Hi Tarun

Thank you for your feedback. With the attached logs, I can see that the provisioned User that you are trying is missing the required permissions to access the Store/Publisher portal

TID: [-1234] [] [2020–05–18 09:29:35,745] WARN {JAGGERY.jagg.jaggery_oidc_acs:jag} — User not permitted {JAGGERY.jagg.jaggery_oidc_acs:jag}

Also, I can see a NullPointerException as well. Seems one of the claims is missing there and the Store/Publisher was not able to move forward. You can add a couple of log.info() inside the <apim>/repository/deployment/server/jaggeryapps/store/jagg/jagger_oidc_acs.jag file to check the flow and do the required changes

For example:

var hasPublisherAccess = api.hasPublisherAccess(oidcRelyingParty.getLoggedInUser(sessionId));
var oidcUser = oidcRelyingParty.getLoggedInUser(sessionId);
// log info to log the user permitted object
log.info(isUserPermitted);

Furthermore, please check whether the provisioned user has been assigned with the Internal/subscriber role by going to the Carbon Management console. If the provisioned User is missing the Roles that we have configured and not being updated as expected, then you can enable the following DEBUG logs to check the flow, also you can re-verify the Claim Mapping & Role Mapping configurations

log4j.logger.org.wso2.carbon.identity.application.authentication.framework = DEBUG

And the JIT Provisioning is handled by org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.JITProvisionningPostAuthenticationHandler.

Hope you can follow the above-suggested approaches to overcome the User Permission issues 😄