From 279171cc3ef7f118be1eef8a2cf3132f55adae2b Mon Sep 17 00:00:00 2001 From: ChanikaRuchini Date: Fri, 16 Feb 2024 17:16:10 +0530 Subject: [PATCH] Disable application based outbound provisioning by default --- .../IdentityProvisioningConstants.java | 1 + .../OutboundProvisioningManager.java | 5 ++++- .../provisioning/ProvisioningUtil.java | 18 ++++++++++++++++++ .../resources/identity.xml | 1 + .../resources/identity.xml.j2 | 1 + ...n.identity.core.server.feature.default.json | 1 + 6 files changed, 26 insertions(+), 1 deletion(-) diff --git a/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/IdentityProvisioningConstants.java b/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/IdentityProvisioningConstants.java index 67b179f29c03..8ff8a4e942d3 100644 --- a/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/IdentityProvisioningConstants.java +++ b/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/IdentityProvisioningConstants.java @@ -48,6 +48,7 @@ public class IdentityProvisioningConstants { // Outbound provisioning constants. public static final String USE_USER_TENANT_DOMAIN_FOR_OUTBOUND_PROVISIONING_IN_SAAS_APPS = "OutboundProvisioning.useUserTenantDomainInSaasApps"; + public static final String APPLICATION_BASED_OUTBOUND_PROVISIONING_ENABLED = "OutboundProvisioning.enableApplicationBasedOutboundProvisioning"; public static class SQLQueries { diff --git a/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/OutboundProvisioningManager.java b/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/OutboundProvisioningManager.java index afa05e30e268..a080d21dc1ee 100644 --- a/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/OutboundProvisioningManager.java +++ b/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/OutboundProvisioningManager.java @@ -71,6 +71,7 @@ import static org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants.ASK_PASSWORD_CLAIM; import static org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants.GROUP_CLAIM_URI; import static org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants.SELF_SIGNUP_ROLE; +import static org.wso2.carbon.identity.provisioning.ProvisioningUtil.isApplicationBasedOutboundProvisioningEnabled; import static org.wso2.carbon.identity.provisioning.ProvisioningUtil.isUserTenantBasedOutboundProvisioningEnabled; /** @@ -347,7 +348,9 @@ public void provision(ProvisioningEntity provisioningEntity, String serviceProvi } // Any provisioning request coming via Console, considered as coming from the resident SP. - if (StringUtils.equals(CONSOLE_APPLICATION_NAME, serviceProviderIdentifier)) { + // If the application based outbound provisioning is disabled, resident SP configuration will be used. + if (StringUtils.equals(CONSOLE_APPLICATION_NAME, serviceProviderIdentifier) || + !isApplicationBasedOutboundProvisioningEnabled()) { serviceProviderIdentifier = LOCAL_SP; inboundClaimDialect = IdentityProvisioningConstants.WSO2_CARBON_DIALECT; } diff --git a/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/ProvisioningUtil.java b/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/ProvisioningUtil.java index 7573350a58f8..17e8bc1eb36a 100644 --- a/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/ProvisioningUtil.java +++ b/components/provisioning/org.wso2.carbon.identity.provisioning/src/main/java/org/wso2/carbon/identity/provisioning/ProvisioningUtil.java @@ -39,6 +39,7 @@ import java.util.List; import java.util.Map; +import static org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants.APPLICATION_BASED_OUTBOUND_PROVISIONING_ENABLED; import static org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants.USE_USER_TENANT_DOMAIN_FOR_OUTBOUND_PROVISIONING_IN_SAAS_APPS; public class ProvisioningUtil { @@ -586,4 +587,21 @@ public static boolean isOutboundProvisioningEnabled(String serviceProviderIdenti } return true; } + + /** + * Check whether the application based outbound provisioning is enabled. + * + * @return true if applicationBasedOutboundProvisioningEnabled config is enabled. + */ + public static boolean isApplicationBasedOutboundProvisioningEnabled() { + + boolean applicationBasedOutboundProvisioningEnabled = false; + + if (StringUtils.isNotEmpty( + IdentityUtil.getProperty(APPLICATION_BASED_OUTBOUND_PROVISIONING_ENABLED))) { + applicationBasedOutboundProvisioningEnabled = Boolean + .parseBoolean(IdentityUtil.getProperty(APPLICATION_BASED_OUTBOUND_PROVISIONING_ENABLED)); + } + return applicationBasedOutboundProvisioningEnabled; + } } diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml index 27ab8e861585..2c926536c6e9 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml @@ -1177,6 +1177,7 @@ true + false diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 index 7078b0577b59..756c603eac15 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 @@ -1841,6 +1841,7 @@ --> {{outbound_provisioning_management.use_user_tenant_domain_in_saas_apps}} {% endif %} + {{outbound_provisioning_management.enable_application_based_outbound_provisioning}} diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json index 12278bcf9121..30690eeb1b01 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json @@ -493,6 +493,7 @@ "idp_role_management.return_only_mapped_local_roles": true, "idp_role_management.return_manually_added_local_roles": true, "outbound_provisioning_management.reset_provisioning_entities_on_config_update": true, + "outbound_provisioning_management.enable_application_based_outbound_provisioning": false, "authentication_policy.check_account_exist": true, "authentication.jit_provisioning.username_provisioning_url": "/accountrecoveryendpoint/register.do",