On Tue, Mar 27, 2018 at 4:32 AM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi Indunil, > > On Sun, Mar 25, 2018 at 9:50 PM, Indunil Upeksha Rathnayake < > indu...@wso2.com> wrote: > >> Hi, >> >> Please find the following information on current implementation of >> consent management in IS 5.5.0. >> >> - Claims to populate in the consent page, will be retrieved from the >> claim mapping configuration in SP (i.e. claims which is configured as >> requested). >> - If the claims configured in SP are mentioned as mandatory (i.e. >> without those claims application cannot work), consent MUST be given by >> user, to proceed. >> - When user have provided the consent first time, consent receipt >> will be generated for that application and for that user. Then after >> consent page will be shown, if there are any more mandatory claims which >> user has not provided the consent to share with the application. >> - If there are no SP configurations, consider that as a federated >> scenario and populate all the authenticated user attributes as mandatory >> claims in the consent. >> >> >> Following is the suggested approach for handling consent management when >> the requested claims are send dynamically from the authentication request. >> >> - *Requested/Mandatory claims are only configured in SP* >> >> >> - Populate all the claims configured in SP, in the consent page. >> >> >> - *Requested/Mandatory claims are not configured in SP and requested >> in authentication request* >> >> >> - From framework, set all the requested attributes to the >> authenticated user (i.e. values as null for the attributes which are >> not >> available for the user) and set the required property of the claims to >> true/false. >> >> >> - In the consent service, validate the required property and populate >> the consent page. Since mandatory is a property which we have >> introduced in >> IS, that won't be affected for the requested claims in authentication >> request. >> >> >> - All the requested claims in authentication request will be >> populated in the consent page whether user have a attribute value or >> not. >> >> >> - We assume that all the user attributes for which the user consent >> is needed, will be send in the first authentication request. For later >> requests, consent page will not be shown. This is because, consent page >> will be populated only for mandatory claims, if a consent receipt is >> available for the user. >> >> > What is the expected bahavour if an addional claim is requiested in later > requests. (Not in the first request). In that case,I think we can popup > consent for that claim only. > The consent page will be pop up only if that additional claim is a mandatory one. But for the requested claims in authentication request, we can't enforce mandatory property from IS. > > Thanks > Isura. > >> >> - >> >> >> - Filter out and remove the null user attribute values from framework >> and send to the inbound component or can be handled null values in >> inbound >> component. >> >> >> - Federated claims will also be treated same way as above. >> >> >> - *Requested/Mandatory claims are configured in SP and requested in >> authentication request* >> >> >> - Populate all the claims configured in SP, in the consent page. >> >> >> - Here we will be not considering about the requested claims in the >> request when showing the consent page. >> >> >> Appreciate your suggestions and comments on this. >> >> Thanks and Regards >> -- >> Indunil Upeksha Rathnayake >> Software Engineer | WSO2 Inc >> Email indu...@wso2.com >> Mobile 0772182255 >> > > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > -- Indunil Upeksha Rathnayake Software Engineer | WSO2 Inc Email indu...@wso2.com Mobile 0772182255
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
