IMO, returning the username with userstore domain in the response may be
seen as an unwanted sensitive information leak in this setup. Ideally in
these kind of scenarios expectation is service provider doesn't need to
know the user store domain name where his users are created. Therefore they
can
There is no hard rule to specify which one should be the correct approach
in this case. Since there is always room to override this setting using
specific SP's configuration, I think current approach is ok.
Thanks,
On Tue, Sep 19, 2017 at 12:30 AM, Gayan Gunawardana wrote:
>
>
On Tue, Sep 19, 2017 at 12:13 AM, Darshana Gunawardana
wrote:
> Since we returning the correct username in the response, its should be ok.
> This is a configuration issue if the client is expecting otherway.
>
I think it is better if there is a way to inform client application
Since we returning the correct username in the response, its should be ok.
This is a configuration issue if the client is expecting otherway.
Thanks,
On Tue, Sep 19, 2017 at 12:10 AM, Gayan Gunawardana wrote:
>
>
> On Mon, Sep 18, 2017 at 11:42 PM, Darshana Gunawardana
On Mon, Sep 18, 2017 at 11:42 PM, Darshana Gunawardana
wrote:
> Ok, now you asked the real question :)
>
> Yes I agree with the expected results you mentioned for all three cases. I
> have checked this behaviour on a latest pack[1][2] and it only provision
> user to specified
Ok, now you asked the real question :)
Yes I agree with the expected results you mentioned for all three cases. I
have checked this behaviour on a latest pack[1][2] and it only provision
user to specified userstore in the SP configuration in the case 3 which is
a reasonable behariour. (I'm using
On Mon, Sep 18, 2017 at 10:27 PM, Darshana Gunawardana
wrote:
>
>
> On Mon, Sep 18, 2017 at 7:58 PM, Gayan Gunawardana wrote:
>
>>
>>
>> When user store selected from Inbound Provisioning Configuration should
>> we allow to provision other user stores as
On Mon, Sep 18, 2017 at 7:58 PM, Gayan Gunawardana wrote:
>
>
> When user store selected from Inbound Provisioning Configuration should we
> allow to provision other user stores as well ?
>
No.
> For an example if we selected "TEST" as user store from Inbound
> Provisioning
When user store selected from Inbound Provisioning Configuration should we
allow to provision other user stores as well ?
For an example if we selected "TEST" as user store from Inbound
Provisioning Configuration, can we provision to PRIMARY user store as well ?
Thanks,
Gayan
--
Gayan