Is this JIT specific issue or this can be seen with simple SSO scenario when SP request custom claims?
Thanks, On Tue, Jan 23, 2018 at 4:58 PM, Chankami Maddumage <[email protected]> wrote: > Hi Omudu and Isura, > > Thanks you so much for looking into this issue.I have created a git ticket > [1] > > [1]https://github.com/wso2/product-is/issues/2162 > > On Tue, Jan 23, 2018 at 3:55 PM, Omindu Rathnaweera <[email protected]> > wrote: > >> Isura and Myself tested the this in the QA setup. Seems to be this is >> happening when custom claim mappings are added in the SP's claim configs. >> >> @Chankami, Looks like this is a bug. Can you create a git issue with the >> steps to reproduce. I guess you can test the solution without having the >> custom claim mappings for the moment. >> >> Regards, >> Omindu. >> >> On Tue, Jan 23, 2018 at 2:13 PM, Darshana Gunawardana <[email protected]> >> wrote: >> >>> Hi Chankami, >>> >>> You might trying with same user who already JIT provisioned.. In that >>> case, AFAIR association will not be created automatically. If you want to >>> create association for an already existing user in the IS, you have to >>> follow steps that Omindu mentioned. >>> >>> Thanks, >>> >>> On Tue, Jan 23, 2018 at 2:10 PM, Omindu Rathnaweera <[email protected]> >>> wrote: >>> >>>> Hi Chankami, >>>> >>>> I tried a federate JIT scenario for a secondary userstore with FB, >>>> enabling 'Assert identity using mapped local subject identifier' as Isura >>>> mentioned and the missing claim was only prompted once as expected. When >>>> JIT provisioning IS automatically associates the provisioned user and the >>>> federated user hence it will not prompt for mandatory claims once the user >>>> submits it in the first time. >>>> >>>> Can you login to the provisioned user's dashboard and check the >>>> 'Associated Accounts' to see an association is created for that user. You >>>> will need to give login permission for the user in order to login to the >>>> dashboard. >>>> >>>> Regards, >>>> Omindu. >>>> >>>> On Tue, Jan 23, 2018 at 1:07 PM, Chankami Maddumage <[email protected]> >>>> wrote: >>>> >>>>> Thank you Ayehsha for the explanation. >>>>> >>>>> @Isura I enabled the above mentioned property but the behavior is the >>>>> same. Is there any other property ? >>>>> >>>>> On Tue, Jan 23, 2018 at 12:32 PM, Isura Karunaratne <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Chankami, >>>>>> >>>>>> Hope you are testing IS 5.4.0. >>>>>> >>>>>> Can you try the scenario while enabling "Assert identity using >>>>>> mapped local subject identifier" in SP "Local & Outbound >>>>>> Authentication Configuration" section? >>>>>> >>>>>> Thanks >>>>>> Isura. >>>>>> >>>>>> On Tue, Jan 23, 2018 at 12:13 PM, Ayesha Dissanayaka <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi Chankami, >>>>>>> >>>>>>> On Tue, Jan 23, 2018 at 11:33 AM, Chankami Maddumage < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi IAM Team >>>>>>>> >>>>>>>> I have scenario to enforce users to provide missing required >>>>>>>> attributes while getting JIT provisioned to the local system. >>>>>>>> >>>>>>>> In order to achieve this I have set a *Mandatory Claim [1] *in SP >>>>>>>> and also all the users who logged in will provisioning to secondary >>>>>>>> JDBC >>>>>>>> user store. >>>>>>>> >>>>>>>> *Clarification* >>>>>>>> >>>>>>>> Every time already logged in user login to system (Travelocity), it >>>>>>>> ask to enter the value for the mandatory Claim. >>>>>>>> >>>>>>>> So what is the expected behavior ?Or, user should enter value only >>>>>>>> in first login ? >>>>>>>> >>>>>>> This is the expected behavior of the server. >>>>>>> When SP has mandatory claims defined, corresponding SP application >>>>>>> is expecting values for the defined claims in the authentication >>>>>>> response. >>>>>>> If the user hasn't provied those information to the IDP(Identity Server >>>>>>> in >>>>>>> this case) initially, IDP requests those values from the user whenever >>>>>>> trying to authenticate to the particular SP. >>>>>>> >>>>>>> Thanks! >>>>>>> -Ayesha >>>>>>> >>>>>>>> >>>>>>>> [1]https://docs.wso2.com/display/IS540/Configuring+Claims+fo >>>>>>>> r+a+Service+Provider >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Best Regards, >>>>>>>> >>>>>>>> >>>>>>>> *Chankami Maddumage* >>>>>>>> Software Engineer - QA Team >>>>>>>> WSO2 Inc; http://www.wso2.com/. >>>>>>>> Mobile: +94 (0) 722223096 <%2B94%20%280%29%20773%20381%20250> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Ayesha Dissanayaka* >>>>>>> Senior Software Engineer, >>>>>>> WSO2, Inc : http://wso2.com >>>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>>>> 20, Palm grove Avenue, Colombo >>>>>>> <https://maps.google.com/?q=20,+Palm+grove+Avenue,+Colombo&entry=gmail&source=g> >>>>>>> 3 >>>>>>> E-Mail: [email protected] <[email protected]> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Isura Dilhara Karunaratne* >>>>>> Associate Technical Lead | WSO2 >>>>>> Email: [email protected] >>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810> >>>>>> Blog : http://isurad.blogspot.com/ >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Best Regards, >>>>> >>>>> >>>>> *Chankami Maddumage* >>>>> Software Engineer - QA Team >>>>> WSO2 Inc; http://www.wso2.com/. >>>>> Mobile: +94 (0) 722223096 <%2B94%20%280%29%20773%20381%20250> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Omindu Rathnaweera >>>> Senior Software Engineer, WSO2 Inc. >>>> Mobile: +94 771 197 211 <+94%2077%20119%207211> >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Technical Lead >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: [email protected] <[email protected]>* >>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >>> Middleware >>> >> >> >> >> -- >> Omindu Rathnaweera >> Senior Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 <+94%2077%20119%207211> >> > > > > -- > Best Regards, > > > *Chankami Maddumage* > Software Engineer - QA Team > WSO2 Inc; http://www.wso2.com/. > Mobile: +94 (0) 722223096 <%2B94%20%280%29%20773%20381%20250> > > -- Regards, *Darshana Gunawardana*Technical Lead WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
