Wum updated pack* On 30 Nov 2017 1:31 pm, "Ushani Balasooriya" <[email protected]> wrote:
> Hi Ishara, > > 27th Nov win updated pack allowed to add sp with same issuer id. > > On 30 Nov 2017 10:36 am, "Ishara Karunarathna" <[email protected]> wrote: > >> Hi Ushani, >> >> How did you test this scenarios. It does not allow to register two SPs >> with same issuer id. >> >> -Ishara >> >> On Thu, Nov 30, 2017 at 8:22 AM, Ushani Balasooriya <[email protected]> >> wrote: >> >>> Hi IAM team, >>> >>> Please consider the below scenario. >>> >>> When I think of a system as an admin and developer personas in a same >>> tenant, >>> >>> 1. Admin registers a service provider as *travelocity* with issuer id >>> as *travelocity.com <http://travelocity.com>* and assertion consumer >>> url as http://localhost:8080/travelocity.com/home.jsp and configure >>> Federated IDP as Google >>> >>> 2. Then developer persona registers a service provider as *travelocity.com >>> <http://travelocity.com>* with same issuer id as *travelocity.com >>> <http://travelocity.com>* and assertion consumer url as >>> http://localhost:8080/travelocity.com/home.jsp since it does not >>> validate issuer id and configure federated IDP as facebook. >>> >>> In this scenario, only the *service provider name* will be *validated* >>> and *issuer id* will *not be validated.* >>> >>> Therefore when we try to access service provider, it will federate only >>> through google. >>> >>> This is a very rare negative use case, but when you think of different >>> personas, I think this should be considered. >>> >>> Please correct me if I am wrong. >>> >>> Thanks, >>> -- >>> *Ushani Balasooriya* >>> Associate Technical Lead - EE; >>> WSO2 Inc; http://www.wso2.com/. >>> Mobile; +94772636796 >>> >>> >> >> >> -- >> Ishara Karunarathna >> Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 <+94%2071%20799%206791> >> >> >>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
