diff --git a/en/asgardeo/docs/apis/organization-apis/restapis/association-management-by-admin.yaml b/en/asgardeo/docs/apis/organization-apis/restapis/association-management-by-admin.yaml index 876777998f..35509bea4b 100644 --- a/en/asgardeo/docs/apis/organization-apis/restapis/association-management-by-admin.yaml +++ b/en/asgardeo/docs/apis/organization-apis/restapis/association-management-by-admin.yaml @@ -312,6 +312,85 @@ paths: 'https://api.asgardeo.io/t/{organization-name}/o/api/users/v1/user-id/federated-associations/federated-association-id' \ -H 'accept: */*' \ -H 'Authorization: Bearer ' + /federated-associations/bulk: + post: + tags: + - admin + summary: Create and Delete users associations in bulk + description: | + This API is used to create and delete users association in bulk.
+ Maximum number of supported operations in a single request is 1000 by default. + It can be configured using a server level configuration. + Scope required: + * internal_user_fed_association_bulk + parameters: + - name: body + in: body + required: false + schema: + $ref: '#/definitions/BulkFederatedAssociationRequest' + responses: + 200: + description: Success + schema: + $ref: '#/definitions/BulkFederatedAssociationResponse' + 400: + description: Bad Request + schema: + $ref: '#/definitions/Error' + 401: + description: Unauthorized + schema: + $ref: '#/definitions/Error' + 403: + description: Forbidden + schema: + $ref: '#/definitions/Error' + 500: + description: Internal Server Error + schema: + $ref: '#/definitions/Error' + x-codeSamples: + - lang: Curl + source: | + curl -X 'POST' \ + 'https://api.asgardeo.io/t/{organization-name}/o/api/users/v1/federated-associations/bulk' \ + -H 'accept: */*' \ + -H 'Authorization: Bearer ' \ + -H 'Content-Type: application/json' \ + -d '{ + "failOnErrors": 0, + "operations": [ + { + "method": "POST", + "bulkId": "qewvaewv", + "path": "/1ca49238-3ab0-474b-9d42-8067780a503c/federated-associations", + "data": { + "idp": "Google", + "federatedUserId": "sam@gmail.com" + } + }, + { + "method": "POST", + "bulkId": "fgnruyt", + "path": "/7589bffc-b315-4dbd-83a5-86f5b8aa4776/federated-associations", + "data": { + "idp": "Google", + "federatedUserId": "mike@gmail.com" + } + }, + { + "method": "DELETE", + "bulkId": "useffger", + "path": "/0a2d94e2-3b98-49ea-89d6-e8dd9e0ff89b/federated-associations" + }, + { + "method": "DELETE", + "bulkId": "eefvrtgnrtn", + "path": "/197fc0fa-c2b0-48e6-92a6-a551afc3d125/federated-associations/0dcc3f5a-3bee-4f36-a91f-8ee60dbae875" + } + ] + }' components: schemas: Error: @@ -415,6 +494,91 @@ components: type: string example: john@example.com description: User identifier in the federated IdP + BulkFederatedAssociationRequest: + type: object + properties: + failOnErrors: + type: integer + example: 1 + description: | + This represents whether the API should stop processing the operations if any of them fail. The subsequent + operations after the the fail count is reached will not be processed. + If set to 0 or not set, the API will continue processing the operations even if some of them fail. + operations: + type: array + items: + $ref: '#/definitions/BulkFederatedAssociationOperation' + + BulkFederatedAssociationOperation: + type: object + required: + - method + - bulkId + - path + properties: + method: + type: string + enum: + - POST + - DELETE + example: POST + description: | + HTTP method to be used for the operation. Supported methods are POST and, DELETE. These values + If the method is not specified, the operation will be treated as a bad request. + bulkId: + type: string + example: "ytrewq" + path: + type: string + example: "/b1781d25-bde5-460a-a58a-8fe8dbfd8487/federated-associations" + description: | + The path to the resource to be operated on. The path should be relative to the base path of the API. + Full path for a federated association operation would be + `/t/{tenant-domain}/api/users/v1/{user-id}/federated-associations/{association-id}`. + data: + $ref: '#/definitions/UserFederatedAssociationData' + + UserFederatedAssociationData: + type: object + properties: + idp: + type: string + example: "exampleIdP" + description: Name of the IdP + federatedUserId: + type: string + example: "john@example.com" + description: User identifier in the federated IdP + + BulkFederatedAssociationResponse: + type: object + properties: + Operations: + type: array + items: + $ref: '#/definitions/BulkAssociationOperationResponse' + + BulkAssociationOperationResponse: + type: object + properties: + bulkId: + type: string + example: "qwerty" + status: + type: object + properties: + statusCode: + type: integer + example: "400" + errorCode: + type: string + example: "UAA-10012" + errorMessage: + type: string + example: "Error while adding federated user association: 1890c6c0-d1a0-4eb4-8075-320756d75946" + errorDescription: + type: string + example: "The federated association is already associated to a local user" securitySchemes: OAuth2: type: oauth2 diff --git a/en/asgardeo/docs/apis/organization-apis/restapis/idp.yaml b/en/asgardeo/docs/apis/organization-apis/restapis/idp.yaml index 8908d08ec6..0e743f4e86 100644 --- a/en/asgardeo/docs/apis/organization-apis/restapis/idp.yaml +++ b/en/asgardeo/docs/apis/organization-apis/restapis/idp.yaml @@ -193,6 +193,7 @@ paths: "userstore": "DEFAULT", "attributeSyncMethod": "OVERRIDE_ALL", "associateLocalUser": true, + "skipJITForLookupFailure": false, "accountLookupAttributeMappings": [ { "federatedAttribute": "email", @@ -1725,6 +1726,7 @@ paths: "userstore": "DEFAULT", "attributeSyncMethod": "OVERRIDE_ALL", "associateLocalUser": true, + "skipJITForLookupFailure": false, "accountLookupAttributeMappings": [ { "federatedAttribute": "email", @@ -2916,6 +2918,7 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false attributeSyncMethod: "OVERRIDE_ALL" accountLookupAttributeMappings: - federatedAttribute: "email" @@ -2986,6 +2989,7 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false attributeSyncMethod: "OVERRIDE_ALL" accountLookupAttributeMappings: - federatedAttribute: "email" @@ -3053,6 +3057,7 @@ components: scheme: "PROMPT_USERNAME_PASSWORD_CONSENT" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false attributeSyncMethod: "OVERRIDE_ALL" accountLookupAttributeMappings: - federatedAttribute: "email" diff --git a/en/asgardeo/docs/apis/restapis/idp.yaml b/en/asgardeo/docs/apis/restapis/idp.yaml index 2fd4ac9ff5..98d3d6f0a9 100644 --- a/en/asgardeo/docs/apis/restapis/idp.yaml +++ b/en/asgardeo/docs/apis/restapis/idp.yaml @@ -204,6 +204,7 @@ paths: "scheme": "PROVISION_SILENTLY", "userstore": "DEFAULT", "associateLocalUser": true, + "skipJITForLookupFailure": false, "attributeSyncMethod": "OVERRIDE_ALL", "accountLookupAttributeMappings": [ { @@ -1612,6 +1613,7 @@ paths: "scheme": "PROVISION_SILENTLY", "userstore": "DEFAULT", "associateLocalUser": true, + "skipJITForLookupFailure": false, "attributeSyncMethod": "OVERRIDE_ALL", "accountLookupAttributeMappings": [ { @@ -3021,6 +3023,11 @@ components: type: boolean default: false example: true + skipJITForLookupFailure: + description: "Specifies if the JIT provisioning should be skipped in case of lookup failure." + type: boolean + default: false + example: true accountLookupAttributeMappings: description: "This variable specifies the mapping between the federated attributes and the local user attributes for account lookup." type: array @@ -3402,6 +3409,7 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false attributeSyncMethod: "OVERRIDE_ALL" accountLookupAttributeMappings: - federatedAttribute: "email" @@ -3472,6 +3480,7 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false attributeSyncMethod: "OVERRIDE_ALL" accountLookupAttributeMappings: - federatedAttribute: "email" @@ -3539,6 +3548,7 @@ components: scheme: "PROMPT_USERNAME_PASSWORD_CONSENT" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false