Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide capability to update shared user profile and resolve the shared profile based on organization hierarchy #22126

Open
AnuradhaSK opened this issue Jan 1, 2025 · 1 comment
Open

Provide capability to update shared user profile and resolve the shared profile based on organization hierarchy #22126

AnuradhaSK opened this issue Jan 1, 2025 · 1 comment
Assignees
@AnuradhaSK
Labels
Team/B2B Type/NewFeature
Milestone
7.1.0-alpha

Comments

@AnuradhaSK
Copy link
Contributor

Problem

WSO2 Identity Server (IS) currently has user sharing functionality to allow a single user identity to belong to multiple organizations, with the parent organization managing the user’s credentials. Once a user is shared with sub-organizations, different entitlements (roles and groups) can be assigned to the user within those sub-organizations. However, there is a restriction as user’s profile cannot be edited.
Therefore, there is no way to manage or customize specific attributes for that user on a per-organization basis.

Proposed Solution

To address this, we introduce a metadata property for each local user attributes (attributes managed at user stores external to IS) and identity attribute(attributes managed at the IS data layer) named “SharedProfileValueResolvingMethod”, which can have one of the following values:

  • FromOrigin
  • FromSharedProfile
  • FromFirstFoundInHierarchy

Also, allow to edit the attributes in the shared profile if the above mentioned metadata is set to FromSharedProfile or FromFirstFoundInHierarchy.

Then, resolve the shared user profile according to claim's SharedProfileValueResolvingMethod value.
Screenshot 2025-01-01 at 08 44 56

Alternatives

No response

Version

7.1.0
@AnuradhaSK AnuradhaSK self-assigned this Jan 1, 2025
@AnuradhaSK AnuradhaSK moved this to In Progress in Identity Server 7.1.0 Jan 1, 2025
@AnuradhaSK AnuradhaSK added this to the 7.1.0-alpha milestone Jan 1, 2025
@AnuradhaSK
Copy link
Contributor Author

AnuradhaSK commented Jan 1, 2025
edited
Loading

PRs:

BE PRs:

  1. Add getLocalClaim service to claim meta data mgt service carbon-identity-framework#6245
  2. Add SharedProfileValueResolvingMethod meta data to local claims carbon-identity-framework#6246
  3. Validate SharedProfileValueResolvingMethod change on claim update  carbon-identity-framework#6247
  4. Set Default SharedProfileValueResolvingMethod for local claims in Unified Claim Manager carbon-identity-framework#6302
  5. Return SharedProfileValueResolvingMethod property value for each claim in /scim2/Schemas API  wso2-extensions/identity-inbound-provisioning-scim2#592
  6. Add sharedProfileValueResolvingMethod as first class attribute to claim mgt API identity-api-server#766
  7. Govern Shared profile claim update based on SharedProfileValueResolvingMethod  wso2-extensions/identity-organization-management#426
  8. Add configuration to configure enable state and orderID for shared profile update governance listener carbon-identity-framework#6315
  9. Add a util method to return isSharedUserProfileResolverEnabled wso2-extensions/identity-organization-management#430
  10. Resolve shared user profile for JWT tokens and userinfo wso2-extensions/identity-inbound-auth-oauth#2688

This was referenced Jan 1, 2025
Merged
Merged
Merged
Merged
Merged
Open
@AnuradhaSK AnuradhaSK mentioned this issue Jan 9, 2025
Merged
This was referenced Jan 21, 2025
Merged
Merged
Merged
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AnuradhaSK AnuradhaSK

Labels
Team/B2B Type/NewFeature
Projects
Identity Server 7.1.0
Status: In Progress
Milestone
7.1.0-alpha
Development

No branches or pull requests
1 participant
@AnuradhaSK