Merge remote-tracking branch 'upstream/master' into loginflow-ai-2

components/action-mgt/org.wso2.carbon.identity.action.execution/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>action-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>action-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/action-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.collection.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>api-resource-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>api-resource-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>

components/api-resource-mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/application-mgt/org.wso2.carbon.identity.application.common/pom.xml

@@ -18,7 +18,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/AuthenticatorMgtExceptionBuilder.java

@@ -80,15 +80,17 @@ public static AuthenticatorMgtServerRuntimeException buildRuntimeServerException
     public enum AuthenticatorMgtError {
 
         // Client errors.
-        ERROR_NOT_FOUND_AUTHENTICATOR("60001", "No Authenticator found.",
+        ERROR_NOT_FOUND_AUTHENTICATOR("60010", "No Authenticator found.",
                 "No Authenticator found by given authenticator name: %s."),
-        ERROR_OPERATION_ALLOWED_FOR_SYSTEM_AUTHENTICATOR("60002", "No operations allowed on system " +
-                "authenticators.", "Do not allow to perform any operation on system defined authenticator: %s."),
-        ERROR_AUTHENTICATOR_ALREADY_EXIST("60003", "The authenticator already exists.",
+        ERROR_CODE_INVALID_ENDPOINT_CONFIG("60011", "Invalid endpoint configuration provided.",
+                "Invalid endpoint configuration is provided for the authenticator %s."),
+        ERROR_CODE_ERROR_AUTHENTICATOR_NOT_FOUND("60012", "Authenticator not found.",
+                "Authenticator not found by the given name: %s."),
+        ERROR_AUTHENTICATOR_ALREADY_EXIST("60013", "The authenticator already exists.",
                 "The authenticator already exists for the given name: %s."),
-        ERROR_INVALID_AUTHENTICATOR_NAME("60004", "Authenticator name is invalid.",
+        ERROR_INVALID_AUTHENTICATOR_NAME("60014", "Authenticator name is invalid.",
                 "The provided authenticator name %s is not in the expected format %s."),
-        ERROR_BLANK_FIELD_VALUE("60004", "Invalid empty or blank value.",
+        ERROR_BLANK_FIELD_VALUE("60015", "Invalid empty or blank value.",
                 "Value for %s should not be empty or blank."),
 
         // Server errors.

components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/UserDefinedAuthenticatorEndpointConfigManager.java

@@ -198,7 +198,7 @@ private static AuthenticatorMgtException handleActionMgtException(AuthenticatorM
         if (actionException instanceof ActionMgtClientException) {
             ActionMgtClientException error = (ActionMgtClientException) actionException;
             throw new AuthenticatorMgtClientException(
-                    authenticatorMgtError.getCode(), error.getMessage(), error.getDescription());
+                    authenticatorMgtError.getCode(), authenticatorMgtError.getMessage(), error.getDescription());
         }
 
         throw buildServerException(authenticatorMgtError, data);

components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/src/main/resources/web/application/configure-service-provider.jsp

@@ -1211,8 +1211,8 @@
     function deleteClaimRow(obj) {
         if ($('input:radio[name=claim_dialect]:checked').val() == "custom") {
             if ($(obj).parent().parent().find('input.spClaimVal').val().length > 0) {
-                $('#roleClaim option[value="' + $(obj).parent().parent().find('input.spClaimVal').val() + '"]').remove();
-                $('#subject_claim_uri option[value="' + $(obj).parent().parent().find('input.spClaimVal').val() + '"]').remove();
+               $('#roleClaim option[value="' + encodeForHTML($(obj).parent().parent().find('input.spClaimVal').val()) + '"]').remove();
+                $('#subject_claim_uri option[value="' + encodeForHTML($(obj).parent().parent().find('input.spClaimVal').val()) + '"]').remove();
             }
         }
 

components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>7.7.63-SNAPSHOT</version>
+        <version>7.7.85-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>org.wso2.carbon.identity.application.mgt</artifactId>

