Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add audit logs improvements #396

Merged
merged 2 commits into from
Jul 26, 2023
Merged

Add audit logs improvements #396

merged 2 commits into from
Jul 26, 2023

Conversation

piraveena
Copy link
Contributor

@piraveena piraveena commented Jun 22, 2023
edited
Loading

Fixes part of wso2/product-is#5037

Create SAML application

This PR adds new audit logs for SAML application management.
To enable these audit logs, we need to add below config in the deployment.toml file

By adding below config, you can enable new audit logs only for application management component, and the legacy audit logs will be available for other components.

[system.parameter]
disableLegacyAuditLogsInAppMgt=true

By adding below config, you can enable new audit logs , and the legacy audit logs will not available for other components. These new audit logs are currently inprogress only for application-mgt component

[system.parameter]
disableLegacyAuditLogs=true

Sample audit logs

Create SAML app

{
   "id":"cdbd84ef-71eb-4c91-954a-f85d0f4ef160",
   "recordedAt":"2023-07-13T13:40:55.144562Z",
   "requestId":"3dec92a4-d23e-4337-a1e3-d45931aad006",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"saml-my-app.com",
   "targetType":"APPLICATION",
   "action":"CREATE SAML APPLICATION",
   "data":{
      "doFrontChannelLogout":false,
      "samlECP":false,
      "idpInitSLOReturnToURLList":[
         
      ],
      "doSignAssertions":true,
      "doValidateSignatureInArtifactResolve":false,
      "isAssertionQueryRequestProfileEnabled":false,
      "issuer":"saml-my-app.com",
      "enableAttributesByDefault":false,
      "defaultAssertionConsumerUrl":"https://my-app.com/home.jsp",
      "doSignResponse":false,
      "nameIDFormat":"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
      "idpInitSLOReturnToURLs":[
         
      ],
      "doSingleLogout":true,
      "signingAlgorithmUri":"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
      "digestAlgorithmUri":"http://www.w3.org/2001/04/xmlenc#sha256",
      "assertionEncryptionAlgorithmUri":"http://www.w3.org/2001/04/xmlenc#aes256-cbc",
      "keyEncryptionAlgorithmUri":"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p",
      "idPInitSLOEnabled":false,
      "assertionConsumerUrlList":[
         "https://my-app.com/home.jsp"
      ],
      "isIdPInitSSOEnabled":false,
      "attributeConsumingServiceIndex":"",
      "doValidateSignatureInRequests":false,
      "enableSAML2ArtifactBinding":false,
      "assertionConsumerUrls":[
         "https://my-app.com/home.jsp"
      ],
      "doEnableEncryptedAssertion":false
   }
}


{
   "id":"1835a4ea-c89f-4146-9b5f-045d3486ee0c",
   "recordedAt":"2023-07-13T13:40:55.454613Z",
   "requestId":"3dec92a4-d23e-4337-a1e3-d45931aad006",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"08f876bc-bcf6-4b44-99de-524bf4a5d1d0",
   "targetType":"APPLICATION",
   "action":"CREATE APPLICATION",
   "data":{
      "spProperties":[
         {
            "name":"useUserIdForDefaultSubject",
            "value":"true"
         },
         {
            "displayName":"Is Management Application",
            "name":"isManagementApp",
            "value":"false"
         },
         {
            "displayName":"Is B2B Self Service Application",
            "name":"isB2BSelfServiceApp",
            "value":"false"
         },
         {
            "displayName":"DOMAIN_IN_ROLES",
            "name":"USE_DOMAIN_IN_ROLES",
            "value":"true"
         },
         {
            "displayName":"Skip Logout Consent",
            "name":"skipLogoutConsent",
            "value":"true"
         },
         {
            "displayName":"Skip Consent",
            "name":"skipConsent",
            "value":"false"
         },
         {
            "displayName":"Use External Consent Page",
            "name":"useExternalConsentPage",
            "value":"false"
         },
         {
            "displayName":"jwksURI",
            "name":"jwksURI",
            "value":""
         },
         {
            "displayName":"Template Id",
            "name":"templateId",
            "value":"776a73da-fd8e-490b-84ff-93009f8ede85"
         }
      ],
      "inboundAuthenticationConfig":{
         "inboundAuthenticationRequestConfigs":[
            {
               "inboundAuthKey":"saml-my-app.com",
               "inboundAuthType":"samlsso",
               "properties":[
                  
