On Tue, Feb 7, 2017 at 2:36 PM, Dulanja Liyanage <dula...@wso2.com> wrote:
> SPs and IdPs represent real world entities. For example, if the IdP > supports multiple authentication mechanisms, we should represent it in a > single IdP config with multiple authenticators. Else, you will have to > duplicate metadata of that IdP. > We were trying to find why someone would need to configure multiple protocols for an IDP. Ideally protocol should be independent from what user is going to communicate with the IDP. Even though IDP represents a real world entity, in the real world one SP should not need to use multiple protocols when communicating with one IDP. > > On 7 Feb 2017 2:19 p.m., "Darshana Gunawardana" <darsh...@wso2.com> wrote: > > Hi Harsha, > > It make sense to have that in some cases like "SAML 2.0 bearer grant" in > OAuth flow. Same SP application which used Identity Server with SAML 2.0 > web sso (which requires inbound saml config) also need to get access tokens > (which requires inbound oauth config). > > This seems to be valid as of the current architecture we have in IS 5.3.0, because we don't treat OAuth2 specially, but we consider that also as an inbound authenticator, although OAuth2 is not an authentication protocol. > Thanks, > > On Tue, Feb 7, 2017 at 2:07 PM, Harsha Thirimanna <hars...@wso2.com> > wrote: > >> Hi All, >> >> In current IS 5.3.0 design, we can configure multiple inbound >> authenticator for one SP and multiple outbound authenticator for one IDP. >> Since we are representing one application from one SP, do we need to allow >> to create multiple inbound authenticator for one SP ? >> And same as what would be the advantages of having multiple outbound >> authenticator for one IDP config ? >> >> >> WDYT ? >> >> *Harsha Thirimanna* >> *Associate Tech Lead | WSO2* >> >> Email: hars...@wso2.com >> Mob: +94715186770 <+94%2071%20518%206770> >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> > > > > -- > Regards, > > > *Darshana Gunawardana*Associate Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <071%20856%206859>*Lean . Enterprise . Middleware > > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
