[OPENIDM-13301] Investigation: run as authentication with users that have delegated admin based roles Created: 28/May/19  Updated: 21/Feb/20  Resolved: 05/Jun/19

Status: Closed
Project: OpenIDM
Component/s: Module - Authentication
Affects Version/s: None
Fix Version/s: 7.0.0

Type: Story Priority: Major
Reporter: Katie Gonzalez Assignee: Katie Gonzalez
Resolution: Done Votes: 0
Labels: DIXON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to OPENIDM-13238 Using runAs for a user with delegated... Closed
Target Version/s:
Verified Version/s:
Story Points: 3
Sprint: 2019.8 - IDM
Epic Link: Delegated Admin Phase 2


The related Jira bug was created because when performing operations with a run as user that has delegated admin roles, those roles are not being applied.

The goal in this story is to investigate the amount of Delegated Admin support that was provided in the run as module wrapper, if any, and devise a plan to the work that will need to be done in order to support this.



  • RunAsModuleWrapper needs to preserve the calculated roles in the AttributesContext "authzRoles"
  • RunAsModuleWrapper needs to set the queryId to that of the runAsProperties queryId
  • IDMAuthModuleWrapper should use the principalName for resource query if enabbleDynamicRoles and the moduleId is INTERNAL_USER and the the principalName does not equal the authorizationAuthenticationId. This in order to query the resource for the runAs user instead of attempting to query openidm_admin.

Comment by Alexander Dracka [ 21/Feb/20 ]

There are two tests related to the issue OPENIDM-13238 under delegated_admin_stories Suite

Generated at Sat Nov 28 22:16:33 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.