KNOX-2982 - Having one disabled one enabled identity-assertion provid…

…er in knoxsso doesn't work (#832)
apache · Jan 16, 2024 · 16daa62 · 16daa62
1 parent bb6719f
commit 16daa62
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/...ay-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java b/...ay-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java
@@ -21,6 +21,7 @@
 import org.apache.knox.gateway.descriptor.ResourceDescriptor;
 import org.apache.knox.gateway.topology.Provider;
 import org.apache.knox.gateway.topology.Service;
+import org.apache.knox.gateway.topology.Topology;
 import org.apache.knox.gateway.topology.Version;
 
 import java.net.URISyntaxException;
@@ -82,7 +83,9 @@ protected void addAuthenticationFilter( DeploymentContext context, Service servi
   protected void addIdentityAssertionFilter( DeploymentContext context, Service service, ResourceDescriptor resource) {
     if( topologyContainsProviderType( context, "authentication" ) ||
         topologyContainsProviderType( context, "federation"  ) ) {
-      context.contributeFilter( service, resource, "identity-assertion", null, null );
+      Topology topology = context.getTopology();
+      Provider activeProvider = topology.getProvider("identity-assertion", null);
+      context.contributeFilter(service, resource, "identity-assertion", activeProvider != null ? activeProvider.getName() : null, null);
     }
   }
 

diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java b/gateway-spi/src/main/java/org/apache/knox/gateway/topology/Topology.java
@@ -157,7 +157,10 @@ public Provider getProvider( String role, String name ) {
         provider = nameMap.get( name );
       }
       else {
-        provider = (Provider) nameMap.values().toArray()[0];
+        provider = nameMap.values().stream()
+                .filter(Provider::isEnabled)
+                .findFirst()
+                .orElse((Provider) nameMap.values().toArray()[0]);
       }
     }
     return provider;

diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/topology/TopologyTest.java
@@ -89,6 +89,25 @@ public void testNullApplications() {
     assertEquals(t1, t2);
   }
 
+  @Test
+  public void testGettingMultipleProvidersReturnsTheFirstEnabled() {
+    Topology topology = new Topology();
+
+    Provider disabledProvider = new Provider();
+    disabledProvider.setRole("identity-assertion");
+    disabledProvider.setName("disabled_prov");
+    disabledProvider.setEnabled(false);
+    topology.addProvider(disabledProvider);
+
+    Provider enabledProvider = new Provider();
+    enabledProvider.setName("enabled_prov");
+    enabledProvider.setRole("identity-assertion");
+    enabledProvider.setEnabled(true);
+    topology.addProvider(enabledProvider);
+
+    assertEquals("enabled_prov", topology.getProvider("identity-assertion", null).getName());
+  }
+
   @Test
   public void testEmptyTopologiesWithSameName() {
     final String name = "tName";