Hi Sahan, IMO, configuring claims over a claim dialect should be one of the options of selecting a claim mapping dialect. But, we need to validate the use of present 'Service Provider Claim Dialect' option in order to sort this out. @Indunil Upeksha Rathnayake <[email protected]> , Could you please elaborate the use of the service provider claim dialect and why it had been added an a separate config rather than making an option of configuring claim mappings.
On the other hand, we also noted that when the service provider claim dialect is configured without configuring claim mapping from the top config it returns all claims defined in the respective dialect. But, in case, claim mappings are defined along with that, it won't return all but a subset. @Sahan Gunathilaka <[email protected]> , Could you please post the exact observation of above behaviour. Thanks, Malithi. On Wed, Nov 14, 2018 at 10:20 AM Sahan Gunathilaka <[email protected]> wrote: > Hi All, > > I am currently having a requirement such as, SP can request specific > claims from an IdP. Then, IdP should issue those requested claims using a > specific claim dialect. (SP and IdP both request and issue claims based on > the same external claim dialect) > > Let’s say I have an external claim dialect named as “ > http://incommon.org/claims”. When an SP is configured into Identity > Server, SP should be able to select its Service Provider Claim Dialect as > http://incommon.org/claims. Then, it should be able to select requested > claims from that dialect. > > In this case, I have tried the existing feature in the IS. But there are > mainly two methods to configure claim dialect for SP as below. > > > 1. Use Local Claim Dialect > > Here, can be configured the required external claim dialect for SP, but > there is no any mean to configure Requested Claims using the same > dialect. It only lets to select requested claims from local dialect. > Therefore, IdP can not recognize what claims should be issued. Following is > the available UI illustration for this. > > > > 2. Define Custom Claim Dialect > Here, can be configured any name as SP requested and also need to select > matching Local Claim from the local claim dialect. No any use of existing > dialects. But, if there is a dialect configured under “Service Provider > Claim Dialect” claims from the selected dialect are also issued by the > IdP. Following is the available UI illustration for this. > > > As my point of view, there is no way to fulfill my requirement (Mentioned > in the beginning) from both of this two methods. My idea is that there > should be a way to select Service Provider Claim Dialect from existing > claim dialects and then Requested Claims can be selected from that > dialect as SP needs. Also I have another concern that, although there is > “Service Provider Claim Dialect” option in UI for both of above two > methods, is there any correlation for them with this option? > > Can anyone please suggest some ideas on this? > Thank you > Best Regards! > > -- > *Sahan Gunathilaka* > Intern - Software Engineering > *WSO2* > mobile: +94776343266 > > [image: http://wso2.com/signature] > -- *Malithi Edirisinghe* Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