               ]
            }
         ]
      },
      "managementApp":false,
      "templateId":"776a73da-fd8e-490b-84ff-93009f8ede85",
      "b2BSelfServiceApp":false,
      "applicationResourceId":"08f876bc-bcf6-4b44-99de-524bf4a5d1d0",
      "localAndOutBoundAuthenticationConfig":{
         "enableAuthorization":false,
         "useTenantDomainInLocalSubjectIdentifier":false,
         "skipLogoutConsent":true,
         "skipConsent":false,
         "alwaysSendBackAuthenticatedListOfIdPs":false,
         "authenticationSteps":[
            
         ],
         "useUserstoreDomainInRoles":true,
         "useExternalConsentPage":false,
         "useUserstoreDomainInLocalSubjectIdentifier":false,
         "authenticationType":"default"
      },
      "discoverable":false,
      "applicationID":50.0,
      "applicationName":"samlappp",
      "saasApp":false
   }
}

Update SAML app protocol configs

{
   "id":"904a2ca5-1394-4ce7-be85-13df3e8345b0",
   "recordedAt":"2023-07-13T13:42:29.998701Z",
   "requestId":"06411437-0bcf-480c-87f9-75c6d64e9a5b",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"saml-my-app.com",
   "targetType":"APPLICATION",
   "action":"DELETE SAML APPLICATION"
}

{
   "id":"48e01f01-28de-4fff-a338-29e61d14ceb2",
   "recordedAt":"2023-07-13T13:42:30.040319Z",
   "requestId":"06411437-0bcf-480c-87f9-75c6d64e9a5b",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"saml-my-app.com",
   "targetType":"APPLICATION",
   "action":"CREATE SAML APPLICATION",
   "data":{
      "doFrontChannelLogout":false,
      "samlECP":false,
      "idpInitSLOReturnToURLList":[
         
      ],
      "doSignAssertions":true,
      "doValidateSignatureInArtifactResolve":false,
      "isAssertionQueryRequestProfileEnabled":false,
      "issuer":"saml-my-app.com",
      "enableAttributesByDefault":false,
      "defaultAssertionConsumerUrl":"https://my-app.com/home.jsp",
      "doSignResponse":true,
      "nameIDFormat":"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
      "idpInitSLOReturnToURLs":[
         
      ],
      "doSingleLogout":true,
      "idpEntityIDAlias":"",
      "signingAlgorithmUri":"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
      "digestAlgorithmUri":"http://www.w3.org/2001/04/xmlenc#sha256",
      "assertionEncryptionAlgorithmUri":"http://www.w3.org/2001/04/xmlenc#aes256-cbc",
      "sloResponseURL":"",
      "keyEncryptionAlgorithmUri":"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p",
      "idPInitSLOEnabled":false,
      "assertionConsumerUrlList":[
         "https://my-app.com/home.jsp"
      ],
      "isIdPInitSSOEnabled":false,
      "attributeConsumingServiceIndex":"",
      "doValidateSignatureInRequests":false,
      "enableSAML2ArtifactBinding":false,
      "assertionConsumerUrls":[
         "https://my-app.com/home.jsp"
      ],
      "doEnableEncryptedAssertion":false
   }
}


{
   "id":"f89cdff4-d7b1-4d9f-a851-9ef138c7fe8b",
   "recordedAt":"2023-07-13T13:42:30.097840Z",
   "requestId":"06411437-0bcf-480c-87f9-75c6d64e9a5b",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"08f876bc-bcf6-4b44-99de-524bf4a5d1d0",
   "targetType":"APPLICATION",
   "action":"UPDATE APPLICATION",
   "data":{
      "owner":{
         "userStoreDomain":"PRIMARY",
         "loggableUserId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
         "userName":"a***n",
         "tenantDomain":"carbon.super"
      },
      "outboundProvisioningConfig":{
         "provisioningIdentityProviders":[
            
