Hi Malithi, Yes, I got your concern, Please find the answers in-line
> My question is not about the config issue or it's clarity. My question is > about the way this usecase is being achieved now and is it the way to do it. > That's why I was repeating, "why not use claim transformation to resolve > the local claim (wso2 claim) here". > When we improved these use-cases, we came up with this solutions as per the internal discussion with the product team regarding these use-cases. +1 improving this use-case with claim transformation. Also, as per the present implementation I feel the 'userAttribute' > parameter configuration in the TOTP or SMSOTP authenticator config is > redundant, as the respective claim is being configured per each federated > authenticator. > > Thanks, > Malithi. > > On Wed, Oct 25, 2017 at 11:08 AM, Kanapriya Kuleswararajan < > kanapr...@wso2.com> wrote: > >> Hi Malithi, >> >> 2. Noted, that in each authenticator an additional parameter needs to be >>>> configured to denote 'userAttribute' mapping. Is this how (1) above is >>>> achieved ? >>>> However, the respective configurations in SMSOTP and TOTP with this >>>> regard are not consistent. Moreover, I feel transforming back to the local >>>> dialect and using that to retrieve the attribute to be mapped is the way to >>>> do. With that this becomes a redundant config. >>>> >>> >> For the userAttribute usecase, you can use the parameter name for TOTP, >>> SMSOTP as I mentioned in the above config with the prefix of the >>> authenticator name which is configured as second step. This leads the >>> configurations more consistent. All these things documented in [1]. >>> >> >> >> [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+ >>> Authenticator#ConfiguringTOTPAuthenticator-Configuringtheser >>> viceproviderConfiguringtheserviceprovider >>> >> >>> Yes. This is what I highlighted in point (2). To achieve case 1 another >>> parameter needs to be configured per each authenticator. >>> But, what I'm suggesting is to use claim transformation to resolve the >>> local claim. In that case, there is no need to configure a separate >>> parameter per each authenticator. Wondering if this approach is not chosen >>> due to any other complications on resolving back to local claim. >>> >>> Moreover, as I feel the parameter configuration per each authenticator >>> is not well explained in documentation. Also, when it comes to TOTP there >>> is another authenticator config parameter being mentioned in the doc as >>> 'federatedEmailAttributeKey'. What is this for ? It's not explained at all. >>> >>> I also checked this parameter usage in TOTP code base. Couldn't find any >> usage of this. Based on th offline discussion with the team, it seems a >> documentation bug. So that ,I have removed this parameter from the config. >> Thanks for pointing out this. >> >>> >>>> >>>>> 3. For the mapping to happen the claim value resolved should always be >>>>> the local username. Why not mapping can happen over another unique claim >>>>> like email ? >>>>> As I see, we can easily configure this for an ldap, by configuring >>>>> the 'UserNameSearchFilter' to search users over several attributes. >>>>> >>>>> Thanks, >>>>> Malithi >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Associate Technical Lead >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> malit...@wso2.com >>>>> >>>> >>>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Associate Technical Lead >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> malit...@wso2.com >>> >> >> > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > malit...@wso2.com >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
