Skip to content

feat: Cut SMF record about mapping OIDC token to mainframe credentials #4357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: v3.x.x
Choose a base branch
from
Open

feat: Cut SMF record about mapping OIDC token to mainframe credentials #4357

wants to merge 6 commits into from

Conversation

@pavel-jares-bcm
Copy link
Contributor

Description

This PR allows cutting SMF record during the processing OIDC token. It a token is mapped to an identity the SMF record could be cut. It contains the mapped user and the source user. Because there is a possibility mapping OIDC token by other than sub properties the use can define a different properties to be logged. So the SMF records contains mapped user an a source user.

The feature is as default disabled to mitigate a performance impact.

The new configuration properties:

apiml.security.rauditx.onOidcUserIsMapped

  • Enable cutting SMF record on mapping distributed user from OIDC token to mainframe one.

apiml.security.rauditx.oidcSourceUserPaths

  • Comma separated JSON paths to find source user in the OIDC token to be cut in the SMF record.

Linked to # (issue)
Part of the # (epic)

Type of change

Please delete options that are not relevant.

  • fix: Bug fix (non-breaking change which fixes an issue)
  • feat: New feature (non-breaking change which adds functionality)
  • docs: Change in a documentation
  • refactor: Refactor the code
  • chore: Chore, repository cleanup, updates the dependencies.
  • BREAKING CHANGE or !: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the style guidelines of this project
  • PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

For more details about how should the code look like read the Contributing guideline

@pavel-jares-bcm
draft
e30be1b 
Signed-off-by: Pavel Jareš <[email protected]>
@pavel-jares-bcm
add source user
479425e 
Signed-off-by: Pavel Jareš <[email protected]>
@github-actions github-actions bot added the Sensitive Sensitive change that requires peer review label Oct 24, 2025
@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@EvaJavornicka EvaJavornicka moved this from New to In Progress in API Mediation Layer Backlog Management Oct 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@achmelo achmelo Awaiting requested review from achmelo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Sensitive Sensitive change that requires peer review size/L

Projects

API Mediation Layer Backlog Management
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pavel-jares-bcm @achmelo @zowe-robot