Hi IAM team, Please consider the below scenario.
When I think of a system as an admin and developer personas in a same tenant, 1. Admin registers a service provider as *travelocity* with issuer id as *travelocity.com <http://travelocity.com>* and assertion consumer url as http://localhost:8080/travelocity.com/home.jsp and configure Federated IDP as Google 2. Then developer persona registers a service provider as *travelocity.com <http://travelocity.com>* with same issuer id as *travelocity.com <http://travelocity.com>* and assertion consumer url as http://localhost:8080/travelocity.com/home.jsp since it does not validate issuer id and configure federated IDP as facebook. In this scenario, only the *service provider name* will be *validated* and *issuer id* will *not be validated.* Therefore when we try to access service provider, it will federate only through google. This is a very rare negative use case, but when you think of different personas, I think this should be considered. Please correct me if I am wrong. Thanks, -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
