[WSO2 IS] Clarification on Claim Configuration in Service Provider

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[WSO2 IS] Clarification on Claim Configuration in Service Provider

Dilshani Subasinghe
Hi All,

I am working on scenario 17 (Single Page Application (SPA) proxy) [1].

In this scenario, I configure SP with OAuth 2.0 authorization code grant.  So I try out claims configurations in SP side. While testing that, noticed different behaviors in IS while requesting mandatory claims as follows;




Above screenshot also showing that only requesting one claim (department), while it configured two mandatory claims in SP.

I need to clarify exact way of requesting claims. Is that going to handle by IS or by web app? If it is going to handle by IS, it should show all mandatory claims. We tried claim mapping in SP with Travelocity and it works fine.
According to this scenario, I have to use Single Page Application [2]. Hence bit confuse about the functionality (Whether this is a limitation of SPA or issue in IS). 

Any help on this will be highly appreciated.


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [WSO2 IS] Clarification on Claim Configuration in Service Provider

Omindu Rathnaweera
Hi Dilshani,

If you have marked a requested claim in SP claim configs as mandatory, IS will prompt this page if the claim is not available for the user in the user store and it's not specific to the SPA. In your case, for the authenticated user 'department' claim value is not available in the user store hence the prompt. Refer 'Information on mapping claims' section in [1] for a detailed explanation on mandatory claims.


Regards,
Omindu.

On Wed, Dec 13, 2017 at 3:57 PM, Dilshani Subasinghe <[hidden email]> wrote:
Hi All,

I am working on scenario 17 (Single Page Application (SPA) proxy) [1].

In this scenario, I configure SP with OAuth 2.0 authorization code grant.  So I try out claims configurations in SP side. While testing that, noticed different behaviors in IS while requesting mandatory claims as follows;




Above screenshot also showing that only requesting one claim (department), while it configured two mandatory claims in SP.

I need to clarify exact way of requesting claims. Is that going to handle by IS or by web app? If it is going to handle by IS, it should show all mandatory claims. We tried claim mapping in SP with Travelocity and it works fine.
According to this scenario, I have to use Single Page Application [2]. Hence bit confuse about the functionality (Whether this is a limitation of SPA or issue in IS). 

Any help on this will be highly appreciated.

[1] https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389

Thanks.

--

Dilshani Subasinghe
Software Engineer - QA | WSO2
lean | enterprise | middleware 

Mobile : <a href="tel:+94%2077%20337%205185" value="+94773375185" target="_blank">+94773375185
Blog    : dilshani.me





--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [WSO2 IS] Clarification on Claim Configuration in Service Provider

tharindue
Hi Dilshani,

The blog post [1] would be useful for you which is exactly the same scenario that you have faced. An example OAuth flow is explained in [2].

On Wed, Dec 13, 2017 at 7:50 AM, Omindu Rathnaweera <[hidden email]> wrote:
Hi Dilshani,

If you have marked a requested claim in SP claim configs as mandatory, IS will prompt this page if the claim is not available for the user in the user store and it's not specific to the SPA. In your case, for the authenticated user 'department' claim value is not available in the user store hence the prompt. Refer 'Information on mapping claims' section in [1] for a detailed explanation on mandatory claims.


Regards,
Omindu.

On Wed, Dec 13, 2017 at 3:57 PM, Dilshani Subasinghe <[hidden email]> wrote:
Hi All,

I am working on scenario 17 (Single Page Application (SPA) proxy) [1].

In this scenario, I configure SP with OAuth 2.0 authorization code grant.  So I try out claims configurations in SP side. While testing that, noticed different behaviors in IS while requesting mandatory claims as follows;




Above screenshot also showing that only requesting one claim (department), while it configured two mandatory claims in SP.

I need to clarify exact way of requesting claims. Is that going to handle by IS or by web app? If it is going to handle by IS, it should show all mandatory claims. We tried claim mapping in SP with Travelocity and it works fine.
According to this scenario, I have to use Single Page Application [2]. Hence bit confuse about the functionality (Whether this is a limitation of SPA or issue in IS). 

Any help on this will be highly appreciated.

[1] https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389

Thanks.

--

Dilshani Subasinghe
Software Engineer - QA | WSO2
lean | enterprise | middleware 

Mobile : <a href="tel:+94%2077%20337%205185" value="+94773375185" target="_blank">+94773375185
Blog    : dilshani.me





--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20119%207211" value="+94771197211" target="_blank">+94 771 197 211



--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [WSO2 IS] Clarification on Claim Configuration in Service Provider

Dilshani Subasinghe
@Omindu - Thanks for the explanation and understood the point.

@Tharindu - Thanks and will refer them.

On Thu, Dec 14, 2017 at 3:22 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Dilshani,

The blog post [1] would be useful for you which is exactly the same scenario that you have faced. An example OAuth flow is explained in [2].

On Wed, Dec 13, 2017 at 7:50 AM, Omindu Rathnaweera <[hidden email]> wrote:
Hi Dilshani,

If you have marked a requested claim in SP claim configs as mandatory, IS will prompt this page if the claim is not available for the user in the user store and it's not specific to the SPA. In your case, for the authenticated user 'department' claim value is not available in the user store hence the prompt. Refer 'Information on mapping claims' section in [1] for a detailed explanation on mandatory claims.


Regards,
Omindu.

On Wed, Dec 13, 2017 at 3:57 PM, Dilshani Subasinghe <[hidden email]> wrote:
Hi All,

I am working on scenario 17 (Single Page Application (SPA) proxy) [1].

In this scenario, I configure SP with OAuth 2.0 authorization code grant.  So I try out claims configurations in SP side. While testing that, noticed different behaviors in IS while requesting mandatory claims as follows;




Above screenshot also showing that only requesting one claim (department), while it configured two mandatory claims in SP.

I need to clarify exact way of requesting claims. Is that going to handle by IS or by web app? If it is going to handle by IS, it should show all mandatory claims. We tried claim mapping in SP with Travelocity and it works fine.
According to this scenario, I have to use Single Page Application [2]. Hence bit confuse about the functionality (Whether this is a limitation of SPA or issue in IS). 

Any help on this will be highly appreciated.

[1] https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389

Thanks.

--

Dilshani Subasinghe
Software Engineer - QA | WSO2
lean | enterprise | middleware 

Mobile : <a href="tel:+94%2077%20337%205185" value="+94773375185" target="_blank">+94773375185
Blog    : dilshani.me





--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20119%207211" value="+94771197211" target="_blank">+94 771 197 211



--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Dilshani Subasinghe
Software Engineer - QA | WSO2
lean | enterprise | middleware 

Mobile : +94773375185
Blog    : dilshani.me



_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev