From 807fc2f10581f4afc0bc0db0e5ac4caccb52812f Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Thu, 8 Feb 2024 13:40:00 +0530
Subject: [PATCH 1/8] Adds the fix "Fix the issue with hostname verification in
 resend account confirmation email flow."

---
 .../product/src/main/extensions/basicauth.jsp | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/modules/distribution/product/src/main/extensions/basicauth.jsp b/modules/distribution/product/src/main/extensions/basicauth.jsp
index 3677d95b3d..6119a643a3 100644
--- a/modules/distribution/product/src/main/extensions/basicauth.jsp
+++ b/modules/distribution/product/src/main/extensions/basicauth.jsp
@@ -16,6 +16,9 @@
   ~ under the License.
   --%>
 
+<%@ page import="org.apache.cxf.jaxrs.client.Client" %>
+<%@ page import="org.apache.cxf.configuration.jsse.TLSClientParameters" %>
+<%@ page import="org.apache.cxf.transport.http.HTTPConduit" %>
 <%@ page import="org.apache.cxf.jaxrs.client.JAXRSClientFactory" %>
 <%@ page import="org.apache.cxf.jaxrs.provider.json.JSONProvider" %>
 <%@ page import="org.apache.cxf.jaxrs.client.WebClient" %>
@@ -47,6 +50,12 @@
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApplicationDataRetrievalClientException" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClient" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClientException" %>
+<%@ page import="org.wso2.carbon.utils.CustomHostNameVerifier" %>
+<%@ page import="javax.net.ssl.HostnameVerifier" %>
+<%@ page import="static org.wso2.carbon.CarbonConstants.ALLOW_ALL" %>
+<%@ page import="static org.wso2.carbon.CarbonConstants.DEFAULT_AND_LOCALHOST" %>
+<%@ page import="static org.wso2.carbon.CarbonConstants.HOST_NAME_VERIFIER" %>
+<%@ page import="org.apache.http.conn.ssl.AllowAllHostnameVerifier" %>
 
 <jsp:directive.include file="includes/init-loginform-action-url.jsp"/>
 <jsp:directive.include file="plugins/basicauth-extensions.jsp"/>
@@ -206,6 +215,32 @@
 
         SelfUserRegistrationResource selfUserRegistrationResource = JAXRSClientFactory
                 .create(url, SelfUserRegistrationResource.class, providers);
+
+        Client client = WebClient.client(selfUserRegistrationResource);
+        HTTPConduit conduit = WebClient.getConfig(client).getHttpConduit();
+        TLSClientParameters tlsParams = conduit.getTlsClientParameters();
+        if (tlsParams == null) {
+            tlsParams = new TLSClientParameters();
+        }
+        HostnameVerifier allowAllHostnameVerifier = new AllowAllHostnameVerifier();
+        if (EndpointConfigManager.isHostnameVerificationEnabled()) {
+            if (DEFAULT_AND_LOCALHOST.equals(System.getProperty(HOST_NAME_VERIFIER))) {
+                /*
+                 * If hostname verifier is set to DefaultAndLocalhost, allow following domains in addition to the
+                 * hostname:
+                 *      ["::1", "127.0.0.1", "localhost", "localhost.localdomain"]
+                 */
+                tlsParams.setHostnameVerifier(new CustomHostNameVerifier());
+            } else if (ALLOW_ALL.equals(System.getProperty(HOST_NAME_VERIFIER))) {
+                // If hostname verifier is set to AllowAll, disable hostname verification.
+                tlsParams.setHostnameVerifier(allowAllHostnameVerifier);
+            }
+        } else {
+            // Disable hostname verification
+            tlsParams.setHostnameVerifier(allowAllHostnameVerifier);
+        }
+        conduit.setTlsClientParameters(tlsParams);
+
         WebClient.client(selfUserRegistrationResource).header("Authorization", header);
         Response selfRegistrationResponse = selfUserRegistrationResource.regenerateCode(selfRegistrationRequest);
         if (selfRegistrationResponse != null &&  selfRegistrationResponse.getStatus() == HttpStatus.SC_CREATED) {

