Credential generation displays error for the environment configured for Shared IDP profile

[nirajCITZ]

Step 1 : Create an authorization profile for Shared IDP Step 2: Create client ID -Secret auth flow and associate an Shared IDP authorization profile (created on above step) with it Step 3: Enable the environment by publishing the Kong plugin Step 4: Associate the service Step 5 : Signin with Harley and raise access request for the above environment Step 6: Click on Generate Credential button

Actual Result : Credential generation process displays error for the environment configured for Shared IDP profile

Expected Result : 1)Credential generation process should not display error for the environment configured for Shared IDP profile. 2) The credentials should be displayed when user click on Generate Credentials button

aps-log: apsportal | debug: [general] [listPermissions] RESULT [{"id":"84cfa204-f86b-4fdf-b4af-3c7359399c49","owner":"c002b2b1-0ca8-4fd6-896e-6d2e3395a345","resource":"ed23a139-b9a1-44bb-bca6-27d2540a0985","scope":"dfc132ca-aa87-40b5-bc33-3e972a88f638","granted":true,"scopeName":"CredentialIssuer.Admin","resourceName":"ccplatform","requester":"106ae49e-2334-4147-9f59-cd1ef50dab3b","ownerName":"gwa-api","requesterName":"wendy@idir"},{"id":"9624012a-ea17-44c7-94f1-0622926d4e69","owner":"c002b2b1-0ca8-4fd6-896e-6d2e3395a345","resource":"ed23a139-b9a1-44bb-bca6-27d2540a0985","scope":"fd403d7f-1dfb-4673-8ab3-5e1ff7797b35","granted":true,"scopeName":"Access.Manage","resourceName":"ccplatform","requester":"0cb6367d-605d-44ef-a15a-a180e5773bc2","ownerName":"gwa-api","requesterName":"mark@idir"},{"id":"d017b7e1-217a-494f-bf9b-47d49f287002","owner":"c002b2b1-0ca8-4fd6-896e-6d2e3395a345","resource":"ed23a139-b9a1-44bb-bca6-27d2540a0985","scope":"6871ce8b-5d5f-455b-86ff-7cf5940930eb","granted":true,"scopeName":"Namespace.Manage","resourceName":"ccplatform","requester":"bf498a7b-b6e0-49bb-9ea8-0241d7792fe2","ownerName":"gwa-api","requesterName":"janis@idir"}] apsportal | debug: [keystone.user] Query [lookupUsersByUsernames] result {"data":{"allUsers":[]}} apsportal | debug: [keystone.user] Query [lookupUsersByNamespace] result {"data":{"usersByNamespace":[]}} apsportal | debug: [keystone.access-req] Mutation [markAccessRequestAsNotIssued] result {"data":{"updateAccessRequest":{"id":"1"}}} apsportal | debug: [keystone.activity] [recordActivity] userid=8 name=update AccessRequest[1] apsportal | error: [general] GraphQL Error: {"reason":"insufficient_scope","status":"403 Forbidden"} apsportal | apsportal | GraphQL request:3:5 apsportal | 2 | mutation genCredential($id: ID!) { apsportal | 3 | updateAccessRequest(id: $id, data: { credential: "NEW" }) { apsportal | | ^ apsportal | 4 | credential apsportal | {"level":50,"time":1675053917395,"pid":23,"hostname":"80b1e2ff9b6a","name":"graphql","message":"{\"reason\":\"insufficient_scope\",\"status\":\"403 Forbidden\"}","locations":[{"line":3,"column":5}],"path":["updateAccessRequest"],"uid":"cldibuqil00040nqo4vadbu7d","name":"GraphQLError","errors":[{"reason":"insufficient_scope","status":"403 