This documentation is for WSO2 Identity Server 5.5.0 . View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


WSO2 Identity Server 5.5.0 supports specifying scope validators for a service provider. If you take a look at support for specifying scope validators in previous versions of WSO2 Identity Server (WSO2 IS), you will understand that,

  • WSO2 Identity Server 5.4.0 and later versions did support specifying JDBC Scope validators as a global configuration, but did not support specifying scope validators for a service provider.
  • Versions older that WSO2 Identity Server 5.4.0 did not support specifying scope validators, but did allow you to create your own custom scope validator implementations.

Therefore, if you have done any custom scope validator implementations in your existing version of WSO2 IS, and you want to migrate those custom implementations to IS 5.5.0, follow the instructions below depending on your custom scope validator implementation:

The instructions you need to follow to migrate your custom scope validator implementations can vary depending on your implementation. Therefore, you may not need to follow all the instructions below in the same order. Be sure to follow the appropriate steps depending on your custom scope validator implementation.

  1. If you have extended the OAuth2ScopeValidator and implemented your own scope validator, implement a new method called get<scopeValidatorName>(). The name that you specify as  <scopeValidatorName>  in the new method will be used in the UI and database. 


    If you do not implement a new method, the canonical name of the class will be used in the UI and database. 

  2. If you have custom scope validators that you have configured globally, and you want to configure those scope validators in all service providers in IS 5.5.0, add the following snippet to the appropriate migration script in the <IS5.5.0_MIGRATION_TOOL_HOME>/migration-resources/migration-resources/5.5.0/dbscripts/step2/indentity directory.

     SELECT IDN_OAUTH_CONSUMER_APPS.ID, '<scopeValidatorName>'


    • If you have configured JDBC scope validators in IS 5.4.x, and you want to configure those JDBC scope validators in all service providers in IS 5.5.0, replace <scopeValidatorName> in the above snippet with Role based scope validator.
    • If you have specified a name as <scopeValidatorName> in the new method in step 1, then replace <scopeValidatorName> in the above snippet with that name. If you did not implement a new method in step 1, you can use the canonical name of your custom scope validator class to replace <scopeValidatorName> in the above snippet.
  3. If you want to use the XACML based scope validator introduced in IS 5.5.0 together with your custom scope validators, add the following line under <ScopeValidators> in the <IS_HOME>/repository/conf/identity/identity.xml file:

    <ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
  • No labels