From 6e9959ffed0c452f2e8a3688e3287c769245218e Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Mon, 19 Feb 2024 11:47:39 +0530
Subject: [PATCH 2/8] Adds the fix "Validate callback urls & fix open
 redirection vulnerability"

---
 .../self-registration-with-verification.jsp   | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
index ea299d3ed4..989475414f 100644
--- a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
+++ b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
@@ -27,6 +27,9 @@
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementServiceUtil" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointUtil" %>
+<%@ page import="org.wso2.carbon.identity.recovery.IdentityRecoveryConstants" %>
+<%@ page import="org.wso2.carbon.identity.base.IdentityRuntimeException" %>
+<%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApiException" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.api.ReCaptchaApi" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.ReCaptchaProperties" %>
@@ -107,6 +110,22 @@
         return;
     }
 
+    try {
+        if (StringUtils.isNotBlank(callback) && !Utils.validateCallbackURL(callback, tenantDomain,
+            IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
+            request.setAttribute("error", true);
+            request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
+                "Callback.url.format.invalid"));
+            request.getRequestDispatcher("error.jsp").forward(request, response);
+            return;
+        }
+    } catch (IdentityRuntimeException e) {
+        request.setAttribute("error", true);
+        request.setAttribute("errorMsg", e.getMessage());
+        request.getRequestDispatcher("error.jsp").forward(request, response);
+        return;
+    }
+
     if (StringUtils.isBlank(callback)) {
         callback = IdentityManagementEndpointUtil.getUserPortalUrl(
                 application.getInitParameter(IdentityManagementEndpointConstants.ConfigConstants.USER_PORTAL_URL), tenantDomain);

From 70e7c5a977f21c3bbf5d0b9366c3bdea08769706 Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Mon, 19 Feb 2024 13:22:19 +0530
Subject: [PATCH 3/8] Adds the fix "Fix tenantDomain param issue when T is
 capital in param"

---
 modules/distribution/product/src/main/extensions/header.jsp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/distribution/product/src/main/extensions/header.jsp b/modules/distribution/product/src/main/extensions/header.jsp
index c461e380e5..99d246b21c 100644
--- a/modules/distribution/product/src/main/extensions/header.jsp
+++ b/modules/distribution/product/src/main/extensions/header.jsp
@@ -31,6 +31,9 @@
 
 <%
   String tenant = request.getParameter("tenantDomain");
+  if (tenant == null) {
+        tenant = request.getParameter("TenantDomain");
+    }
   if (tenant == null) {
       String cb = request.getParameter("callback");
       cb = StringUtils.replace(cb, " ", "");
@@ -39,7 +42,7 @@
           String decodedValue = uri.getQuery();
           String[] params = decodedValue.split("&");
           for (String param : params) {
-              if (param.startsWith("tenantDomain=")) {
+              if (param.startsWith("tenantDomain=") || param.startsWith("TenantDomain=")) {
                   String[] keyVal = param.split("=");
                   tenant = keyVal[1];
               }

From 471916cf040dd5e206be679abab5c97ac2e13f0d Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Tue, 20 Feb 2024 11:33:15 +0530
Subject: [PATCH 4/8] Adds the fix "Add auth endpoint parameter filtering
 config"

---
 .../product/src/main/resources/conf/infer.json            | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/distribution/product/src/main/resources/conf/infer.json b/modules/distribution/product/src/main/resources/conf/infer.json
index 57c5a63a5e..7eafae85b9 100644
--- a/modules/distribution/product/src/main/resources/conf/infer.json
+++ b/modules/distribution/product/src/main/resources/conf/infer.json
@@ -136,5 +136,13 @@
       "broker.transport.amqp.enabled": false,
       "apim.throttling.enable_policy_deployment": false
     }
+  },
+  "authenticationendpoint.enable_shortened_urls": {
+    "false": {
+      "authentication.endpoint.redirect_params.filter_policy": "exclude",
+      "authentication.endpoint.redirect_params.parameters": [
+        "loggedInUser"
+      ]
+    }
   }
 }

