On Thu, Feb 9, 2017 at 12:32 AM, Darshana Gunawardana <darsh...@wso2.com> wrote:
> +1 for this approach in general... > > On Thu, Feb 9, 2017 at 12:04 AM, Harsha Thirimanna <hars...@wso2.com> > wrote: > >> Hi All, >> >> Since we are moving to file base deployment for sp/idp, we have to create >> these files using yaml. While doing that we thought to resolve some issues >> and generalize the sp/idp files. >> As we have now in IS 5.3.0, we configure local authenticator in SP and >> federated authenticator in IDP file. >> > > But just to clarify the earlier behaviour in IS 5.x.x versions, no; it's > not define local authenticator configs in SP.. rather we associate local > authenticators to the SP.. The issue we had was, there is no way to > configure local authenticators from the UI.. In IS 5.3.0 we provided a way > to generate UI elements to resident IdP section, so someone need, they can > write a new local authenticator and configure it from the resident idp.. > > Basically you propose the same approach for the IS 6.0.0 with the file > based configs.. > > One improvement we can do is, rather than limiting to *idpName* and > *authenticatorName* parameters in *authenticatorConfig*, allow it to pass > any additional parameters to IdP (from that SP) so we won't ended up with > the need of multiple resident idp to adequate different service providers > requirements. > > >> But it doesn't make sense to specially treat to the local authenticator >> in SP side and we can consider it also as another idp. >> > We can name it as resident-idp and SP authenticator can point the idp name >> when it want to use local one as same as it use federated one. >> We can keep other resident identity provider configuration like password >> policies, login policies, etc.. in separate config file that is decouple >> with the outbound authentication flow. >> > > What about provisioning configurations? where does that configs going to > be in.. If the file name going to be *resident-idp* then all the > configurations should be in that file when IS acting as a IdP. > > Yes, provisioning also with the resident idp, because normal IDP and Resident IDP both are same except the authenticator change. All the other resident IDP configuration going to be separate as a runtime config in IS. May be in Admin portal UI as well. > WDYT? > > Regards, > Darshana. > > >> This will not effect for the existing framework implementation but only >> change the user experience that is more cleaner than now. I have attached >> the sample sp file, sample idp file and resident idp file with this, it >> would be great if i can get more feedbacks about this. >> >> thanks >> >> *Harsha Thirimanna* >> *Associate Tech Lead | WSO2* >> >> Email: hars...@wso2.com >> Mob: +94715186770 <+94%2071%20518%206770> >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> > > > > -- > Regards, > > > *Darshana Gunawardana*Associate Technical Lead > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . > Middleware >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
