Even with current application implementation you may call external java code from jaggery_acs file and do jit operation. If need you may add assertion/ response validation from same java component.
Did we think how this should work in multi tenants scenario. Do we provision users to central place or tenant defined user store? Then can they configure this per tenant basis? Thanks sanjeewa. Sent from my phone. On Sep 5, 2016 1:25 PM, "Johann Nallathamby" <[email protected]> wrote: > > > On Mon, Sep 5, 2016 at 1:19 PM, Malaka Silva <[email protected]> wrote: > >> Hi Ishara, >> >> I guess we can use application-authentication.xml for this purpose? >> >> We are maintaining the configs for local authenticators from store. >> > > This is the old carbon authenticators we are talking about. > application-authentication.xml is for the new authentication framework. > That won't work for this. > > >> >> On Mon, Sep 5, 2016 at 10:21 AM, Dimuthu Leelarathne <[email protected]> >> wrote: >> >>> >>> Hi Ishara, >>> >>> On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray <[email protected]> wrote: >>> >>>> Hi All, >>>> >>>> I thought of introducing a new Authenticator config to >>>> repository/conf/security/authenticators.xml >>>> And it will use only below properties to do the $Subject. >>>> >>>> <Authenticator name="JITPSAML2SSOAuthenticator" disabled="false"> >>>> <Priority>9</Priority> >>>> <Config> >>>> <Parameter name="RoleClaimAttribute">http >>>> ://wso2.org/claims/role</Parameter> >>>> <Parameter name="AttributeValueSeparator">,</Parameter> >>>> <Parameter name="JITUserProvisioning">true</Parameter> >>>> <Parameter name="ProvisioningDefaultUsers >>>> tore">PRIMARY</Parameter> >>>> </Config> >>>> </Authenticator> >>>> >>>> Any objections? >>>> >>> >>> I think the existing SAMLSSOAuthenticator should allow JIT provisioning >>> when we switch on a configuration. If we keep adding more and more >>> Authenticators for small functionalities it will be cluttered collection in >>> the end. The same happened to Carbon components. We have so many components >>> and can't make the head or tail out of it. >>> >>> thanks, >>> Dimuthu >>> >>> >>>> Thanks & Regards, >>>> Ishara Cooray >>>> Senior Software Engineer >>>> Mobile : +9477 262 9512 >>>> WSO2, Inc. | http://wso2.com/ >>>> Lean . Enterprise . Middleware >>>> >>>> On Wed, Aug 31, 2016 at 1:43 PM, Ishara Cooray <[email protected]> >>>> wrote: >>>> >>>>> + Prabath, Johann >>>>> >>>>> Thanks & Regards, >>>>> Ishara Cooray >>>>> Senior Software Engineer >>>>> Mobile : +9477 262 9512 >>>>> WSO2, Inc. | http://wso2.com/ >>>>> Lean . Enterprise . Middleware >>>>> >>>>> On Wed, Aug 31, 2016 at 1:27 PM, Pamod Sylvester <[email protected]> >>>>> wrote: >>>>> >>>>>> Would it make sense to have it under "user-mgt.xml" ? >>>>>> >>>>>> On Wed, Aug 31, 2016 at 1:00 PM, Ishara Cooray <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> I am working on the $Subject. >>>>>>> >>>>>>> *Motivation:* >>>>>>> I have a use case where i want to authorize users who are logged >>>>>>> into API publisher/ store but APIM does not have the access to underline >>>>>>> user store. >>>>>>> >>>>>>> *Plan:* >>>>>>> The plan is to write an osgi service that should do the Just In Time >>>>>>> provisioning before the permission check to authorize the user. And it >>>>>>> will >>>>>>> get the roles from the SAML response and do the provisioning. >>>>>>> >>>>>>> But we will have to do the same role/permission mapping manually for >>>>>>> now. >>>>>>> >>>>>>> If we write a generic service we can plug it into any wso2 product >>>>>>> that need JIT provision initiated by the Service provider. >>>>>>> However we need to maintain few configurations here. >>>>>>> >>>>>>> 1. isServiceProvierInitiatedJITProvisioningEnabled >>>>>>> 2. User store to be provisioned >>>>>>> 3. Implementation class (extension point) >>>>>>> >>>>>>> What could be the best place to maintain this configuration if the >>>>>>> component is written as a generic component to any wso2 product? >>>>>>> >>>>>>> >>>>>>> Thanks & Regards, >>>>>>> Ishara Cooray >>>>>>> Senior Software Engineer >>>>>>> Mobile : +9477 262 9512 >>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Pamod Sylvester * >>>>>> >>>>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>>>>> cell: +94 77 7779495 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Dimuthu Leelarathne >>> Director, Solutions Architecture >>> >>> WSO2, Inc. (http://wso2.com) >>> email: [email protected] >>> Mobile: +94773661935 >>> Blog: http://muthulee.blogspot.com >>> >>> Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Technical Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> https://wso2.com/signature >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> https://store.wso2.com/store/ >> >> Don't make Trees rare, we should keep them with care >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
