Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve users according to userstore preference order if configured. #771

Merged
merged 3 commits into from
Oct 12, 2023
Merged

Resolve users according to userstore preference order if configured. #771

merged 3 commits into from
Oct 12, 2023

Conversation

mpmadhavig
Copy link
Contributor

Proposed changes in this pull request

Changes proposed in this PR contains resolving users according to the user store preference order if configured. Note that, if the userstore domain is appended to the login identifier of the user, user store preference will not be taken into consideration.

Support Flows

When multi attribute is enabled, you can configure a particular SP to be authenticated only by one userstore. This is called userstore binding. No other SPs can be authenticated with the users in this userstore. Other SPs can be authenticated with the rest of the userstores as usual.

Note:

  • Users with the same loginidentifier across userstores considered as duplicate users and will not be authentictaed. It is considered as a not supported flow. This is the default behaviour of the multi attribute login even without userstore preference support.

When should this PR be merged

After the wso2/carbon-kernel#3682 got merged and released.

Peer verification steps:

Pre-requisits

  1. Enable multi-attribute login to use claims http://wso2.org/claims/username,http://wso2.org/claims/mobile,http://wso2.org/claims/emailaddress.
  2. Add two secondary user stores called SECONDARY and TERTIARY.
  3. Create two users in PRIMARY and SECONDARY user stores, having the same mobile number 0711234567.
  4. Create an admin user in the secondary userstore.
  5. Create three admin users with the same username as test in all 3 userstores.
  6. Configure the user store preference order extension[1] and bind one user store to a service provider.
    • Bind SECONDARY userstore to My Account application.
    • [2] contains the above specified logic. Therefore build the default branch of [2] and add the jar to the dropins folder.

Test Cases:

  1. Try to login to My Account using the PRIMARY user store user 0711234567.
    • Can be login using users from the binded userstore SECONDARY.
    • Should Fail.
  2. Try to login to My Account using the SECONDARY user store user 0711234567.
    • Login using a user from the binded userstore SECONDARY.
    • Should succesfully authenticate.
  3. Try to login to Console using the PRIMARY user store admin's credentials.
    • Login by only PRIMARY and TERTIARY admins.
    • Should succesfully authenticate.
  4. Try to login to Console using the SECONDARY user store admin's credentials.
    • Can be login by only PRIMARY and TERTIARY admins.
    • Should Fail.
  5. Try to login to Console using the PRIMARY user store user test.
    • test user available in both PRIMARY and TERTIARY userstores.
    • Should Fail.

Try the same test flows without the user preference order.

[1] https://medium.com/@nilasini/user-store-preference-order-per-service-provider-available-from-5-9-0-onwards-bcd7648a485c
[2] https://github.com/mpmadhavig/user-store-order-callback-handler

Resolves wso2/product-is#12503

@mpmadhavig mpmadhavig mentioned this pull request Oct 11, 2023
Closed
@mpmadhavig mpmadhavig force-pushed the support-userstore-preferenece-order-for-multiattribute-login branch 2 times, most recently from 751ac78 to f6314b6 Compare October 11, 2023 08:26
@mpmadhavig mpmadhavig force-pushed the support-userstore-preferenece-order-for-multiattribute-login branch from f6314b6 to dab73e1 Compare October 11, 2023 10:12
nilasini
nilasini previously approved these changes Oct 11, 2023
View reviewed changes
@mpmadhavig mpmadhavig merged commit ea3c0bb into wso2-extensions:master Oct 12, 2023
2 checks passed
@mpmadhavig mpmadhavig mentioned this pull request Oct 12, 2023
Merged
@mpmadhavig
Copy link
Contributor Author

Applies https://github.com/wso2/product-is/actions/runs/6492452822

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nilasini nilasini nilasini approved these changes

@madurangasiriwardena madurangasiriwardena madurangasiriwardena left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Need to add support for multi-attribute login when user store preference order extension is used
3 participants
@mpmadhavig @madurangasiriwardena @nilasini