Fix system role metadata creation for super tenant

components/org.wso2.carbon.identity.scim2.common/pom.xml

@@ -148,6 +148,10 @@
             <groupId>org.wso2.carbon.identity.organization.management.core</groupId>
             <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.event.handler.accountlock</groupId>
+            <artifactId>org.wso2.carbon.identity.handler.event.account.lock</artifactId>
+        </dependency>
         <dependency>
             <groupId>commons-lang</groupId>
             <artifactId>commons-lang</artifactId>
@@ -238,6 +242,8 @@
                             version="${carbon.identity.framework.imp.pkg.version.range}",
                             org.wso2.carbon.identity.organization.management.service.*;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
+                            org.wso2.carbon.identity.handler.event.account.lock.*;
+                            version="${carbon.identity.account.lock.handler.imp.pkg.version.range}",
                         </Import-Package>
                         <Export-Package>
                             !org.wso2.carbon.identity.scim2.common.internal,

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java

@@ -125,6 +125,7 @@ protected void activate(ComponentContext ctx) {
             AdminAttributeUtil.updateAdminUser(MultitenantConstants.SUPER_TENANT_ID, true);
             AdminAttributeUtil.updateAdminGroup(MultitenantConstants.SUPER_TENANT_ID);
             SCIMCommonUtils.updateEveryOneRoleV2MetaData(MultitenantConstants.SUPER_TENANT_ID);
+            SCIMCommonUtils.updateSystemRoleV2MetaData(MultitenantConstants.SUPER_TENANT_ID);
             if (logger.isDebugEnabled()) {
                 logger.debug("SCIM Common component activated successfully.");
             }

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java

@@ -33,6 +33,7 @@
 import org.wso2.carbon.identity.core.URLBuilderException;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants;
 import org.wso2.carbon.identity.scim2.common.cache.SCIMCustomAttributeSchemaCache;
 import org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException;
 import org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler;
@@ -870,4 +871,27 @@ public static void updateEveryOneRoleV2MetaData(int tenantId) {
             }
         }
     }
+
+    /**
+     * Update system role meta data.
+     *
+     * @param tenantId Tenant Id.
+     */
+    public static void updateSystemRoleV2MetaData(int tenantId) {
+
+        // Handle system role creation also here if legacy runtime is disabled.
+        if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+            try {
+                UserStoreManager userStoreManager = (UserStoreManager) SCIMCommonComponentHolder.getRealmService().
+                        getTenantUserRealm(tenantId).getUserStoreManager();
+                String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
+                SCIMGroupHandler scimGroupHandler = new SCIMGroupHandler(userStoreManager.getTenantId());
+                String systemRoleNameWithDomain =
+                        UserCoreUtil.addDomainToName(AccountConstants.ACCOUNT_LOCK_BYPASS_ROLE, domainName);
+                scimGroupHandler.addRoleV2MandatoryAttributes(systemRoleNameWithDomain);
+            } catch (org.wso2.carbon.user.api.UserStoreException | IdentitySCIMException e) {
+                log.error(e);
+            }
+        }
+    }
 }

pom.xml

@@ -182,6 +182,12 @@
                 <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
                 <version>${org.wso2.carbon.identity.organization.management.core.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity.event.handler.accountlock</groupId>
+                <artifactId>org.wso2.carbon.identity.handler.event.account.lock</artifactId>
+                <version>${org.wso2.carbon.identity.handler.event.account.lock.version}</version>
+                <scope>provided</scope>
+            </dependency>
             <dependency>
                 <groupId>org.wso2.carbon.identity.inbound.provisioning.scim2</groupId>
                 <artifactId>org.wso2.carbon.identity.scim2.common</artifactId>
@@ -280,6 +286,8 @@
         <charon.version>4.0.14</charon.version>
         <org.wso2.carbon.identity.organization.management.core.version>1.0.76
         </org.wso2.carbon.identity.organization.management.core.version>
+        <org.wso2.carbon.identity.handler.event.account.lock.version>1.8.13
+        </org.wso2.carbon.identity.handler.event.account.lock.version>
 
         <!--Maven Plugin Version-->
         <maven.compiler.plugin.version>2.3.1</maven.compiler.plugin.version>
@@ -310,6 +318,8 @@
         </carbon.identity.framework.imp.pkg.version.range>
         <org.wso2.carbon.identity.organization.management.core.version.range>[1.0.0, 2.0.0)
         </org.wso2.carbon.identity.organization.management.core.version.range>
+        <carbon.identity.account.lock.handler.imp.pkg.version.range>[1.1.12, 2.0.0)
+        </carbon.identity.account.lock.handler.imp.pkg.version.range>
 
         <org.slf4j.verison>1.7.21</org.slf4j.verison>
         <testng.version>6.9.10</testng.version>