Ideally any Federated authenticator should give the flexibility to configure the subject claim from IS side. If admin selects a value as *User ID Claim URI *in the identity provider claim configuration, that selected value needs to be treated as subject of that authenticated user within the IS.
By hard coding a subject without checking *User ID Claim URI *configuration in the identity provider, that authenticator removes that flexibility and totally neglects the configuration. Following method in FrameworkUtils is used to read the configured user Id claim from Identity Provider configuration. FrameworkUtils.getFederatedSubjectFromClaims(IdentityProvider identityProvider, Map<ClaimMapping, String> claimMappings); On Wed, Apr 19, 2017 at 9:43 AM, Malaka Silva <[email protected]> wrote: > IS Team, > > Can you please comment on this? > > On Wed, Apr 19, 2017 at 9:40 AM, Vivekananthan Sivanayagam < > [email protected]> wrote: > >> Hi , >> >> I am working on the ticket[1] and analysed the existing authenticators. >> As mentioned on the ticket, default subject identifier claim is hard >> coded[2] and have to modify the existing authenticators as implemented in >> Facebook authenticator >> [3][4]. >> >> @Malaka, >> If we have to improve the authenticator as mentioned above, it would be >> better if we include this improvement in Pinterest Authenticator before >> getting released. can you confirm it? >> > IMHO better to add this any new federated authenticator before releasing it. > >> [1] https://wso2.org/jira/projects/ISCONNECT/issues/ISCONNEC >> T-49?filter=allopenissues >> [2] https://github.com/wso2-extensions/identity-outbound-aut >> h-linkedIn/blob/master/component/src/main/java/org/wso2/ >> carbon/identity/authenticator/linkedIn/LinkedInAuthenticator.java#L281 >> [3] https://github.com/wso2-extensions/identity-outbound-aut >> h-facebook/blob/master/components/org.wso2.carbon.identity. >> application.authenticator.facebook/src/main/java/org/ >> wso2/carbon/identity/application/authenticator/ >> facebook/FacebookAuthenticator.java#L352 >> [4] https://docs.wso2.com/display/IS530/Logging+in+to+the+ >> Identity+Server+using+Facebook+Credentials#LoggingintotheIde >> ntityServerusingFacebookCredentials-ConfiguringclaimmappingsforFacebook >> >> >> Thanks, >> >> Vivekananthan Sivanayagam >> Software Engineer | WSO2 >> E:[email protected] >> M:+94752786138 <075%20278%206138> >> > > > > -- > > Best Regards, > > Malaka Silva > Associate Director / Architect > M: +94 777 219 791 <+94%2077%20721%209791> > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > https://wso2.com/signature > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Don't make Trees rare, we should keep them with care > -- Best Regards, Nuwandi Wickramasinghe Software Engineer WSO2 Inc. Web : http://wso2.com Mobile : 0719214873
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
