search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

[Migration] Added a new local claim 'metadata.version' #14071

Closed asha15 closed 2 years ago

asha15 commented 2 years ago

Describe the issue:

Issue: meta.version is mapped with the incorrect local claim in IS

Identity Server should fully support resource versioning as a part of the SCIM2 core specification https://datatracker.ietf.org/doc/html/rfc7644#section-3.14. Currently meta.version is mapped with the local claim ‘Instant Messaging’[1]. Due to this mapping several issues can occur:

  1. IM local claim is not restricted. Hence it can be editable by the user. Reported issues:

  2. IM claim doesn’t support certain characters which are needed to define resource version (Eg: ‘, “).

Proposed approach

Add a new local claim metadata.version with readonly restriction and map it with the SCIM claim meta.version. 

<Claim>
    <ClaimURI>http://wso2.org/claims/metadata.version</ClaimURI>
    <DisplayName>User Metadata - Version</DisplayName>
    <AttributeID>meta.version</AttributeID>
    <Description>User Account Metadata - Version</Description>
    <ReadOnly/>
</Claim>
<Claim>
    <ClaimURI>urn:ietf:params:scim:schemas:core:2.0:meta.version</ClaimURI>
    <DisplayName>Meta - Version</DisplayName>
    <AttributeID>im</AttributeID>
    <Description>Meta - Version</Description>
    <Required />
    <DisplayOrder>1</DisplayOrder>
    <SupportedByDefault />
    <MappedLocalClaim>http://wso2.org/claims/metadata.version</MappedLocalClaim>
</Claim>

Related Issues

  1. https://github.com/wso2/product-is/issues/13766
  2. https://github.com/wso2/product-is/issues/13501
  3. https://github.com/wso2/product-is/issues/13848

Related PR

https://github.com/wso2/carbon-identity-framework/pull/4093

ashendes commented 2 years ago

With [1], the new metadata.version local claim will be added IS 6.0.0 with the migration client. The claim mapping of the existing urn:ietf:params:scim:schemas:core:2.0:meta.version will not be updated to the new local claim as there may be deployments already using the the current claim mapping actively. Hence, this needs to be mentioned in the migration docs and urge the user to update the claim mapping manually if required.

[1] https://github.com/wso2-extensions/identity-migration-resources/pull/237

ashendes commented 2 years ago

Addressed in https://github.com/wso2/docs-is/pull/3232