Hi Ishara, On Mon, Aug 8, 2016 at 3:29 PM, Ishara Karunarathna <isha...@wso2.com> wrote:
> Hi Lahiru. > > > Its not the admin user.User trying to do this operation should have enough > permission to do this. > This is something we need to clarify. Not only XACML policy create/update/view. Publisher user need to add/update/delete service providers as well. This happens internally by calling to admin services provided by IdP. Requirement is, we don't have admin credentials stored for each tenant space. Is there a way we can create the SP and XACML policies in each tenant space. We thought if we get a cookie using *SAML2SSOAuthenticator *we can pass that cookie to admin service and call relevant operations. But seems that's not a solution for issue ? Regards, Dinusha. > > Use > > > > *entitlement/policy/view* > > Add this permission to the user who is trying to view those policies. > > > BR, > > Ishara > > > On Mon, Aug 8, 2016 at 3:20 PM, Lahiru Cooray <lahi...@wso2.com> wrote: > >> + [DEV] >> >> On Mon, Aug 8, 2016 at 3:19 PM, Lahiru Cooray <lahi...@wso2.com> wrote: >> >>> Hi all, >>> >>> *Current behaviour:* >>> Currently in AppM, when we are creating XACML policies/Service Providers >>> via IS admin services, we are providing the super tenant admin credentials >>> (where the credentials are stored in a config) to get authenticated. >>> Further, XACML policies/Service providers are only created in super tenant >>> and marked as a SAAS app to be used in tenants. >>> >>> *Problem:* >>> As we are moving for AppM - Cloud integration, we are trying to deploy >>> these in relevant tenant spaces. So as a solution we have tried to use >>> *SAML2SSOAuthenticator*[1] (retrieving a cookie passing the SAML >>> response and use the same in subsequent service calls) but figured that >>> this is not applicable for non admin users. >>> (*eg:* In AppM user story, non admin users should be allowed to create >>> apps with XAML policies) >>> >>> Any suggestions for this would be highly appreciated! >>> >>> >>> [1] https://github.com/wso2/carbon-identity/blob/8cd996c1dc6 >>> d9e7c0df491322af6e9ddf1cf3709/components/carbon-authenticato >>> rs/saml2-sso-authenticator/org.wso2.carbon.identity.authenti >>> cator.saml2.sso/src/main/java/org/wso2/carbon/identity/ >>> authenticator/saml2/sso/SAML2SSOAuthenticator.java >>> >>> -- >>> *Lahiru Cooray* >>> Software Engineer >>> WSO2, Inc.;http://wso2.com/ >>> lean.enterprise.middleware >>> >>> Mobile: +94 715 654154 >>> >> >> >> >> -- >> *Lahiru Cooray* >> Software Engineer >> WSO2, Inc.;http://wso2.com/ >> lean.enterprise.middleware >> >> Mobile: +94 715 654154 >> > > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev