On Fri, Feb 20, 2015 at 3:55 PM, Dulanja Liyanage wrote:
> IMO we should have a config like "strictClientCredentialValidation".
>
> true: must validate the credentials,
> false*:* validate only when credentials are available in the request.
>
> And this check should be done before hitting the
> B
+1
Thanks Dulanja and Asela
On Fri, Feb 20, 2015 at 6:53 PM, Asela Pathberiya wrote:
> On Fri, Feb 20, 2015 at 3:55 PM, Dulanja Liyanage
> wrote:
> > IMO we should have a config like "strictClientCredentialValidation".
> >
> > true: must validate the credentials,
> > false: validate only when
On Fri, Feb 20, 2015 at 3:55 PM, Dulanja Liyanage wrote:
> IMO we should have a config like "strictClientCredentialValidation".
>
> true: must validate the credentials,
> false: validate only when credentials are available in the request.
>
> And this check should be done before hitting the BasicA
IMO we should have a config like "strictClientCredentialValidation".
true: must validate the credentials,
false*:* validate only when credentials are available in the request.
And this check should be done before hitting the
BasicAuthClientAuthHandler, at the authentication manager level.
We can
Hi,
I have some concerns regarding JIRA issue [1]
If client credentials are unavailable, is it ok to skip client
authentication process in issue() method
(org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer) for SAML2 bearer
type ?
Also should we give an option for user to select whether cli
