Hi Kanapriya, My question is not about the config issue or it's clarity. My question is about the way this usecase is being achieved now and is it the way to do it. That's why I was repeating, "why not use claim transformation to resolve the local claim (wso2 claim) here". Also, as per the present implementation I feel the 'userAttribute' parameter configuration in the TOTP or SMSOTP authenticator config is redundant, as the respective claim is being configured per each federated authenticator.
Thanks, Malithi. On Wed, Oct 25, 2017 at 11:08 AM, Kanapriya Kuleswararajan < [email protected]> wrote: > Hi Malithi, > > 2. Noted, that in each authenticator an additional parameter needs to be >>> configured to denote 'userAttribute' mapping. Is this how (1) above is >>> achieved ? >>> However, the respective configurations in SMSOTP and TOTP with this >>> regard are not consistent. Moreover, I feel transforming back to the local >>> dialect and using that to retrieve the attribute to be mapped is the way to >>> do. With that this becomes a redundant config. >>> >> > For the userAttribute usecase, you can use the parameter name for TOTP, >> SMSOTP as I mentioned in the above config with the prefix of the >> authenticator name which is configured as second step. This leads the >> configurations more consistent. All these things documented in [1]. >> > > > [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+ >> Authenticator#ConfiguringTOTPAuthenticator-Configuringtheser >> viceproviderConfiguringtheserviceprovider >> > >> Yes. This is what I highlighted in point (2). To achieve case 1 another >> parameter needs to be configured per each authenticator. >> But, what I'm suggesting is to use claim transformation to resolve the >> local claim. In that case, there is no need to configure a separate >> parameter per each authenticator. Wondering if this approach is not chosen >> due to any other complications on resolving back to local claim. >> >> Moreover, as I feel the parameter configuration per each authenticator is >> not well explained in documentation. Also, when it comes to TOTP there is >> another authenticator config parameter being mentioned in the doc as >> 'federatedEmailAttributeKey'. What is this for ? It's not explained at all. >> >> I also checked this parameter usage in TOTP code base. Couldn't find any > usage of this. Based on th offline discussion with the team, it seems a > documentation bug. So that ,I have removed this parameter from the config. > Thanks for pointing out this. > >> >>> >>>> 3. For the mapping to happen the claim value resolved should always be >>>> the local username. Why not mapping can happen over another unique claim >>>> like email ? >>>> As I see, we can easily configure this for an ldap, by configuring the >>>> 'UserNameSearchFilter' to search users over several attributes. >>>> >>>> Thanks, >>>> Malithi >>>> -- >>>> >>>> *Malithi Edirisinghe* >>>> Associate Technical Lead >>>> WSO2 Inc. >>>> >>>> Mobile : +94 (0) 718176807 >>>> [email protected] >>>> >>> >>> >> >> >> -- >> >> *Malithi Edirisinghe* >> Associate Technical Lead >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> [email protected] >> > > -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
