[MGRTENANT-6] mgr-tenants - Impersonation client should have custom token mappers Created: 31/Dec/23 Updated: 18/Jan/24 Resolved: 18/Jan/24 |
|
| Status: | Closed |
| Project: | mgr-tenants |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Story | Priority: | P3 |
| Reporter: | Craig McNally | Assignee: | Pavel Filippov |
| Resolution: | Done | Votes: | 0 |
| Labels: | back-end, epam-eureka, eureka-phase4, need-review | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | Eureka Sprint 44 | ||||||||
| Story Points: | 2 | ||||||||
| Development Team: | Eureka | ||||||||
| Description |
|
OverviewWhen switching affiliation the token for another tenant is retrieved with impersonation-client, currently the client doesn't add custom token claims for user_id and username which are important for _self API. Solution:Add the following token mappers when creating the impersonation client:usernameuser_idExample from the Keycloak for login client: |
| Comments |
| Comment by Pavel Filippov [ 12/Jan/24 ] |
|
The `mgr-tenants` code contains the necessary changes private Client createImpersonationClient(String realm) { var impersonationClient = properties.getImpersonationClient(); var secret = clientSecretService.getOrCreateClientSecret(realm, impersonationClient); var description = "client for impersonating user"; var mappers = folioUserTokenMappers(); var client = buildClient(impersonationClient, secret, description, mappers, true, true); return clientService.createClient(client, realm); } |
| Comment by Craig McNally [ 16/Jan/24 ] |
|
Pavel Filippov has this made it into any of the Eureka envs yet? |