Open dhaura opened 7 months ago
createLocalAuthenticatedUserFromSubjectIdentifier()
to get the authenticated user with the related username. createLocalAuthenticatedUserFromSubjectIdentifier()
in order to fix the issue [3], where instead of getting the tenant domain of the user from the username itself, it is implemented to extract it from the thread local carbon context [4].carbon.super
even for a tenanted user since the commonauth url returned [5] by the x509 certificate servlet is not tenanted. isAccountDisabled
method [6] fails due to the invalid tenant domain of the user.[1] - https://github.com/wso2-extensions/identity-outbound-auth-x509/blob/2f12dcfb92bb147379efff6cf491f7d2c5cb18f4/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/x509Certificate/X509CertificateAuthenticator.java#L366 [2] - https://github.com/wso2/carbon-identity-framework/pull/5374 [3] - https://github.com/wso2/product-is/issues/18795 [4] - https://github.com/wso2/carbon-identity-framework/blob/c2722c245ac8088bc4e0f7535caa678043c4de75/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/model/AuthenticatedUser.java#L168-L169 [5] - https://github.com/wso2-extensions/identity-outbound-auth-x509/blob/2f12dcfb92bb147379efff6cf491f7d2c5cb18f4/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/x509Certificate/X509CertificateServlet.java#L84 [6] - https://github.com/wso2-extensions/identity-outbound-auth-x509/blob/2f12dcfb92bb147379efff6cf491f7d2c5cb18f4/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/x509Certificate/X509CertificateUtil.java#L468
Describe the issue: X509 certificate authenticator fails for tenanted and/ or B2B users.
How to reproduce:
Expected behavior: Successful authentication when a valid x509 certificate is passed for tenanted/ suborg users.
Environment information:
IS 7.0.0
macos
default
default
Related issues:
[1] - https://is.docs.wso2.com/en/7.0.0/guides/authentication/mfa/add-x509-login [2] - https://is.docs.wso2.com/en/7.0.0/guides/authentication/mfa/add-x509-login/#configure-x509-certificate-authenticator