Hi Ishara, 27th Nov win updated pack allowed to add sp with same issuer id.
On 30 Nov 2017 10:36 am, "Ishara Karunarathna" <[email protected]> wrote: > Hi Ushani, > > How did you test this scenarios. It does not allow to register two SPs > with same issuer id. > > -Ishara > > On Thu, Nov 30, 2017 at 8:22 AM, Ushani Balasooriya <[email protected]> > wrote: > >> Hi IAM team, >> >> Please consider the below scenario. >> >> When I think of a system as an admin and developer personas in a same >> tenant, >> >> 1. Admin registers a service provider as *travelocity* with issuer id as >> *travelocity.com >> <http://travelocity.com>* and assertion consumer url as >> http://localhost:8080/travelocity.com/home.jsp and configure Federated >> IDP as Google >> >> 2. Then developer persona registers a service provider as *travelocity.com >> <http://travelocity.com>* with same issuer id as *travelocity.com >> <http://travelocity.com>* and assertion consumer url as >> http://localhost:8080/travelocity.com/home.jsp since it does not >> validate issuer id and configure federated IDP as facebook. >> >> In this scenario, only the *service provider name* will be *validated* >> and *issuer id* will *not be validated.* >> >> Therefore when we try to access service provider, it will federate only >> through google. >> >> This is a very rare negative use case, but when you think of different >> personas, I think this should be considered. >> >> Please correct me if I am wrong. >> >> Thanks, >> -- >> *Ushani Balasooriya* >> Associate Technical Lead - EE; >> WSO2 Inc; http://www.wso2.com/. >> Mobile; +94772636796 >> >> > > > -- > Ishara Karunarathna > Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 <+94%2071%20799%206791> > > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
