[prev in list] [next in list] [prev in thread] [next in thread]
List: esb-java-dev
Subject: Re: [Dev] Step to retrive username to find out phone number in SMSOTP
From: Hasintha Indrajee <hasintha () wso2 ! com>
Date: 2016-12-20 7:52:22
Message-ID: CA+1kBOj_3j=Bnn61XoajCZWTJckSb6S8zJ6wJL1SCJ6L5Q435A () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Previous step is just a special case for "any step". So the correct
behaviour should be it I guess.
On Tue, Dec 20, 2016 at 12:46 PM, Kathees Rajendram <kathees@wso2.com>
wrote:
> Hi Hasintha,
>
> In first step of two factor authenticators (SMS OTP, TOTP, Email OTP,
> etc), we get user name from previous step. Since you have a requirement to
> configure multi step authentication with SMS OTP authenticator and select
> the step as an option, we need to introduce a new parameter in
> application-authenticator.xml for each authenticators to select the step
> and improve.
>
> Thanks,
> Kathees
>
> On Tue, Dec 20, 2016 at 12:00 PM, Hasintha Indrajee <hasintha@wso2.com>
> wrote:
>
>> Hi all,
>>
>> When I go through SMSOTP, found out that we are getting authenticated
>> user from the *previous* step which causes to loose the flexibility to
>> get the user from any other step. I think this is not the correct behaviour
>> and the behaviour should be like following.
>>
>> We need to find a local user before sending out mobile verification code
>> to the mobile number which is associated with that particular local user.
>> This user can be a user who comes from any step. The step can be a local
>> step or a federated step. If it is a federated step an account association
>> has to be present for that particular federated user.
>>
>> Above behaviour is already there in the implementation of [1]. What we
>> lack is the ability to define this step which we need to use to get the
>> username for mobile number discovery.
>>
>> Ideally we can't restrict to get user from subject step or any other
>> fixed step. We should give the flexibility to choose any step to get local
>> user. So my option for this is to give an authentiacator configuration to
>> decide which step should be used to discover the associated local user and
>> his mobile number.
>>
>> WDYT ?
>>
>> [1] https://github.com/wso2-extensions/identity-extension-ut
>> ils/blob/master/component/helper/src/main/java/org/wso2/carb
>> on/extension/identity/helper/FederatedAuthenticator.java#L343
>>
>> --
>> Hasintha Indrajee
>> WSO2, Inc.
>> Mobile:+94 771892453 <077%20189%202453>
>>
>>
>
>
> --
> Kathees
> Software Engineer,
> email: kathees@wso2.com
> mobile: +94772596173 <077%20259%206173>
>
--
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
[Attachment #5 (text/html)]
<div dir="ltr">Previous step is just a special case for "any step". So the \
correct behaviour should be it I guess. </div><div class="gmail_extra"><br><div \
class="gmail_quote">On Tue, Dec 20, 2016 at 12:46 PM, Kathees Rajendram <span \
dir="ltr"><<a href="mailto:kathees@wso2.com" \
target="_blank">kathees@wso2.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi Hasintha,<br><div><br>In first step of two \
factor authenticators (SMS OTP, TOTP, Email OTP, etc), we get user name from \
previous step. Since you have a requirement to configure multi step authentication \
with SMS OTP authenticator and select the step as an option, we need to introduce a \
new parameter in application-authenticator.xml for each authenticators to select the \
step and improve.<br><br></div><div>Thanks,<br></div><div>Kathees<br></div></div><div \
class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Tue, Dec 20, \
2016 at 12:00 PM, Hasintha Indrajee <span dir="ltr"><<a \
href="mailto:hasintha@wso2.com" target="_blank">hasintha@wso2.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>When I go \
through SMSOTP, found out that we are getting authenticated user from the \
<b>previous</b> step which causes to loose the flexibility to get the user from any \
other step. I think this is not the correct behaviour and the behaviour should be \
like following.</div><div><br></div><div>We need to find a local user before sending \
out mobile verification code to the mobile number which is associated with that \
particular local user. This user can be a user who comes from any step. The step can \
be a local step or a federated step. If it is a federated step an account association \
has to be present for that particular federated user. \
</div><div><br></div><div>Above behaviour is already there in the implementation of \
[1]. What we lack is the ability to define this step which we need to use to get the \
username for mobile number discovery. </div><div><br></div><div>Ideally we can't \
restrict to get user from subject step or any other fixed step. We should give the \
flexibility to choose any step to get local user. So my option for this is to give an \
authentiacator configuration to decide which step should be used to discover the \
associated local user and his mobile number. </div><div><br></div><div>WDYT \
?</div><div><br></div><div>[1] <a \
href="https://github.com/wso2-extensions/identity-extension-utils/blob/master/componen \
t/helper/src/main/java/org/wso2/carbon/extension/identity/helper/FederatedAuthenticator.java#L343" \
target="_blank">https://github.com/wso2-ex<wbr>tensions/identity-extension-ut<wbr>ils/ \
blob/master/component/help<wbr>er/src/main/java/org/wso2/carb<wbr>on/extension/identity/helper/<wbr>FederatedAuthenticator.java#<wbr>L343</a><span \
class="m_85400576089136786HOEnZb"><font color="#888888"><br \
clear="all"><div><br></div>-- <br><div \
class="m_85400576089136786m_-6737796754296747452gmail-m_2493391475088579991gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div>Hasintha Indrajee</div><div>WSO2, \
Inc.</div><div>Mobile:<a href="tel:077%20189%202453" value="+94771892453" \
target="_blank">+94 771892453</a></div><div><br></div></div></div></div></div> \
</font></span></div></div> </blockquote></div><br><br \
clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br><div \
class="m_85400576089136786gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div><div><span style="color:rgb(11,83,148)"><font \
size="2">Kathees<br></font></span></div><span style="color:rgb(11,83,148)"><font \
size="2">Software Engineer,<br></font></span></div><div><span \
style="color:rgb(11,83,148)"><font size="2">email: <a href="mailto:kathees@wso2.com" \
target="_blank">kathees@wso2.com</a><br></font></span></div><span \
style="color:rgb(11,83,148)"><font size="2">mobile: <a href="tel:077%20259%206173" \
value="+94772596173" target="_blank">+94772596173</a></font></span><br></div></div> \
</font></span></div> </blockquote></div><br><br clear="all"><div><br></div>-- \
<br><div class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div>Hasintha Indrajee</div><div>WSO2, \
Inc.</div><div>Mobile:+94 771892453</div><div><br></div></div></div></div></div> \
</div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic