Hi Angelo, On Wed, Nov 13, 2019 at 4:44 PM Angelo Immediata <[email protected]> wrote:
> Hello Ashen > > I just verified again and I can confirm that by passing from APP1 to APP2, > WSO2 IS passes to APP2 only the requested claims. > > Sorry for bothering you :) > Glad to hear that you got it working! Thanks, Ashen > > Cheers, > Angelo > > Il giorno mer 13 nov 2019 alle ore 05:35 Ashen Weerathunga <[email protected]> > ha scritto: > >> Hi Angelo, >> >> On Mon, Nov 11, 2019 at 11:18 PM Angelo Immediata <[email protected]> >> wrote: >> >>> Hi There >>> I'm using WSO2 IS version 5.8.0 and 5.9.0 >>> >>> Let's suppose the following scenario: I have an external SAML IdP. This >>> external IdP can give me the following fields: >>> >>> - name >>> - familyName >>> - userIdentity >>> - address >>> >>> Lets' suppose that I have 2 service provider. One configured in order to >>> get WSO2 claims name and familyName and the other in order to get >>> userIdentity and address. >>> >>> Now I go on my App1 (configured by using Service Provider 1) and I login >>> by using the external IdP and I can get the name and familyName attribute. >>> Then i switch to App2 without making logout. Obviously WSO2 doesn't ask to >>> me to login but it sends to the APP2 also the App1 params (e.g. claims) and >>> not only the claims required by App2 >>> >>> Is there any way to avoid this situation? I simply want the following: >>> I login by using external IdP >>> >>> - Eternal IdP gives to me all the required attributes >>> - WSO2 by using the full list attribute returned by the external IdP >>> passes to the APP1 attribute name and familyName. When I switch to App2, >>> WSO2 will give to me only userIdentity and address and not also the other >>> ones... >>> >>> Is it possible? >>> >> >> Ideally, it should only send the requested claims of the APP2 when you >> log in to the APP2. >> >> If you have set the subject attribute of APP2 as familyName, you will >> receive the familyName as well. Also, try changing the requested attribute >> of APP1 to another attribute and check whether you can observe the same >> pattern. >> >> Thanks, >> Ashen >> >> >>> >>> Thank you >>> Angelo >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> Ashen Weerathunga | Senior Software Engineer | WSO2 Inc. >> (m) +94716042995 | (w) +94112145345 | Email: [email protected] >> <http://wso2.com/signature> >> >> >> -- Ashen Weerathunga | Senior Software Engineer | WSO2 Inc. (m) +94716042995 | (w) +94112145345 | Email: [email protected] <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