Forbidden"}],"stack":"dist/services/checkStatus.js:36:19\nGenerator.next ()\nfulfilled (dist/services/checkStatus.js:5:58)\nrunMicrotasks ()\n"} oauth2-proxy | 172.26.0.1:55644 - f0e44e97-1254-498a-90c1-a35919b497eb - harley@test.com [2023/01/30 04:45:17] oauth2proxy.localtest.me:4180 POST / "/gql/api" HTTP/1.1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" 200 259 0.321 apsportal | {"level":30,"time":1675053917397,"pid":23,"hostname":"80b1e2ff9b6a","req":{"id":678,"method":"POST","url":"/gql/api","headers":{"host":"oauth2proxy.localtest.me:4180","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36","content-length":"172","accept":"application/json","accept-encoding":"gzip","accept-language":"en-US,en;q=0.9","content-type":"application/json","cookie":"_oauth2_proxy=X29hdXRoMl9wcm94eS0xOTMwNzRhZjI4ZDYwZmFiYzAzNGFkNGYxNWFjMThmMy5wWHAtVm55SEZwVWRzNVZBSUhhcW1n|1675053911|vb_R_DgHEDcvKAkmgCGlwFFiSbT2Ft8A1swaNW_xeEc=; keystone.sid=s%3AWnQ2IA4LNT2zYIUpdN-ShQxnT40s56u0.7bgFf75bKN6kho25b2IkHf3OUXVGYRO%2BzLSRYwVhicg; _oauth2_proxy=X29hdXRoMl9wcm94eS0xOTMwNzRhZjI4ZDYwZmFiYzAzNGFkNGYxNWFjMThmMy5wWHAtVm55SEZwVWRzNVZBSUhhcW1n|1675053911|vb_R_DgHEDcvKAkmgCGlwFFiSbT2Ft8A1swaNW_xeEc=; keystone.sid=s%3AWnQ2IA4LNT2zYIUpdN-ShQxnT40s56u0.7bgFf75bKN6kho25b2IkHf3OUXVGYRO%2BzLSRYwVhicg","referer":"http://oauth2proxy.localtest.me:4180/devportal/api-directory/3?preview=false","x-forwarded-access-token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4bWxJbUplOXhxUFphMlNEYVlGMTBLWjJjUUhKQ2t0OEN1TjhNYjd5YkhVIn0.eyJleHAiOjE2NzUwNTQyMTAsImlhdCI6MTY3NTA1MzkxMCwiYXV0aF90aW1lIjoxNjc1MDUzOTEwLCJqdGkiOiJkZWUyMTUzMi1iM2I3LTQ5MzUtOTYxYS1iOWI2ZGM1ZTBlMDEiLCJpc3MiOiJodHRwOi8va2V5Y2xvYWsubG9jYWx0ZXN0Lm1lOjkwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZjYyOTZjYjAtYTdjNC00NWZjLTg4ZmYtYzFkYTc5M2ZmOTgxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXBzLXBvcnRhbCIsInNlc3Npb25fc3RhdGUiOiJhMTQyZjU3Ni0zOWE2LTQyMDItYTlhMS1mYWM4N2QzZDI1MDIiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIioiXSwic2NvcGUiOiJvcGVuaWQgTmFtZXNwYWNlLkFkbWluIGVtYWlsIHByb2ZpbGUgTmFtZXNwYWNlLkNyZWF0ZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkhhcmxleSBKb25lcyIsInByZWZlcnJlZF91c2VybmFtZSI6ImhhcmxleSIsImdpdmVuX25hbWUiOiJIYXJsZXkiLCJmYW1pbHlfbmFtZSI6IkpvbmVzIiwiZW1haWwiOiJoYXJsZXlAdGVzdC5jb20ifQ.sFCl53E_SrPcM1xKRiqMUXLOB_V_UM454bWgArOQWxEqVr7YXbLRxqhXOWgh4gxwAZFy5uNvgk-QTJOog8EgrMwjL9ZJRhiKsHla89WnhFFS8wsYMmJYhYDjE3IvkHYoMaD7zGvwLc_D8RR4e2aj8cXD4bUPdZXe5LIAvsAJpVTQ5YykZRwdQhSelRXTLFeAzRGWBUGE7jMf8T7S-LhqsDkAidZGOaXxUb2oM-SjUw5iUwXOWAHIdy68OeigmWoejDTvg9XFm9EllN2YnvnuOoCkIvo0Q4JCwh_k8zh_KEH_QS1b3m3ph3--ataxY2Dxm07I1R4R_FHxxBYkN3vnnA","x-forwarded-email":"harley@test.com","x-forwarded-for":"172.26.0.1","x-forwarded-preferred-username":"harley","x-forwarded-user":"f6296cb0-a7c4-45fc-88ff-c1da793ff981"},"remoteAddress":"::ffff:172.26.0.6","remotePort":42578},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","x-keystone-app-version":"1.0.0","vary":"Origin","access-control-allow-credentials":"true","content-type":"application/json; charset=utf-8","content-length":"259","etag":"W/\"103-LeC8se5eGCS9YebyDzBpIGEsmPA\""}},"responseTime":315,"msg":"request