Re: [Architecture] [IAM] Passing parameters from authentication script to Authenticators

Fri, 15 Jun 2018 06:27:26 -0700 

Hi all,

We are having an update in the structure of the basic syntax. Here is a
sample,

function onInitialRequest(context) {
    executeStep(1,
        {
            authenticationOptions: {
              local     : {
                            "BasicAuthenticator"  :{    
                                                      "foo" : "alex",
                                                      "domain" : "localhost"
                                                    },
                            "SMSOTP"              :{  "foo" : "abc"}
                          },
              federated : {
                            "FacebookIdp" : { "foo" : "xyz"}
                          }
        },
        {
            onSuccess: function (context) {
                executeStep(2);
            }
        }
    );
}

We can have 2 objects inside "authenticationOptions". In "local", we can
specify the authenticator identifier and map of parameters (key-value
pair). And in "federated", we can specify the parameter map for the
federated identity provider.

And place note that the value of the parameter has to be String.

thanks,

On Wed, Jun 13, 2018 at 6:49 PM Senthalan Kanagalingam <sentha...@wso2.com>
wrote:

> [update]
>
> hi all,
>
> We had an offline discussion and decided to change the authentication
> script syntax.  We will be having an extra object in the 2nd parameter in
> the executeStep which is introduced to filter the authenticators[1].
> There we can specify the authenticator and parameter
>
> executeStep(<stepNo>, { authenticationOptions  : <listOfAuthenticators>,
> *authenticatorParams : [ {authenticator : <authenticatorName>,*
>
> *params : { <paramKey> : <paranValue> }*
>
> *]*,
>
> {onSuccess: function(){<someFunction>}, onFail: function(){<someFunction
> >}})
>
>
>
> An example will be,
>
> function onInitialRequest (context) {
>    executeStep(1 ,{ authenticationOptions  : [{ authenticator : "Sample
> HardwareKey Authenticator"},{ idp : "google" }],
> authenticatorParams : [{ authenticator : "Sample HardwareKey
> Authenticator",
>  params : {
>    "foo" : "xyz"
>  }},
>    { idp : "google",
>   params : {
>    "foo" : "abc"
>  }}]
>   },{
>  onSuccess : function(context) {
>   executeStep(2);
>  }
>    });
> }
>
> In authenticator (java code), we can access the parameter map defined by
> the script for that particular authenticator using getRuntimeParams()
> method.
>
> Please share your idea about this new syntax change and the method name.
>
>
> [1] - "[IS] Filtering authentication options of a step by script"
>
>
> On Tue, Jun 12, 2018 at 5:32 PM Senthalan Kanagalingam <sentha...@wso2.com>
> wrote:
>
>> Hi all,
>>
>> With an offline discussion we decided to change the definition from
>> parameter to property.
>>
>> context.*property*.foo = "xyz";
>> and/or
>> context.*property*['foo'] = "xyz";
>>
>> So in the authenticator we can access using getScriptProperty("foo");
>>
>> thanks,
>> Senthalan.
>>
>> On Mon, Jun 11, 2018 at 3:45 PM Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi Pulasthi,
>>>
>>> On Mon, Jun 11, 2018 at 11:36 AM Pulasthi Mahawithana <
>>> pulast...@wso2.com> wrote:
>>>
>>>> Hi Senthalan,
>>>>
>>>> On Mon, Jun 11, 2018 at 11:10 AM Senthalan Kanagalingam <
>>>> sentha...@wso2.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I am working on the $subject. The purpose of this implementation is to
>>>>> have application-specific configurations for authenticators. Currently, we
>>>>> can static configurations for the authenticators in the
>>>>> application-authentication.xml file.
>>>>>
>>>>> In the script, we can set the parameters as follow, If we want to pass
>>>>> the foo to the authenticator,
>>>>>
>>>>> context.foo = "xyz";
>>>>>
>>>>
>>>>
>>>
>>>> Shall we change this to following to avoid any conflicts with existing
>>>> context objects?
>>>>
>>>> context.parameter.foo = "xyz";
>>>> and/or
>>>> context.parameter['foo'] = "xyz";
>>>>
>>>
>>> + 1. I have implemented with the suggestions.
>>>
>>>
>>>>
>>>>>
>>>>> We can get back the value in the authenticators( executed after this
>>>>> definition) by calling context.getScriptParameter("foo")
>>>>>
>>>>> I have developed a POC for this. I have created a new map in the
>>>>> "AuthenticationContext" to save these parameters.
>>>>>
>>>>> Please share your thoughts about this implementation.
>>>>>
>>>>> thanks,
>>>>> Senthalan.
>>>>>
>>>>>
>>>>> *Senthalan Kanagalingam*
>>>>> *Software Engineer - WSO2 Inc.*
>>>>> *Mobile : +94 (0) 77 18 77 466*
>>>>> <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Pulasthi Mahawithana*
>>>> Associate Technical Lead
>>>> WSO2 Inc., http://wso2.com/
>>>> Mobile: +94-71-5179022
>>>> Blog: https://medium.com/@pulasthi7/
>>>>
>>>> <https://wso2.com/signature>
>>>>
>>>
>>>
>>> --
>>>
>>> *Senthalan Kanagalingam*
>>> *Software Engineer - WSO2 Inc.*
>>> *Mobile : +94 (0) 77 18 77 466*
>>> <http://wso2.com/signature>
>>>
>>
>>
>> --
>>
>> *Senthalan Kanagalingam*
>> *Software Engineer - WSO2 Inc.*
>> *Mobile : +94 (0) 77 18 77 466*
>> <http://wso2.com/signature>
>>
>
>
> --
>
> *Senthalan Kanagalingam*
> *Software Engineer - WSO2 Inc.*
> *Mobile : +94 (0) 77 18 77 466*
> <http://wso2.com/signature>
>


-- 

*Senthalan Kanagalingam*
*Software Engineer - WSO2 Inc.*
*Mobile : +94 (0) 77 18 77 466*
<http://wso2.com/signature>

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to