oxAuth still searches custom script using it's acr_value while it should be its inum

[aliaksander-samuseu]

Description

When a default authentication script set for some OIDC client in oxTrust, it's the script's inum what is now written to "oxAuthDefaultAcrValues" attribute of the script's LDAP entry - but while serving OIDC flow oxAuth still seem to try to look up the script as if it was its acr_value

Steps To Reproduce

1. Enable "basic" authentication script
2. Set it as a default acr for some OIDC client
3. Make sure no other auth method may take precedence for this client
4. Start the flow for the client without specifying which acr to use explicitly

Expected behavior

Unless any override happens oxAuth engages the script set as default acr for the client

Actual behavior

Flow fails with an error page. In oxauth.log next lines appear:

2023-03-28 17:13:31,909 ERROR [qtp902478634-15] [gluu.oxauth.authorize.ws.rs.AuthorizeAction] (AuthorizeAction.java:285) - Failed to get CustomScriptConfiguration. auth_step: 1, acr_values: A51E-76DA
2023-03-28 17:13:31,909 TRACE [qtp902478634-15] [org.gluu.oxauth.service.AuthorizeService] (AuthorizeService.java:184) - permissionDenied

[aliaksander-samuseu]

I can also confirm that by directly modifying "oxAuthDefaultAcrValues" attribute to the name of the script the issue can be circumvented for now.

[yuriyz]

@aliaksander-samuseu there must be mis-understanding. oxAuthDefaultAcrValues must hold script name, not inum. Closing it as invalid. Please open bug on UI if UI sets inum instead of name.