External Role Mapping and multiple Organizations

Hello,
I have a question regarding the External Role Mapping feature.

I currently have an OPDK 4.50.00 installation with multiple organizations and I'm testing the External Role Mapping Java implementation.

Right now I'm having a problem trying to identify to which organization the users belongs when they're logging in.

I was under the impression that during the login process on the Apigee UI, the getUserRoles method was going to be called with the expectedNamespace parameter being an instance of SystemNamespace or OrganizationNamespace.

What is currently happening is that this method is always called with only an instance of SystemNamespace. It is called once or twice for the sysadmin user (which is OK), and then called again for the user who is logging in, but always with SystemNamespace.

The problem is that SystemNamespace is not bound to any organization, so I'm left in the dark when I have to assign roles like below:

new NameSpacedRole("orgadmin", OrganizationNamespace.of("org-name???"))

So my question is, is this the expected behavior and I should have the organizations hardcoded in the class, or am I doing something wrong?

It is also not clear to me when I should assign roles using SystemNamespace or OrganizationNamespace. For instance, in this comment the user assigns the "orgadmin" role using a code like this:

new NameSpacedRole("orgadmin", SystemNamespace.get())

Thanks in advance for any advice on this topic.

0 0 150
0 REPLIES 0