Hi All, I was using $subject to associate federated identity over google and facebook to the local user while configuring SMSOTP and TOTP as the second factor authentication mechanism.
As I noted, for this to work I had to configure the federated claim, as the userAttribute in the authenticator configuration, from which the respective local user will be mapped. Ex: Added below in Google and Facebook case <Parameter name="userAttribute">email</Parameter> 1. The first question is what will happen when multi-option authentication is configured as the first step? I tried with Google and Facebook configured as muti-option in the first step while having 'email' configured as the 'userAttribute'. That worked because in both, there is a federated claim as 'email'. But, what if some other authenticator is configured which will not have 'email' claim and mail address of the user is received over a different claim format ? As I see, the local claim (wso2 claim) should be configured in the authenticator configuration and during the authentication flow, local claim configured in the authenticator config should be picked, and the claim value should be resolved after transforming federated claims received to local dialect (wso2 dialect). 2. Noted, that in each authenticator an additional parameter needs to be configured to denote 'userAttribute' mapping. Is this how (1) above is achieved ? However, the respective configurations in SMSOTP and TOTP with this regard are not consistent. Moreover, I feel transforming back to the local dialect and using that to retrieve the attribute to be mapped is the way to do. With that this becomes a redundant config. 3. For the mapping to happen the claim value resolved should always be the local username. Why not mapping can happen over another unique claim like email ? As I see, we can easily configure this for an ldap, by configuring the 'UserNameSearchFilter' to search users over several attributes. Thanks, Malithi -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 malit...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
