diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java index db87b4c34c1..434130a5072 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java @@ -32,6 +32,8 @@ @Named public class AcrService { + public static final String AGAMA = "agama"; + @Inject private Logger log; @@ -48,7 +50,7 @@ public class AcrService { private AppConfiguration appConfiguration; public static boolean isAgama(String acr) { - return StringUtils.isNotBlank(acr) && acr.startsWith("agama_"); + return StringUtils.isNotBlank(acr) && (acr.startsWith("agama_") || acr.equalsIgnoreCase(AGAMA)); } public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrChangedException { diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/SessionIdService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/SessionIdService.java index 3e42c8631d0..17e3eee7e18 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/SessionIdService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/SessionIdService.java @@ -169,6 +169,10 @@ public String getAcr(SessionId session) { return acr; } + public static boolean isAgamaInSessionAndRequest(String sessionAcr, List acrValuesList) { + return isAgama(sessionAcr) && !acrValuesList.isEmpty() && isAgama(acrValuesList.iterator().next()); + } + // #34 - update session attributes with each request // 1) redirect_uri change -> update session // 2) acr change -> throw acr change exception @@ -190,8 +194,7 @@ public SessionId assertAuthenticatedSessionCorrespondsToNewRequest(SessionId ses } List acrValuesList = acrValuesList(acrValuesStr); - boolean isAgama = isAgama(sessionAcr) && !acrValuesList.isEmpty() && isAgama(acrValuesList.iterator().next()); - boolean isAcrChanged = !acrValuesList.isEmpty() && !acrValuesList.contains(sessionAcr) && !isAgama; + boolean isAcrChanged = !acrValuesList.isEmpty() && !acrValuesList.contains(sessionAcr) && !isAgamaInSessionAndRequest(sessionAcr, acrValuesList); if (isAcrChanged) { Map acrToLevel = externalAuthenticationService.acrToLevelMapping(); Integer sessionAcrLevel = Util.asInt(acrToLevel.get(externalAuthenticationService.scriptName(sessionAcr)), -1); @@ -916,9 +919,16 @@ public List acrValuesList(String acrValues) { HashSet resultAcrs = new HashSet<>(); for (String acr : acrs) { - resultAcrs.add(externalAuthenticationService.scriptName(acr)); + String acrForScript = isAgama(acr) ? AcrService.AGAMA : acr; + final String scriptName = externalAuthenticationService.scriptName(acrForScript); + if (StringUtils.isNotBlank(scriptName)) { + resultAcrs.add(acr); + } } + if (log.isTraceEnabled()) { + log.trace("acrValuesList {}", resultAcrs); + } return new ArrayList<>(resultAcrs); } diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/SessionIdServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/SessionIdServiceTest.java index e3d36493e00..9cbf958145b 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/service/SessionIdServiceTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/service/SessionIdServiceTest.java @@ -1,5 +1,6 @@ package io.jans.as.server.service; +import com.google.common.collect.Lists; import com.google.common.collect.Sets; import io.jans.as.common.model.session.SessionId; import io.jans.as.common.service.common.UserService; @@ -82,6 +83,18 @@ public class SessionIdServiceTest { @Mock private StatService statService; + @Test + public void isAgamaInSessionAndRequest_forAgama_shouldReturnTrue() { + assertTrue(SessionIdService.isAgamaInSessionAndRequest("agama", Lists.newArrayList("agama_io.jans.agamaLab.main"))); + assertTrue(SessionIdService.isAgamaInSessionAndRequest("agama", Lists.newArrayList("agama"))); + } + + @Test + public void isAgamaInSessionAndRequest_forBasic_shouldReturnFalse() { + assertFalse(SessionIdService.isAgamaInSessionAndRequest("agama", Lists.newArrayList("basic"))); + assertFalse(SessionIdService.isAgamaInSessionAndRequest("basic", Lists.newArrayList("agama_io.jans.agamaLab.main"))); + } + @Test public void hasAllScopes_whenSessionIsNull_shouldReturnFalse() { assertFalse(sessionIdService.hasAllScopes((SessionId) null, null));