         ]
      },
      "jwksUri":"",
      "spProperties":[
         {
            "name":"useUserIdForDefaultSubject",
            "value":"true"
         },
         {
            "displayName":"Is Management Application",
            "name":"isManagementApp",
            "value":"false"
         },
         {
            "displayName":"Is B2B Self Service Application",
            "name":"isB2BSelfServiceApp",
            "value":"false"
         },
         {
            "displayName":"DOMAIN_IN_ROLES",
            "name":"USE_DOMAIN_IN_ROLES",
            "value":"true"
         },
         {
            "displayName":"Skip Logout Consent",
            "name":"skipLogoutConsent",
            "value":"true"
         },
         {
            "displayName":"Skip Consent",
            "name":"skipConsent",
            "value":"false"
         },
         {
            "displayName":"Use External Consent Page",
            "name":"useExternalConsentPage",
            "value":"false"
         },
         {
            "displayName":"jwksURI",
            "name":"jwksURI",
            "value":""
         },
         {
            "displayName":"Template Id",
            "name":"templateId",
            "value":"776a73da-fd8e-490b-84ff-93009f8ede85"
         }
      ],
      "inboundAuthenticationConfig":{
         "inboundAuthenticationRequestConfigs":[
            {
               "inboundAuthKey":"saml-my-app.com",
               "inboundAuthType":"samlsso",
               "properties":[
                  
               ]
            }
         ]
      },
      "requestPathAuthenticatorConfigs":[
         
      ],
      "managementApp":false,
      "templateId":"776a73da-fd8e-490b-84ff-93009f8ede85",
      "tenantDomain":"carbon.super",
      "b2BSelfServiceApp":false,
      "applicationResourceId":"08f876bc-bcf6-4b44-99de-524bf4a5d1d0",
      "permissionAndRoleConfig":{
         "permissions":[
            
         ],
         "idpRoles":[
            
         ],
         "roleMappings":[
            
         ]
      },
      "localAndOutBoundAuthenticationConfig":{
         "enableAuthorization":false,
         "useTenantDomainInLocalSubjectIdentifier":false,
         "skipLogoutConsent":true,
         "skipConsent":false,
         "alwaysSendBackAuthenticatedListOfIdPs":false,
         "authenticationSteps":[
            
         ],
         "useUserstoreDomainInRoles":true,
         "useExternalConsentPage":false,
         "useUserstoreDomainInLocalSubjectIdentifier":false,
         "authenticationType":"default"
      },
      "discoverable":false,
      "inboundProvisioningConfig":{
         "dumbMode":false,
         "provisioningEnabled":false
      },
      "applicationID":50.0,
      "applicationName":"samlappp",
      "claimConfig":{
         "localClaimDialect":true,
         "alwaysSendMappedLocalSubjectId":false,
         "claimMappings":[
            
         ],
         "idpClaims":[
            
         ],
         "spClaimDialects":[
            
         ]
      },
      "saasApp":false
   }
}

Delete SAML application

{
   "id":"b5a9cff3-d8ed-4871-8b58-7afb8de87b5f",
   "recordedAt":"2023-07-13T13:44:59.552254Z",
   "requestId":"3d32a72b-1900-4322-8817-d37e5e26f893",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"saml-my-app.com",
   "targetType":"APPLICATION",
   "action":"DELETE SAML APPLICATION"
}



{
   "id":"f9a5f764-9b81-45a2-b083-52cb971f38e7",
   "recordedAt":"2023-07-13T13:44:59.631634Z",
   "requestId":"3d32a72b-1900-4322-8817-d37e5e26f893",
   "initiatorId":"708a5bf2-7252-4120-ad3f-6e8cdb40a0b5",
   "initiatorType":"USER",
   "targetId":"08f876bc-bcf6-4b44-99de-524bf4a5d1d0",
   "targetType":"APPLICATION",
   "action":"DELETE APPLICATION"
}

@piraveena piraveena mentioned this pull request Jun 22, 2023
Closed
@piraveena piraveena mentioned this pull request Jul 4, 2023
Merged
@piraveena piraveena marked this pull request as ready for review July 14, 2023 03:47
AnuradhaSK
AnuradhaSK reviewed Jul 18, 2023
View reviewed changes
...identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLLogEventConstants.java Outdated
@@ -0,0 +1,43 @@
package org.wso2.carbon.identity.sso.saml;
/*
* Copyright (c) 2023, WSO2 Inc. (https://www.wso2.org) All Rights Reserved.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update the license header

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this class and moved to string constant. Using enum might give some additional restrictions. In future, we need to have an osgi service to register all the suppported events. Using that, we can have some REST API to get the supported events

AnuradhaSK
AnuradhaSK reviewed Jul 18, 2023
View reviewed changes
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated

}

AuthenticatedUser buildAuthenticatedUser(String tenantAwareUser, String tenantDomain) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any reason not to define an access modifier?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

AnuradhaSK
AnuradhaSK reviewed Jul 18, 2023
View reviewed changes
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
}

return IdentityTenantUtil.getTenantDomainFromContext();

