Hi Malithi, 2. Noted, that in each authenticator an additional parameter needs to be >> configured to denote 'userAttribute' mapping. Is this how (1) above is >> achieved ? >> However, the respective configurations in SMSOTP and TOTP with this >> regard are not consistent. Moreover, I feel transforming back to the local >> dialect and using that to retrieve the attribute to be mapped is the way to >> do. With that this becomes a redundant config. >> > For the userAttribute usecase, you can use the parameter name for TOTP, > SMSOTP as I mentioned in the above config with the prefix of the > authenticator name which is configured as second step. This leads the > configurations more consistent. All these things documented in [1]. >
[1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+ > Authenticator#ConfiguringTOTPAuthenticator-Configuringtheser > viceproviderConfiguringtheserviceprovider > > Yes. This is what I highlighted in point (2). To achieve case 1 another > parameter needs to be configured per each authenticator. > But, what I'm suggesting is to use claim transformation to resolve the > local claim. In that case, there is no need to configure a separate > parameter per each authenticator. Wondering if this approach is not chosen > due to any other complications on resolving back to local claim. > > Moreover, as I feel the parameter configuration per each authenticator is > not well explained in documentation. Also, when it comes to TOTP there is > another authenticator config parameter being mentioned in the doc as > 'federatedEmailAttributeKey'. What is this for ? It's not explained at all. > > I also checked this parameter usage in TOTP code base. Couldn't find any usage of this. Based on th offline discussion with the team, it seems a documentation bug. So that ,I have removed this parameter from the config. Thanks for pointing out this. > >> >>> 3. For the mapping to happen the claim value resolved should always be >>> the local username. Why not mapping can happen over another unique claim >>> like email ? >>> As I see, we can easily configure this for an ldap, by configuring the >>> 'UserNameSearchFilter' to search users over several attributes. >>> >>> Thanks, >>> Malithi >>> -- >>> >>> *Malithi Edirisinghe* >>> Associate Technical Lead >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> [email protected] >>> >> >> > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
