Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Describe the issue:
When a token is received using a sub organisation user, the token intermittently has the 'super' as org_name. This will give the user permissions to perform super org actions depending on the scopes that were requested. Kindly note this was identified in the Private Identity Cloud environment.
How to reproduce:
Set up a b2b use-case according to the document [1]
When we receive a token from the sub org user, it will contain the org_name as 'super' instead of the sub org name intermittently.
Upon analysing the debug logs it seems the org_name is added from the DefaultIDTokenBuilder at [2] multiple times and then the last one added before the token is received is added in the token.
Additional claim added to JWTClaimSet, key: org_name, value: Super" when correctly it should be added to only Additional claim added to JWTClaimSet, key: org_name, value: Demo Sub Org"
Expected behavior:
Sub organization user's token should have the correct org_name.
Environment information (Please complete the following information; remove any unnecessary fields) :
sadilchamishka
commented
1 month ago
Describe the issue: When a token is received using a sub organisation user, the token intermittently has the 'super' as org_name. This will give the user permissions to perform super org actions depending on the scopes that were requested. Kindly note this was identified in the Private Identity Cloud environment.
How to reproduce: Set up a b2b use-case according to the document [1] When we receive a token from the sub org user, it will contain the org_name as 'super' instead of the sub org name intermittently.
Upon analysing the debug logs it seems the org_name is added from the DefaultIDTokenBuilder at [2] multiple times and then the last one added before the token is received is added in the token.
Additional claim added to JWTClaimSet, key: org_name, value: Super" when correctly it should be added to only Additional claim added to JWTClaimSet, key: org_name, value: Demo Sub Org"
Expected behavior: Sub organization user's token should have the correct org_name.
Environment information (Please complete the following information; remove any unnecessary fields) :
[1] https://is.docs.wso2.com/en/latest/guides/organization-management/try-a-b2b-use-case/ [2] https://github.com/wso2-support/identity-inbound-auth-oauth/blob/support-7.0.26.x-full/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L707