wso2 · DilshanSenarath · Jan 10, 2025 · Jan 14, 2025 · Jan 14, 2025
diff --git a/...arbon/identity/api/server/application/management/v1/AdvancedApplicationConfiguration.java b/...arbon/identity/api/server/application/management/v1/AdvancedApplicationConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -27,6 +27,7 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.AdditionalSpProperty;
 import org.wso2.carbon.identity.api.server.application.management.v1.AdvancedApplicationConfigurationAttestationMetaData;
 import org.wso2.carbon.identity.api.server.application.management.v1.Certificate;
+import org.wso2.carbon.identity.api.server.application.management.v1.DiscoverableGroup;
 import org.wso2.carbon.identity.api.server.application.management.v1.TrustedAppConfiguration;
 import javax.validation.constraints.*;
 
@@ -40,6 +41,7 @@ public class AdvancedApplicationConfiguration  {
 
     private Boolean saas;
     private Boolean discoverableByEndUsers;
+    private List<DiscoverableGroup> discoverableGroups = null;
     private Certificate certificate;
     private Boolean skipLoginConsent;
     private Boolean skipLogoutConsent;
@@ -90,6 +92,38 @@ public void setDiscoverableByEndUsers(Boolean discoverableByEndUsers) {
         this.discoverableByEndUsers = discoverableByEndUsers;
     }
 
+    /**
+    * List of groups from user stores where users in those groups can discover the application.
+    **/
+    public AdvancedApplicationConfiguration discoverableGroups(List<DiscoverableGroup> discoverableGroups) {
+
+        this.discoverableGroups = discoverableGroups;
+        return this;
+    }
+
+    @ApiModelProperty(value = "List of groups from user stores where users in those groups can discover the application.")
+    @JsonProperty("discoverableGroups")
+    @Valid
+    @Size(min=1)
+    public List<DiscoverableGroup> getDiscoverableGroups() {
+
+        return discoverableGroups;
+    }
+
+    public void setDiscoverableGroups(List<DiscoverableGroup> discoverableGroups) {
+
+        this.discoverableGroups = discoverableGroups;
+    }
+
+    public AdvancedApplicationConfiguration addDiscoverableGroupsItem(DiscoverableGroup discoverableGroupsItem) {
+
+        if (this.discoverableGroups == null) {
+            this.discoverableGroups = new ArrayList<>();
+        }
+        this.discoverableGroups.add(discoverableGroupsItem);
+        return this;
+    }
+
     /**
     **/
     public AdvancedApplicationConfiguration certificate(Certificate certificate) {
@@ -317,6 +351,7 @@ public boolean equals(java.lang.Object o) {
         AdvancedApplicationConfiguration advancedApplicationConfiguration = (AdvancedApplicationConfiguration) o;
         return Objects.equals(this.saas, advancedApplicationConfiguration.saas) &&
             Objects.equals(this.discoverableByEndUsers, advancedApplicationConfiguration.discoverableByEndUsers) &&
+            Objects.equals(this.discoverableGroups, advancedApplicationConfiguration.discoverableGroups) &&
             Objects.equals(this.certificate, advancedApplicationConfiguration.certificate) &&
             Objects.equals(this.skipLoginConsent, advancedApplicationConfiguration.skipLoginConsent) &&
             Objects.equals(this.skipLogoutConsent, advancedApplicationConfiguration.skipLogoutConsent) &&
@@ -332,7 +367,7 @@ public boolean equals(java.lang.Object o) {
 
     @Override
     public int hashCode() {
-        return Objects.hash(saas, discoverableByEndUsers, certificate, skipLoginConsent, skipLogoutConsent, useExternalConsentPage, returnAuthenticatedIdpList, enableAuthorization, fragment, enableAPIBasedAuthentication, attestationMetaData, trustedAppConfiguration, additionalSpProperties);
+        return Objects.hash(saas, discoverableByEndUsers, discoverableGroups, certificate, skipLoginConsent, skipLogoutConsent, useExternalConsentPage, returnAuthenticatedIdpList, enableAuthorization, fragment, enableAPIBasedAuthentication, attestationMetaData, trustedAppConfiguration, additionalSpProperties);
     }
 
     @Override
@@ -343,6 +378,7 @@ public String toString() {
 
         sb.append("    saas: ").append(toIndentedString(saas)).append("\n");
         sb.append("    discoverableByEndUsers: ").append(toIndentedString(discoverableByEndUsers)).append("\n");
+        sb.append("    discoverableGroups: ").append(toIndentedString(discoverableGroups)).append("\n");
         sb.append("    certificate: ").append(toIndentedString(certificate)).append("\n");
         sb.append("    skipLoginConsent: ").append(toIndentedString(skipLoginConsent)).append("\n");
         sb.append("    skipLogoutConsent: ").append(toIndentedString(skipLogoutConsent)).append("\n");

