Hi Sameera, On Thu, Oct 17, 2019 at 8:04 PM Sameera Wickramasekara <[email protected]> wrote:
> Hi Devs, > > I am looking for a way to get the roles of a user in an adaptive > authentication script in *IS 5.8.0* in the following special scenario. > > > - The user authenticates through GitHub federated IDP. > - The user can be already present in the user store registered from > another means. > - The email attribute will be used as the unique identifier (common > attribute) to associate the user > > > The requirement is to check if the user currently authenticating > through GitHub already exists in the userstore with the same email address > and if present, retrieve the list of roles for that user. > currently we can retrieve the roles of the logging in user but it does not > address the above scenario because IFAIU user association happens after the > adaptive authentication process. > Yes, the user association happens during the post-authentication process. When you have enabled JIT provisioning for the GitHub federated IDP, during the 1st login it will create a new user in the local user store with the same username (email) and then it will associate the authenticated federated user with the local user. When you try to do a role comparison during the authentication process via an adaptive authentication function (eg: hasAnyOfTheRoles()), it will retrieve the roles of the local user. Therefore in your case, if the user is already created in the local userstore you should be able to check the roles of the existing local user during the adaptive authentication process. That way you should be able to achieve your requirement AFAIU. Thanks, Ashen > > I have gone through resources [1] and skimmed through [2]. Appreciate if > you could provide any insight into a solution. > > > [1] - > https://docs.wso2.com/display/IS580/Adaptive+Authentication+JS+API+Reference#AdaptiveAuthenticationJSAPIReference-contextObject > [2] - > https://github.com/wso2-extensions/identity-conditional-auth-functions/tree/master/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user > > > Thanks, > Sameera > > > > -- > *Sameera Wickramasekara* > Senior Software Engineer > WSO2 > lean . enterprise . middleware > Mobile : +94(0) 714652035 > <https://wso2.com/signature> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Ashen Weerathunga | Senior Software Engineer | WSO2 Inc. (m) +94716042995 | (w) +94112145345 | Email: [email protected] <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
