Hi Johann, As the customer onboards, which means a tenant onboards in this case, we can onboard the application for the tenant rather than keeping it SaaS. That would also be an option I think. It's easy to manage customer specific authentication sequences for the respective application then.
Thanks, Malithi. On Thu, Jul 19, 2018 at 11:45 PM, Pulasthi Mahawithana <[email protected]> wrote: > Hi Johann, > > If the customers that have their own IdPs is of less amount, we can > achieve this with an authentication script with the features we already > have OOTB for IS 5.7.0. > > The approach would be, > > 1. Configure the outbound authentication to have identifier first > followed by a step with multiple options representing basic > authenticator(for customers using IS itself) and customer IDPs. > 2. At script, get user's identifier first and get the corresponding > tenant domain. > 3. Check if there is a customer IdP for above tenant (using some > mapping maintained internally or at script), if not use local IdP (basic > auth) as default > 4. From the script, limit the authentication options of the steps we > configured, just to use the IdP from step 3. > > > If there are many tenants/customers using their own IDPs, the above > solution will not be a good one, as it will be hard to configure and > maintain. For those cases, instead of filtering out options at step 4 > above, we can write and use a custom function to dynamically inject the IdP > configured for the tenant at step 3. > > On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby <[email protected]> > wrote: > >> Ping on this please! >> >> On Wed, Jul 18, 2018 at 5:26 PM Johann Nallathamby <[email protected]> >> wrote: >> >>> Hi IAM Team, >>> >>> Following is the use case I want to accomplish. But I am not able to >>> figure out how I would be able to do it. >>> >>> I have IS running with multiple tenants. Each tenant is an enterprise >>> customer of mine. I have a SaaS application registered in super tenant that >>> all my customers can access. Currently all my customers can login to this >>> application using their credentials registered in IS. >>> >>> What I want be able to do now is, federate the logins to my customer's >>> on-premise identity provider, so that I don't have to manage separate >>> passwords for them and the customers' users can use their enterprise >>> credentials to access my application as well. >>> >>> *Condition:* Some customers may still want to continue using IS's >>> credential store, while some other customers may want to integrate their >>> on-premise identity providers. >>> >>> How could I accomplish this scenario? >>> >>> Thanks & Regards, >>> Johann. >>> >>> -- >>> >>> *Johann Dilantha Nallathamby* >>> Senior Lead Solutions Engineer >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile: *+94 77 7776950* >>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>> <http://www.linkedin.com/in/johann-nallathamby>* >>> Medium: *https://medium.com/@johann_nallathamby >>> <https://medium.com/@johann_nallathamby>* >>> Twitter: *@dj_nallaa* >>> >> >> >> -- >> >> *Johann Dilantha Nallathamby* >> Senior Lead Solutions Engineer >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile: *+94 77 7776950* >> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >> <http://www.linkedin.com/in/johann-nallathamby>* >> Medium: *https://medium.com/@johann_nallathamby >> <https://medium.com/@johann_nallathamby>* >> Twitter: *@dj_nallaa* >> > > > -- > *Pulasthi Mahawithana* > Associate Technical Lead > WSO2 Inc., http://wso2.com/ > Mobile: +94-71-5179022 > Blog: https://medium.com/@pulasthi7/ > > <https://wso2.com/signature> > -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
