Hi Rushmin, If I remember correctly, we have two options in JWT generation. If <AddClaimsSelectively> option is set to true then the claims are taken from SAML Response and populate the JWT. If that property is set to false, then we take the all claims from user store where it can cause the issue that you have pointed.
+1 for checking user existence before retrieving claims from user store. On a side note, applications that having multiple authenticators have to provision the user if application is depend on some claims from our user store. Regards, Dinusha. On Thu, Jun 30, 2016 at 4:43 PM, Rushmin Fernando <[email protected]> wrote: > [+ dev@] > > On Thu, Jun 30, 2016 at 4:41 PM, Rushmin Fernando <[email protected]> > wrote: > >> One thing we can do is, check whether the user is available using >> userStoreManager.isExistingUser() method call before the line [1] >> >> >> [1] >> https://github.com/wso2/carbon-appmgt/blob/master/components/org.wso2.carbon.appmgt.impl/src/main/java/org/wso2/carbon/appmgt/impl/token/DefaultClaimsRetriever.java#L91 >> >> On Thu, Jun 30, 2016 at 4:31 PM, Rushmin Fernando <[email protected]> >> wrote: >> >>> >>> Sajith / Dinusha, >>> >>> In our default JWT implementation it tries to get the claims of the user >>> from the gateway node's user store. >>> >>> But when it comes to the enterprise subscription scenario, the >>> authenticated user doesn't exist in the node's user store ( because the >>> user is authenticated by a third party IDP like google ) >>> >>> The impact is, we can't enable enterprise subscription since it gives an >>> error while generating the JWT >>> >>> Is this something we have discussed before ? >>> >>> >> > >>> >>> >>> -- >>> *Best Regards* >>> >>> *Rushmin Fernando* >>> *Technical Lead* >>> >>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>> >>> mobile : +94772891266 >>> >>> >>> >> >> >> -- >> *Best Regards* >> >> *Rushmin Fernando* >> *Technical Lead* >> >> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >> >> mobile : +94772891266 >> >> >> > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94772891266 > > > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
