Fixing issues with auth chaining

README.md

@@ -42,14 +42,24 @@ You can find the distribution zip file (*openam-auth-sample-modules-dist.zip*) i
 ```    
 * Update module properties *Access Control > **REALM_NAME** > Authentication > Module Instances > **MODULE_NAME***
 
+## Authentication Chains
+* Create authentication service:
+```
+    $ ssoadm create-auth-cfg -u amadmin -f /tmp/admin.pwd --name <SERVICE_NAME> --realm <REALM_NAME>
+```
+* Add modules to the chain:
+```
+    $ ssoadm add-auth-cfg-entr -u amadmin -f /tmp/admin.pwd --name <SERVICE_NAME> --modulename <MODULE_NAME> --criteria <REQUIRED,REQUISITE,SUFFICIENT,OPTIONAL> --position  <0,1,2,3...> --realm <REALM_NAME>
+```
 ## Curl Commands
 
 * Authenticate
+
 ```
 curl  -k --request POST  \
   --header "X-OpenAM-Username: demo"  \
   --header "X-OpenAM-Password: changeit"  \
-  --header "Content-Type: application/json"  "https://openam.indigoconsulting.com:8443/sso/json/authenticate?authIndexType=module&authIndexValue=Module1"
+  --header "Content-Type: application/json"  "https://openam.indigoconsulting.com:8443/sso/json/authenticate"
 ```
 * Upgrade Session
 ```

src/main/java/com/groman/openam/auth/Module1.java

@@ -13,8 +13,10 @@
 import com.sun.identity.authentication.spi.AMLoginModule;
 import com.sun.identity.authentication.spi.AuthLoginException;
 import com.sun.identity.authentication.util.ISAuthConstants;
+import com.sun.identity.shared.datastruct.CollectionHelper;
 import com.sun.identity.shared.debug.Debug;
 
+@SuppressWarnings("rawtypes")
 public class Module1 extends AMLoginModule {
 
     //Error codes
@@ -26,9 +28,13 @@ public class Module1 extends AMLoginModule {
 
     // Name of the resource bundle
     private final static String RES_BUNDLE_NAME = "amAuthModule1";
+
+    //ShareState object keys
+    private final static String SSN_KEY = "com.groman.ssn";
 
     private final static String USERNAME = "demo";
     private final static String PASSWORD = "changeit";
+    private final static String SSN = "111224444";
 
     private final static int LOGIN_START = 1;
     private final static int ERROR_STATE = 2;
@@ -37,6 +43,7 @@ public class Module1 extends AMLoginModule {
 
     private Map sharedState;
     private ResourceBundle bundle;
+    private boolean storedCredentials = true;
 
     @Override
     public Principal getPrincipal() {
@@ -50,12 +57,16 @@ public void init(Subject subject, Map sharedState, Map options) {
         }
         this.sharedState = sharedState;
         bundle = amCache.getResBundle(RES_BUNDLE_NAME, getLoginLocale());
+
+        storedCredentials = Boolean.valueOf(CollectionHelper.getMapAttr(
+            options, ISAuthConstants.STORE_SHARED_STATE_ENABLED, "true")
+            ).booleanValue();
     }
 
     @Override
     public int process(Callback[] callbacks, int currentState) throws LoginException {
         if (debug.messageEnabled()) {
-            debug.message("init(): current state: " + currentState);
+            debug.message("process(): current state: " + currentState);
         }
 
         if (currentState != LOGIN_START) {
@@ -83,7 +94,9 @@ public int process(Callback[] callbacks, int currentState) throws LoginException
         if (debug.messageEnabled()) {
             debug.message("Succesful authentication for username: " + username);
         }
-        storeUsername(username);
+        storeInSharedState(ISAuthConstants.SHARED_STATE_USERNAME, username);
+        storeInSharedState(ISAuthConstants.SHARED_STATE_PASSWORD, password);
+        storeInSharedState(SSN_KEY, SSN);
         return ISAuthConstants.LOGIN_SUCCEED;
     }
 
@@ -92,13 +105,18 @@ private void setErrorMessage(String error_code) throws AuthLoginException {
         substituteHeader(ERROR_STATE, bundle.getString(error_code));
     }
 
