diff --git a/components/org.wso2.carbon.identity.organization.management.claim.provider/pom.xml b/components/org.wso2.carbon.identity.organization.management.claim.provider/pom.xml
index 734cf277a..cf578a31e 100644
--- a/components/org.wso2.carbon.identity.organization.management.claim.provider/pom.xml
+++ b/components/org.wso2.carbon.identity.organization.management.claim.provider/pom.xml
@@ -36,6 +36,10 @@
org.apache.felix
org.apache.felix.scr.ds-annotations
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.application.authentication.framework
+
org.wso2.carbon.identity.inbound.auth.oauth2
org.wso2.carbon.identity.oauth
diff --git a/components/org.wso2.carbon.identity.organization.management.claim.provider/src/main/java/org/wso2/carbon/identity/organization/management/claim/provider/OrganizationClaimProvider.java b/components/org.wso2.carbon.identity.organization.management.claim.provider/src/main/java/org/wso2/carbon/identity/organization/management/claim/provider/OrganizationClaimProvider.java
index a2a9ebbfd..5c1d21383 100644
--- a/components/org.wso2.carbon.identity.organization.management.claim.provider/src/main/java/org/wso2/carbon/identity/organization/management/claim/provider/OrganizationClaimProvider.java
+++ b/components/org.wso2.carbon.identity.organization.management.claim.provider/src/main/java/org/wso2/carbon/identity/organization/management/claim/provider/OrganizationClaimProvider.java
@@ -41,8 +41,9 @@
*/
public class OrganizationClaimProvider implements ClaimProvider, JWTAccessTokenClaimProvider {
- private static final String ORGANIZATION_ID_ATTRIBUTE = "org_id";
- private static final String ORGANIZATION_NAME_ATTRIBUTE = "org_name";
+ private static final String AUTHORIZED_ORGANIZATION_ID_ATTRIBUTE = "org_id";
+ private static final String AUTHORIZED_ORGANIZATION_NAME_ATTRIBUTE = "org_name";
+ private static final String USER_RESIDENT_ORGANIZATION_NAME_ATTRIBUTE = "user_org";
@Override
public Map getAdditionalClaims(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext,
@@ -50,7 +51,8 @@ public Map getAdditionalClaims(OAuthAuthzReqMessageContext oAuth
throws IdentityOAuth2Exception {
String tenantDomain = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getLoggedInTenantDomain();
- return getOrganizationInformation(tenantDomain);
+ String organizationId = resolveOrganizationId(tenantDomain);
+ return buildOrganizationInformation(organizationId, organizationId);
}
@Override
@@ -58,13 +60,12 @@ public Map getAdditionalClaims(OAuthTokenReqMessageContext oAuth
OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO)
throws IdentityOAuth2Exception {
- String tenantDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain();
- return getOrganizationInformation(tenantDomain);
- }
-
- private OrganizationManager getOrganizationManager() {
-
- return OrganizationClaimProviderServiceComponentHolder.getInstance().getOrganizationManager();
+ String userResidentOrgId = oAuthTokenReqMessageContext.getAuthorizedUser().getUserResidentOrganization();
+ String authorizedOrgId = oAuthTokenReqMessageContext.getAuthorizedUser().getAccessingOrganization();
+ if (StringUtils.isEmpty(authorizedOrgId)) {
+ authorizedOrgId = resolveOrganizationId(oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain());
+ }
+ return buildOrganizationInformation(userResidentOrgId, authorizedOrgId);
}
@Override
@@ -72,38 +73,60 @@ public Map getAdditionalClaims(OAuthAuthzReqMessageContext oAuth
throws IdentityOAuth2Exception {
String tenantDomain = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getLoggedInTenantDomain();
- return getOrganizationInformation(tenantDomain);
+ String organizationId = resolveOrganizationId(tenantDomain);
+ return buildOrganizationInformation(organizationId, organizationId);
}
@Override
public Map getAdditionalClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext)
throws IdentityOAuth2Exception {
- String tenantDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain();
- return getOrganizationInformation(tenantDomain);
+ String userResidentOrgId = oAuthTokenReqMessageContext.getAuthorizedUser().getUserResidentOrganization();
+ String authorizedOrgId = oAuthTokenReqMessageContext.getAuthorizedUser().getAccessingOrganization();
+ // The below condition is not required once console is modeled as B2B app.
+ if (StringUtils.isEmpty(authorizedOrgId)) {
+ authorizedOrgId = resolveOrganizationId(oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain());
+ }
+ return buildOrganizationInformation(userResidentOrgId, authorizedOrgId);
}
- private Map getOrganizationInformation(String tenantDomain) throws IdentityOAuth2Exception {
+ private Map buildOrganizationInformation(String userResideOrgId, String authorizedOrgId)
+ throws IdentityOAuth2Exception {
Map additionalClaims = new HashMap<>();
if (!OrganizationClaimProviderServiceComponentHolder.getInstance().isOrganizationManagementEnable()) {
return additionalClaims;
}
try {
- String organizationId = getOrganizationManager().resolveOrganizationId(tenantDomain);
- if (StringUtils.isNotBlank(organizationId)) {
- String organizationName = getOrganizationManager().getOrganizationNameById(organizationId);
- additionalClaims.put(ORGANIZATION_ID_ATTRIBUTE, organizationId);
- additionalClaims.put(ORGANIZATION_NAME_ATTRIBUTE, organizationName);
+ if (StringUtils.isNotBlank(authorizedOrgId)) {
+ String authorizedOrgName = getOrganizationManager().getOrganizationNameById(authorizedOrgId);
+ additionalClaims.put(USER_RESIDENT_ORGANIZATION_NAME_ATTRIBUTE, userResideOrgId);
+ additionalClaims.put(AUTHORIZED_ORGANIZATION_ID_ATTRIBUTE, authorizedOrgId);
+ additionalClaims.put(AUTHORIZED_ORGANIZATION_NAME_ATTRIBUTE, authorizedOrgName);
}
+ } catch (OrganizationManagementException e) {
+ throw new IdentityOAuth2Exception("Error while resolving organization name by ID.", e);
+ }
+ return additionalClaims;
+ }
+
+ private String resolveOrganizationId(String tenantDomain) throws IdentityOAuth2Exception {
+
+ try {
+ return getOrganizationManager().resolveOrganizationId(tenantDomain);
} catch (OrganizationManagementClientException e) {
+ // This client error handling should be removed once all the tenants have corresponding organization.
if (ERROR_CODE_ORGANIZATION_NOT_FOUND_FOR_TENANT.getCode().equals(e.getErrorCode())) {
- return additionalClaims;
+ return null;
}
throw new IdentityOAuth2Exception("Error while resolving organization id.", e);
} catch (OrganizationManagementException e) {
throw new IdentityOAuth2Exception("Error while resolving organization id.", e);
}
- return additionalClaims;
+ }
+
+ private OrganizationManager getOrganizationManager() {
+
+ return OrganizationClaimProviderServiceComponentHolder.getInstance().getOrganizationManager();
}
}
diff --git a/pom.xml b/pom.xml
index a9b24887c..c0106c08c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,6 +215,11 @@
org.wso2.carbon.identity.configuration.mgt.core
${carbon.identity.framework.version}
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.application.authentication.framework
+ ${carbon.identity.framework.version}
+
org.wso2.carbon.identity.inbound.auth.oauth2
org.wso2.carbon.identity.oauth
@@ -494,7 +499,7 @@
[4.7.0,5.0.0)
- 5.25.369
+ 5.25.396
[5.20.0, 7.0.0)