Noted. Vivekananthan Sivanayagam Software Engineer | WSO2 E:vivekanant...@wso2.com M:+94752786138
On Wed, Apr 19, 2017 at 11:23 AM, Ruwan Abeykoon <ruw...@wso2.com> wrote: > Hi All, > Thanks Vivekananthan to bring this up. > > Also any code resembling the following needs to be removed as it performs > an unwanted action against IDP config. It sets a config on IDP within an > authenticator, which is wrong practice in programming which breaks > "Abstraction" principle. > if (StringUtils.isBlank(context.getExternalIdP().getIdentityPro > vider().getClaimConfig().getUserClaimURI())) { > context.getExternalIdP().getId > entityProvider().getClaimConfig().setUserClaimURI > (FacebookAuthenticatorConstants.EMAIL); > } > > Instead we should adopt something similar to > ... > //Find the subject from the IDP claim mapping, subject Claim URI. > String subjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims( > context.getExternalIdP().getIdentityProvider(), > claims); > > //Use preset claim URI on the Authenticator if claim mapping is not > defined by the admin > if (StringUtils.isBlank(subjectFromClaims)) { > ClaimMapping claimMapping = new ClaimMapping(); > Claim claim = new Claim(); > claim.setClaimUri(FacebookAuthenticatorConstants.EMAIL)); //Use > the appropriate claim uri > claimMapping.setRemoteClaim(claim); > claimMapping.setLocalClaim(claim); > subjectFromClaims = claimMappings.get(claimMapping); > } > > And make the above code reusable across all connectors, either by adding > them to base class or having a util method somewhere. > > Cheers, > Ruwan > > > On Wed, Apr 19, 2017 at 10:34 AM, Nuwandi Wickramasinghe < > nuwan...@wso2.com> wrote: > >> Ideally any Federated authenticator should give the flexibility to >> configure the subject claim from IS side. If admin selects a value as *User >> ID Claim URI *in the identity provider claim configuration, that >> selected value needs to be treated as subject of that authenticated user >> within the IS. >> >> By hard coding a subject without checking *User ID Claim URI * >> configuration in the identity provider, that authenticator removes that >> flexibility and totally neglects the configuration. >> >> Following method in FrameworkUtils is used to read the configured user Id >> claim from Identity Provider configuration. >> >> FrameworkUtils.getFederatedSubjectFromClaims(IdentityProvider >> identityProvider, Map<ClaimMapping, String> claimMappings); >> >> On Wed, Apr 19, 2017 at 9:43 AM, Malaka Silva <mal...@wso2.com> wrote: >> >>> IS Team, >>> >>> Can you please comment on this? >>> >>> On Wed, Apr 19, 2017 at 9:40 AM, Vivekananthan Sivanayagam < >>> vivekanant...@wso2.com> wrote: >>> >>>> Hi , >>>> >>>> I am working on the ticket[1] and analysed the existing authenticators. >>>> As mentioned on the ticket, default subject identifier claim is hard >>>> coded[2] and have to modify the existing authenticators as implemented in >>>> Facebook authenticator >>>> [3][4]. >>>> >>>> @Malaka, >>>> If we have to improve the authenticator as mentioned above, it would be >>>> better if we include this improvement in Pinterest Authenticator before >>>> getting released. can you confirm it? >>>> >>> IMHO better to add this any new federated authenticator before releasing >> it. >> >>> >>>> [1] https://wso2.org/jira/projects/ISCONNECT/issues/ISCONNEC >>>> T-49?filter=allopenissues >>>> [2] https://github.com/wso2-extensions/identity-outbound-aut >>>> h-linkedIn/blob/master/component/src/main/java/org/wso2/carb >>>> on/identity/authenticator/linkedIn/LinkedInAuthenticator.java#L281 >>>> [3] https://github.com/wso2-extensions/identity-outbound-aut >>>> h-facebook/blob/master/components/org.wso2.carbon.identity.a >>>> pplication.authenticator.facebook/src/main/java/org/wso2/car >>>> bon/identity/application/authenticator/facebook/FacebookAuth >>>> enticator.java#L352 >>>> [4] https://docs.wso2.com/display/IS530/Logging+in+to+the+Id >>>> entity+Server+using+Facebook+Credentials#LoggingintotheIdent >>>> ityServerusingFacebookCredentials-ConfiguringclaimmappingsforFacebook >>>> >>>> >>>> Thanks, >>>> >>>> Vivekananthan Sivanayagam >>>> Software Engineer | WSO2 >>>> E:vivekanant...@wso2.com >>>> M:+94752786138 <075%20278%206138> >>>> >>> >>> >>> >>> -- >>> >>> Best Regards, >>> >>> Malaka Silva >>> Associate Director / Architect >>> M: +94 777 219 791 <+94%2077%20721%209791> >>> Tel : 94 11 214 5345 >>> Fax :94 11 2145300 >>> Skype : malaka.sampath.silva >>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >>> Blog : http://mrmalakasilva.blogspot.com/ >>> >>> WSO2, Inc. >>> lean . enterprise . middleware >>> https://wso2.com/signature >>> http://www.wso2.com/about/team/malaka-silva/ >>> <http://wso2.com/about/team/malaka-silva/> >>> https://store.wso2.com/store/ >>> >>> Don't make Trees rare, we should keep them with care >>> >> >> >> >> -- >> >> Best Regards, >> >> Nuwandi Wickramasinghe >> >> Software Engineer >> >> WSO2 Inc. >> >> Web : http://wso2.com >> >> Mobile : 0719214873 >> > > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev