Hi Johann, If the customers that have their own IdPs is of less amount, we can achieve this with an authentication script with the features we already have OOTB for IS 5.7.0.
The approach would be, 1. Configure the outbound authentication to have identifier first followed by a step with multiple options representing basic authenticator(for customers using IS itself) and customer IDPs. 2. At script, get user's identifier first and get the corresponding tenant domain. 3. Check if there is a customer IdP for above tenant (using some mapping maintained internally or at script), if not use local IdP (basic auth) as default 4. From the script, limit the authentication options of the steps we configured, just to use the IdP from step 3. If there are many tenants/customers using their own IDPs, the above solution will not be a good one, as it will be hard to configure and maintain. For those cases, instead of filtering out options at step 4 above, we can write and use a custom function to dynamically inject the IdP configured for the tenant at step 3. On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby <[email protected]> wrote: > Ping on this please! > > On Wed, Jul 18, 2018 at 5:26 PM Johann Nallathamby <[email protected]> > wrote: > >> Hi IAM Team, >> >> Following is the use case I want to accomplish. But I am not able to >> figure out how I would be able to do it. >> >> I have IS running with multiple tenants. Each tenant is an enterprise >> customer of mine. I have a SaaS application registered in super tenant that >> all my customers can access. Currently all my customers can login to this >> application using their credentials registered in IS. >> >> What I want be able to do now is, federate the logins to my customer's >> on-premise identity provider, so that I don't have to manage separate >> passwords for them and the customers' users can use their enterprise >> credentials to access my application as well. >> >> *Condition:* Some customers may still want to continue using IS's >> credential store, while some other customers may want to integrate their >> on-premise identity providers. >> >> How could I accomplish this scenario? >> >> Thanks & Regards, >> Johann. >> >> -- >> >> *Johann Dilantha Nallathamby* >> Senior Lead Solutions Engineer >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile: *+94 77 7776950* >> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >> <http://www.linkedin.com/in/johann-nallathamby>* >> Medium: *https://medium.com/@johann_nallathamby >> <https://medium.com/@johann_nallathamby>* >> Twitter: *@dj_nallaa* >> > > > -- > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile: *+94 77 7776950* > LinkedIn: *http://www.linkedin.com/in/johann-nallathamby > <http://www.linkedin.com/in/johann-nallathamby>* > Medium: *https://medium.com/@johann_nallathamby > <https://medium.com/@johann_nallathamby>* > Twitter: *@dj_nallaa* > -- *Pulasthi Mahawithana* Associate Technical Lead WSO2 Inc., http://wso2.com/ Mobile: +94-71-5179022 Blog: https://medium.com/@pulasthi7/ <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
