Hi Ashen, Thanks for the explanation. however, in this case, the user is already present in the userstore by different user id (uuid is used as the identifier) and during the adaptive authentication process, it must identify if the current logging in user is already present in the userstore . the email claim acts as the unique identifier in this case. for example if the email of the current authenticating user is present in another user's email claim we should identify it as the same user and retrieve that users roles. I hope I am clear about my requirements. :)
Anyways I was able to retrieve the current user from userstore using the *getUniqueUserWithClaimValues *method.[1] and then retrieve the roles of that user successfully. The issue is solved now. [1] - https://github.com/wso2-extensions/identity-conditional-auth-functions/pull/43 <https://www.google.com/url?q=https://github.com/wso2-extensions/identity-conditional-auth-functions/pull/43&sa=D&source=hangouts&ust=1571738698374000&usg=AFQjCNHvbxARjo1SULca7W06DqXiqBdN6A> Thanks, Sameera On Fri, Oct 18, 2019 at 8:04 PM Ashen Weerathunga <[email protected]> wrote: > Hi Sameera, > > On Thu, Oct 17, 2019 at 8:04 PM Sameera Wickramasekara <[email protected]> > wrote: > >> Hi Devs, >> >> I am looking for a way to get the roles of a user in an adaptive >> authentication script in *IS 5.8.0* in the following special scenario. >> >> >> - The user authenticates through GitHub federated IDP. >> - The user can be already present in the user store registered from >> another means. >> - The email attribute will be used as the unique identifier (common >> attribute) to associate the user >> >> >> The requirement is to check if the user currently authenticating >> through GitHub already exists in the userstore with the same email address >> and if present, retrieve the list of roles for that user. >> currently we can retrieve the roles of the logging in user but it does >> not address the above scenario because IFAIU user association happens after >> the adaptive authentication process. >> > > Yes, the user association happens during the post-authentication process. > When you have enabled JIT provisioning for the GitHub federated IDP, during > the 1st login it will create a new user in the local user store with the > same username (email) and then it will associate the authenticated > federated user with the local user. > > When you try to do a role comparison during the authentication process via > an adaptive authentication function (eg: hasAnyOfTheRoles()), it will > retrieve the roles of the local user. Therefore in your case, if the user > is already created in the local userstore you should be able to check the > roles of the existing local user during the adaptive authentication > process. That way you should be able to achieve your requirement AFAIU. > > Thanks, > Ashen > > >> >> I have gone through resources [1] and skimmed through [2]. Appreciate if >> you could provide any insight into a solution. >> >> >> [1] - >> https://docs.wso2.com/display/IS580/Adaptive+Authentication+JS+API+Reference#AdaptiveAuthenticationJSAPIReference-contextObject >> [2] - >> https://github.com/wso2-extensions/identity-conditional-auth-functions/tree/master/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user >> >> >> Thanks, >> Sameera >> >> >> >> -- >> *Sameera Wickramasekara* >> Senior Software Engineer >> WSO2 >> lean . enterprise . middleware >> Mobile : +94(0) 714652035 >> <https://wso2.com/signature> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > Ashen Weerathunga | Senior Software Engineer | WSO2 Inc. > (m) +94716042995 | (w) +94112145345 | Email: [email protected] > <http://wso2.com/signature> > > > -- *Sameera Wickramasekara* Senior Software Engineer WSO2 lean . enterprise . middleware Mobile : +94(0) 714652035 <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