attributeSyncMethod: "OVERRIDE_ALL" accountLookupAttributeMappings: - federatedAttribute: "email" diff --git a/en/identity-server/next/docs/apis/organization-apis/restapis/association-management-by-admin.yaml b/en/identity-server/next/docs/apis/organization-apis/restapis/association-management-by-admin.yaml index 93f00b3ad7..6cdd3a8ea0 100644 --- a/en/identity-server/next/docs/apis/organization-apis/restapis/association-management-by-admin.yaml +++ b/en/identity-server/next/docs/apis/organization-apis/restapis/association-management-by-admin.yaml @@ -312,6 +312,85 @@ paths: 'https://localhost:9443/t//o/api/users/v1/user-id/federated-associations/federated-association-id' \ -H 'accept: */*' \ -H 'Authorization: Bearer ' + /federated-associations/bulk: + post: + tags: + - admin + summary: Create and Delete users associations in bulk + description: | + This API is used to create and delete users association in bulk.
+ Maximum number of supported operations in a single request is 1000 by default. + It can be configured using a server level configuration. + Scope required: + * internal_user_fed_association_bulk + parameters: + - name: body + in: body + required: false + schema: + $ref: '#/definitions/BulkFederatedAssociationRequest' + responses: + 200: + description: Success + schema: + $ref: '#/definitions/BulkFederatedAssociationResponse' + 400: + description: Bad Request + schema: + $ref: '#/definitions/Error' + 401: + description: Unauthorized + schema: + $ref: '#/definitions/Error' + 403: + description: Forbidden + schema: + $ref: '#/definitions/Error' + 500: + description: Internal Server Error + schema: + $ref: '#/definitions/Error' + x-codeSamples: + - lang: Curl + source: | + curl -X 'POST' \ + 'https://localhost:9443/t//o/api/users/v1/federated-associations/bulk' \ + -H 'accept: */*' \ + -H 'Authorization: Bearer ' \ + -H 'Content-Type: application/json' \ + -d '{ + "failOnErrors": 0, + "operations": [ + { + "method": "POST", + "bulkId": "qewvaewv", + "path": "/1ca49238-3ab0-474b-9d42-8067780a503c/federated-associations", + "data": { + "idp": "Google", + "federatedUserId": "sam@gmail.com" + } + }, + { + "method": "POST", + "bulkId": "fgnruyt", + "path": "/7589bffc-b315-4dbd-83a5-86f5b8aa4776/federated-associations", + "data": { + "idp": "Google", + "federatedUserId": "mike@gmail.com" + } + }, + { + "method": "DELETE", + "bulkId": "useffger", + "path": "/0a2d94e2-3b98-49ea-89d6-e8dd9e0ff89b/federated-associations" + }, + { + "method": "DELETE", + "bulkId": "eefvrtgnrtn", + "path": "/197fc0fa-c2b0-48e6-92a6-a551afc3d125/federated-associations/0dcc3f5a-3bee-4f36-a91f-8ee60dbae875" + } + ] + }' components: schemas: Error: @@ -415,6 +494,91 @@ components: type: string example: john@example.com description: User identifier in the federated IdP + BulkFederatedAssociationRequest: + type: object + properties: + failOnErrors: + type: integer + example: 1 + description: | + This represents whether the API should stop processing the operations if any of them fail. The subsequent + operations after the the fail count is reached will not be processed. + If set to 0 or not set, the API will continue processing the operations even if some of them fail. + operations: + type: array + items: + $ref: '#/definitions/BulkFederatedAssociationOperation' + + BulkFederatedAssociationOperation: + type: object + required: + - method + - bulkId + - path + properties: + method: + type: string + enum: + - POST + - DELETE + example: POST + description: | + HTTP method to be used for the operation. Supported methods are POST and, DELETE. These values + If the method is not specified, the operation will be treated as a bad request. + bulkId: + type: string + example: "ytrewq" + path: + type: string + example: "/b1781d25-bde5-460a-a58a-8fe8dbfd8487/federated-associations" + description: | + The path to the resource to be operated on. The path should be relative to the