Reputation: 699
WSO2 IS 5.9.0 Updating user claims
I have two problems, when use the method setUserClaimValue from RemoteUserStoreManagerService SOAP endpoint, the update, works good.
But, the endpont /userinfo lost the values, I need to re-authenticate the user for generate a new access token and all works good again.
I need use the method setUserClaimValue from RemoteUserStoreManagerService for update more than one claim, but nothing happend, I don't have any error but the claims were not updated.
This is my env:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<ser:setUserClaimValues>
<!--Optional:-->
<ser:userName>[email protected]</ser:userName>
<!--Zero or more repetitions:-->
<ser:claims>
<!--Optional:-->
<xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI>
<!--Optional:-->
<xsd:value>[email protected]</xsd:value>
</ser:claims>
<!--Optional:-->
<ser:profileName></ser:profileName>
</ser:setUserClaimValues>
</soapenv:Body>
</soapenv:Envelope>
What method I should use for update more thant one claim? Why when update claims, my actual access token lost data from /userinfo endpoint, and is it necessary to generate a new access token?
Upvotes: 0
Views: 223
Answers (1)
Reputation: 1515
1)
What method I should use for update more thant one claim?
You have to use setUserClaimValues from RemoteUserStoreManagerService. You can follow this document for further information on this RemoteUserStoreManagerService.
A sample soap service is given below.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd">
<soap:Header/>
<soap:Body>
<ser:setUserClaimValues>
<ser:userName>piraveena</ser:userName>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/organization</xsd:claimURI>
<xsd:value>wso2</xsd:value>
</ser:claims>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/country</xsd:claimURI>
<xsd:value>srilanka</xsd:value>
</ser:claims>
<ser:profileName>default</ser:profileName>
</ser:setUserClaimValues>
</soap:Body>
</soap:Envelope>
2)
Why when update claims, my actual access token lost data from /userinfo endpoint?
I couldn't reproduce this issue locally. I was able to obtain the userclaims without reauthenticating even after updating the claims via admin service.
When user claim is updated, the userattribute cache which is mapped against the accesstoken also will be cleared by an event. So the next time when you call the useinfo endpoint, the cache will be empty. In that case, the claim will be obtained from userstore. Please refer to this code here. Due to this, the user doesn't need to reauthenticate since the userattributes exist in the userstore.
But you may face this issue when you have enabled email as username and you update the email of the user via the service.
Upvotes: 1
Related Questions
- WSO2IS 5.10.0 - Can't create/update user on Active Directory
- WSO2 Identity Server: SOAP Services failing to update user claim values after first time
- WSO2 id_token with missing claims
- WSO2 IS 5.1.0 - Error while updating Service Provider using Soap
- WSO2 Claims for First name
- wso2is-5.3.0 How to update Identity claims
- Wso2 IS 5.2.0 : Openid connect role claim
- WSO2 IS: OpenID Connect custom claims in 5.2.0?
- WSO2 Identity Server 5.1.0 - Updating Resident IDP from IdentityProviderMgtService
- wso2is4.6 claim management