Hi Vivek, Yes, I made a mistake, this is wrong. subjectFromClaims = claimMappings.get(claimMapping);
and subjectFromClaims = claims.get(claimMapping); is the correct one. Cheers, Ruwan. On Wed, Apr 19, 2017 at 2:36 PM, Vivekananthan Sivanayagam < [email protected]> wrote: > Hi Ruwan, > > Thaks for the suggestion and I have made changes as you suggested and it > is working when I changed as "subjectFromClaims = > claims.get(claimMapping);" instead of " subjectFromClaims = > claimMappings.get(claimMapping);". > > Thanks, > Vivek. > > Vivekananthan Sivanayagam > Software Engineer | WSO2 > E:[email protected] > M:+94752786138 <+94%2075%20278%206138> > > On Wed, Apr 19, 2017 at 11:44 AM, Vivekananthan Sivanayagam < > [email protected]> wrote: > >> Noted. >> >> Vivekananthan Sivanayagam >> Software Engineer | WSO2 >> E:[email protected] >> M:+94752786138 <+94%2075%20278%206138> >> >> On Wed, Apr 19, 2017 at 11:23 AM, Ruwan Abeykoon <[email protected]> wrote: >> >>> Hi All, >>> Thanks Vivekananthan to bring this up. >>> >>> Also any code resembling the following needs to be removed as it >>> performs an unwanted action against IDP config. It sets a config on IDP >>> within an authenticator, which is wrong practice in programming which >>> breaks "Abstraction" principle. >>> if (StringUtils.isBlank(context.getExternalIdP().getIdentityPro >>> vider().getClaimConfig().getUserClaimURI())) { >>> context.getExternalIdP().getId >>> entityProvider().getClaimConfig().setUserClaimURI >>> (FacebookAuthenticatorConstants.EMAIL); >>> } >>> >>> Instead we should adopt something similar to >>> ... >>> //Find the subject from the IDP claim mapping, subject Claim URI. >>> String subjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims( >>> context.getExternalIdP().getIdentityProvider(), >>> claims); >>> >>> //Use preset claim URI on the Authenticator if claim mapping is not >>> defined by the admin >>> if (StringUtils.isBlank(subjectFromClaims)) { >>> ClaimMapping claimMapping = new ClaimMapping(); >>> Claim claim = new Claim(); >>> claim.setClaimUri(FacebookAuthenticatorConstants.EMAIL)); //Use >>> the appropriate claim uri >>> claimMapping.setRemoteClaim(claim); >>> claimMapping.setLocalClaim(claim); >>> subjectFromClaims = claimMappings.get(claimMapping); >>> } >>> >>> And make the above code reusable across all connectors, either by adding >>> them to base class or having a util method somewhere. >>> >>> Cheers, >>> Ruwan >>> >>> >>> On Wed, Apr 19, 2017 at 10:34 AM, Nuwandi Wickramasinghe < >>> [email protected]> wrote: >>> >>>> Ideally any Federated authenticator should give the flexibility to >>>> configure the subject claim from IS side. If admin selects a value as *User >>>> ID Claim URI *in the identity provider claim configuration, that >>>> selected value needs to be treated as subject of that authenticated user >>>> within the IS. >>>> >>>> By hard coding a subject without checking *User ID Claim URI * >>>> configuration in the identity provider, that authenticator removes >>>> that flexibility and totally neglects the configuration. >>>> >>>> Following method in FrameworkUtils is used to read the configured user >>>> Id claim from Identity Provider configuration. >>>> >>>> FrameworkUtils.getFederatedSubjectFromClaims(IdentityProvider >>>> identityProvider, Map<ClaimMapping, String> claimMappings); >>>> >>>> On Wed, Apr 19, 2017 at 9:43 AM, Malaka Silva <[email protected]> wrote: >>>> >>>>> IS Team, >>>>> >>>>> Can you please comment on this? >>>>> >>>>> On Wed, Apr 19, 2017 at 9:40 AM, Vivekananthan Sivanayagam < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi , >>>>>> >>>>>> I am working on the ticket[1] and analysed the existing >>>>>> authenticators. As mentioned on the ticket, default subject identifier >>>>>> claim is hard coded[2] and have to modify the existing authenticators as >>>>>> implemented in Facebook authenticator >>>>>> [3][4]. >>>>>> >>>>>> @Malaka, >>>>>> If we have to improve the authenticator as mentioned above, it would >>>>>> be better if we include this improvement in Pinterest Authenticator >>>>>> before >>>>>> getting released. can you confirm it? >>>>>> >>>>> IMHO better to add this any new federated authenticator before >>>> releasing it. >>>> >>>>> >>>>>> [1] https://wso2.org/jira/projects/ISCONNECT/issues/ISCONNEC >>>>>> T-49?filter=allopenissues >>>>>> [2] https://github.com/wso2-extensions/identity-outbound-aut >>>>>> h-linkedIn/blob/master/component/src/main/java/org/wso2/carb >>>>>> on/identity/authenticator/linkedIn/LinkedInAuthenticator.java#L281 >>>>>> [3] https://github.com/wso2-extensions/identity-outbound-aut >>>>>> h-facebook/blob/master/components/org.wso2.carbon.identity.a >>>>>> pplication.authenticator.facebook/src/main/java/org/wso2/car >>>>>> bon/identity/application/authenticator/facebook/FacebookAuth >>>>>> enticator.java#L352 >>>>>> [4] https://docs.wso2.com/display/IS530/Logging+in+to+the+Id >>>>>> entity+Server+using+Facebook+Credentials#LoggingintotheIdent >>>>>> ityServerusingFacebookCredentials-ConfiguringclaimmappingsforFacebook >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Vivekananthan Sivanayagam >>>>>> Software Engineer | WSO2 >>>>>> E:[email protected] >>>>>> M:+94752786138 <075%20278%206138> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Best Regards, >>>>> >>>>> Malaka Silva >>>>> Associate Director / Architect >>>>> M: +94 777 219 791 <+94%2077%20721%209791> >>>>> Tel : 94 11 214 5345 >>>>> Fax :94 11 2145300 >>>>> Skype : malaka.sampath.silva >>>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>>>> Blog : http://mrmalakasilva.blogspot.com/ >>>>> >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> https://wso2.com/signature >>>>> http://www.wso2.com/about/team/malaka-silva/ >>>>> <http://wso2.com/about/team/malaka-silva/> >>>>> https://store.wso2.com/store/ >>>>> >>>>> Don't make Trees rare, we should keep them with care >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Best Regards, >>>> >>>> Nuwandi Wickramasinghe >>>> >>>> Software Engineer >>>> >>>> WSO2 Inc. >>>> >>>> Web : http://wso2.com >>>> >>>> Mobile : 0719214873 >>>> >>> >>> >>> >>> -- >>> >>> *Ruwan Abeykoon* >>> *Associate Director/Architect**,* >>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >>> *lean.enterprise.middleware.* >>> >>> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