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/ApplicationDAO.java

@@ -474,4 +474,33 @@ default List<TrustedApp> getTrustedApps(PlatformType platformType) throws Identi
 
         return new ArrayList<>();
     }
+
+    /**
+     * Retrieve the service provider resource IDs associated with the default federated IDP authenticator.
+     *
+     * @param idpName                  Name of the identity provider.
+     * @param defaultAuthenticatorName default authenticator name.
+     * @param tenantDomain             Tenant domain of Identity Provider.
+     * @return SPs resource ID list.
+     * @throws IdentityApplicationManagementException Error when getting SP resource IDs.
+     */
+    default String[] getSPsAssociatedWithFederatedIDPAuthenticator(String idpName,
+                                                                   String defaultAuthenticatorName,
+                                                                   String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+        return new String[0];
+    }
+
+    /**
+     * Update the local and outbound authentication configuration of a service provider.
+     *
+     * @param applicationDTO Updated service provider instance.
+     * @param tenantDomain   Tenant domain of Service Provider.
+     * @throws IdentityApplicationManagementException Error when updating local and outbound auth configs for the SP.
+     */
+    default void updateApplicationLocalAndOutboundAuthConfig(ServiceProvider applicationDTO, String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+    }
 }

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java

@@ -1575,7 +1575,7 @@ private void updateLocalAndOutboundAuthenticationConfiguration(int applicationId
                         for (LocalAuthenticatorConfig lclAuthenticator : authStep
                                 .getLocalAuthenticatorConfigs()) {
                             // set the identity provider name to LOCAL.
-                            int authenticatorId = getAuthentictorID(connection, tenantID,
+                            int authenticatorId = getAuthenticatorID(connection, tenantID,
                                     ApplicationConstants.LOCAL_IDP_NAME, lclAuthenticator.getName());
                             if (authenticatorId < 0) {
                                 authenticatorId = addAuthenticator(connection, tenantID,
@@ -1623,7 +1623,7 @@ private void updateLocalAndOutboundAuthenticationConfiguration(int applicationId
                                 for (FederatedAuthenticatorConfig authenticator : authenticators) {
                                     // ID, TENANT_ID, AUTHENTICATOR_ID
                                     if (authenticator != null) {
-                                        int authenticatorId = getAuthentictorID(connection, tenantID,
+                                        int authenticatorId = getAuthenticatorID(connection, tenantID,
                                                 idpName, authenticator.getName());
                                         if (authenticatorId > 0) {
                                             storeStepIDPAuthnPrepStmt.setInt(1, stepId);
@@ -5015,8 +5015,8 @@ public boolean isApplicationExists(String serviceProviderName, String tenantName
      * @return
      * @throws SQLException
      */
-    private int getAuthentictorID(Connection conn, int tenantId, String idpName,
-                                  String authenticatorName) throws SQLException {
+    private int getAuthenticatorID(Connection conn, int tenantId, String idpName,
+                                   String authenticatorName) throws SQLException {
 
         if (idpName == null || idpName.isEmpty()) {
             return -1;
@@ -6673,6 +6673,61 @@ public List<TrustedApp> getTrustedApps(PlatformType platformType) throws Identit
         return trustedApps;
     }
 
