Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Functionality to Verify whether a Given IdP is a Trusted Token Issuer #16981

Closed
dhaura opened this issue Oct 16, 2023 · 1 comment
Closed

Add Functionality to Verify whether a Given IdP is a Trusted Token Issuer #16981

dhaura opened this issue Oct 16, 2023 · 1 comment
Assignees
@dhaura
Labels
Fixed/7.0.0 Priority/Highest Type/NewFeature

Comments

@dhaura
Copy link
Contributor

dhaura commented Oct 16, 2023

Is your feature request related to a problem?

  • With the effort on enabling API Based authentication [1], there is a need to check whether a given IdP is a trusted token issuer in order to distinguish between the following modes under federation flows.
    • Mode 1: External IDP is configured in IS and the authentication is handled through IS by redirecting to the external IDP.
    • Mode 2: The app uses the IdP SDK for a social login option, for example, Google; and federating to Google directly from the app.
  • Here, Mode 2 flow will be executed, if the IdP is a trusted token issuer.
  • Hence, it is necessary to implement a verification mechanism for ascertaining whether the provided IdP is a trusted token issuer.

Describe the solution you would prefer

  • Introduce a new method within the IdentityProviderManagementService [2] class that facilitates the verification of a provided IdP as a trusted token issuer.

[1] - #15684
[2] - https://github.com/wso2/carbon-identity-framework/blob/master/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManagementService.java
@dhaura dhaura self-assigned this Oct 16, 2023
@dhaura dhaura moved this to Todo in Identity Server 7.0.0 Oct 16, 2023
@dhaura dhaura moved this from Todo to In Progress in Identity Server 7.0.0 Oct 16, 2023
@dhaura
Copy link
Contributor Author

dhaura commented Oct 17, 2023

Solution Update

  • Since AuthenticationContext object contains the ExternalIdPConfig object, which in turns contains the IdentityProvider object with its relevant IdP properties, there is no need to create a new method within the IdentityProviderManagementService [1] class that facilitates the verification of a provided IdP as a trusted token issuer.
  • Therefore, the verification mechanism for ascertaining whether the provided IdP is a trusted token issuer will be done in place at the OpenIDConnectAuthenticator[2] class using the IdP object retrieved through Authentication Context object.

[1] - https://github.com/wso2/carbon-identity-framework/blob/master/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManagementService.java
[2] - https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/master/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java

@dhaura dhaura mentioned this issue Oct 17, 2023
Merged
@dhaura dhaura closed this as completed Oct 24, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Identity Server 7.0.0 Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dhaura dhaura

Labels
Fixed/7.0.0 Priority/Highest Type/NewFeature
Projects
Identity Server 7.0.0
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@janakamarasena @dhaura