-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a config to autofill the username with subject attribute while jit provisioning #6225
base: master
Are you sure you want to change the base?
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #6225 +/- ##
============================================
+ Coverage 45.66% 45.75% +0.08%
- Complexity 14040 14265 +225
============================================
Files 1632 1636 +4
Lines 100532 102406 +1874
Branches 17421 16824 -597
============================================
+ Hits 45911 46852 +941
- Misses 47931 48791 +860
- Partials 6690 6763 +73
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
PR builder started |
PR builder completed |
Quality Gate passedIssues Measures |
PR builder started |
PR builder completed |
PR builder started |
PR builder completed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/12415024786
DO we need this config for master? |
Yes, this feature allows auto-populating the subject attribute value from the federated IDP during username and password provisioning. Therefore, we need to retain the existing behavior. However, a specific customer, who does not have a unique attribute other than the resource ID in their federated IDP, requested the ability to disable the auto-filling capability. As this could be a general requirement, the PR has been created to address it. |
Purpose
This pr will introduce the changes require to configure the auto populating username with subject attribute.
Since the auto-population of the username field with the subject attribute may already be in use by other customers, we plan to introduce a new configuration to maintain backward compatibility while providing the requested change.
We’ll add a boolean server level configuration option called
AutofillUsernameFieldWithSubjectAttribute
within the JITProvisioning configuration section. Before appending the username to the registration UI redirection URL, we will first verify if the prompt for username, password, and consent provisioning is enabled. If enabled, we will then check if this new configuration is set totrue
and, if so, add theusername
parameter to the registration UI redirection URL.[authentication.jit_provisioning] autofill_username_field_with_subject_attribute = false
Related Issue