+    @Override
+    public String[] getSPsAssociatedWithFederatedIDPAuthenticator(String idpName,
+                                                                  String defaultAuthenticatorName,
+                                                                  String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+        Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false);
+        PreparedStatement prepStmt = null;
+        ResultSet resultSet = null;
+        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
+        List<String> spResourceIDs = new ArrayList<>();
+
+        try {
+            int defaultAuthenticatorId =
+                    getAuthenticatorID(dbConnection, tenantId, idpName, defaultAuthenticatorName);
+
+            prepStmt = dbConnection.prepareStatement(
+                    ApplicationMgtDBQueries.GET_SP_UUIDS_ASSOCIATED_AUTH_FLOW_AUTHENTICATOR);
+            prepStmt.setInt(1, defaultAuthenticatorId);
+            prepStmt.setString(2, ApplicationConstants.AUTH_TYPE_FEDERATED);
+            resultSet = prepStmt.executeQuery();
+            while (resultSet.next()) {
+                spResourceIDs.add(resultSet.getString(ApplicationTableColumns.UUID));
+            }
+
+            return spResourceIDs.toArray(new String[0]);
+        } catch (SQLException e) {
+            throw new IdentityApplicationManagementException("Error occurred while getting SP resource IDs " +
+                    "associated with the default authenticator: " + defaultAuthenticatorName +
+                    " of the federated IDP: " + idpName, e);
+        } finally {
+            IdentityDatabaseUtil.closeAllConnections(dbConnection, resultSet, prepStmt);
+        }
+    }
+
+    @Override
+    public void updateApplicationLocalAndOutboundAuthConfig(ServiceProvider serviceProvider, String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+        int applicationId = serviceProvider.getApplicationID();
+        Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+        try {
+            deleteLocalAndOutboundAuthenticationConfiguration(applicationId, connection);
+            updateLocalAndOutboundAuthenticationConfiguration(applicationId,
+                    serviceProvider.getLocalAndOutBoundAuthenticationConfig(), connection);
+            IdentityDatabaseUtil.commitTransaction(connection);
+        } catch (SQLException e) {
+            IdentityDatabaseUtil.rollbackTransaction(connection);
+            throw new IdentityApplicationManagementException(
+                    "Failed to update local and outbound config of application: " + applicationId, e);
+        } finally {
+            IdentityApplicationManagementUtil.closeConnection(connection);
+        }
+    }
+
     private void rollbackAddApplicationTransaction(Connection connection, ServiceProvider application,
                                                    String tenantDomain) throws IdentityApplicationManagementException {
 

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java

@@ -509,6 +509,10 @@ public class ApplicationMgtDBQueries {
     public static final String GET_TOTAL_SP_CLAIM_USAGES = "SELECT COUNT(*) FROM SP_CLAIM_MAPPING WHERE TENANT_ID = ?" +
             " AND IDP_CLAIM = ?";
 
+    public static final String GET_SP_UUIDS_ASSOCIATED_AUTH_FLOW_AUTHENTICATOR = "SELECT " +
+            "UUID FROM SP_APP JOIN SP_AUTH_STEP ON SP_APP.ID=SP_AUTH_STEP.APP_ID JOIN SP_FEDERATED_IDP ON " +
+            "SP_AUTH_STEP.ID=SP_FEDERATED_IDP.ID WHERE SP_FEDERATED_IDP.AUTHENTICATOR_ID = ? AND SP_APP.AUTH_TYPE = ?";
+
     public static final String GET_MAIN_APP_ID = "SELECT MAIN_APP_ID FROM SP_SHARED_APP WHERE SHARED_APP_ID = ?";
 
     public static final String GET_OWNER_ORG_ID_BY_SHARED_APP_ID =

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/CacheBackedApplicationDAO.java

@@ -563,6 +563,14 @@ public List<TrustedApp> getTrustedApps(PlatformType platformType) throws Identit
         return trustedApps;
     }
 
+    @Override
+    public void updateApplicationLocalAndOutboundAuthConfig(ServiceProvider serviceProvider, String tenantDomain) throws
+            IdentityApplicationManagementException {
+
+        clearAllAppCache(serviceProvider, tenantDomain);
+        appDAO.updateApplicationLocalAndOutboundAuthConfig(serviceProvider, tenantDomain);
+    }
+
     private void addToCache(ServiceProvider serviceProvider, String tenantDomain) {
 
         if (log.isDebugEnabled()) {

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/FileBasedApplicationDAO.java

@@ -315,4 +315,11 @@ public ServiceProvider getApplicationByResourceId(String resourceId, String tena
         // For the File based applications, application name is set as resource id.
         return getApplication(resourceId, tenantDomain);
     }
+
+    @Override
+    public void updateApplicationLocalAndOutboundAuthConfig(ServiceProvider applicationDTO, String tenantDomain)
+            throws IdentityApplicationManagementException {
+
+        throw new IdentityApplicationManagementException("Not supported in file based dao.");
+    }
 }