Hi All, We have few use cases for IS 5.6.0 conditional authentication feature where we need to get the details of the authenticated user in a previous authentication step. Following are the details required,
For users authenticated with local IdP, - Username - Tenant domain - Userstore domain - Claims For users authenticated with a federated IdP, - Subject Identifier - Claims by federated IdP's dialect - Claims by local dialect (If claim mappings configured) - Associated local user (If available) To retrieve the above details, we'll be changing the way we access the claims as below, *Local claims (current) :* var myClaimValueX = context.subject.claims.local['http://wso2.org/claims/ <x>']; *Local claims (suggested) :* var myClaimValueX = context.steps[<n>].subject.localClaims[' http://wso2.org/claims/<x>']; Note: This will return the mapped remote claim's value from IdP for federated IdPs. E.g. If wso2 claim "http://wso2.org/claims/emailaddress" is mapped to federated IDP claim "mail", call to context.steps[1].subject.localClaims['http://wso2.org/claims/emailaddress]; will give the value of 'mail' claim from IdP *Remote claims (current) :* var myClaimValueX = context.subject.claims.remote[' http://some.domain.you/claims/<x>']; *Remote claims (suggested) :* var myClaimValueX = context.steps[<n>].subject.remoteClaims[' http://some.domain.you/claims/<x>']; Note: This will return null for local IdP *Few more examples:* context.steps[<n>].subject.username - Return the username/subject identitfier of step 'n' context.steps[<n>].subject.tenantDomain - Return the tenant domain of user of step 'n' context.steps[<n>].subject.userStoreDomain - Return the userstore domain of user of step 'n' context.steps[<n>].subject.userStoreDomain - Return the userstore domain of user of step 'n' context.steps[<n>].subject.mappedLocalUser.tenantDomain - Return the tenant domain of the mapped local user if there is an association for the user. Please let us know any suggestions or concerns. -- *Pulasthi Mahawithana* Associate Technical Lead WSO2 Inc., http://wso2.com/ Mobile: +94-71-5179022 Blog: https://medium.com/@pulasthi7/ <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture