All: With regards $subject[1] Here we have authentication flow and authorization flow. Token validation service is used at authentication and username is set by the validator. However, when "Use user store domain in local subject identifier" is not enabled in Local & Outbound Authentication Configuration usernames of secondary user-store users are set without the domain parameter. Since the user realm is configured depending on the tenant name when authorizing secondary user store users at Authorization Valve suffering from a caching issue which resulted in permission update ignorance. This issue is not affected to tenant users as the tenant is explicitly appended to the username at the time of authentication.
$subject can be overcome by enabling "Use user store domain in local subject identifier" in Local & Outbound Authentication Configuration However one of the main issues is OAuth token is used to authenticate the user in AuthenticationValve. We have to reaccess the validity of this design approach as well. Please provide your feedback on the $subject. [1] https://github.com/wso2/product-is/issues/5078 Best Regards Isuranga Perera -- *Isuranga Perera* | Software Engineer | WSO2 Inc. +94 71 735 7034 | [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
