Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always set roles claim as a requested claim of the shared application if legacy authz runtime is false #275

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ public class OrgApplicationMgtConstants {

public static final String USER_ORGANIZATION_CLAIM_URI = "http://wso2.org/claims/runtime/user_organization";
public static final String APP_ROLES_CLAIM_URI = "http://wso2.org/claims/applicationRoles";
public static final String ROLES_CLAIM_URI = "http://wso2.org/claims/roles";
public static final String USER_ORGANIZATION_CLAIM = "user_organization";
public static final String OIDC_CLAIM_DIALECT_URI = "http://wso2.org/oidc/claim";
public static final String RUNTIME_CLAIM_URI_PREFIX = "http://wso2.org/claims/runtime/";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
Expand Down Expand Up @@ -243,6 +244,10 @@ public boolean doPostGetServiceProvider(ServiceProvider serviceProvider, String
// Add application roles to the filtered claim mappings (if any
filteredClaimMappings = addApplicationRolesToFilteredClaimMappings(filteredClaimMappings);
}
if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
// Add roles to the filtered claim mappings.
filteredClaimMappings = addRolesClaimToFilteredClaimMappings(filteredClaimMappings);
}
ClaimConfig claimConfig = new ClaimConfig();
claimConfig.setClaimMappings(filteredClaimMappings);
claimConfig.setAlwaysSendMappedLocalSubjectId(
Expand Down Expand Up @@ -279,6 +284,39 @@ public boolean doPostGetServiceProvider(ServiceProvider serviceProvider, String
return super.doPostGetServiceProvider(serviceProvider, applicationName, tenantDomain);
}

/**
* Add roles claim mapping to the filtered claim mappings.
*
* @param filteredClaimMappings ClaimMappings array be used to add roles claim mapping.
* @return ClaimMappings array with roles claim mapping.
*/
private ClaimMapping[] addRolesClaimToFilteredClaimMappings(ClaimMapping[] filteredClaimMappings) {

if (filteredClaimMappings == null) {
return null;
}
for (ClaimMapping claimMapping : filteredClaimMappings) {
if (OrgApplicationMgtConstants.ROLES_CLAIM_URI.equals(claimMapping.getLocalClaim().getClaimUri())) {
// Return original array if the claim already exists.
return filteredClaimMappings;
}
}
ClaimMapping roleClaimMapping = new ClaimMapping();
Claim localRoleClaim = new Claim();
localRoleClaim.setClaimUri(OrgApplicationMgtConstants.ROLES_CLAIM_URI);
Claim fedRoleClaim = new Claim();
fedRoleClaim.setClaimUri(OrgApplicationMgtConstants.ROLES_CLAIM_URI);
roleClaimMapping.setLocalClaim(localRoleClaim);
roleClaimMapping.setRemoteClaim(fedRoleClaim);
roleClaimMapping.setRequested(true);

ClaimMapping[] claimMappings = new ClaimMapping[filteredClaimMappings.length + 1];
System.arraycopy(filteredClaimMappings, 0, claimMappings, 0, filteredClaimMappings.length);
claimMappings[filteredClaimMappings.length] = roleClaimMapping;
// Return the updated array.
return claimMappings;
}

private AssociatedRolesConfig getAssociatedRolesConfigForSharedApp(
AssociatedRolesConfig associatedRolesConfigOfMainApp, String tenantDomainOfSharedApp)
throws IdentityRoleManagementException {
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -467,7 +467,7 @@
<properties>

<!-- Carbon kernel version -->
<carbon.kernel.version>4.9.0-m1</carbon.kernel.version>
<carbon.kernel.version>4.9.16</carbon.kernel.version>
<carbon.kernel.package.import.version.range>[4.7.0, 5.0.0)</carbon.kernel.package.import.version.range>
<carbon.kernel.feature.version>4.6.0</carbon.kernel.feature.version>

Expand Down