diff --git a/...java/org/wso2/carbon/identity/api/server/application/management/v1/DiscoverableGroup.java b/...java/org/wso2/carbon/identity/api/server/application/management/v1/DiscoverableGroup.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class DiscoverableGroup  {
+
+    private String userStore;
+    private List<String> groups = new ArrayList<>();
+
+
+    /**
+    * The user store domain to which the groups belong.
+    **/
+    public DiscoverableGroup userStore(String userStore) {
+
+        this.userStore = userStore;
+        return this;
+    }
+
+    @ApiModelProperty(example = "PRIMARY", required = true, value = "The user store domain to which the groups belong.")
+    @JsonProperty("userStore")
+    @Valid
+    @NotNull(message = "Property userStore cannot be null.")
+    public String getUserStore() {
+
+        return userStore;
+    }
+
+    public void setUserStore(String userStore) {
+
+        this.userStore = userStore;
+    }
+
+    /**
+    * List of group IDs configured for discoverability.
+    **/
+    public DiscoverableGroup groups(List<String> groups) {
+
+        this.groups = groups;
+        return this;
+    }
+
+    @ApiModelProperty(required = true, value = "List of group IDs configured for discoverability.")
+    @JsonProperty("groups")
+    @Valid
+    @NotNull(message = "Property groups cannot be null.")
+    @Size(min=1)
+    public List<String> getGroups() {
+
+        return groups;
+    }
+
+    public void setGroups(List<String> groups) {
+
+        this.groups = groups;
+    }
+
+    public DiscoverableGroup addGroupsItem(String groupsItem) {
+
+        this.groups.add(groupsItem);
+        return this;
+    }
+
+
+
+    @Override
+    public boolean equals(java.lang.Object o) {
+
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        DiscoverableGroup discoverableGroup = (DiscoverableGroup) o;
+        return Objects.equals(this.userStore, discoverableGroup.userStore) &&
+            Objects.equals(this.groups, discoverableGroup.groups);
+    }
+
+    @Override
+    public int hashCode() {
+
+        return Objects.hash(userStore, groups);
+    }
+
+    @Override
+    public String toString() {
+
+        StringBuilder sb = new StringBuilder();
+        sb.append("class DiscoverableGroup {\n");
+        sb.append("    userStore: ").append(toIndentedString(userStore)).append("\n");
+        sb.append("    groups: ").append(toIndentedString(groups)).append("\n");
+        sb.append("}");
+        return sb.toString();
+    }
+
+    /**
+    * Convert the given object to string with each line indented by 4 spaces
+    * (except the first line).
+    */
+    private String toIndentedString(java.lang.Object o) {
+
+        if (o == null) {
+            return "null";
+        }
+        return o.toString().replace("\n", "\n");
+    }
+}
diff --git a/...erver/application/management/v1/core/functions/application/ServiceProviderToApiModel.java b/...erver/application/management/v1/core/functions/application/ServiceProviderToApiModel.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2019-2025, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -36,6 +36,7 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.Claim;
 import org.wso2.carbon.identity.api.server.application.management.v1.ClaimConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.ClaimMappings;
+import org.wso2.carbon.identity.api.server.application.management.v1.DiscoverableGroup;
 import org.wso2.carbon.identity.api.server.application.management.v1.InboundProtocolListItem;
 import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.RequestedClaimConfiguration;
@@ -454,6 +455,7 @@ private AdvancedApplicationConfiguration buildAdvancedAppConfiguration(ServicePr
         return new AdvancedApplicationConfiguration()
                 .saas(serviceProvider.isSaasApp())
                 .discoverableByEndUsers(serviceProvider.isDiscoverable())
+                .discoverableGroups(getDiscoverableGroups(serviceProvider))
                 .enableAuthorization(authConfig.isEnableAuthorization())
                 .returnAuthenticatedIdpList(authConfig.isAlwaysSendBackAuthenticatedListOfIdPs())
                 .skipLoginConsent(authConfig.isSkipConsent())
@@ -467,6 +469,30 @@ private AdvancedApplicationConfiguration buildAdvancedAppConfiguration(ServicePr
                 .additionalSpProperties(getSpProperties(serviceProvider));
     }
 
+    /**
+     * Retrieves the discoverable group list for an application's advanced configuration based on the provided
+     * service provider.
+     *
+     * @param serviceProvider The service provider for which discoverable group list is required.
+     * @return An instance of List<DiscoverableGroup> containing discoverable groups.
+     */
+    private List<DiscoverableGroup> getDiscoverableGroups(ServiceProvider serviceProvider) {
+
+        if (serviceProvider.getDiscoverableGroups() == null || serviceProvider.getDiscoverableGroups().length == 0) {
+            return null;
+        }
+
+        List<DiscoverableGroup> apiDiscoverableGroups = new ArrayList<>();
+        for (org.wso2.carbon.identity.application.common.model.DiscoverableGroup discoverableGroup
+                : serviceProvider.getDiscoverableGroups()) {
+            DiscoverableGroup apiDiscoverableGroup = new DiscoverableGroup();
+            apiDiscoverableGroup.setUserStore(discoverableGroup.getUserStore());
+            apiDiscoverableGroup.setGroups(Arrays.asList(discoverableGroup.getGroups()));
+            apiDiscoverableGroups.add(apiDiscoverableGroup);
+        }
+        return apiDiscoverableGroups;
+    }
+
     /**
      * Retrieves the attestation metadata for an application's advanced configuration based on the provided
      * service provider.

