search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

ReturnOnlyMappedLocalRoles property should drop unmapped on no role matches in SAML response #11714

Closed boromi closed 3 weeks ago

boromi commented 3 years ago

Describe the issue: There are mappings defined in the IDP Role Configuration section, and when receiving federated SAML roles there is no match for any role mappings. All federated source roles make it through. Does not work as expected (expect all roles to be dropped in this scenario, because none of them matched the mappings)

How to reproduce:

Expected behavior: There are mappings defined in the IDP Role Configuration section, and when receiving federated SAML roles there is at least one match for a role mapping. Mapped role makes is through, other unmapped roles are dropped. This scenario works as expected

When receiving federated SAML roles and there is no match for any role mappings, non-matching roles should not make it through to SP

Environment information:

Optional Fields

https://github.com/wso2/product-is/issues/3145

isharak commented 3 weeks ago

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!