search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
742 stars 720 forks source link

Authentication Error when continuing the authetication flow from after going back from MagicLink authenticator #18075

Open ashanthamara opened 9 months ago

ashanthamara commented 9 months ago

Describe the issue:

$subject

How to reproduce:

  1. Create an Application
  2. Add MFA and add magic link as an authenticator
  3. Choose Magic Link when login to the application.
  4. Go back from Magic Link authenticator from browser back button.
  5. Try to login to application again with Magic Link.

https://github.com/wso2/product-is/assets/75057725/dd92be2a-8dba-4251-82db-944917cadfa3

[2023-11-24 12:32:58,491] [3d2ea102-d3e3-4f26-8c48-f3bd50937f59] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework org.apache.commons.lang3.SerializationException: java.io.NotSerializableException: org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorMessage
    at org.apache.commons.lang3.SerializationUtils.serialize(SerializationUtils.java:156)
    at org.apache.commons.lang3.SerializationUtils.serialize(SerializationUtils.java:178)
    at org.apache.commons.lang3.SerializationUtils.clone(SerializationUtils.java:82)
    at org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext.clone(AuthenticationContext.java:846)
    at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:235)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:57)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:46)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleAuthFlowThroughFramework(OAuth2AuthzEndpoint.java:3819)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleInitialAuthorizationRequest(OAuth2AuthzEndpoint.java:1394)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:356)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:529)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:661)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:425)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:357)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:294)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:146)
    at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:115)
    at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38)
    at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:83)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:204)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:120)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:110)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:71)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63)
    at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
    at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.NotSerializableException: org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorMessage
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1175)
    at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
    at java.base/java.util.HashMap.internalWriteEntries(HashMap.java:1858)
    at java.base/java.util.HashMap.writeObject(HashMap.java:1412)
    at java.base/jdk.internal.reflect.GeneratedMethodAccessor127.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at java.base/java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1016)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1487)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
    at java.base/java.util.ArrayList.writeObject(ArrayList.java:897)
    at java.base/jdk.internal.reflect.GeneratedMethodAccessor128.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at java.base/java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1016)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1487)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
    at org.apache.commons.lang3.SerializationUtils.serialize(SerializationUtils.java:153)
    ... 64 more

[2023-11-24 12:32:58,510] [3d2ea102-d3e3-4f26-8c48-f3bd50937f59] ERROR {org.wso2.carbon.identity.application.authentication.framework.store.SessionDataStore} - Error while storing session data org.wso2.carbon.identity.application.authentication.framework.exception.SessionSerializerException: Error while serializing the session object
    at org.wso2.carbon.identity.application.authentication.framework.store.JavaSessionSerializer.serializeSessionObject(JavaSessionSerializer.java:45)
    at org.wso2.carbon.identity.application.authentication.framework.store.SessionDataStore.setBlobObject(SessionDataStore.java:639)
    at org.wso2.carbon.identity.application.authentication.framework.store.SessionDataStore.persistSessionData(SessionDataStore.java:540)
    at org.wso2.carbon.identity.application.authentication.framework.store.SessionDataStore.storeSessionData(SessionDataStore.java:382)
    at org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache.addToCache(AuthenticationContextCache.java:127)
    at org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils.addAuthenticationContextToCache(FrameworkUtils.java:1073)
    at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:450)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:57)
    at org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:46)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleAuthFlowThroughFramework(OAuth2AuthzEndpoint.java:3819)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.handleInitialAuthorizationRequest(OAuth2AuthzEndpoint.java:1394)
    at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:356)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:529)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:661)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:425)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:357)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:294)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:146)
    at org.wso2.carbon.identity.context.rewrite.valve.OrganizationContextRewriteValve.invoke(OrganizationContextRewriteValve.java:115)
    at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38)
    at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:83)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:204)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:120)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:110)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:71)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:152)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:63)
    at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
    at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:137)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.NotSerializableException: org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorMessage
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1175)
    at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
    at java.base/java.util.HashMap.internalWriteEntries(HashMap.java:1858)
    at java.base/java.util.HashMap.writeObject(HashMap.java:1412)
    at java.base/jdk.internal.reflect.GeneratedMethodAccessor127.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at java.base/java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1016)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1487)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
    at java.base/java.util.ArrayList.writeObject(ArrayList.java:897)
    at java.base/jdk.internal.reflect.GeneratedMethodAccessor128.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at java.base/java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1016)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1487)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
    at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
    at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
    at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
    at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
    at org.wso2.carbon.identity.application.authentication.framework.store.JavaSessionSerializer.serializeSessionObject(JavaSessionSerializer.java:41)
    ... 66 more

Expected behavior: Should proceed to the authentication.

Environment information (Please complete the following information; remove any unnecessary fields) :

ashanthamara commented 9 months ago

Merge the following PR once this issue is fixed.

Thisara-Welmilla commented 9 months ago

Do we accommodate clicking on the back button from the browser in middle of the authentication flow. Sometime back we decide to consider such case as invalid scenario.

DMHP commented 8 months ago

Reducing the priority of this issue, as clicking on the back button from the browser back button is not recommended.