From 7b6651a3b0ada0c4b99517c6ab0dd4d6b298c519 Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Tue, 20 Feb 2024 20:03:14 +0530
Subject: [PATCH 5/8] Remove the if clause related to isIdentifierFirstLogin
 which is not used in api manager

---
 .../product/src/main/extensions/login.jsp     | 22 -------------------
 1 file changed, 22 deletions(-)

diff --git a/modules/distribution/product/src/main/extensions/login.jsp b/modules/distribution/product/src/main/extensions/login.jsp
index af318156f8..839efd9c00 100644
--- a/modules/distribution/product/src/main/extensions/login.jsp
+++ b/modules/distribution/product/src/main/extensions/login.jsp
@@ -142,28 +142,6 @@
     String username = null;
     String usernameIdentifier = null;
 
-    if (isIdentifierFirstLogin(inputType)) {
-        String authAPIURL = application.getInitParameter(Constants.AUTHENTICATION_REST_ENDPOINT_URL);
-        if (StringUtils.isBlank(authAPIURL)) {
-            authAPIURL = IdentityUtil.getServerURL("/api/identity/auth/v1.1/", true, true);
-        }
-        if (!authAPIURL.endsWith("/")) {
-            authAPIURL += "/";
-        }
-        authAPIURL += "context/" + request.getParameter("sessionDataKey");
-        String contextProperties = AuthContextAPIClient.getContextProperties(authAPIURL);
-        Gson gson = new Gson();
-        Map<String, Object> parameters = gson.fromJson(contextProperties, Map.class);
-        if (parameters != null) {
-            username = (String) parameters.get("username");
-            usernameIdentifier = (String) parameters.get("username");
-        } else {
-            String redirectURL = "error.do";
-            response.sendRedirect(redirectURL);
-            return;
-        }
-    }
-
     // Login context request url.
     String sessionDataKey = request.getParameter("sessionDataKey");
     String appName = request.getParameter("sp");

From c5a83d44a985a32e2c39ae47afae7437492f8d16 Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Wed, 21 Feb 2024 15:46:26 +0530
Subject: [PATCH 6/8] Add the fix "Show account lock error message on the login
 page"

---
 .../product/src/main/extensions/basicauth.jsp             | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/distribution/product/src/main/extensions/basicauth.jsp b/modules/distribution/product/src/main/extensions/basicauth.jsp
index 6119a643a3..4099a3be9d 100644
--- a/modules/distribution/product/src/main/extensions/basicauth.jsp
+++ b/modules/distribution/product/src/main/extensions/basicauth.jsp
@@ -268,7 +268,13 @@
         }
     %>
 
-    <% if (Boolean.parseBoolean(loginFailed)) { %>
+    <% if (StringUtils.equals(request.getParameter("errorCode"), IdentityCoreConstants.USER_ACCOUNT_LOCKED_ERROR_CODE) &&
+            StringUtils.equals(request.getParameter("remainingAttempts"), "0") ) { %>
+        <div class="ui visible negative message" id="error-msg" data-testid="login-page-error-message">
+            <%=AuthenticationEndpointUtil.i18n(resourceBundle, "error.user.account.locked.incorrect.login.attempts")%>
+        </div>
+    <% } else if (Boolean.parseBoolean(loginFailed) &&
+            !errorCode.equals(IdentityCoreConstants.USER_ACCOUNT_NOT_CONFIRMED_ERROR_CODE)) { %>
     <div class="ui visible negative message" id="error-msg" data-testid="login-page-error-message">
         <%= AuthenticationEndpointUtil.i18n(resourceBundle, errorMessage) %>
     </div>

