search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 724 forks source link

Preventing registering two authenticators with the same name #6048

Open mefarazath opened 5 years ago

mefarazath commented 5 years ago

In the current implementation,

When authenticators are registered we do not validate whether two authenticators are registered with the same name. The impact of this is quite serious.

At runtime, we have no clue which authenticator is shown in the UI as only one of them will be displayed under the local authenticator configs.

Also when we try to update a service provider after selecting local authenticator options the below error is seen

Caused by: java.lang.IllegalStateException: Duplicate key [Lorg.wso2.carbon.identity.application.common.model.Property;@2322f50b
    at java.util.stream.Collectors.lambda$throwingMerger$0(Collectors.java:133)
    at java.util.HashMap.merge(HashMap.java:1253)
    at java.util.stream.Collectors.lambda$toMap$58(Collectors.java:1320)
    at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
    at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
    at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
    at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
    at org.wso2.carbon.identity.application.mgt.ApplicationMgtValidator.validateLocalAndOutBoundAuthenticationConfig(ApplicationMgtValidator.java:108)
    at org.wso2.carbon.identity.application.mgt.ApplicationMgtValidator.validateSPConfigurations(ApplicationMgtValidator.java:76)
    at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.updateApplication(ApplicationManagementServiceImpl.java:401)
    at org.wso2.carbon.identity.application.mgt.ApplicationManagementAdminService.updateApplication(ApplicationManagementAdminService.java:237)
    ... 81 more

This can be easily reproduced by having two versions of a local authenticator in the dropins folder and trying to update a service provider after selecting the local authentication option.

If we print an error during the authenticator registration, then it would be much easier to diagnose errors like above.

rksk commented 1 year ago

Anyone who came here by searching for the error message Duplicate key [Lorg.wso2.carbon.identity.application.common.model.Property; please check whether you have multiple copies of the same authenticator with different versions in the /repository/components/dropins directory. If this started to occur after taking product updates, you can safely delete the older versions and keep the latest.