The related Jira bug was created because when performing operations with a run as user that has delegated admin roles, those roles are not being applied.
The goal in this story is to investigate the amount of Delegated Admin support that was provided in the run as module wrapper, if any, and devise a plan to the work that will need to be done in order to support this.
- RunAsModuleWrapper needs to preserve the calculated roles in the AttributesContext "authzRoles"
- RunAsModuleWrapper needs to set the queryId to that of the runAsProperties queryId
- IDMAuthModuleWrapper should use the principalName for resource query if enabbleDynamicRoles and the moduleId is INTERNAL_USER and the the principalName does not equal the authorizationAuthenticationId. This in order to query the resource for the runAs user instead of attempting to query openidm_admin.