Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

preferredMFAOption related claims are not available in IS-7.0.0 #18857

Closed
AnuradhaSK opened this issue Jan 9, 2024 · 4 comments
Closed

preferredMFAOption related claims are not available in IS-7.0.0 #18857

AnuradhaSK opened this issue Jan 9, 2024 · 4 comments
Assignees
@UdeshAthukorala
Labels
Affected/7.0.0 beta5 Fixed/7.0.0 Priority/Highest Severity/Critical Type/Bug
Milestone
7.0.0-beta5

Comments

@AnuradhaSK
Copy link
Contributor

Describe the issue:

preferredMFAOption local claim and scim claim are not available in IS-7.0.0
Due to that failed to try out
https://is.docs.wso2.com/en/next/guides/authentication/mfa/user-preferred-mfa-login/#configure-application-login-for-user-preferred-mfa
@AnuradhaSK AnuradhaSK added this to the 7.0.0-beta5 milestone Jan 9, 2024
@AnuradhaSK AnuradhaSK modified the milestones: 7.0.0-beta5, 7.0.0-rc1 Jan 9, 2024
@UdeshAthukorala UdeshAthukorala self-assigned this Jan 9, 2024
This was referenced Jan 10, 2024
Merged
Merged
@UdeshAthukorala
Copy link
Contributor

This will be fixed with

@UdeshAthukorala
Copy link
Contributor

Migration Task for this newly introduced Identity claim is tracked via: #18889

@UdeshAthukorala UdeshAthukorala mentioned this issue Jan 11, 2024
Closed
@UdeshAthukorala
Copy link
Contributor

When testing the flow found the following gaps in the IS 7.0 documentation(https://is.docs.wso2.com/en/next/guides/authentication/mfa/user-preferred-mfa-login/#configure-application-login-for-user-preferred-mfa) & following changes need to be done for fix them.

  1. Sample adaptive authentication script(https://is.docs.wso2.com/en/next/guides/authentication/mfa/user-preferred-mfa-login/#configure-application-login-for-user-preferred-mfa:~:text=var%20onLoginRequest%20%3D,%7D%0A%20%20%20%20%7D)%3B%20%20%0A%7D%3B) needs to be change as given below to skip throwing null pointer exception when there is no preferredMFAOption claim available for the user.

    var onLoginRequest = function(context) {
    executeStep(1, {
        onSuccess: function (context) {
            var preferredClaimURI = 'http://wso2.org/claims/identity/preferredMFAOption';
            var user = context.steps[1].subject;
            var preferredClaim = user.localClaims[preferredClaimURI];

            if(preferredClaim != null) {  
	    var jsonObj = JSON.parse(preferredClaim);
	    var authenticationOption = jsonObj.authenticationOption;
	    Log.info("preferredClaim authenticationOption " + authenticationOption); 
	    executeStep(2, {authenticationOptions: [{authenticator: authenticationOption}]}, {});
            } else {
                executeStep(2);
            }
        }
    });  
};

  2. Sample patch request payload also need to be update as given below since the scim2 schema & payload is incorrect.

    {
    "Operations": [
        {
            "op": "replace",
            "value": {
                "name": {
                    "givenName": "liya"
                }
            }
        },
        {
            "op": "replace",
            "value": {
                "name": {
                    "familyName": "shaggy"
                }
            }
        },
        {
            "op": "replace",
            "value": {
                "phoneNumbers": []
            }
        },
        {
            "op": "replace",
            "value": {
                "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
                    "preferredMFAOption": "{\"authenticationOption\":\"email-otp-authenticator\"}"
                }
            }
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ]
}

CC: @AnuradhaSK

@UdeshAthukorala
Copy link
Contributor

Closing the issue since the related Backend PRs are merged.

@AnuradhaSK AnuradhaSK mentioned this issue Jan 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@UdeshAthukorala UdeshAthukorala

Labels
Affected/7.0.0 beta5 Fixed/7.0.0 Priority/Highest Severity/Critical Type/Bug
Projects
Identity Server 7.0.0
Archived in project
Milestone
7.0.0-beta5
Development

No branches or pull requests
3 participants
@janakamarasena @AnuradhaSK @UdeshAthukorala