Hi Isuri, This is possible by writing a custom claim handler [1]. There, once the user is authenticated, the user claims are available in the claims map. Then you can find the particular claim and invoke the external service to gather the other claims and add those extra claims also to the same map. Then your client app will receive all the claims together. (note that the claim handler globally affects all service providers and if you need to apply the changes only to a particular service provider, then you may check the SP name before executing this logic).
Let us know if you face any difficulty when implementing this, so we can assist you. [1] https://docs.wso2.com/display/IS540/Writing+a+Custom+Claim+Handler Thanks, Tharindu Ediririsinghe On Tue, Jul 10, 2018 at 7:45 AM Isurianuradha96 <[email protected]> wrote: > Hi all, > > I have come up with a scenario in WSO2IS which is required to first user > needs to authenticate with primary usestore and get authenticated user's > attributes. From user attributes list, I need to get a specific attribute > which is pre-configured by the end user and then call > an external web-service to obtain external claims. Thereafter, this > external claim's values should be used in the response object to send to > the client application. > > I have been trying to achieve this task by configuring two authentication > steps in WSO2IS 5.4.0. As the first step, I used the basic local > authenticator to authenticate the user via primary usestore. As the next > step, I configured a custom federated authenticator which is implemented to > call the external web service. In the second step, I need to get the user's > attributes from the first step but I was not able to find a way to achieve > this. I have been looking into the AuthenticationContext object to find the > relevant attributes but I only found the subject identifier value of the > authenticated user. According to my requirement, either subject identifier > is needed to configure from the first step or searching through the > pre-configured attribute from the attribute list which is received from the > first step. My question is, is there any way to get the authenticated > user's attribute list from the custom federated authenticator via > AuthenticationContext object? > > If my above approach is not doable, please explain me to an alternative > method to achieve this. > > Thank you. > > -- > Kind Regards, > Isuri Anuradha. > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Tharindu Edirisinghe Associate Technical Lead | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