diff --git a/...er/application/management/v1/core/functions/application/UpdateAdvancedConfigurations.java b/...er/application/management/v1/core/functions/application/UpdateAdvancedConfigurations.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2019-2025, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,13 +20,15 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.AdditionalSpProperty;
 import org.wso2.carbon.identity.api.server.application.management.v1.AdvancedApplicationConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.Certificate;
+import org.wso2.carbon.identity.api.server.application.management.v1.DiscoverableGroup;
 import org.wso2.carbon.identity.api.server.application.management.v1.TrustedAppConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.UpdateFunction;
 import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
 import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.common.model.SpTrustedAppMetadata;
 
+import java.util.ArrayList;
 import java.util.List;
 
 import static org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.ErrorMessage.ADDITIONAL_SP_PROP_NOT_SUPPORTED;
@@ -49,6 +51,7 @@ public void apply(ServiceProvider serviceProvider,
             handleAdditionalSpProperties(advancedConfigurations.getAdditionalSpProperties());
             setIfNotNull(advancedConfigurations.getSaas(), serviceProvider::setSaasApp);
             setIfNotNull(advancedConfigurations.getDiscoverableByEndUsers(), serviceProvider::setDiscoverable);
+            updateDiscoverableGroupList(serviceProvider, advancedConfigurations);
 
             LocalAndOutboundAuthenticationConfig config = getLocalAndOutboundConfig(serviceProvider);
             setIfNotNull(advancedConfigurations.getSkipLoginConsent(), config::setSkipConsent);
@@ -83,6 +86,37 @@ public void apply(ServiceProvider serviceProvider,
         }
     }
 
+    /**
+     * Update the application properties according to the advanced configurations API model.
+     *
+     * @param serviceProvider        The service provider that requires updating with the properties specified in
+     *                               the given API model.
+     * @param advancedConfigurations The advanced configuration API model properties that need to be used to update
+     *                               the service provider.
+     */
+    private void updateDiscoverableGroupList(ServiceProvider serviceProvider,
+                                             AdvancedApplicationConfiguration advancedConfigurations) {
+
+        if (!serviceProvider.isDiscoverable() ||
+                advancedConfigurations.getDiscoverableGroups() == null ||
+                advancedConfigurations.getDiscoverableGroups().isEmpty()) {
+            return;
+        }
+
+        List<org.wso2.carbon.identity.application.common.model.DiscoverableGroup> discoverableGroups =
+                new ArrayList<>();
+        for (DiscoverableGroup apiDiscoverableGroup : advancedConfigurations.getDiscoverableGroups()) {
+            org.wso2.carbon.identity.application.common.model.DiscoverableGroup discoverableGroup =
+                    new org.wso2.carbon.identity.application.common.model.DiscoverableGroup();
+            discoverableGroup.setUserStore(apiDiscoverableGroup.getUserStore());
+            discoverableGroup.setGroups(apiDiscoverableGroup.getGroups().toArray(new String[0]));
+            discoverableGroups.add(discoverableGroup);
+        }
+        serviceProvider.setDiscoverableGroups(
+                discoverableGroups.toArray(
+                        new org.wso2.carbon.identity.application.common.model.DiscoverableGroup[0]));
+    }
+
     /**
      * Parses the Android attestation service credentials and converts them into a JSON string.
      *

diff --git a/...carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml b/...carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml
@@ -3112,6 +3112,12 @@ components:
           type: boolean
           example: false
           description: Decides whether the application is visible for end users.
+        discoverableGroups:
+          type: array
+          items:
+            $ref: '#/components/schemas/DiscoverableGroup'
+          minItems: 1
+          description: List of groups from user stores where users in those groups can discover the application.
         certificate:
           $ref: '#/components/schemas/Certificate'
         skipLoginConsent:
@@ -3211,6 +3217,23 @@ components:
           type: string
           description: Decides the apple app id for the application.
           example: "APPLETEAMID.com.org.mobile.sample"
+    DiscoverableGroup:
+      type: object
+      required:
+        - userStore
+        - groups
+      properties:
+        userStore:
+          type: string
+          description: The user store domain to which the groups belong.
+          example: "PRIMARY"
+        groups:
+          type: array
+          items:
+            type: string
+            example: "bf5abd05-3667-4a2a-a6c2-2fb9f4d26e47"
+          minItems: 1
+          description: List of group IDs configured for discoverability.
     Certificate:
       type: object
       properties: