Apply IDP mappings as override for outbound provisioning

[PasinduYeshan]

This pull request enhances the outbound provisioning claim mapping logic to allow Identity Provider (IDP) claim mappings to override standard dialect-based claim mappings. This gives administrators more flexibility to define custom attribute mappings in IDP settings, ensuring these take precedence when outbound connectors specify dialects.

Claim Mapping Overrides:

• Added logic in getMappedClaims to apply IDP claim mapping overrides on top of dialect-transformed claims, so that custom mappings configured in the IDP settings will take precedence.
• Introduced the private method applyIdpClaimMappingOverrides, which merges IDP claim mappings with already mapped claims, handling both inbound and entity attributes, and ensuring correct override behavior.
• Added a helper method removeExistingMappingForLocalClaim to remove any existing mapping for a local claim before applying an override, preventing duplicate or conflicting mappings.

Related Issues

• SCIM outbound provisioning for sub-organizational applications product-is#26544

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wso2-engineering]

Log Improvement Suggestion No: 1

Suggested change

	*/
	if (ArrayUtils.isNotEmpty(idpClaimMappings)) {
	mapppedClaims = applyIdpClaimMappingOverrides(mapppedClaims, idpClaimMappings,
	inboundAttributes, provisioningEntity.getAttributes());
	}
	if (ArrayUtils.isNotEmpty(idpClaimMappings)) {
	log.info("Applying IDP claim mapping overrides for provisioning entity");
	mapppedClaims = applyIdpClaimMappingOverrides(mapppedClaims, idpClaimMappings,
	inboundAttributes, provisioningEntity.getAttributes());
	}

[wso2-engineering]

Log Improvement Suggestion No: 2

Suggested change

	* @param mappedClaims Map of claim mappings.
	* @param localClaimUri Local claim URI to match.
	*/
	private void removeExistingMappingForLocalClaim(Map<ClaimMapping, List<String>> mappedClaims,
	private void removeExistingMappingForLocalClaim(Map<ClaimMapping, List<String>> mappedClaims,
	String localClaimUri) {
	if (log.isDebugEnabled()) {
	log.debug("Removing existing claim mapping for local claim URI: " + localClaimUri);
	}
	Iterator<Map.Entry<ClaimMapping, List<String>>> iterator = mappedClaims.entrySet().iterator();

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

❌ Patch coverage is 0% with 63 lines in your changes missing coverage. Please review.
✅ Project coverage is 51.04%. Comparing base (ad9d90c) to head (fc38a9f).
⚠️ Report is 18 commits behind head on master.

Files with missing lines	Patch %	Lines
...tity/provisioning/OutboundProvisioningManager.java	0.00%	63 Missing ⚠️

❌ Your patch check has failed because the patch coverage (0.00%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #7697      +/-   ##
============================================
- Coverage     51.26%   51.04%   -0.23%     
+ Complexity    19363    19332      -31     
============================================
  Files          2144     2144              
  Lines        123096   125487    +2391     
  Branches      26224    25512     -712     
============================================
+ Hits          63103    64049     +946     
- Misses        51889    53269    +1380     
- Partials       8104     8169      +65     

Flag	Coverage Δ
unit	35.64% <0.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.