >>>>>> >>>>>> *Motivation:* >>>>>> I have a use case where i want to authorize users who are logged into >>>>>> API publisher/ store but APIM does not have the access to underline user >>>>>> store. >>>>>> >>>>>> *Plan:* >>>>>> The plan is to write an osgi service that should do the Just In Time >>>>>> provisioning before the permission check to authorize the user. And it >>>>>> will >>>>>> get the roles from the SAML response and do the provisioning. >>>>>> >>>>>> But we will have to do the same role/permission mapping manually for >>>>>> now. >>>>>> >>>>>> If we write a generic service we can plug it into any wso2 product >>>>>> that need JIT provision initiated by the Service provider. >>>>>> However we need to maintain few configurations here. >>>>>> >>>>>> 1. isServiceProvierInitiatedJITProvisioningEnabled >>>>>> 2. User store to be provisioned >>>>>> 3. Implementation class (extension point) >>>>>> >>>>>> What could be the best place to maintain this configuration if the >>>>>> component is written as a generic component to any wso2 product? >>>>>> >>>>>> >>>>>> Thanks & Regards, >>>>>> Ishara Cooray >>>>>> Senior Software Engineer >>>>>> Mobile : +9477 262 9512 >>>>>> WSO2, Inc. | http://wso2.com/ >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Pamod Sylvester * >>>>> >>>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>>>> cell: +94 77 7779495 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Dimuthu Leelarathne >> Director, Solutions Architecture >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile: +94773661935 >> Blog: http://muthulee.blogspot.com >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Best Regards, > > Malaka Silva > Senior Technical Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
