Set provisioning.jit.attributeSyncMethod for an IDP through the WSO2 IS console #23499
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Limitation
When the "preserve_locally_added_claims" configuration [1] is added to the deployment.toml file, the locally added claims of the user should be retained during JIT provisioning (It sets the attribute sync method to "PRESERVE_LOCAL"). However, this configuration is being overridden by the SYNC_ATTRIBUTE_METHOD of JIT provisioning [2].
The default value of SYNC_ATTRIBUTE_METHOD is set as "OVERRIDE_ALL" and there is no option to change this value for the IDP through the console [3]. This causes the locally added claims to be deleted even when the "preserve_locally_added_claims" configuration is set to "true" unless the provisioning.jit.attributeSyncMethod value is updated for each IDP through the REST API [4].
[1] https://is.docs.wso2.com/en/7.0.0/guides/authentication/jit-user-provisioning/#preserve-locally-added-claims-of-jit-provisioned-users
[2] https://github.com/wso2/carbon-identity-framework/blob/6201849e8598751b42e53e61f8f245111df79f4f/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/ExternalIdPConfig.java#L259-L270
[3]
[4] https://is.docs.wso2.com/en/7.0.0/apis/idp/#tag/Identity-Providers/operation/patchIDP
Suggested Improvement
There should be a way to change the SYNC_ATTRIBUTE_METHOD of JIT provisioning for an IDP through the WSO2 IS console.
Version
IS 7.0.0
The text was updated successfully, but these errors were encountered: