Hi, Appreciate your response.
Thanks, On Mon, Nov 6, 2017 at 2:04 PM, Ushani Balasooriya <[email protected]> wrote: > Hi IAM team, > > As a part of my third party web application implementation to add users > and roles I would like to try if the logged in admin user can perform the > relevant activity within the app. > > In order to test Login in to the web app I will be using SAML Post binding > and as well as the Redirect binding. > > When I use the Post binding, I can capture the user name and password and > generate Basic authentication token retrieving it from the servlet request. > > My question is, > > 1. If I use redirect binding, since the IDP can be any application like > wso2 IS or Facebook or salesforce etc *(a)* is it a valid use case to use > the logged in user admin's credentials to generate auth token? > > *(b)* Or should I hard code one particular admin user's credentials or > auth token which is configured as admin for the thirdparty web app to > perform the relevant activities? > > 2. If *(a) *is valid, how can I retrieve it from the session. I can > retrieve the username from the SAML2SSO session, but my question is how to > retrieve the password to generate auth token? > > Appreciate your response. > > Thanks, > -- > *Ushani Balasooriya* > Associate Technical Lead - EE; > WSO2 Inc; http://www.wso2.com/. > Mobile; +94772636796 > > -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
