search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 723 forks source link

[Custom Connector] The Authenticator type automatically reverts to the default authentication after first login page load. #18444

Closed melanisilva closed 9 months ago

melanisilva commented 10 months ago

Describe the issue: After Using a custom connector as a sign-in method, choose an authenticator other than the default one from the application sign-in methods page. On application refresh, the authenticator automatically changes to the default one.

https://github.com/wso2/product-is/assets/41188245/9f7bf72c-6305-4bc2-baf5-2c461843c81d

How to reproduce:

  1. Create a custom connector
  2. Redirect to the settings page
  3. Create multiple authenticators and select one as a default
  4. Go to an application's sign-in method and add the custom connection to the sign-in flow
  5. from the custom connection select another authenticator other than the default one and update. (ex: If Google is the default authenticator, select Facebook authenticator.)

Expected behavior: The selected authenticator from the custom connector should be static. unless the user updates it.

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues:

Suggested labels:

DilshanSenarath commented 9 months ago

This issue can be a problem with caching. Initially, the endpoint provides the updated authenticator for the first application login page load. However, starting from the second request onwards, it consistently displays the default authenticator. Restarting the server resolves the issue temporarily, as the first loading displays the updated authenticator (May be due to the initial database read). Subsequent requests, however, revert to providing the default authenticator. There likely exists an issue in the when adding data to the cache.

UdeshAthukorala commented 9 months ago

With the Session Data Storage optimization improvement[1] we have optimized the Authentication Context Cache[2] by light weighting the Cache objects. In there we are have improved the ApplicationConfig object to a Optimized ApplicationConfig object which is including only the service provider IDs and federated Identity providers IDs instead of storing full Service provider object.

In the authentication process when we have authentication context cache we are reconstructing the service provider using the service provider and and federated IDP ids in the authentication step. So at that time we are always taking the Federated IDP using the db.

For applications that use custom connector IdPs as a sign-in method, admin can select and use one of the authenticators available in the custom connector IDP, other than the default authenticator. But when we creating the Service provider authentication steps using the federated IDP id, we are always consider IDP's default authenticator as the service providers' configured authenticator. That logic is incorrect for the custom connector IDPs.

This is the reason for this issue.

[1] https://github.com/wso2/product-is/issues/14502 [2] https://github.com/wso2/product-is/issues/14549

UdeshAthukorala commented 9 months ago

This will be fixed with