When introspecting self contained access token requested from a tenant it returns {active:false}

[Achintha444]

Describe the issue: When introspecting self contained access token requested from a tenanted user it returns {active:false} even if the access token has not expired.

How to reproduce:

• Create a tenant domain in the IS
• Deploy the travelocity.com webapp (https://is.docs.wso2.com/en/latest/learn/deploying-the-sample-app/#deploying-the-travelocity-webapp) (Tick SaaS Application in the service provider)
• Add

  [oauth.token_generation]
  access_token_type= "self_contained"

  to the deployment.toml file and restart the IS server

• Run travelocity webapp
• Acess travelocity.com site using tomcat8
• Click Click here to login with SAML from Identity Server (Post binding or Redirect Binding).
• Enter the username and password (of a user in the created tenant domain, preferably the admin) and click SIGN IN.
• Click Request OAuth2 Access Token to receive the access token. (Keep this open in one tab)
• Introspect the received access token curl -k -u <USERNAME>@<TENAND_DOMAIN>:<PASSWORD> -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=<ACCESS_TOKEN>' https://localhost:9443/t/<TENANT_DOMAIN>/oauth2/introspect

Expected behavior:

• Should return something like, {"active":true,"token_type":"Bearer","exp":1517922556,"iat":1517918956,"client_id":"okaN2IXAsLx5SBH9Los1C6zX1RIa","username":"admin@foo.com”}

• But returns {"active":false}

Environment information :

• IS 6.0.0
• Mac
• DB2 11.5
• JDBC
• Firefox 91.0
• Oracle JDK 11

[Isurunwg]

This issue is resolved

[isharak]

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!