diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java
index cb2296305176..ef4b80fa96c0 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java
@@ -42,6 +42,7 @@
import java.util.StringJoiner;
import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.PROXY_CONTEXT_PATH;
+import static org.wso2.carbon.identity.core.util.IdentityTenantUtil.isSuperTenantMandatoryInUrl;
/**
* Implementation for {@link ServiceURLBuilder}.
@@ -124,7 +125,7 @@ protected String getResolvedUrlPath(String tenantDomain) {
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled() && !resolvedUrlContext.startsWith("t/") &&
!resolvedUrlContext.startsWith("o/")) {
- if (mandateTenantedPath || isNotSuperTenant(tenantDomain)) {
+ if (mandateTenantedPath || isSuperTenantMandatoryInUrl() || isNotSuperTenant(tenantDomain)) {
String organizationId = StringUtils.isNotBlank(orgId) ? orgId :
PrivilegedCarbonContext.getThreadLocalCarbonContext().getOrganizationId();
if (organizationId != null) {
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
index 31eee22bf5e7..be86bf289e5e 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
@@ -37,6 +37,7 @@ public class IdentityCoreConstants {
public static final String TENANT_NAME_FROM_CONTEXT = "TenantNameFromContext";
public static final String ENABLE_TENANT_QUALIFIED_URLS = "EnableTenantQualifiedUrls";
public static final String ENABLE_TENANTED_SESSIONS = "EnableTenantedSessions";
+ public static final String APPEND_SUPER_TENANT_IN_URL = "AppendSuperTenantInUrl";
public static final String PROXY_CONTEXT_PATH = "ProxyContextPath";
public static final int DEFAULT_HTTPS_PORT = 443;
public static final String UTF_8 = "UTF-8";
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java
index 558aa5f61c27..9b19ff13560d 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java
@@ -422,6 +422,16 @@ public static boolean isTenantedSessionsEnabled() {
return Boolean.parseBoolean(IdentityUtil.getProperty(IdentityCoreConstants.ENABLE_TENANTED_SESSIONS));
}
+ /**
+ * Checks if it is required to specify carbon.super in tenant qualified URLs.
+ *
+ * @return true if it is mandatory, false otherwise.
+ */
+ public static boolean isSuperTenantRequiredInUrl() {
+
+ return Boolean.parseBoolean(IdentityUtil.getProperty(IdentityCoreConstants.APPEND_SUPER_TENANT_IN_URL));
+ }
+
/**
*
* Checks whether legacy SaaS authentication is enabled.
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
index da65ebbfb77d..a91363742724 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -3216,6 +3216,7 @@
{{tenant_context.enable_tenant_qualified_urls}}
{{tenant_context.enable_tenanted_sessions | default(false)}}
+ {{tenant_context.append_super_tenant_in_url | default(false)}}