Skip to content

Limit the federated IDP authenticator property update based on the configured max limit #999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sadilchamishka merged 1 commit into from
Sep 12, 2025
Merged

Limit the federated IDP authenticator property update based on the configured max limit #999

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions ...er.idp.common/src/main/java/org/wso2/carbon/identity/api/server/idp/common/Constants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,9 @@ public class Constants {
public static final String TENANT_DOMAIN_KEY = "tenantDomain";
public static final String SEARCH_VALUE_AUTHENTICATION_PROVISIONING = SERV_PROVISIONING + "," + SERV_AUTHENTICATION;

public static final String MAX_FEDERATED_AUTHENTICATORS_PROPERTY_LIMIT =
"MaxFederatedAuthenticatorPropertiesPerIdP";

/**
* Enum for error messages.
*/
Expand Down Expand Up @@ -161,6 +164,10 @@ public enum ErrorMessage {
ERROR_COED_MULTIPLE_USER_DEFINED_AUTHENTICATORS_FOUND("60044", "Invalid federated " +
"authenticators combination.", "Allow to have only one user defined " +
"federated authenticator and no system authenticators."),
ERROR_CODE_MAX_FEDERATED_AUTHENTICATOR_PROPERTY_EXCEEDED("60045",
"Maximum number of authenticator properties exceeded.",
"Maximum number of allowed properties for a federated authenticator have been exceeded. " +
"Max allowed: %s."),

// Server Error starting from 650xx.
ERROR_CODE_ERROR_ADDING_IDP("65002",
Expand Down
44 changes: 44 additions & 0 deletions ...main/java/org/wso2/carbon/identity/api/server/idp/v1/core/ServerIdpManagementService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ public IdentityProviderResponse addIDP(IdentityProviderPOSTRequest identityProvi
IdentityProvider identityProvider;
try {
validateSystemReservedIDP(identityProviderPOSTRequest.getName());
validateFederatedAuthenticatorsPropertyLimit(identityProviderPOSTRequest.getFederatedAuthenticators());
identityProvider = identityProviderManager.addIdPWithResourceId(createIDP(identityProviderPOSTRequest),
ContextLoader.getTenantDomainFromContext());
} catch (IdentityProviderManagementException e) {
Expand Down Expand Up @@ -747,6 +748,10 @@ public FederatedAuthenticator updateFederatedAuthenticator(String idpId, String
// IDP object.
IdentityProvider idpToUpdate = createIdPClone(idp);

if (authenticator.getProperties() != null) {
validateAuthenticatorPropertyLimit(authenticator.getProperties().size());
}

checkAuthenticatorExistence(federatedAuthenticatorId, tenantDomain);
// Create new FederatedAuthenticatorConfig to store the federated authenticator information.
FederatedAuthenticatorConfig authConfig = updateFederatedAuthenticatorConfig(federatedAuthenticatorId,
Expand Down Expand Up @@ -3762,4 +3767,43 @@ private enum IdpOperation {
CREATION,
UPDATE
}

private void validateFederatedAuthenticatorsPropertyLimit(
FederatedAuthenticatorRequest federatedAuthenticatorRequest) {

if (federatedAuthenticatorRequest == null || federatedAuthenticatorRequest.getAuthenticators() == null) {
return;
}

for (FederatedAuthenticator authenticator : federatedAuthenticatorRequest.getAuthenticators()) {
if (authenticator.getProperties() != null) {
validateAuthenticatorPropertyLimit(authenticator.getProperties().size());
}
}
}

private void validateAuthenticatorPropertyLimit(int propertyCount) {

int maxFederatedAuthenticatorPropertyLimit;
try {
maxFederatedAuthenticatorPropertyLimit = Integer.parseInt(IdentityUtil
.getProperty(Constants.MAX_FEDERATED_AUTHENTICATORS_PROPERTY_LIMIT));
} catch (NumberFormatException e) {
if (log.isDebugEnabled()) {
log.debug("The system property: " + Constants.MAX_FEDERATED_AUTHENTICATORS_PROPERTY_LIMIT +
" is not a valid integer.");
}
return;
}

if (propertyCount > maxFederatedAuthenticatorPropertyLimit) {
if (log.isDebugEnabled()) {
log.debug("The number of properties provided for the federated authenticator exceeds the maximum " +
"allowed limit of: " + maxFederatedAuthenticatorPropertyLimit);
}
throw handleException(Response.Status.BAD_REQUEST,
Constants.ErrorMessage.ERROR_CODE_MAX_FEDERATED_AUTHENTICATOR_PROPERTY_EXCEEDED,
String.valueOf(maxFederatedAuthenticatorPropertyLimit));
}
}
}