fix(jans-auth-server): authz challenge session attributes are overwri…

…tten after external script run #6933 (#6936) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: Mustafa Baser <mbaser@mail.com>
JanssenProject · Dec 7, 2023 · 228d040 · 228d040
1 parent 87fbb24
commit 228d040
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/...server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java b/...server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java
@@ -189,10 +189,16 @@ private SessionId generateAuthenticateSessionWithCookie(AuthzRequest authzReques
         Map<String, String> requestParameterMap = requestParameterService.getAllowedParameters(parameterMap);
 
         SessionId sessionUser = sessionIdService.generateAuthenticatedSessionId(authzRequest.getHttpRequest(), user.getDn(), authzRequest.getPrompt());
-        sessionUser.setSessionAttributes(requestParameterMap);
+        final Set<String> sessionAttributesKeySet = sessionUser.getSessionAttributes().keySet();
+        requestParameterMap.forEach((key, value) -> {
+            if (!sessionAttributesKeySet.contains(key)) {
+                sessionUser.getSessionAttributes().put(key, value);
+            }
+        });
 
         cookieService.createSessionIdCookie(sessionUser, authzRequest.getHttpRequest(), authzRequest.getHttpResponse(), false);
         sessionIdService.updateSessionId(sessionUser);
+        log.trace("Session updated with {}", sessionUser);
 
         return sessionUser;
     }