Closed tharindu-b-hewage closed 4 years ago
@tharindu-bandara can you please create another issue to track the URL option. It is an improvement which requires changes to the Property model.
@tharindu-bandara can you please create another issue to track the URL option. It is an improvement that requires changes to the Property model.
+1. Please find the issue: https://github.com/wso2/product-is/issues/7987
@emswbandara
Kindly find the meta-properties below, which need to be marked as confidential.
client secret
field in Oauth2, Facebook, Microsoft, Google, Yahoo, Office 365
Federated Authenticatorsapi secret
field in Twitter
Federated Authenticatorservice principal password
field in the Kerberos
Federated Authenticator@tharindu-bandara
Except for facebook and OAuth authenticators for rest of the authenticators you mentioned the confidential property is already there. E.g. https://github.com/wso2-extensions/identity-local-auth-iwa-kerberos/blob/master/components/org.wso2.carbon.identity.application.authenticator.iwa/src/main/java/org/wso2/carbon/identity/application/authenticator/iwa/IWAFederatedAuthenticator.java#L157
Describe the Issue:
isConfidential
parameter, it is not properly configured for theOpenIDConnectAuthenticator
'sClient Secret
paremeter(showsfalse
, instead oftrue
). This needs to be checked in all available federated authenticator properties.How To Reproduce:
https://localhost:9443/t/{{tenant-domain}}/api/server/v1/identity-providers/meta/federated-authenticators
, and get the list of authenticators.OpenIDConnectAuthenticator
metadata withhttps://localhost:9443/t/carbon.super/api/server/v1/identity-providers/meta/federated-authenticators/{authenticator-id}I
.isConfidential
isfalse
3.2 URL fields are considered as text.Expected behavior:
isConfidential
should betrue
for appropriate fields(ex:Client Id
in the aforementioned scenario).Device Information (Please complete the following information) :