Hi Ushani, How did you test this scenarios. It does not allow to register two SPs with same issuer id.
-Ishara On Thu, Nov 30, 2017 at 8:22 AM, Ushani Balasooriya <[email protected]> wrote: > Hi IAM team, > > Please consider the below scenario. > > When I think of a system as an admin and developer personas in a same > tenant, > > 1. Admin registers a service provider as *travelocity* with issuer id as > *travelocity.com > <http://travelocity.com>* and assertion consumer url as > http://localhost:8080/travelocity.com/home.jsp and configure Federated > IDP as Google > > 2. Then developer persona registers a service provider as *travelocity.com > <http://travelocity.com>* with same issuer id as *travelocity.com > <http://travelocity.com>* and assertion consumer url as > http://localhost:8080/travelocity.com/home.jsp since it does not validate > issuer id and configure federated IDP as facebook. > > In this scenario, only the *service provider name* will be *validated* > and *issuer id* will *not be validated.* > > Therefore when we try to access service provider, it will federate only > through google. > > This is a very rare negative use case, but when you think of different > personas, I think this should be considered. > > Please correct me if I am wrong. > > Thanks, > -- > *Ushani Balasooriya* > Associate Technical Lead - EE; > WSO2 Inc; http://www.wso2.com/. > Mobile; +94772636796 > > -- Ishara Karunarathna Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
