Hi Malithi, This is something I also thought about, but it won't be an option in this case, because something else I didn't say is, we have a customized IS where a user can belong to multiple tenants, and user selects the tenant which (s)he wants to login after the username/password validation. So until the user is identified the application doesn't have a way to identify the tenant of the user.
If this customization wasn't there what you say would be an option for this case. Regards, Johann. On Fri, Jul 20, 2018 at 7:51 AM Malithi Edirisinghe <[email protected]> wrote: > Hi Johann, > > As the customer onboards, which means a tenant onboards in this case, we > can onboard the application for the tenant rather than keeping it SaaS. > That would also be an option I think. It's easy to manage customer > specific authentication sequences for the respective application then. > > Thanks, > Malithi. > > On Thu, Jul 19, 2018 at 11:45 PM, Pulasthi Mahawithana <[email protected] > > wrote: > >> Hi Johann, >> >> If the customers that have their own IdPs is of less amount, we can >> achieve this with an authentication script with the features we already >> have OOTB for IS 5.7.0. >> >> The approach would be, >> >> 1. Configure the outbound authentication to have identifier first >> followed by a step with multiple options representing basic >> authenticator(for customers using IS itself) and customer IDPs. >> 2. At script, get user's identifier first and get the corresponding >> tenant domain. >> 3. Check if there is a customer IdP for above tenant (using some >> mapping maintained internally or at script), if not use local IdP (basic >> auth) as default >> 4. From the script, limit the authentication options of the steps we >> configured, just to use the IdP from step 3. >> >> >> If there are many tenants/customers using their own IDPs, the above >> solution will not be a good one, as it will be hard to configure and >> maintain. For those cases, instead of filtering out options at step 4 >> above, we can write and use a custom function to dynamically inject the IdP >> configured for the tenant at step 3. >> >> On Thu, Jul 19, 2018 at 8:15 PM Johann Nallathamby <[email protected]> >> wrote: >> >>> Ping on this please! >>> >>> On Wed, Jul 18, 2018 at 5:26 PM Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> Hi IAM Team, >>>> >>>> Following is the use case I want to accomplish. But I am not able to >>>> figure out how I would be able to do it. >>>> >>>> I have IS running with multiple tenants. Each tenant is an enterprise >>>> customer of mine. I have a SaaS application registered in super tenant that >>>> all my customers can access. Currently all my customers can login to this >>>> application using their credentials registered in IS. >>>> >>>> What I want be able to do now is, federate the logins to my customer's >>>> on-premise identity provider, so that I don't have to manage separate >>>> passwords for them and the customers' users can use their enterprise >>>> credentials to access my application as well. >>>> >>>> *Condition:* Some customers may still want to continue using IS's >>>> credential store, while some other customers may want to integrate their >>>> on-premise identity providers. >>>> >>>> How could I accomplish this scenario? >>>> >>>> Thanks & Regards, >>>> Johann. >>>> >>>> -- >>>> >>>> *Johann Dilantha Nallathamby* >>>> Senior Lead Solutions Engineer >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile: *+94 77 7776950* >>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>> Medium: *https://medium.com/@johann_nallathamby >>>> <https://medium.com/@johann_nallathamby>* >>>> Twitter: *@dj_nallaa* >>>> >>> >>> >>> -- >>> >>> *Johann Dilantha Nallathamby* >>> Senior Lead Solutions Engineer >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile: *+94 77 7776950* >>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>> <http://www.linkedin.com/in/johann-nallathamby>* >>> Medium: *https://medium.com/@johann_nallathamby >>> <https://medium.com/@johann_nallathamby>* >>> Twitter: *@dj_nallaa* >>> >> >> >> -- >> *Pulasthi Mahawithana* >> Associate Technical Lead >> WSO2 Inc., http://wso2.com/ >> Mobile: +94-71-5179022 >> Blog: https://medium.com/@pulasthi7/ >> >> <https://wso2.com/signature> >> > > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] > -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https://medium.com/@johann_nallathamby>* Twitter: *@dj_nallaa*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
