Skip to content

Requesting claims fails for applications shared with sub-orgs #24710

New issue
New issue
Closed
Bug
Closed
Requesting claims fails for applications shared with sub-orgs#24710
Bug
Assignees
HasiniSama
Labels
Priority/HighSeverity/BlockerTeam/B2BType/Bug
Milestone
7.2.0-m6
@AmshikaH

Description

@AmshikaH
AmshikaH
opened on Jul 16, 2025

Description

When a claim is requested in an app that has been shared with one or more sub-organizations, the following exception occurs.

Screenshot:
Image

API error response:

{
    "code": "SE-50000",
    "message": "Unexpected Processing Error.",
    "description": "Server encountered an error while serving the request.",
    "traceId": "9f01bad7-2eba-4f23-9b08-69165d75da47"
}

Stack trace:

[2025-07-16 14:14:15,875] [12c6cffd-3526-4e05-ae76-1c7099ddac61] ERROR {org.wso2.carbon.identity.api.dispatcher.core.DefaultExceptionMapper} - Server encountered an error while serving the request. org.wso2.carbon.identity.base.IdentityRuntimeException: Invalid tenant domain c5a498b4-7941-4cf8-8777-85974f2f1fa8
	at org.wso2.carbon.identity.base.IdentityRuntimeException.error(IdentityRuntimeException.java:55)
	at org.wso2.carbon.identity.core.util.IdentityTenantUtil.getTenantId(IdentityTenantUtil.java:276)
	at org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementServiceImpl.getLocalClaims(ClaimMetadataManagementServiceImpl.java:282)
	at org.wso2.carbon.identity.organization.management.application.handler.OrgClaimMgtHandler.getMissingClaims(OrgClaimMgtHandler.java:696)
	at org.wso2.carbon.identity.organization.management.application.handler.OrgClaimMgtHandler.handleAppUserAttributeUpdate(OrgClaimMgtHandler.java:177)
	at org.wso2.carbon.identity.organization.management.application.handler.OrgClaimMgtHandler.handleEvent(OrgClaimMgtHandler.java:85)
	at org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56)
	at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.fireEvent(ApplicationManagementServiceImpl.java:3450)
	at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.postApplicationUserAttributeUpdate(ApplicationManagementServiceImpl.java:3434)
	at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.updateApplicationByResourceId(ApplicationManagementServiceImpl.java:2811)
	at org.wso2.carbon.identity.api.server.application.management.v1.core.ServerApplicationManagementService.patchApplication(ServerApplicationManagementService.java:933)
	at org.wso2.carbon.identity.api.server.application.management.v1.impl.ApplicationsApiServiceImpl.patchApplication(ApplicationsApiServiceImpl.java:180)
	at org.wso2.carbon.identity.api.server.application.management.v1.ApplicationsApi.patchApplication(ApplicationsApi.java:1039)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:281)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:199)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:145)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:123)
	at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38)
	at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:83)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:157)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:153)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:110)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:71)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:150)
	at org.wso2.carbon.extension.identity.x509Certificate.valve.X509CertificateAuthenticationValve.invoke(X509CertificateAuthenticationValve.java:59)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
	at org.wso2.carbon.identity.core.context.valve.IdentityContextCreatorValve.invoke(IdentityContextCreatorValve.java:52)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:396)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:937)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1793)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
	at java.base/java.lang.Thread.run(Thread.java:829)

This is due to the change introduced to store the sub-org handle as the UM_DOMAIN_NAME in the UM_TENANT table instead of the tenant uuid, which results in the IdentityTenantUtil.getTenantId call failing with the above error.

Steps to Reproduce

  1. Create a sub-org
  2. Create an application and share it with the above sub-org
  3. Request a claim in the application you created.

Please select the area issue is related to

B2B

Version

7.2.0-m6-SNAPSHOT

Environment Details (with versions)

No response

Developer Checklist

  • [Behavioural Change] Does this change introduce a behavioral change to the product?
  •  ↳ Approved by team lead
  •  ↳ Label impact/behavioral-change added
  • [Migration Impact] Does this change have a migration impact?
  •  ↳ Migration label added (e.g., 7.2.0-migration)
  •  ↳ Migration issues created and linked
  • [New Configuration] Does this change introduce a new configuration?
  •  ↳ Label config added
  •  ↳ Configuration is properly documented

Metadata

Metadata

Assignees

Labels

Priority/HighSeverity/BlockerTeam/B2BType/Bug

Type

Bug

Projects

Identity Server 7.2.0

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions