Hi Angelo, On Mon, Nov 11, 2019 at 11:18 PM Angelo Immediata <[email protected]> wrote:
> Hi There > I'm using WSO2 IS version 5.8.0 and 5.9.0 > > Let's suppose the following scenario: I have an external SAML IdP. This > external IdP can give me the following fields: > > - name > - familyName > - userIdentity > - address > > Lets' suppose that I have 2 service provider. One configured in order to > get WSO2 claims name and familyName and the other in order to get > userIdentity and address. > > Now I go on my App1 (configured by using Service Provider 1) and I login > by using the external IdP and I can get the name and familyName attribute. > Then i switch to App2 without making logout. Obviously WSO2 doesn't ask to > me to login but it sends to the APP2 also the App1 params (e.g. claims) and > not only the claims required by App2 > > Is there any way to avoid this situation? I simply want the following: > I login by using external IdP > > - Eternal IdP gives to me all the required attributes > - WSO2 by using the full list attribute returned by the external IdP > passes to the APP1 attribute name and familyName. When I switch to App2, > WSO2 will give to me only userIdentity and address and not also the other > ones... > > Is it possible? > Ideally, it should only send the requested claims of the APP2 when you log in to the APP2. If you have set the subject attribute of APP2 as familyName, you will receive the familyName as well. Also, try changing the requested attribute of APP1 to another attribute and check whether you can observe the same pattern. Thanks, Ashen > > Thank you > Angelo > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Ashen Weerathunga | Senior Software Engineer | WSO2 Inc. (m) +94716042995 | (w) +94112145345 | Email: [email protected] <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
