How to write Custom APIs on IdP

Shagun Akarsh shagun.akarsh at wooqer.com
Thu Apr 14 02:48:24 EDT 2016 

Thanks Andy & Rod for prompt replies.

Can you suggest any open-source project that can be smoothly integrated for
Identity Management with Shibboleth IdPv3.

Has anyone used OpenAM Identity Management tool:
https://www.forgerock.com/platform/identity-management/. Kindly suggest
alternatives.

Thanks.

On Wed, Apr 13, 2016 at 10:57 PM, Andrew Morgan <morgan at orst.edu> wrote:

> Shagun,
>
> This is not a function of a SAML IDP or SP.  Updating user identity
> information is Identity Management.  The IDP handle authentication and
> attribute release.  It does not manage identity data.
>
> Read the second answer from that Stackoverflow link regarding SCIM. That's
> more relevant for your use case.
>
>         Andy
>
> On Wed, 13 Apr 2016, Shagun Akarsh wrote:
>
> Yes all SPs are from within single domain. Also both IdP and SPs are
>> internal to one organization but SPs are hosted across different
>> datacenters.
>>
>> I will try to break down my problem statement:
>>
>> First, (Update/Add data on IdP's DB from SP after successful
>> authentication) In an SP initiated SSO scenario, how can a user update
>> his/her password (or any other field on IdP) ?
>>
>> Second, (Synching of user information across SPs) I want user's
>> information
>> to be updated across all SPs when it gets updated at IdP. I have a problem
>> very similar to this (Kindly read comments on Vladimír Schäfer
>> <http://stackoverflow.com/users/3510410/vladim%c3%adr-sch%c3%a4fer>'s
>> answer) :
>>
>> http://stackoverflow.com/questions/23567648/sso-how-to-synchronize-user-accounts-between-service-provider-and-identity-prov
>>
>>
>> On Wed, Apr 13, 2016 at 2:29 PM, Rod Widdowson <rdw at steadingsoftware.com>
>> wrote:
>>
>> which can be updated by any of the SP. Also we want to allow to update
>>>>
>>> user information from SPs.
>>>
>>>>
>>>> Thus we want to write APIs on IdP for such updates which can be called
>>>>
>>> from SPs directly. How to implement this.
>>>
>>> Write it into a Database from the SP and uses RDBMSDataConnector on the
>>> IdP?  Or LDAP?
>>>
>>> This has to be internal to a single privacy/security domain I guess?
>>> Otherwise I don't even want to think about the privacy&secuirty
>>> implications...
>>>
>>> Rod
>>>
>>> --
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>>>
>>
>>
>> --
>> Shagun Akarsh
>> Ph: +91-9902095371
>> Research Engineer
>> Wooqer Labs,
>> Bangalore.
>>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
Shagun Akarsh
Ph: +91-9902095371
Research Engineer
Wooqer Labs,
Bangalore.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160414/237ab74d/attachment.html>

More information about the users mailing list