From 0000e98a8de86817c67464ba251c1d5d987b3a96 Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Thu, 29 Feb 2024 17:25:38 +0530
Subject: [PATCH 7/8] Fix formatting of privacy-policy-content.jsp

---
 .../product/src/main/extensions/privacy-policy-content.jsp      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp b/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp
index cf5cedd06f..f97687b650 100644
--- a/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp
+++ b/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp
@@ -16,7 +16,7 @@
   ~ under the License.
 --%>
 
-<%-- page content -->
+<%-- page content --%>
 <div class="ui grid">
     <div class="two column row"></div>
         <div class="four wide computer four wide tablet column">

From 83a55c3d7c67fef7124009e0a55ccbfdd7140bec Mon Sep 17 00:00:00 2001
From: rusirijayodaillesinghe <rusiri@wso2.com>
Date: Thu, 29 Feb 2024 17:33:58 +0530
Subject: [PATCH 8/8] Add api#identity#auth#v1.1.war from
 identity-local-auth-api, as a new feature module.

---
 .../product/src/main/assembly/bin.xml         |  11 ++
 .../pom.xml                                   | 158 ++++++++++++++++++
 .../src/main/resources/p2.inf                 |   5 +
 modules/p2-profile/product/pom.xml            |   7 +
 pom.xml                                       |   1 +
 5 files changed, 182 insertions(+)
 create mode 100644 modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/pom.xml
 create mode 100644 modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/src/main/resources/p2.inf

diff --git a/modules/distribution/product/src/main/assembly/bin.xml b/modules/distribution/product/src/main/assembly/bin.xml
index 2df75d517f..b49e765f39 100644
--- a/modules/distribution/product/src/main/assembly/bin.xml
+++ b/modules/distribution/product/src/main/assembly/bin.xml
@@ -712,6 +712,17 @@
                 <include>client-registration#v0.17.war</include>
             </includes>
         </fileSet>
+        <fileSet>
+            <directory>
+                ../../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps
+            </directory>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
+            </outputDirectory>
+            <includes>
+                <include>api#identity#auth#v1.1.war</include>
+            </includes>
+        </fileSet>
+
 