base path of the API. + Full path for a federated association operation would be + `/t/{tenant-domain}/api/users/v1/{user-id}/federated-associations/{association-id}`. + data: + $ref: '#/definitions/UserFederatedAssociationData' + + UserFederatedAssociationData: + type: object + properties: + idp: + type: string + example: "exampleIdP" + description: Name of the IdP + federatedUserId: + type: string + example: "john@example.com" + description: User identifier in the federated IdP + + BulkFederatedAssociationResponse: + type: object + properties: + Operations: + type: array + items: + $ref: '#/definitions/BulkAssociationOperationResponse' + + BulkAssociationOperationResponse: + type: object + properties: + bulkId: + type: string + example: "qwerty" + status: + type: object + properties: + statusCode: + type: integer + example: "400" + errorCode: + type: string + example: "UAA-10012" + errorMessage: + type: string + example: "Error while adding federated user association: 1890c6c0-d1a0-4eb4-8075-320756d75946" + errorDescription: + type: string + example: "The federated association is already associated to a local user" securitySchemes: OAuth2: type: oauth2 diff --git a/en/identity-server/next/docs/apis/organization-apis/restapis/idp.yaml b/en/identity-server/next/docs/apis/organization-apis/restapis/idp.yaml index 4768161e3d..0987fa500f 100644 --- a/en/identity-server/next/docs/apis/organization-apis/restapis/idp.yaml +++ b/en/identity-server/next/docs/apis/organization-apis/restapis/idp.yaml @@ -207,7 +207,18 @@ paths: "isEnabled": true, "scheme": "PROVISION_SILENTLY", "userstore": "PRIMARY", - "associateLocalUser": true + "associateLocalUser": true, + "skipJITForLookupFailure": false, + "accountLookupAttributeMappings": [ + { + "federatedAttribute": "email", + "localAttribute": "http://wso2.org/claims/email" + }, + { + "federatedAttribute": "mobile", + "localAttribute": "http://wso2.org/claims/mobile" + } + ] }, "outboundConnectors": { "defaultConnectorId": "U0NJTQ", @@ -1733,7 +1744,18 @@ paths: "isEnabled": true, "scheme": "PROVISION_SILENTLY", "userstore": "PRIMARY", - "associateLocalUser": true + "associateLocalUser": true, + "skipJITForLookupFailure": false, + "accountLookupAttributeMappings": [ + { + "federatedAttribute": "email", + "localAttribute": "http://wso2.org/claims/email" + }, + { + "federatedAttribute": "mobile", + "localAttribute": "http://wso2.org/claims/mobile" + } + ] }' requestBody: content: @@ -2645,6 +2667,33 @@ components: type: boolean default: false example: true + skipJITForLookupFailure: + type: boolean + default: false + example: false + accountLookupAttributeMappings: + type: array + items: + $ref: '#/components/schemas/AccountLookupAttributeMapping' + description: > + List of local and federated attributes to be used for account lookup. + The maximum number of mappings is 2. + attributeSyncMethod: + type: string + enum: + - OVERRIDE_ALL + - NONE + - PRESERVE_LOCAL + default: OVERRIDE_ALL + AccountLookupAttributeMapping: + type: object + properties: + localAttribute: + type: string + example: http://wso2.org/claims/emailaddress + federatedAttribute: + type: string + example: email ConnectedApps: type: object properties: @@ -2897,6 +2946,12 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false + accountLookupAttributeMappings: + - federatedAttribute: "email" + localAttribute: "http://wso2.org/claims/email" + - federatedAttribute: "mobile" + localAttribute: "http://wso2.org/claims/mobile" attributeSyncMethod: "OVERRIDE_ALL" outboundConnectors: defaultConnectorId: "U0NJTQ" @@ -2962,6 +3017,12 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false + accountLookupAttributeMappings: + - federatedAttribute: "email" + localAttribute: "http://wso2.org/claims/email" + - federatedAttribute: "mobile" + localAttribute: "http://wso2.org/claims/mobile" attributeSyncMethod: "OVERRIDE_ALL" SystemDefinedIdentityProviderResponseExample: summary: "Response for identity provider creation with system defined authenticator" @@ -3024,6 +3085,12 @@ components: scheme: "PROMPT_USERNAME_PASSWORD_CONSENT" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: false + accountLookupAttributeMappings: + - federatedAttribute: "email" + localAttribute: "http://wso2.org/claims/email" + - federatedAttribute: "mobile" + localAttribute: "http://wso2.org/claims/mobile" attributeSyncMethod: "OVERRIDE_ALL" outboundConnectors: defaultConnectorId: "U0NJTQ" diff --git a/en/identity-server/next/docs/apis/restapis/association-management-by-admin.yaml b/en/identity-server/next/docs/apis/restapis/association-management-by-admin.yaml index beb69655e7..9c2cb851c3 100644 --- a/en/identity-server/next/docs/apis/restapis/association-management-by-admin.yaml +++ b/en/identity-server/next/docs/apis/restapis/association-management-by-admin.yaml @@ -313,6 +313,95 @@ paths: 'https://localhost:9443/api/users/v1/user-id/federated-associations/federated-association-id' \ -H 'accept: */*' \ -H 'Authorization: Basic YWRtaW46YWRtaW4=' + /federated-associations/bulk: + post: + tags: + - admin + summary: Create and Delete users associations in bulk + description: | + This API is used to create and delete users association in bulk.
+ Maximum number of supported operations in a single request is 1000 by default. + It can be configured using a server level configuration. + Scope required: + * internal_user_fed_association_bulk + requestBody: + required: false + content: + application/json: + schema: + $ref: '#/components/schemas/BulkFederatedAssociationRequest' + responses: + 200: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/BulkFederatedAssociationResponse' + 400: + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + 401: + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + 403: + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + 500: + description: Internal Server Error + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + x-codeSamples: + - lang: Curl + source: | + curl -X 'POST' \ + 'https://localhost:9443/api/users/v1/federated-associations/bulk' \ + -H 'accept: */*' \ + -H 'Authorization: Basic YWRtaW46YWRtaW4=' \ + -H 'Content-Type: application/json' \ + -d '{ + "failOnErrors": 0, + "operations": [ + { + "method": "POST", + "bulkId": "qewvaewv", + "path": "/1ca49238-3ab0-474b-9d42-8067780a503c/federated-associations", + "data": { + "idp": "Google", + "federatedUserId": "sam@gmail.com" + } + }, + { + "method": "POST", + "bulkId": "fgnruyt", + "path": "/7589bffc-b315-4dbd-83a5-86f5b8aa4776/federated-associations", + "data": { + "idp": "Google", + "federatedUserId": "mike@gmail.com" + } + }, + { + "method": "DELETE", + "bulkId": "useffger", + "path": "/0a2d94e2-3b98-49ea-89d6-e8dd9e0ff89b/federated-associations" + }, + { + "method": "DELETE", + "bulkId": "eefvrtgnrtn", + "path": "/197fc0fa-c2b0-48e6-92a6-a551afc3d125/federated-associations/0dcc3f5a-3bee-4f36-a91f-8ee60dbae875" + } + ] + }' components: schemas: Error: @@ -416,6 +505,91 @@ components: type: string example: john@example.com description: User identifier in the federated IdP + BulkFederatedAssociationRequest: + type: object + properties: + failOnErrors: + type: integer + example: 1 + description: | + This represents whether the API should stop processing the operations if any of them fail. The subsequent + operations after the the fail count is reached will not be processed. + If set to 0 or not set, the API will continue processing the operations even if some of them fail. + operations: + type: array + items: + $ref: '#/components/schemas/BulkFederatedAssociationOperation' + + BulkFederatedAssociationOperation: + type: object + required: + - method + - bulkId + - path + properties: + method: + type: string + enum: + - POST + - DELETE + example: POST + description: | + HTTP method to be used for the operation. Supported methods are POST and, DELETE. These values + If