Thank you Prasad.. This is what I needed to get clarified *Asok Aravinda Perera* Software Engineer WSO2, Inc.;http://wso2.com/ <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> lean.enterprise.middleware
Mobile: +94722241032 On Tue, Sep 16, 2014 at 2:08 AM, Prasad Tissera <pras...@wso2.com> wrote: > When a service provider created in IS, a role is created for that service > provider. If you want only user1 to access the app1 you can assign the role > only to the user1, and remove the role from super admin role list. > > > > On Mon, Sep 15, 2014 at 4:34 AM, Asok Perera <as...@wso2.com> wrote: > >> Thank you Pushpalanka ! >> But there is another clarification needed. >> What if a user needs to isolate two web apps ? Meaning, what if there >> 'cannot' be a super user sort of a logging (admin credentials) for two web >> apps which is secured through a single IS ? >> >> BR >> >> >> >> *Asok Aravinda Perera* >> Software Engineer >> WSO2, Inc.;http://wso2.com/ >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> >> lean.enterprise.middleware >> >> Mobile: +94722241032 >> >> On Fri, Sep 12, 2014 at 10:15 AM, Pushpalanka Jayawardhana < >> la...@wso2.com> wrote: >> >>> Hi Asok, >>> >>> This comes with the behavior of SSO. >>> When you register travelocity.com as a service provider in IS and point >>> travelocity.com webapp to use IS as the identity provider, >>> authentication process of webapp is totally handled by IS. >>> Even the page you enter username/password is submitted by IS. Webapp >>> does not have any idea on the valid user name and password of the user >>> trying to login as all these details are captured and authenticated at IS >>> side. IS then just let the webapp knows whether the user is authenticated >>> or not. >>> >>> This helps to keep the user passwords in a secured centralized place >>> than saving it in each webapp and helps to provide a better user experience >>> by not asking users to type username/password several times(If you are >>> logged into IS, you are automatically logged into travelocity.com as >>> well.). >>> >>> Therefore any other user in IS also can login to travelocity.com webapp >>> with his/her credentials. >>> This article[1] will provide more insight. >>> Hope this helps. >>> >>> [1] - >>> http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/ >>> >>> Thanks, >>> Pushpalanka. >>> -- >>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>> Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>> Mobile: +94779716248 >>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>> >>> >>> On Fri, Sep 12, 2014 at 9:54 AM, Asok Perera <as...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> This is a question occurred to me while working on 'Configuring SAML2 >>>> SSO' sample in Identity server. (link below) >>>> https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO >>>> >>>> According to that sample, a user can log into service provider's >>>> site/portal with Identity server's admin credentials. In this case, one can >>>> use admin/admin username/password to log into travelocity.com. >>>> >>>> The question is, can I assume that IS admin is treated as a super user >>>> who can log into all the service providers' web apps / services ? >>>> If not, can somebody explain me why we can use admin credentials in the >>>> above sample ? >>>> >>>> BR >>>> >>>> *Asok Aravinda Perera* >>>> Software Engineer >>>> WSO2, Inc.;http://wso2.com/ >>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> >>>> lean.enterprise.middleware >>>> >>>> Mobile: +94722241032 >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Prasad Tissera > Software Engineer. > Mobile : +94777223444 >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
