Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Hi Ishara, There is an extension point if the logic needs to be customized. where it can implement SAML2SSOUserProvisioner interface and override the provisionUser method. And it can be configured in the configuration "SAML2SSOUserProvisionerImpl" that is used to get the impl class at runtime.

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Hi Ishara, Just noticed the thread. Is there a extension point in this component to add any additional check. Let say we define a policy to decide the condition that need to be evaluate before doing the jit operation. If jit not available can we have that as well. Thanks, Ishara On Mon, Sep

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Hi Johann, I have written a custom OSGI service that can be used to provision users based on the SAML response which i can contribute since it is reusable in any application that needs user provision. Appreciate if you can suggest me suitable repository for this. Thanks & Regards, Ishara

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Thanks for all your inputs. This is an independent osgi service and it does not implement CarbonServerAuthenticator because it needs to integrate with any jaggery app such as apim store /publisher, greg store/publisher. Yes, it calls external java code(the provision service) from jaggery_acs

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Even with current application implementation you may call external java code from jaggery_acs file and do jit operation. If need you may add assertion/ response validation from same java component. Did we think how this should work in multi tenants scenario. Do we provision users to central place

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

On Mon, Sep 5, 2016 at 1:19 PM, Malaka Silva wrote: > Hi Ishara, > > I guess we can use application-authentication.xml for this purpose? > > We are maintaining the configs for local authenticators from store. > This is the old carbon authenticators we are talking about.

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Hi Ishara, I guess we can use application-authentication.xml for this purpose? We are maintaining the configs for local authenticators from store. On Mon, Sep 5, 2016 at 10:21 AM, Dimuthu Leelarathne wrote: > > Hi Ishara, > > On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Hi Ishara, On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray wrote: > Hi All, > > I thought of introducing a new Authenticator config to > repository/conf/security/authenticators.xml > And it will use only below properties to do the $Subject. > > > 9 > >

Re: [Dev] [Architecture] OSGI Service to provision users and roles based on the SAML response.

Hi All, I thought of introducing a new Authenticator config to repository/conf/security/authenticators.xml And it will use only below properties to do the $Subject. 9 http://wso2.org/claims/role , true PRIMARY