the method is not specified, the operation will be treated as a bad request. + bulkId: + type: string + example: "ytrewq" + path: + type: string + example: "/b1781d25-bde5-460a-a58a-8fe8dbfd8487/federated-associations" + description: | + The path to the resource to be operated on. The path should be relative to the base path of the API. + Full path for a federated association operation would be + `/t/{tenant-domain}/api/users/v1/{user-id}/federated-associations/{association-id}`. + data: + $ref: '#/components/schemas/UserFederatedAssociationData' + + UserFederatedAssociationData: + type: object + properties: + idp: + type: string + example: "exampleIdP" + description: Name of the IdP + federatedUserId: + type: string + example: "john@example.com" + description: User identifier in the federated IdP + + BulkFederatedAssociationResponse: + type: object + properties: + Operations: + type: array + items: + $ref: '#/components/schemas/BulkAssociationOperationResponse' + + BulkAssociationOperationResponse: + type: object + properties: + bulkId: + type: string + example: "qwerty" + status: + type: object + properties: + statusCode: + type: integer + example: "400" + errorCode: + type: string + example: "UAA-10012" + errorMessage: + type: string + example: "Error while adding federated user association: 1890c6c0-d1a0-4eb4-8075-320756d75946" + errorDescription: + type: string + example: "The federated association is already associated to a local user" securitySchemes: BasicAuth: type: http diff --git a/en/identity-server/next/docs/apis/restapis/idp.yaml b/en/identity-server/next/docs/apis/restapis/idp.yaml index d6545e637b..1fa060d5c7 100644 --- a/en/identity-server/next/docs/apis/restapis/idp.yaml +++ b/en/identity-server/next/docs/apis/restapis/idp.yaml @@ -209,7 +209,18 @@ paths: "scheme": "PROVISION_SILENTLY", "userstore": "PRIMARY", "associateLocalUser": true, - "attributeSyncMethod": "OVERRIDE_ALL" + "skipJITForLookupFailure": false, + "attributeSyncMethod": "OVERRIDE_ALL", + "accountLookupAttributeMappings": [ + { + "federatedAttribute": "email", + "localAttribute": "http://wso2.org/claims/email" + }, + { + "federatedAttribute": "mobile", + "localAttribute": "http://wso2.org/claims/mobile" + } + ] }, "outboundConnectors": { "defaultConnectorId": "U0NJTQ", @@ -2165,7 +2176,18 @@ paths: "scheme": "PROVISION_SILENTLY", "userstore": "PRIMARY", "associateLocalUser": true, - "attributeSyncMethod": "OVERRIDE_ALL" + "skipJITForLookupFailure": false, + "attributeSyncMethod": "OVERRIDE_ALL", + "accountLookupAttributeMappings": [ + { + "federatedAttribute": "email", + "localAttribute": "http://wso2.org/claims/email" + }, + { + "federatedAttribute": "mobile", + "localAttribute": "http://wso2.org/claims/mobile" + } + ] }' requestBody: content: @@ -2413,7 +2435,18 @@ paths: "scheme": "PROVISION_SILENTLY", "userstore": "PRIMARY", "associateLocalUser": true, - "attributeSyncMethod": "OVERRIDE_ALL" + "skipJITForLookupFailure": false, + "attributeSyncMethod": "OVERRIDE_ALL", + "accountLookupAttributeMappings": [ + { + "federatedAttribute": "email", + "localAttribute": "http://wso2.org/claims/email" + }, + { + "federatedAttribute": "mobile", + "localAttribute": "http://wso2.org/claims/mobile" + } + ] }, "outboundConnectors": { "defaultConnectorId": "U0NJTQ", @@ -2647,7 +2680,18 @@ paths: "scheme": "PROVISION_SILENTLY", "userstore": "PRIMARY", "associateLocalUser": true, - "attributeSyncMethod": "OVERRIDE_ALL" + "skipJITForLookupFailure": false, + "attributeSyncMethod": "OVERRIDE_ALL", + "accountLookupAttributeMappings": [ + { + "federatedAttribute": "email", + "localAttribute": "http://wso2.org/claims/email" + }, + { + "federatedAttribute": "mobile", + "localAttribute": "http://wso2.org/claims/mobile" + } + ] }, "outboundConnectors": { "defaultConnectorId": "U0NJTQ", @@ -3658,6 +3702,14 @@ components: type: boolean default: false example: true + skipJITForLookupFailure: + type: boolean + default: false + example: true + accountLookupAttributeMappings: + type: array + items: + $ref: '#/components/schemas/AccountLookupAttributeMapping' attributeSyncMethod: description: "Specify the method used for syncing attributes between a JIT-provisioned user account and a local user account. \n\n The following methods are allowed: \n\n @@ -3672,6 +3724,15 @@ components: - NONE - PRESERVE_LOCAL default: OVERRIDE_ALL + AccountLookupAttributeMapping: + type: object + properties: + localAttribute: + type: string + example: http://wso2.org/claims/emailaddress + federatedAttribute: + type: string + example: email ConnectedApps: type: object properties: @@ -4001,6 +4062,12 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: true + accountLookupAttributeMappings: + - localAttribute: http://wso2.org/claims/emailaddress + federatedAttribute: email + - localAttribute: http://wso2.org/claims/mobile + federatedAttribute: mobile attributeSyncMethod: "OVERRIDE_ALL" outboundConnectors: defaultConnectorId: "U0NJTQ" @@ -4066,6 +4133,12 @@ components: scheme: "PROVISION_SILENTLY" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: true + accountLookupAttributeMappings: + - localAttribute: http://wso2.org/claims/emailaddress + federatedAttribute: email + - localAttribute: http://wso2.org/claims/mobile + federatedAttribute: mobile attributeSyncMethod: "OVERRIDE_ALL" SystemDefinedIdentityProviderResponseExample: summary: "Response for identity provider creation with system defined authenticator" @@ -4128,6 +4201,12 @@ components: scheme: "PROMPT_USERNAME_PASSWORD_CONSENT" userstore: "PRIMARY" associateLocalUser: true + skipJITForLookupFailure: true + accountLookupAttributeMappings: + - localAttribute: http://wso2.org/claims/emailaddress + federatedAttribute: email + - localAttribute: http://wso2.org/claims/mobile + federatedAttribute: mobile attributeSyncMethod: "OVERRIDE_ALL" outboundConnectors: defaultConnectorId: "U0NJTQ" diff --git a/en/identity-server/next/docs/guides/authentication/jit-user-provisioning.md b/en/identity-server/next/docs/guides/authentication/jit-user-provisioning.md index fec64684f6..d26bd4fc2c 100644 --- a/en/identity-server/next/docs/guides/authentication/jit-user-provisioning.md +++ b/en/identity-server/next/docs/guides/authentication/jit-user-provisioning.md @@ -1,3 +1,3 @@ {% set product_name = "WSO2 Identity Server" %} -{% set is_version = "next" %} +{% set is_version = "7.2.0" %} {% include "../../../../../includes/guides/authentication/jit-user-provisioning.md" %} diff --git a/en/includes/guides/authentication/jit-user-provisioning.md b/en/includes/guides/authentication/jit-user-provisioning.md index 8cc58f9c4f..92ef67a96d 100644 --- a/en/includes/guides/authentication/jit-user-provisioning.md +++ b/en/includes/guides/authentication/jit-user-provisioning.md @@ -43,7 +43,7 @@ To enable/disable JIT user provisioning for an external Identity provider:
- When JIT is disabled, a user profile is not created. Therefore, there is no location to store the attributes of the user. In such cases, the attributes are directly passed to the application. -{% if product_name == "Asgardeo" or (product_name == "WSO2 Identity Server" and is_version == "7.2.0") %} +{% if product_name == "Asgardeo" or (product_name == "WSO2 Identity Server" and is_version >= "7.2.0") %} !!! note - When `Associate provisioned users with existing local users` configuration is enabled, {{ product_name }} uses the Account Linking rules to find a matching local user and link the federated user with the matching local user. If first match rule and fallback match rule are not defined, {{ product_name }} will match the federated users email with the local users' usernames to find a match. - When `Skip Jit provisioning when no rule matches` cnfiguration is enabled, {{ product_name }} will skip creating a new local user account in case there are no local found using the account linking rules.