Hi Damith, Using isFederated field for this purpose seems not meaningful when it has value "ALL". Either we may need to change the name of the filed and at the same time we need to change the type of the field as well.
I would rather suggest to use field "identityProvider" for this purpose. Currently for the final event we sent out from the framework, IdentityProvider is not defined. We can use this field to communicate the type of Identity Provider we used. For an example, if all the IDPs are federated we can use "FEDERATED", if all the IDPs are local we can use "LOCAL" and if both cases are involved we can use "FEDERATED,LOCAL". From analytics side does this have any concerns ?. Or else we can introduce a new field for this. WDYT ? On Fri, Jun 17, 2016 at 6:50 PM, Damith Wickramasinghe <[email protected]> wrote: > Hi All, > > According to our design for authentication dashboard we have two views > which are the federated view and resident view. Both view has a gadget > which shows overall authentication success and failure count. > > Issue arises when a user logs in using multi step authentication which > comprise of both resident and federated authenticators. Previously we > identified overall authentication success using the event sent by the > framework IF all the step authenticators are success. > > Eg:- If user authenticates with two step authenticators which are type of > local then for the DAS side we are receiving three events from the > corresponding authenticator and the framework. To identify that this is a > not a federated authentication scenario from IS side a boolean attribute is > sent as isFederated which is false for above scenario. > > So in the resident view we will have overall authentication count as 1. > > But if user authenticates with two authenticators which are of local and > federated then again we receive three events but for the event which is > sent from framework , the isFederated value is *False*. So we have a > issue of showing overall authentication count for federated view because of > this. > > So the proposing solution is to check if a certain authentication attempt > involves federated authenticators and if its the case send a String value > of "ALL" for isFederated attribute or True or False respectively. > > So following above if the user authenticates with two step authentication > of federated and local(Success scenario) we show in both views that in > overall, user has one authentication success attempt. > > Please raise any concerns on this. > > Regards, > Damith. > > > -- > Software Engineer > WSO2 Inc.; http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > lean.enterprise.middleware > > mobile: *+94728671315 <%2B94728671315>* > > -- Hasintha Indrajee Software Engineer WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
