Improve Organization SSO user ID resolving logic to add to the carbon context #277
Conversation
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/9638599474
| LOG.error("Authenticated user's username could not be resolved.", e); | ||
| } | ||
| return StringUtils.EMPTY; |
There was a problem hiding this comment.
Handle from the invocation.
There was a problem hiding this comment.
In the previous implementation, when username didn't get resolved, it simply skip setting the username in the context. In that cases, username might have been set with user-id which is wrong.
Here if fails to resolve the username, it set the username as empty, so that if any downstream task requires to fetch the username, it will not relay on the username in the context as it is set to empty, hence might rely on the user-id if it is properly set in the context.
As setting username, user-id in the context are not directly related to post authentication, but added for any usecase where the request initiator is required (ex; resource creation, auditing etc.), only added an error log instead of throwing an exception.
Proposed changes in this pull request
Improve the organization SSO user-id & username resolving logics which is used to set the values in the carbon context.
Reverted back to the old logic which was there previously 4bdc3b6#diff-604290ac058e0ac40d2bd89a168f3e62a58fcbd753e58ddadf8066bfaed56701R101-R129 and added only the required logics.
Related Issues
The organization SSO user resolving and set the correct ID & name will impact for sub-organization MyAccount related operations(view sessions, configure MFA etc things) and sub-organization console login and its operations flows (ex-org creation). Those flows are tested.