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

AnuradhaSK
AnuradhaSK reviewed Jul 18, 2023
View reviewed changes
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
loggedInUser = buildAuthenticatedUser(tenantAwareLoggedInUsername, tenantDomain);
}
return loggedInUser;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

AnuradhaSK
AnuradhaSK reviewed Jul 18, 2023
View reviewed changes
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
@@ -113,7 +136,17 @@ public SAMLSSOServiceProviderDTO addSAMLServiceProvider(SAMLSSOServiceProviderDT
String message = "A Service Provider with the name: " + issuer + " is already loaded from the file system.";
throw buildClientException(CONFLICTING_SAML_ISSUER, message);
}
return persistSAMLServiceProvider(serviceProviderDO);
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = persistSAMLServiceProvider(serviceProviderDO);
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) {

formatting issue. check other places as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

AnuradhaSK
AnuradhaSK reviewed Jul 18, 2023
View reviewed changes
...identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLLogEventConstants.java Outdated
@@ -0,0 +1,43 @@
package org.wso2.carbon.identity.sso.saml;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

package should go after the license header

chamathns
chamathns reviewed Jul 18, 2023
View reviewed changes
...identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLLogEventConstants.java Outdated
}

public String getEventId() {
return this.eventId;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check formatting

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
Comment on lines 108 to 109
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId());
auditLogBuilder.data(buildSPData(serviceProviderDO));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId());
auditLogBuilder.data(buildSPData(serviceProviderDO));
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId())
.data(buildSPData(serviceProviderDO));

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
Comment on lines 145 to 146
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId());
auditLogBuilder.data(buildSPData(serviceProviderDO));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId());
auditLogBuilder.data(buildSPData(serviceProviderDO));
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId())
.data(buildSPData(serviceProviderDO));

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated

}

private AuthenticatedUser getLoggedInUser(String tenantDomain) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better if we can make the return type Optional

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated

}

private AuthenticatedUser getLoggedInUser(String tenantDomain) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private AuthenticatedUser getLoggedInUser(String tenantDomain) {
private Optional<AuthenticatedUser> getLoggedInUser(String tenantDomain) {

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
Comment on lines 187 to 191
AuthenticatedUser loggedInUser = null;
if (StringUtils.isNotEmpty(tenantAwareLoggedInUsername)) {
loggedInUser = buildAuthenticatedUser(tenantAwareLoggedInUsername, tenantDomain);
}
return loggedInUser;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
AuthenticatedUser loggedInUser = null;
if (StringUtils.isNotEmpty(tenantAwareLoggedInUsername)) {
loggedInUser = buildAuthenticatedUser(tenantAwareLoggedInUsername, tenantDomain);
}
return loggedInUser;
return Optional.ofNullable(tenantAwareLoggedInUsername)
.filter(StringUtils::isNotEmpty)
.map(username -> buildAuthenticatedUser(username, tenantDomain));

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated

return persistSAMLServiceProvider(samlssoServiceProviderDO);
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = persistSAMLServiceProvider(samlssoServiceProviderDO);
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check formatting

Suggested change
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
return persistenceManager.removeServiceProvider(registry, issuer);
boolean isSuccess = persistenceManager.removeServiceProvider(registry, issuer);
if (isSuccess) {
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/5654314607

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/5654314607
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/5655973685

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/5655973685
Status: failure

chamathns
chamathns reviewed Jul 26, 2023
View reviewed changes
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
}
return IdentityTenantUtil.getTenantDomainFromContext();
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

chamathns
chamathns reviewed Jul 26, 2023
View reviewed changes
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java Outdated
Comment on lines 721 to 731
String loggedInUserId = CarbonContext.getThreadLocalCarbonContext().getUserId();
if (StringUtils.isNotBlank(loggedInUserId)){
return Optional.of(loggedInUserId);
} else {
String tenantDomain = getLoggedInTenantDomain();
Optional<AuthenticatedUser> loggedInUser = getLoggedInUser(tenantDomain);
if (loggedInUser.isPresent()) {
return Optional.ofNullable(IdentityUtil.getInitiatorId(loggedInUser.get().getUserName(), tenantDomain));
}
}
return Optional.empty();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
String loggedInUserId = CarbonContext.getThreadLocalCarbonContext().getUserId();
if (StringUtils.isNotBlank(loggedInUserId)){
return Optional.of(loggedInUserId);
} else {
String tenantDomain = getLoggedInTenantDomain();
Optional<AuthenticatedUser> loggedInUser = getLoggedInUser(tenantDomain);
if (loggedInUser.isPresent()) {
return Optional.ofNullable(IdentityUtil.getInitiatorId(loggedInUser.get().getUserName(), tenantDomain));
}
}
return Optional.empty();
return Optional.ofNullable(CarbonContext.getThreadLocalCarbonContext().getUserId())
.filter(StringUtils::isNotBlank)
.or(() -> getLoggedInUser(getLoggedInTenantDomain())
.map(loggedInUser -> IdentityUtil.getInitiatorId(loggedInUser.getUserName(), getLoggedInTenantDomain())));

