Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Describe the issue:
When an organization user who does not have any roles for the application logs into a B2B application(with API authorizations) created using Standard Based Application template, following error is thrown and user cannot log successfully.
[2024-03-28 10:41:26,295] [9958118f-eaec-4653-a2ed-6e82aeadb206] ERROR {org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint} - Error occurred while validating requested scopes. org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while validating policies roles from authorization service.
at org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2ScopeValidator.getAuthorizedScopes(DefaultOAuth2ScopeValidator.java:209)
at org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2ScopeValidator.validateScope(DefaultOAuth2ScopeValidator.java:103)
at org.wso2.carbon.identity.oauth2.authz.AuthorizationHandlerManager.getAuthorizedScopes(AuthorizationHandlerManager.java:395)
at org.wso2.carbon.identity.oauth2.authz.AuthorizationHandlerManager.validateRequestedScopes(AuthorizationHandlerManager.java:303)
at org.wso2.carbon.identity.oauth2.authz.AuthorizationHandlerManager.validateScopesBeforeConsent(AuthorizationHandlerManager.java:223)
at org.wso2.carbon.identity.oauth2.OAuth2Service.validateScopesBeforeConsent(OAuth2Service.java:192)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.validateScopesBeforeConsent(OAuth2AuthzEndpoint.java:2934)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.doUserAuthorization(OAuth2AuthzEndpoint.java:2850)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleSuccessfulAuthentication(OAuth2AuthzEndpoint.java:1232)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleAuthenticationResponse(OAuth2AuthzEndpoint.java:1180)
..............
Caused by: org.wso2.carbon.identity.oauth2.validators.validationhandler.ScopeValidationHandlerException: Error while validation scope with RBAC Scope Validation handler
at org.wso2.carbon.identity.oauth2.validators.validationhandler.impl.RoleBasedScopeValidationHandler.validateScopes(RoleBasedScopeValidationHandler.java:98)
at org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2ScopeValidator.getAuthorizedScopes(DefaultOAuth2ScopeValidator.java:206)
... 66 more
Caused by: org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while retrieving role ids of list of role anme : Internal/everyonetenant domain : carbon.super
at org.wso2.carbon.identity.oauth2.util.AuthzUtil.getRoleIdsFromNames(AuthzUtil.java:364)
at org.wso2.carbon.identity.oauth2.util.AuthzUtil.getFederatedUserRoles(AuthzUtil.java:169)
at org.wso2.carbon.identity.oauth2.util.AuthzUtil.getUserRoles(AuthzUtil.java:91)
at org.wso2.carbon.identity.oauth2.validators.validationhandler.impl.RoleBasedScopeValidationHandler.validateScopes(RoleBasedScopeValidationHandler.java:66)
... 67 more
Caused by: org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementClientException: A role doesn't exist with name: Internal/everyone in the tenantDomain: carbon.super
at org.wso2.carbon.identity.role.v2.mgt.core.dao.RoleDAOImpl.getRoleIdByName(RoleDAOImpl.java:2624)
at org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementServiceImpl.getRoleIdByName(RoleManagementServiceImpl.java:736)
at org.wso2.carbon.identity.oauth2.util.AuthzUtil.getRoleIdsFromNames(AuthzUtil.java:360)
How to reproduce:
Create a standard based application and authorize an API.
Create an organization and share the application
Try to login to the application by requesting authorized scope using an organization user who does not have any role in the application
Login fails and error is thrown
Expected behavior:
Login should not fail
Environment information (Please complete the following information; remove any unnecessary fields) :
Describe the issue: When an organization user who does not have any roles for the application logs into a B2B application(with API authorizations) created using Standard Based Application template, following error is thrown and user cannot log successfully.
How to reproduce:
Expected behavior: Login should not fail
Environment information (Please complete the following information; remove any unnecessary fields) :
Optional Fields
Related issues:
Suggested labels: