Hi All,
Thanks Vivekananthan to bring this up.
Also any code resembling the following needs to be removed as it performs
an unwanted action against IDP config. It sets a config on IDP within an
authenticator, which is wrong practice in programming which breaks
"Abstraction" principle.
if (StringUtils.isBlank(context.getExternalIdP().getIdentityProvider().
getClaimConfig().getUserClaimURI())) {
context.getExternalIdP().getIdentityProvider().
getClaimConfig().setUserClaimURI
(FacebookAuthenticatorConstants.EMAIL);
}
Instead we should adopt something similar to
...
//Find the subject from the IDP claim mapping, subject Claim URI.
String subjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims(
context.getExternalIdP().getIdentityProvider(), claims);
//Use preset claim URI on the Authenticator if claim mapping is not defined
by the admin
if (StringUtils.isBlank(subjectFromClaims)) {
ClaimMapping claimMapping = new ClaimMapping();
Claim claim = new Claim();
claim.setClaimUri(FacebookAuthenticatorConstants.EMAIL)); //Use the
appropriate claim uri
claimMapping.setRemoteClaim(claim);
claimMapping.setLocalClaim(claim);
subjectFromClaims = claimMappings.get(claimMapping);
}
And make the above code reusable across all connectors, either by adding
them to base class or having a util method somewhere.
Cheers,
Ruwan
On Wed, Apr 19, 2017 at 10:34 AM, Nuwandi Wickramasinghe <[email protected]>
wrote:
> Ideally any Federated authenticator should give the flexibility to
> configure the subject claim from IS side. If admin selects a value as *User
> ID Claim URI *in the identity provider claim configuration, that selected
> value needs to be treated as subject of that authenticated user within the
> IS.
>
> By hard coding a subject without checking *User ID Claim URI *
> configuration in the identity provider, that authenticator removes that
> flexibility and totally neglects the configuration.
>
> Following method in FrameworkUtils is used to read the configured user Id
> claim from Identity Provider configuration.
>
> FrameworkUtils.getFederatedSubjectFromClaims(IdentityProvider
> identityProvider, Map<ClaimMapping, String> claimMappings);
>
> On Wed, Apr 19, 2017 at 9:43 AM, Malaka Silva <[email protected]> wrote:
>
>> IS Team,
>>
>> Can you please comment on this?
>>
>> On Wed, Apr 19, 2017 at 9:40 AM, Vivekananthan Sivanayagam <
>> [email protected]> wrote:
>>
>>> Hi ,
>>>
>>> I am working on the ticket[1] and analysed the existing authenticators.
>>> As mentioned on the ticket, default subject identifier claim is hard
>>> coded[2] and have to modify the existing authenticators as implemented in
>>> Facebook authenticator
>>> [3][4].
>>>
>>> @Malaka,
>>> If we have to improve the authenticator as mentioned above, it would be
>>> better if we include this improvement in Pinterest Authenticator before
>>> getting released. can you confirm it?
>>>
>> IMHO better to add this any new federated authenticator before releasing
> it.
>
>>
>>> [1] https://wso2.org/jira/projects/ISCONNECT/issues/ISCONNEC
>>> T-49?filter=allopenissues
>>> [2] https://github.com/wso2-extensions/identity-outbound-aut
>>> h-linkedIn/blob/master/component/src/main/java/org/wso2/carb
>>> on/identity/authenticator/linkedIn/LinkedInAuthenticator.java#L281
>>> [3] https://github.com/wso2-extensions/identity-outbound-aut
>>> h-facebook/blob/master/components/org.wso2.carbon.identity.a
>>> pplication.authenticator.facebook/src/main/java/org/wso2/
>>> carbon/identity/application/authenticator/facebook/
>>> FacebookAuthenticator.java#L352
>>> [4] https://docs.wso2.com/display/IS530/Logging+in+to+the+Id
>>> entity+Server+using+Facebook+Credentials#LoggingintotheIden
>>> tityServerusingFacebookCredentials-ConfiguringclaimmappingsforFacebook
>>>
>>>
>>> Thanks,
>>>
>>> Vivekananthan Sivanayagam
>>> Software Engineer | WSO2
>>> E:[email protected]
>>> M:+94752786138 <075%20278%206138>
>>>
>>
>>
>>
>> --
>>
>> Best Regards,
>>
>> Malaka Silva
>> Associate Director / Architect
>> M: +94 777 219 791 <+94%2077%20721%209791>
>> Tel : 94 11 214 5345
>> Fax :94 11 2145300
>> Skype : malaka.sampath.silva
>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
>> Blog : http://mrmalakasilva.blogspot.com/
>>
>> WSO2, Inc.
>> lean . enterprise . middleware
>> https://wso2.com/signature
>> http://www.wso2.com/about/team/malaka-silva/
>> <http://wso2.com/about/team/malaka-silva/>
>> https://store.wso2.com/store/
>>
>> Don't make Trees rare, we should keep them with care
>>
>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>
--
*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
*lean.enterprise.middleware.*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
