Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.ClassCastException: class org.wso2.carbon.identity.role.v2.mgt.core.model.IdpGroup cannot be cast to class java.lang.String (org.wso2.carbon.identity.role.v2.mgt.core.model.IdpGroup is in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @7cec5792; java.lang.String is in module java.base of loader 'bootstrap')
at org.wso2.carbon.identity.oauth.listener.IdentityOauthEventHandler.handleEvent(IdentityOauthEventHandler.java:144)
at org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56)
at org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementEventPublisherProxy.doPublishEvent(RoleManagementEventPublisherProxy.java:822)
at org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementEventPublisherProxy.publishPreUpdateIdpGroupListOfRoleWithException(RoleManagementEventPublisherProxy.java:748)
at org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementServiceImpl.updateIdpGroupListOfRole(RoleManagementServiceImpl.java:558)
at org.wso2.carbon.identity.scim2.common.impl.SCIMRoleManagerV2.doUpdateIdPGroups(SCIMRoleManagerV2.java:1140)
at org.wso2.carbon.identity.scim2.common.impl.SCIMRoleManagerV2.updateGroups(SCIMRoleManagerV2.java:1050)
at org.wso2.carbon.identity.scim2.common.impl.SCIMRoleManagerV2.patchRole(SCIMRoleManagerV2.java:424)
at org.wso2.charon3.core.protocol.endpoints.RoleResourceV2Manager.updateWithPatchOperations(RoleResourceV2Manager.java:564)
at org.wso2.charon3.core.protocol.endpoints.RoleResourceV2Manager.updateWithPATCHRole(RoleResourceV2Manager.java:310)
... 55 more
[2024-03-11 13:39:51,876] [1683938a-fa8b-46ae-ae25-093e09cc1721] INFO {org.opensaml.core.config.InitializationService} - Initializing OpenSAML using the Java Services API
How to reproduce:
1 - Add IDP group to role mapping.
2 - Try to update the IDP group to role mapping.
The token revocation improvement has been made for revoke tokens for role un assigning from groups. As IDP groups emit the same event as normal groups [1], there is a casting issue [2],[3] when handling the token revocation related logic.
A possible fix will be, IDP group related event has to be handled separately using a different event type. The token revocation logic related to IDP group un assign from role has to be separately handled.
VivekVinushanth
commented
2 months ago
Describe the issue:
How to reproduce:
1 - Add IDP group to role mapping.
2 - Try to update the IDP group to role mapping.
The token revocation improvement has been made for revoke tokens for role un assigning from groups. As IDP groups emit the same event as normal groups [1], there is a casting issue [2],[3] when handling the token revocation related logic.
[1] - https://github.com/wso2/carbon-identity-framework/blob/master/components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/RoleManagementEventPublisherProxy.java#L747 [2] - https://github.com/wso2/carbon-identity-framework/blob/master/components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/src/main/java/org/wso2/carbon/identity/role/v2/mgt/core/RoleManagementEventPublisherProxy.java#L745 [3] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/listener/IdentityOauthEventHandler.java#L142
A possible fix will be, IDP group related event has to be handled separately using a different event type. The token revocation logic related to IDP group un assign from role has to be separately handled.