Fix branding not applied to mfa #6021
Conversation
|
PR builder started |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #6021 +/- ##
============================================
- Coverage 40.23% 40.22% -0.01%
+ Complexity 14223 14208 -15
============================================
Files 1734 1734
Lines 117149 117170 +21
Branches 20155 20159 +4
============================================
Hits 47134 47134
- Misses 62761 62782 +21
Partials 7254 7254
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/11312819038
| @@ -393,6 +396,10 @@ && isStepHasMultiOption(context) | |||
|
|
|||
| if (!context.isLogoutRequest()) { | |||
| FrameworkUtils.getAuthenticationRequestHandler().handle(request, responseWrapper, context); | |||
| // Adding spIp param to the redirect URL if the authenticator is not the organization authenticator. | |||
| if (!ORGANIZATION_AUTHENTICATOR.equals(request.getParameter(AUTHENTICATOR))) { | |||
There was a problem hiding this comment.
Here we are trying skip adding sp-uuid to the consent page when it is organization authenticator. Trying to understand the how it created an issue. I hope you can proceed with the improvement exclude this and explain the issue may be via sharing the network trace where we can identify how it caused an issue.
There was a problem hiding this comment.
this is not for consent page. It's for the MFA pages in sub org applications.
When organization authenticator is being used, it's the point where the application auth process switches from main org to sub org. At this point the flow is still being executed at the main org level application. But the url being generated here leads to sub org first factor page. If we add the spId in the context to the URL, it'll be the main org application id, which is not valid for the sub org application page.
Proposed changes in this pull request
The MFA authentication pages does not applying application even though application level branding is enabled. This is due to the authenticator page URL not having the
spIdparameter.This PR adds the spId parameter to all authentication redirect urls that are run through the default request coordinator if they are not being processed through
OrganizationAuthenticator. This is since when OrganizationAuthenticator handles the request, it's at the point of SSO ing to sub org. At this point the context still holds the main organization applicationsspId'. Hence adding thatspId` will result in having main org app branding in the sub org application. This scenario is already handled separately.Related Issue