-    private void storeUsername(String username) {
+    @SuppressWarnings("unchecked")
+    private void storeInSharedState(String key, String value) {
+
+        //Make sure store of credentials is enabled
+        if (!storedCredentials) return;
+
         if (debug.messageEnabled()) {
-            debug.message("Storing username in Shared State: " + username);
+            debug.message("Storing "+ key + "  in Shared State");
         }
         if (sharedState != null) {
-            sharedState.put(getUserKey(), username);
-        }
+            sharedState.put(key, value);
+        } 
     }
 
 }

src/main/java/com/groman/openam/auth/Module2.java

@@ -14,17 +14,24 @@
 import com.sun.identity.authentication.spi.AMLoginModule;
 import com.sun.identity.authentication.spi.AuthLoginException;
 import com.sun.identity.authentication.util.ISAuthConstants;
+import com.sun.identity.shared.datastruct.CollectionHelper;
 import com.sun.identity.shared.debug.Debug;
 
+@SuppressWarnings("rawtypes")
 public class Module2 extends AMLoginModule {
     // Name of the debug file
     private final static String MODULE_NAME = "Module2";
 
+    //ShareState object keys
+    private final static String SSN_KEY = "com.groman.ssn";
+
     private final static String SSN = "111223333";
 
     private Map sharedState;
     private String username;
     private String UUID;
+    private boolean sharedStateEnabled;
+    private String sharedStateBehaviorPattern;
 
     private final static int LOGIN_START = 1;
 
@@ -42,7 +49,24 @@ public void init(Subject subject, Map sharedState, Map options) {
             debug.message("Module2::init");
         }
         this.sharedState = sharedState;
+
+        sharedStateEnabled = Boolean.valueOf(CollectionHelper.getMapAttr(
+                options, ISAuthConstants.SHARED_STATE_ENABLED, "false")
+                ).booleanValue();
+
+        sharedStateBehaviorPattern = CollectionHelper.getMapAttr(options,
+            ISAuthConstants.SHARED_STATE_BEHAVIOR_PATTERN,
+            "tryFirstPass");
+
         loadCredentials();
+
+        debug.message("Is ShareState enabled: " + sharedStateEnabled);
+        debug.message("ShareState Behavior Patter: " + sharedStateBehaviorPattern);
+
+        if (username == null || username.length() == 0) {
+            throw new RuntimeException("Missing username");
+        }
+
     }
 
     @Override
@@ -59,10 +83,25 @@ public int process(Callback[] callbacks, int currentState) throws LoginException
             throw new AuthLoginException("Invalid state"); 
         }
 
-        // Get credentials from callbacks
-        NameCallback nc = (NameCallback) callbacks[0];
-        String ssn = nc.getName();
-        ssn = ssn.replace("-", "");
+        // Get credentials
+        String ssn = null;
+        if ((callbacks == null || callbacks.length == 0) && sharedStateEnabled) {
+            debug.message("Callbacks are empty. Trying with SharedState");
+            ssn = (String) sharedState.get(SSN_KEY);
+            if (!SSN.equals(ssn) && "tryFirstPass".equals(sharedStateBehaviorPattern)) {
+                debug.message("Invalid SSN but it's tryFirstPass. Displaying login page");
+                return LOGIN_START;
+            }
+        } else {
+            NameCallback nc = (NameCallback) callbacks[0];
+            ssn = nc != null ? nc.getName() : null;
+        }
+
+        //Remove hyphens
+        if (ssn != null) {
+            ssn = ssn.replace("-", "");
+        }
+
         if (!SSN.equals(ssn)) {
             throw new AuthLoginException("Invalid SSN: " + ssn); 
         }
@@ -77,11 +116,10 @@ public int process(Callback[] callbacks, int currentState) throws LoginException
     private void loadCredentials() {
         //get username from previous authentication
         try {
-            username = (String) sharedState.get(getUserKey());
+            username = (String) sharedState.get(ISAuthConstants.SHARED_STATE_USERNAME);
             if (debug.messageEnabled()) {
                 debug.message("loadCredentials() : Got username from shared state: " + username);
             }
-            username = (String) sharedState.get(getUserKey());
             if (username == null || username.isEmpty()) {
                 if (debug.messageEnabled()) {
                     debug.message("Session upgrade case");