On Sun, Mar 12, 2017 at 7:04 AM, Thanuja Jayasinghe <[email protected]> wrote:
> > > On Sat, Mar 11, 2017 at 11:33 AM, Johann Nallathamby <[email protected]> > wrote: > >> >> >> On Sat, Mar 11, 2017 at 8:58 AM, Thanuja Jayasinghe <[email protected]> >> wrote: >> >>> Hi Johann, >>> >>> We use same "claim management" in SP configuration as well. So these >>> attributes will be available for them also. When it comes to "userid", two >>> SPs which use same claim configuration can have two different claims. >>> >> >> No. Two SPs can request two different claims as the Subject. But the >> unique user identifier claim must be specific to the dialect. E.g. SCIM 2.0 >> defines "userName" as the human-friendly unique identifier for the user. >> SCIM 2.0 in fact defines the "id" claim also which is a non-human-friendly >> unique identifier for a user. Although we don't need to support multiple >> unique identifiers we at least need to support one so that it will be the >> default subject if user doesn't select any other claim. >> > > So, we also provide the ovridding capability at the SP configuration level? > Yes. Like we had in 5.3.0 we have "Subject Claim" configuration. > > >> >> >>> >>> So, to avoid the confusion shall we rename it to something like >>> "feduserid"? >>> >> >> If we go by my above explanation this is not required. >> >> >>> >>> Thanks, >>> >>> On Mon, Mar 6, 2017 at 3:09 AM, Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> Any foreign dialect that we define using claim management, must have >>>> two special attributes indicating the "userid" claim and the "role" claim. >>>> >>>> "userid" claim is required for use cases like authentication and >>>> provisioning. "role" claim is needed for role mapping and access control. >>>> >>>> In C4 we had this at the IDP configuration level. In C5, since we have >>>> extracted all the claim configuration from IDP to "claim management", and >>>> just refer to the dialect alone in IDP configuration, we need to identify >>>> these two special attributes also in the claim dialect management level. >>>> This configuration will be fixed for any real IDP. >>>> >>>> What are your ideas? >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Technical Lead & Product Lead of WSO2 Identity Server >>>> Governance Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> *Thanuja Lakmal* >>> Senior Software Engineer >>> WSO2 Inc. http://wso2.com/ >>> *lean.enterprise.middleware* >>> Mobile: +94715979891 +94758009992 >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
