Noted.
Vivekananthan Sivanayagam
Software Engineer | WSO2
E:vivekanant...@wso2.com
M:+94752786138
On Wed, Apr 19, 2017 at 11:23 AM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
> Hi All,
> Thanks Vivekananthan to bring this up.
>
> Also any code resembling the following needs to be removed as it performs
> an unwanted action against IDP config. It sets a config on IDP within an
> authenticator, which is wrong practice in programming which breaks
> "Abstraction" principle.
> if (StringUtils.isBlank(context.getExternalIdP().getIdentityPro
> vider().getClaimConfig().getUserClaimURI())) {
> context.getExternalIdP().getId
> entityProvider().getClaimConfig().setUserClaimURI
> (FacebookAuthenticatorConstants.EMAIL);
> }
>
> Instead we should adopt something similar to
> ...
> //Find the subject from the IDP claim mapping, subject Claim URI.
> String subjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims(
> context.getExternalIdP().getIdentityProvider(),
> claims);
>
> //Use preset claim URI on the Authenticator if claim mapping is not
> defined by the admin
> if (StringUtils.isBlank(subjectFromClaims)) {
> ClaimMapping claimMapping = new ClaimMapping();
> Claim claim = new Claim();
> claim.setClaimUri(FacebookAuthenticatorConstants.EMAIL)); //Use
> the appropriate claim uri
> claimMapping.setRemoteClaim(claim);
> claimMapping.setLocalClaim(claim);
> subjectFromClaims = claimMappings.get(claimMapping);
> }
>
> And make the above code reusable across all connectors, either by adding
> them to base class or having a util method somewhere.
>
> Cheers,
> Ruwan
>
>
> On Wed, Apr 19, 2017 at 10:34 AM, Nuwandi Wickramasinghe <
> nuwan...@wso2.com> wrote:
>
>> Ideally any Federated authenticator should give the flexibility to
>> configure the subject claim from IS side. If admin selects a value as *User
>> ID Claim URI *in the identity provider claim configuration, that
>> selected value needs to be treated as subject of that authenticated user
>> within the IS.
>>
>> By hard coding a subject without checking *User ID Claim URI *
>> configuration in the identity provider, that authenticator removes that
>> flexibility and totally neglects the configuration.
>>
>> Following method in FrameworkUtils is used to read the configured user Id
>> claim from Identity Provider configuration.
>>
>> FrameworkUtils.getFederatedSubjectFromClaims(IdentityProvider
>> identityProvider, Map<ClaimMapping, String> claimMappings);
>>
>> On Wed, Apr 19, 2017 at 9:43 AM, Malaka Silva <mal...@wso2.com> wrote:
>>
>>> IS Team,
>>>
>>> Can you please comment on this?
>>>
>>> On Wed, Apr 19, 2017 at 9:40 AM, Vivekananthan Sivanayagam <
>>> vivekanant...@wso2.com> wrote:
>>>
>>>> Hi ,
>>>>
>>>> I am working on the ticket[1] and analysed the existing authenticators.
>>>> As mentioned on the ticket, default subject identifier claim is hard
>>>> coded[2] and have to modify the existing authenticators as implemented in
>>>> Facebook authenticator
>>>> [3][4].
>>>>
>>>> @Malaka,
>>>> If we have to improve the authenticator as mentioned above, it would be
>>>> better if we include this improvement in Pinterest Authenticator before
>>>> getting released. can you confirm it?
>>>>
>>> IMHO better to add this any new federated authenticator before releasing
>> it.
>>
>>>
>>>> [1] https://wso2.org/jira/projects/ISCONNECT/issues/ISCONNEC
>>>> T-49?filter=allopenissues
>>>> [2] https://github.com/wso2-extensions/identity-outbound-aut
>>>> h-linkedIn/blob/master/component/src/main/java/org/wso2/carb
>>>> on/identity/authenticator/linkedIn/LinkedInAuthenticator.java#L281
>>>> [3] https://github.com/wso2-extensions/identity-outbound-aut
>>>> h-facebook/blob/master/components/org.wso2.carbon.identity.a
>>>> pplication.authenticator.facebook/src/main/java/org/wso2/car
>>>> bon/identity/application/authenticator/facebook/FacebookAuth
>>>> enticator.java#L352
>>>> [4] https://docs.wso2.com/display/IS530/Logging+in+to+the+Id
>>>> entity+Server+using+Facebook+Credentials#LoggingintotheIdent
>>>> ityServerusingFacebookCredentials-ConfiguringclaimmappingsforFacebook
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Vivekananthan Sivanayagam
>>>> Software Engineer | WSO2
>>>> E:vivekanant...@wso2.com
>>>> M:+94752786138 <075%20278%206138>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Best Regards,
>>>
>>> Malaka Silva
>>> Associate Director / Architect
>>> M: +94 777 219 791 <+94%2077%20721%209791>
>>> Tel : 94 11 214 5345
>>> Fax :94 11 2145300
>>> Skype : malaka.sampath.silva
>>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
>>> Blog : http://mrmalakasilva.blogspot.com/
>>>
>>> WSO2, Inc.
>>> lean . enterprise . middleware
>>> https://wso2.com/signature
>>> http://www.wso2.com/about/team/malaka-silva/
>>> <http://wso2.com/about/team/malaka-silva/>
>>> https://store.wso2.com/store/
>>>
>>> Don't make Trees rare, we should keep them with care
>>>
>>
>>
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873
>>
>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
