feat(ssi): adjust framework creation endpoint

* adjust endpoint create framework credential to take the bpn of the request
* adjust claim handler to support serviceAccounts as well

src/issuer/SsiCredentialIssuer.Service/BusinessLogic/IssuerBusinessLogic.cs

@@ -429,7 +429,7 @@ public async Task<Guid> CreateFrameworkCredential(CreateFrameworkCredentialReque
                 StatusList)
         );
         var schema = JsonSerializer.Serialize(schemaData, Options);
-        return await HandleCredentialProcessCreation(_identity.Bpnl, VerifiedCredentialTypeKindId.FRAMEWORK, requestData.UseCaseFrameworkId, schema, requestData.TechnicalUserDetails, requestData.UseCaseFrameworkVersionId, requestData.CallbackUrl, companyCredentialDetailsRepository);
+        return await HandleCredentialProcessCreation(requestData.HolderBpn, VerifiedCredentialTypeKindId.FRAMEWORK, requestData.UseCaseFrameworkId, schema, requestData.TechnicalUserDetails, requestData.UseCaseFrameworkVersionId, requestData.CallbackUrl, companyCredentialDetailsRepository);
     }
 
     private async Task<string> GetHolderInformation(string didDocumentLocation, CancellationToken cancellationToken)

src/issuer/SsiCredentialIssuer.Service/Controllers/IssuerController.cs

@@ -124,7 +124,6 @@ public static RouteGroupBuilder MapIssuerApi(this RouteGroupBuilder group)
             .RequireAuthorization(r =>
             {
                 r.RequireRole(RequestSsiRole);
-                r.AddRequirements(new MandatoryIdentityClaimRequirement(PolicyTypeId.ValidBpn));
                 r.AddRequirements(new MandatoryIdentityClaimRequirement(PolicyTypeId.ValidIdentity));
             })
             .WithDefaultResponses()

src/issuer/SsiCredentialIssuer.Service/Identity/ClaimTypes.cs

@@ -22,5 +22,6 @@ namespace Org.Eclipse.TractusX.SsiCredentialIssuer.Service.Identity;
 public static class ClaimTypes
 {
     public const string PreferredUserName = "preferred_username";
+    public const string Sub = "sub";
     public const string Bpn = "bpn";
 }

src/issuer/SsiCredentialIssuer.Service/Identity/MandatoryIdentityClaimHandler.cs

@@ -77,23 +77,21 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte
     private void InitializeClaims(ClaimsPrincipal principal)
     {
         var preferredUserName = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.PreferredUserName)?.Value;
-        if (!Guid.TryParse(preferredUserName, out var identityId))
+        var sub = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.Sub)?.Value;
+        if (!Guid.TryParse(preferredUserName, out var identityId) && !Guid.TryParse(sub, out identityId))
         {
-            _logger.LogInformation("Preferred user name {PreferredUserName} couldn't be parsed to uuid", preferredUserName);
+            _logger.LogInformation("Preferred user name {PreferredUserName} and sub {Sub} couldn't be parsed to uuid", preferredUserName, sub);
             _identityDataBuilder.Status = IClaimsIdentityDataBuilderStatus.Empty;
             return;
         }
 
         var bpnl = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.Bpn)?.Value;
-        if (string.IsNullOrWhiteSpace(bpnl))
+        if (!string.IsNullOrWhiteSpace(bpnl)) // we only set the bpn if available, technical users don't have the bpn in the claims
         {
-            _logger.LogInformation("Bpn must be set for user {PreferredUserName}", preferredUserName);
-            _identityDataBuilder.Status = IClaimsIdentityDataBuilderStatus.Empty;
-            return;
+            _identityDataBuilder.AddBpnl(bpnl);
         }
 
         _identityDataBuilder.AddIdentityId(identityId);
-        _identityDataBuilder.AddBpnl(bpnl);
         _identityDataBuilder.Status = IClaimsIdentityDataBuilderStatus.Complete;
     }
 }