completed"} oauth2-proxy | 172.26.0.1:55644 - 4396b840-1a3f-4ea6-8880-29aa5b589fa2 - harley@test.com [2023/01/30 04:45:17] oauth2proxy.localtest.me:4180 GET / "/admin/session" HTTP/1.1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" 200 485 0.010 apsportal | {"level":30,"time":1675053917448,"pid":23,"hostname":"80b1e2ff9b6a","req":{"id":679,"method":"GET","url":"/admin/session","headers":{"host":"oauth2proxy.localtest.me:4180","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36","accept":"/","accept-encoding":"gzip, deflate","cookie":"keystone.sid=s%3AWnQ2IA4LNT2zYIUpdN-ShQxnT40s56u0.7bgFf75bKN6kho25b2IkHf3OUXVGYRO%2BzLSRYwVhicg; _oauth2_proxy=X29hdXRoMl9wcm94eS0xOTMwNzRhZjI4ZDYwZmFiYzAzNGFkNGYxNWFjMThmMy5wWHAtVm55SEZwVWRzNVZBSUhhcW1n|1675053911|vb_R_DgHEDcvKAkmgCGlwFFiSbT2Ft8A1swaNW_xeEc=; _oauth2_proxy=X29hdXRoMl9wcm94eS0xOTMwNzRhZjI4ZDYwZmFiYzAzNGFkNGYxNWFjMThmMy5wWHAtVm55SEZwVWRzNVZBSUhhcW1n|1675053911|vb_R_DgHEDcvKAkmgCGlwFFiSbT2Ft8A1swaNW_xeEc=; keystone.sid=s%3AWnQ2IA4LNT2zYIUpdN-ShQxnT40s56u0.7bgFf75bKN6kho25b2IkHf3OUXVGYRO%2BzLSRYwVhicg","x-forwarded-access-token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4bWxJbUplOXhxUFphMlNEYVlGMTBLWjJjUUhKQ2t0OEN1TjhNYjd5YkhVIn0.eyJleHAiOjE2NzUwNTQyMTAsImlhdCI6MTY3NTA1MzkxMCwiYXV0aF90aW1lIjoxNjc1MDUzOTEwLCJqdGkiOiJkZWUyMTUzMi1iM2I3LTQ5MzUtOTYxYS1iOWI2ZGM1ZTBlMDEiLCJpc3MiOiJodHRwOi8va2V5Y2xvYWsubG9jYWx0ZXN0Lm1lOjkwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZjYyOTZjYjAtYTdjNC00NWZjLTg4ZmYtYzFkYTc5M2ZmOTgxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXBzLXBvcnRhbCIsInNlc3Npb25fc3RhdGUiOiJhMTQyZjU3Ni0zOWE2LTQyMDItYTlhMS1mYWM4N2QzZDI1MDIiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIioiXSwic2NvcGUiOiJvcGVuaWQgTmFtZXNwYWNlLkFkbWluIGVtYWlsIHByb2ZpbGUgTmFtZXNwYWNlLkNyZWF0ZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkhhcmxleSBKb25lcyIsInByZWZlcnJlZF91c2VybmFtZSI6ImhhcmxleSIsImdpdmVuX25hbWUiOiJIYXJsZXkiLCJmYW1pbHlfbmFtZSI6IkpvbmVzIiwiZW1haWwiOiJoYXJsZXlAdGVzdC5jb20ifQ.sFCl53E_SrPcM1xKRiqMUXLOB_V_UM454bWgArOQWxEqVr7YXbLRxqhXOWgh4gxwAZFy5uNvgk-QTJOog8EgrMwjL9ZJRhiKsHla89WnhFFS8wsYMmJYhYDjE3IvkHYoMaD7zGvwLc_D8RR4e2aj8cXD4bUPdZXe5LIAvsAJpVTQ5YykZRwdQhSelRXTLFeAzRGWBUGE7jMf8T7S-LhqsDkAidZGOaXxUb2oM-SjUw5iUwXOWAHIdy68OeigmWoejDTvg9XFm9EllN2YnvnuOoCkIvo0Q4JCwh_k8zh_KEH_QS1b3m3ph3--ataxY2Dxm07I1R4R_FHxxBYkN3vnnA","x-forwarded-email":"harley@test.com","x-forwarded-for":"172.26.0.1","x-forwarded-preferred-username":"harley","x-forwarded-user":"f6296cb0-a7c4-45fc-88ff-c1da793ff981"},"remoteAddress":"::ffff:172.26.0.6","remotePort":42578},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","x-keystone-app-version":"1.0.0","vary":"Origin","access-control-allow-credentials":"true","content-type":"application/json; charset=utf-8","content-length":"485","etag":"W/\"1e5-QCynzb+p4cXi/Z70/NWrjuEb+CU\""}},"responseTime":2,"msg":"request completed"}

[ikethecoder]

Latest change in cypress/issuer-owner-fix branch has resolved this issue. Please retest @nirajCITZ

[nirajCITZ]

Verified and working fine after updating allowed-protocol-mapper-types property in keycloak master-realm