search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

Defaulted username as the sub in claim configuration in sample applications #16482

Closed indeewari closed 1 year ago

indeewari commented 1 year ago

Describe the issue: A newly created sample application returns username defaulted as the sub in claim configurations. The application actually consider the userid as the sub.

image

A PATCH request brings the experience back to normal.

How to reproduce:

  1. Create a new application
  2. Check WSO2 Identity Server - Application Management Rest API application GET {{baseUrl}}/applications/:applicationId
  3. Check subject under claimConfiguration of the response json
  4. Log-in a user via the application
  5. Check the returned JWT token
  6. The JWT returns the userid as the sub while the configuration returns sub to be username
  7. Copy the JWT claimConfiguration and send a PATCH to the same application without any modification
  8. Log-in a user via the application
  9. Now the JWT returns the username as the sub

Expected behavior: The application should behave as per the application configurations returned by the API response WSO2 Identity Server - Application Management Rest API application GET {{baseUrl}}/applications/:applicationId

If sub is set to username, the JWT should return the username as the sub If sub is set to userid, the JWT should return the userid as the sub

Environment information

Optional Fields

Related issues:

Suggested labels:

Suspected code line : https://github.com/wso2/identity-api-server/blob/58fc43a6e0cef5270e32df72539bc3785913acb7/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/ServiceProviderToApiModel.java#L287

DMHP commented 1 year ago

When we create an application we add a service provider property by enabling UserIdAsDefaultSubject. So if the user does not change the subject identifier from the application level it will return the user id as the subject. Hence we need to update the response of the application 'GET' by updating the subject claim uri to userid from username, if no subject identifier is configured.

[1] https://github.com/wso2/carbon-identity-framework/blob/4dff13bae5eaea59f44df9bcfbd7c5524727971a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java#L2146

DMHP commented 1 year ago

Application get call response after fixing.

Screenshot 2023-08-29 at 18 34 42

By modifying the subject claim uri to 'country'

Screenshot 2023-08-29 at 18 35 40