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/5667542531

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/5667542531
Status: failure

@piraveena
Copy link
Contributor Author

PassiveSTSTests are failing. It is not related to this flow, and this is an intermittent test failure. Hence merging the PR.

[ERROR] Tests run: 1995, Failures: 3, Errors: 0, Skipped: 0, Time elapsed: 5,435.332 s <<< FAILURE! - in TestSuite
[ERROR] testPassiveSAML2Assertion(org.wso2.identity.integration.test.sts.TestPassiveSTS)  Time elapsed: 0.084 s  <<< FAILURE!
java.lang.AssertionError: No SAML2 Assertion found for the SAML2 request for tenant domain: carbon.super expected:<true> but was:<false>
	at org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2Assertion(TestPassiveSTS.java:268)

[ERROR] testPassiveSAML2AssertionForInvalidWReply(org.wso2.identity.integration.test.sts.TestPassiveSTS)  Time elapsed: 0.08 s  <<< FAILURE!
java.lang.AssertionError: Cannot find soap fault for invalid WReply URL for tenant domain: carbon.super expected:<true> but was:<false>
	at org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2AssertionForInvalidWReply(TestPassiveSTS.java:321)

[ERROR] testPassiveSAML2AssertionWithoutWReply(org.wso2.identity.integration.test.sts.TestPassiveSTS)  Time elapsed: 0.086 s  <<< FAILURE!
java.lang.AssertionError: No SAML2 Assertion found for the SAML2 request without WReply in passive-sts request for tenant domain: carbon.super expected:<true> but was:<false>
	at org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply(TestPassiveSTS.java:293)

[INFO] 
[INFO] Results:
[INFO] 
[ERROR] Failures: 
[ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2Assertion(org.wso2.identity.integration.test.sts.TestPassiveSTS)
[INFO]   Run 1: PASS
[ERROR]   Run 2: TestPassiveSTS.testPassiveSAML2Assertion:268 No SAML2 Assertion found for the SAML2 request for tenant domain: carbon.super expected:<true> but was:<false>
[INFO] 
[ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2AssertionForInvalidWReply(org.wso2.identity.integration.test.sts.TestPassiveSTS)
[INFO]   Run 1: PASS
[ERROR]   Run 2: TestPassiveSTS.testPassiveSAML2AssertionForInvalidWReply:321 Cannot find soap fault for invalid WReply URL for tenant domain: carbon.super expected:<true> but was:<false>
[INFO] 
[ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply(org.wso2.identity.integration.test.sts.TestPassiveSTS)
[INFO]   Run 1: PASS
[ERROR]   Run 2: TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply:293 No SAML2 Assertion found for the SAML2 request without WReply in passive-sts request for tenant domain: carbon.super expected:<true> but was:<false>
[INFO] 
[INFO] 
[ERROR] Tests run: 1992, Failures: 3, Errors: 0, Skipped: 0
[INFO]

@piraveena piraveena merged commit 98edaaa into wso2-extensions:master Jul 26, 2023
2 checks passed
wso2-jenkins-bot added a commit that referenced this pull request Oct 17, 2023
@wso2-jenkins-bot
[WSO2 Release] [Jenkins #396] [Release 5.11.24] prepare release v5.11.24
bffef90
wso2-jenkins-bot added a commit that referenced this pull request Oct 17, 2023
@wso2-jenkins-bot
[WSO2 Release] [Jenkins #396] [Release 5.11.24] prepare for next deve…
2670672 
…lopment iteration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AnuradhaSK AnuradhaSK AnuradhaSK left review comments

@chamathns chamathns chamathns approved these changes

@pulasthi7 pulasthi7 Awaiting requested review from pulasthi7

@sahandilshan sahandilshan Awaiting requested review from sahandilshan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@piraveena @jenkins-is-staging @chamathns @AnuradhaSK