diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java
index cb2296305176..03e134cd129d 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/DefaultServiceURLBuilder.java
@@ -42,6 +42,7 @@
import java.util.StringJoiner;
import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.PROXY_CONTEXT_PATH;
+import static org.wso2.carbon.identity.core.util.IdentityTenantUtil.isSuperTenantRequiredInUrl;
/**
* Implementation for {@link ServiceURLBuilder}.
@@ -124,7 +125,7 @@ protected String getResolvedUrlPath(String tenantDomain) {
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled() && !resolvedUrlContext.startsWith("t/") &&
!resolvedUrlContext.startsWith("o/")) {
- if (mandateTenantedPath || isNotSuperTenant(tenantDomain)) {
+ if (mandateTenantedPath || isSuperTenantRequiredInUrl() || isNotSuperTenant(tenantDomain)) {
String organizationId = StringUtils.isNotBlank(orgId) ? orgId :
PrivilegedCarbonContext.getThreadLocalCarbonContext().getOrganizationId();
if (organizationId != null) {
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
index 31eee22bf5e7..20c6a3a5cfec 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
@@ -35,8 +35,10 @@ public class IdentityCoreConstants {
public static final String PORTS_OFFSET = "Ports.Offset";
public static final String TENANT_NAME_FROM_CONTEXT = "TenantNameFromContext";
- public static final String ENABLE_TENANT_QUALIFIED_URLS = "EnableTenantQualifiedUrls";
- public static final String ENABLE_TENANTED_SESSIONS = "EnableTenantedSessions";
+ public static final String ENABLE_TENANT_QUALIFIED_URLS = "TenantContext.TenantQualifiedUrls.Enable";
+ public static final String REQUIRED_SUPER_TENANT_IN_URLS =
+ "TenantContext.TenantQualifiedUrls.RequireSuperTenantInUrls";
+ public static final String ENABLE_TENANTED_SESSIONS = "TenantContext.TenantQualifiedUrls.EnableTenantedSessions";
public static final String PROXY_CONTEXT_PATH = "ProxyContextPath";
public static final int DEFAULT_HTTPS_PORT = 443;
public static final String UTF_8 = "UTF-8";
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java
index 558aa5f61c27..f475bf98e735 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java
@@ -422,6 +422,16 @@ public static boolean isTenantedSessionsEnabled() {
return Boolean.parseBoolean(IdentityUtil.getProperty(IdentityCoreConstants.ENABLE_TENANTED_SESSIONS));
}
+ /**
+ * Checks if it is required to specify carbon.super in tenant qualified URLs.
+ *
+ * @return true if it is mandatory, false otherwise.
+ */
+ public static boolean isSuperTenantRequiredInUrl() {
+
+ return Boolean.parseBoolean(IdentityUtil.getProperty(IdentityCoreConstants.REQUIRED_SUPER_TENANT_IN_URLS));
+ }
+
/**
*
* Checks whether legacy SaaS authentication is enabled.
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
index 7a6cc2100f3a..4427b48d2d18 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
@@ -2252,6 +2252,14 @@
-->
false
+
+
+ false
+ false
+ false
+
+
+
/api/identity/user/v1.0/
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
index da65ebbfb77d..aa35d8dabbf7 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -3214,8 +3214,14 @@
-->
{{user.association.enable_for_federated_users}}
- {{tenant_context.enable_tenant_qualified_urls}}
- {{tenant_context.enable_tenanted_sessions | default(false)}}
+
+
+ {{tenant_context.enable_tenant_qualified_urls}}
+ {{tenant_context.enable_tenant_qualified_urls && tenant_context.require_super_tenant_in_urls}}
+ {{tenant_context.enable_tenant_qualified_urls && tenant_context.enable_tenanted_sessions}}
+
+
+