Hi Ishara,
There is an extension point if the logic needs to be customized. where it
can implement SAML2SSOUserProvisioner interface and override the
provisionUser method.
And it can be configured in the configuration "SAML2SSOUserProvisionerImpl"
that is used to get the impl class at runtime.
Hi Ishara,
Just noticed the thread.
Is there a extension point in this component to add any additional check.
Let say we define a policy to decide the condition that need to be evaluate
before doing the jit operation.
If jit not available can we have that as well.
Thanks,
Ishara
On Mon, Sep
Hi Johann,
I have written a custom OSGI service that can be used to provision users
based on the SAML response which i can contribute since it is reusable in
any application that needs user provision.
Appreciate if you can suggest me suitable repository for this.
Thanks & Regards,
Ishara
Thanks for all your inputs.
This is an independent osgi service and it does not implement
CarbonServerAuthenticator because it needs to integrate with any jaggery
app such as apim store /publisher, greg store/publisher.
Yes, it calls external java code(the provision service) from jaggery_acs
Even with current application implementation you may call external java
code from jaggery_acs file and do jit operation. If need you may add
assertion/ response validation from same java component.
Did we think how this should work in multi tenants scenario. Do we
provision users to central place
On Mon, Sep 5, 2016 at 1:19 PM, Malaka Silva wrote:
> Hi Ishara,
>
> I guess we can use application-authentication.xml for this purpose?
>
> We are maintaining the configs for local authenticators from store.
>
This is the old carbon authenticators we are talking about.
Hi Ishara,
I guess we can use application-authentication.xml for this purpose?
We are maintaining the configs for local authenticators from store.
On Mon, Sep 5, 2016 at 10:21 AM, Dimuthu Leelarathne
wrote:
>
> Hi Ishara,
>
> On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray
Hi Ishara,
On Fri, Sep 2, 2016 at 11:19 AM, Ishara Cooray wrote:
> Hi All,
>
> I thought of introducing a new Authenticator config to
> repository/conf/security/authenticators.xml
> And it will use only below properties to do the $Subject.
>
>
> 9
>
>
Hi All,
I thought of introducing a new Authenticator config to
repository/conf/security/authenticators.xml
And it will use only below properties to do the $Subject.
9
http://wso2.org/claims/role
,
true
PRIMARY