This documentation is for WSO2 Identity Server 5.5.0 . View documentation for the latest release.
Identity Server 5.5.0

All docs This doc
Expand all   Collapse all
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

THE CONTENT ON THIS PAGE IS A WORK IN PROGRESS.

WSO2 Identity Server 5.5.0 supports specifying scope validators for a service provider. If you take a look at support for specifying scope validators in previous versions of WSO2 Identity Server (WSO2 IS), you will understand that,

  • WSO2 Identity Server 5.4.0 and 5.4.1 supported specifying JDBC Scope validators as a global configuration, but did not support specifying scope validators for a service provider. WSO2 Identity Server 5.4.0 and 5.4.1 also allowed you to create your own custom scope validator implementations.
  • Versions older that WSO2 Identity Server 5.4.0 did not support specifying scope validators, but allowed you to create your own custom scope validator implementations.

Therefore, if you have done any custom scope validator implementations in your existing version of WSO2 IS, and you want to migrate those custom implementations to IS 5.5.0, follow the instructions below:

The instructions you need to follow to migrate your custom scope validator implementations can vary depending on your implementation. You may not need to follow all the steps below in the same order. Be sure to follow the appropriate steps depending on your implementation.

  1. If you have extended the OAuth2ScopeValidator and implemented your own scope validator, implement a new method called get<scopeValidatorName>(). The name that you specify as  <scopeValidatorName>  in the new method will be used in the UI and database. 

    Note

    If you do not implement a new method, the canonical name of the class will be used in the UI and database. 

  2. If you have custom scope validators that you have configured globally, and you want to configure those scope validators in all service providers in IS 5.5.0, add the following snippet to the appropriate migration script in the <IS5.5.0_MIGRATION_TOOL_HOME>/migration-resources/migration-resources/5.5.0/dbscripts/step2/indentity directory.

    INSERT INTO IDN_OAUTH2_SCOPE_VALIDATORS (APP_ID, SCOPE_VALIDATOR)
 SELECT IDN_OAUTH_CONSUMER_APPS.ID, '<scopeValidatorName>'
   FROM IDN_OAUTH_CONSUMER_APPS;

    Note

    • If you have configured JDBC scope validators in IS 5.4.x, and you want to configure those JDBC scope validators in all service providers in IS 5.5.0, replace <scopeValidatorName> in the above snippet with Role based scope validator.
    • If you have specified a name as <scopeValidatorName> in the new method in step 1, then replace <scopeValidatorName> in the above snippet with that name. If you did not implement a new method in step 1, you can use the canonical name of your custom scope validator class to replace <scopeValidatorName> in the above snippet.

  3. If you want to use the XACML based scope validator introduced in IS 5.5.0 together with your custom scope validators, add the following line under <ScopeValidators> in the <IS_HOME>/repository/conf/identity/identity.xml file:

    <ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
  • No labels