 
         <!-- Copy sample calculator api webapp-->
diff --git a/modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/pom.xml b/modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/pom.xml
new file mode 100644
index 0000000000..31527b093f
--- /dev/null
+++ b/modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/pom.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com) All Rights Reserved.
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied. See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>am-features</artifactId>
+        <groupId>org.wso2.am</groupId>
+        <version>4.3.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>org.wso2.carbon.identity.local.auth.api.endpoint.feature</artifactId>
+    <packaging>pom</packaging>
+    <name>WSO2 Identity -  Authentication REST API Endpoint Feature</name>
+    <description>WSO2 Identity - Authentication REST API endpoint Feature</description>
+
+    <reporting>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-project-info-reports-plugin</artifactId>
+                <reportSets>
+                    <reportSet>
+                        <configuration>
+                            <skip>true</skip>
+                        </configuration>
+                    </reportSet>
+                </reportSets>
+            </plugin>
+        </plugins>
+    </reporting>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+                                    <artifactId>org.wso2.carbon.identity.local.auth.api.endpoint</artifactId>
+                                    <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+                                    <overWrite>true</overWrite>
+                                    <type>war</type>
+                                    <outputDirectory>${basedir}/src/main/resources/</outputDirectory>
+                                    <destFileName>api#identity#auth#v1.1.war</destFileName>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-resources</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>src/main/resources</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>resources</directory>
+                                    <includes>
+                                        <include>api#identity#auth#v1.1.war</include>
+                                        <include>p2.inf</include>
+                                        <include>build.properties</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.wso2.maven</groupId>
+                <artifactId>carbon-p2-plugin</artifactId>
+                <version>1.5.3</version>
+                <executions>
+                    <execution>
+                        <id>p2-feature-generation</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>p2-feature-gen</goal>
+                        </goals>
+                        <configuration>
+                            <id>org.wso2.carbon.identity.local.auth.api.endpoint</id>
+                            <propertiesFile>../etc/feature.properties</propertiesFile>
+                            <adviceFile>
+                                <properties>
+                                    <propertyDef>org.wso2.carbon.p2.category.type:server
+                                    </propertyDef>
+                                    <propertyDef>org.eclipse.equinox.p2.type.group:false
+                                    </propertyDef>
+                                </properties>
+                            </adviceFile>
+                            <bundles>
+                                <bundleDef>
+                                    org.wso2.carbon.identity.local.auth.api:org.wso2.carbon.identity.local.auth.api.core:${org.wso2.carbon.identity.local.auth.api.version}
+                                </bundleDef>
+                            </bundles>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+            <artifactId>org.wso2.carbon.api.server.local.auth.api</artifactId>
+            <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+            <artifactId>org.wso2.carbon.identity.local.auth.api.core</artifactId>
+            <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+            <artifactId>org.wso2.carbon.identity.local.auth.api.endpoint</artifactId>
+            <type>war</type>
+            <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+        </dependency>
+
+    </dependencies>
+
+</project>
diff --git a/modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/src/main/resources/p2.inf b/modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/src/main/resources/p2.inf
new file mode 100644
index 0000000000..445a3faef4
--- /dev/null
+++ b/modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/src/main/resources/p2.inf
@@ -0,0 +1,5 @@
+instructions.configure = \
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/);\
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/);\
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.identity.local.auth.api.endpoint_${feature.version}/api#identity#auth#v1.1.war,target:${installFolder}/../../deployment/server/webapps/api#identity#auth#v1.1.war,overwrite:true);\
diff --git a/modules/p2-profile/product/pom.xml b/modules/p2-profile/product/pom.xml
index 2b35f28d36..65425108be 100644
--- a/modules/p2-profile/product/pom.xml
+++ b/modules/p2-profile/product/pom.xml
@@ -304,6 +304,9 @@
                                 <featureArtifactDef>
                                     org.wso2.am:org.wso2.am.security.feature:${apimserver.version}
                                 </featureArtifactDef>
+                                <featureArtifactDef>
+                                    org.wso2.am:org.wso2.carbon.identity.local.auth.api.endpoint.feature:${apimserver.version}
+                                </featureArtifactDef>
 
                                 <featureArtifactDef>
                                     org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.cache.invalidation.feature:${carbon.apimgt.version}
@@ -1030,6 +1033,10 @@
                                     <id>org.wso2.carbon.identity.data.publisher.application.authentication.server.feature.group</id>
                                     <version>${carbon.identity-data-publisher-application-authentication.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.identity.local.auth.api.endpoint.feature.group</id>
+                                    <version>${apimserver.version}</version>
+                                </feature>
 
                             
                                 <feature>
diff --git a/pom.xml b/pom.xml
index 6cab144c82..07a4da7308 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1328,6 +1328,7 @@
         <carbon.identity-data-publisher-oauth.version>1.6.10</carbon.identity-data-publisher-oauth.version>
         <carbon.identity-user-ws.version>5.7.5</carbon.identity-user-ws.version>
         <carbon.identity-inbound-auth-openid.version>5.9.8</carbon.identity-inbound-auth-openid.version>
+        <org.wso2.carbon.identity.local.auth.api.version>2.5.6</org.wso2.carbon.identity.local.auth.api.version>
         <carbon.identity-local-auth-basicauth.version>6.7.32</carbon.identity-local-auth-basicauth.version>
         <carbon.identity-outbound-auth-samlsso.version>5.8.11</carbon.identity-outbound-auth-samlsso.version>
         <carbon.identity-metadata-saml2.version>1.7.70</carbon.identity-metadata-saml2.version>