Hi Ruwan, Thaks for the suggestion and I have made changes as you suggested and it is working when I changed as "subjectFromClaims = claims.get(claimMapping);" instead of " subjectFromClaims = claimMappings.get(claimMapping);".
Thanks, Vivek. Vivekananthan Sivanayagam Software Engineer | WSO2 E:[email protected] M:+94752786138 On Wed, Apr 19, 2017 at 11:44 AM, Vivekananthan Sivanayagam < [email protected]> wrote: > Noted. > > Vivekananthan Sivanayagam > Software Engineer | WSO2 > E:[email protected] > M:+94752786138 <+94%2075%20278%206138> > > On Wed, Apr 19, 2017 at 11:23 AM, Ruwan Abeykoon <[email protected]> wrote: > >> Hi All, >> Thanks Vivekananthan to bring this up. >> >> Also any code resembling the following needs to be removed as it performs >> an unwanted action against IDP config. It sets a config on IDP within an >> authenticator, which is wrong practice in programming which breaks >> "Abstraction" principle. >> if (StringUtils.isBlank(context.getExternalIdP().getIdentityPro >> vider().getClaimConfig().getUserClaimURI())) { >> context.getExternalIdP().getId >> entityProvider().getClaimConfig().setUserClaimURI >> (FacebookAuthenticatorConstants.EMAIL); >> } >> >> Instead we should adopt something similar to >> ... >> //Find the subject from the IDP claim mapping, subject Claim URI. >> String subjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims( >> context.getExternalIdP().getIdentityProvider(), >> claims); >> >> //Use preset claim URI on the Authenticator if claim mapping is not >> defined by the admin >> if (StringUtils.isBlank(subjectFromClaims)) { >> ClaimMapping claimMapping = new ClaimMapping(); >> Claim claim = new Claim(); >> claim.setClaimUri(FacebookAuthenticatorConstants.EMAIL)); //Use >> the appropriate claim uri >> claimMapping.setRemoteClaim(claim); >> claimMapping.setLocalClaim(claim); >> subjectFromClaims = claimMappings.get(claimMapping); >> } >> >> And make the above code reusable across all connectors, either by adding >> them to base class or having a util method somewhere. >> >> Cheers, >> Ruwan >> >> >> On Wed, Apr 19, 2017 at 10:34 AM, Nuwandi Wickramasinghe < >> [email protected]> wrote: >> >>> Ideally any Federated authenticator should give the flexibility to >>> configure the subject claim from IS side. If admin selects a value as *User >>> ID Claim URI *in the identity provider claim configuration, that >>> selected value needs to be treated as subject of that authenticated user >>> within the IS. >>> >>> By hard coding a subject without checking *User ID Claim URI * >>> configuration in the identity provider, that authenticator removes that >>> flexibility and totally neglects the configuration. >>> >>> Following method in FrameworkUtils is used to read the configured user >>> Id claim from Identity Provider configuration. >>> >>> FrameworkUtils.getFederatedSubjectFromClaims(IdentityProvider >>> identityProvider, Map<ClaimMapping, String> claimMappings); >>> >>> On Wed, Apr 19, 2017 at 9:43 AM, Malaka Silva <[email protected]> wrote: >>> >>>> IS Team, >>>> >>>> Can you please comment on this? >>>> >>>> On Wed, Apr 19, 2017 at 9:40 AM, Vivekananthan Sivanayagam < >>>> [email protected]> wrote: >>>> >>>>> Hi , >>>>> >>>>> I am working on the ticket[1] and analysed the existing >>>>> authenticators. As mentioned on the ticket, default subject identifier >>>>> claim is hard coded[2] and have to modify the existing authenticators as >>>>> implemented in Facebook authenticator >>>>> [3][4]. >>>>> >>>>> @Malaka, >>>>> If we have to improve the authenticator as mentioned above, it would >>>>> be better if we include this improvement in Pinterest Authenticator before >>>>> getting released. can you confirm it? >>>>> >>>> IMHO better to add this any new federated authenticator before >>> releasing it. >>> >>>> >>>>> [1] https://wso2.org/jira/projects/ISCONNECT/issues/ISCONNEC >>>>> T-49?filter=allopenissues >>>>> [2] https://github.com/wso2-extensions/identity-outbound-aut >>>>> h-linkedIn/blob/master/component/src/main/java/org/wso2/carb >>>>> on/identity/authenticator/linkedIn/LinkedInAuthenticator.java#L281 >>>>> [3] https://github.com/wso2-extensions/identity-outbound-aut >>>>> h-facebook/blob/master/components/org.wso2.carbon.identity.a >>>>> pplication.authenticator.facebook/src/main/java/org/wso2/car >>>>> bon/identity/application/authenticator/facebook/FacebookAuth >>>>> enticator.java#L352 >>>>> [4] https://docs.wso2.com/display/IS530/Logging+in+to+the+Id >>>>> entity+Server+using+Facebook+Credentials#LoggingintotheIdent >>>>> ityServerusingFacebookCredentials-ConfiguringclaimmappingsforFacebook >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Vivekananthan Sivanayagam >>>>> Software Engineer | WSO2 >>>>> E:[email protected] >>>>> M:+94752786138 <075%20278%206138> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Malaka Silva >>>> Associate Director / Architect >>>> M: +94 777 219 791 <+94%2077%20721%209791> >>>> Tel : 94 11 214 5345 >>>> Fax :94 11 2145300 >>>> Skype : malaka.sampath.silva >>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>> Blog : http://mrmalakasilva.blogspot.com/ >>>> >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> https://wso2.com/signature >>>> http://www.wso2.com/about/team/malaka-silva/ >>>> <http://wso2.com/about/team/malaka-silva/> >>>> https://store.wso2.com/store/ >>>> >>>> Don't make Trees rare, we should keep them with care >>>> >>> >>> >>> >>> -- >>> >>> Best Regards, >>> >>> Nuwandi Wickramasinghe >>> >>> Software Engineer >>> >>> WSO2 Inc. >>> >>> Web : http://wso2.com >>> >>> Mobile : 0719214873 >>> >> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Associate Director/Architect**,* >> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >> *lean.enterprise.middleware.* >> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
