[jira] [Work logged] (KNOX-2982) Having one disabled one enabled identity-assertion provider in knoxsso doesn't work

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2982?focusedWorklogId=899919&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-899919
 ]

ASF GitHub Bot logged work on KNOX-2982:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Jan/24 15:31
            Start Date: 16/Jan/24 15:31
    Worklog Time Spent: 10m 
      Work Description: zeroflag commented on code in PR #832:
URL: https://github.com/apache/knox/pull/832#discussion_r1453597300


##########
gateway-spi/src/main/java/org/apache/knox/gateway/deploy/ServiceDeploymentContributorBase.java:
##########
@@ -82,7 +83,9 @@ protected void addAuthenticationFilter( DeploymentContext 
context, Service servi
   protected void addIdentityAssertionFilter( DeploymentContext context, 
Service service, ResourceDescriptor resource) {
     if( topologyContainsProviderType( context, "authentication" ) ||
         topologyContainsProviderType( context, "federation"  ) ) {
-      context.contributeFilter( service, resource, "identity-assertion", null, 
null );
+      Topology topology = context.getTopology();
+      Provider activeProvider = topology.getProvider("identity-assertion", 
null);

Review Comment:
   No, one line above there is a `topologyContainsProviderType` which does a 
`context.getTopology().getProviders()`. If it was null it would fail even 
earlier.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 899919)
    Time Spent: 0.5h  (was: 20m)

> Having one disabled one enabled identity-assertion provider in knoxsso 
> doesn't work
> -----------------------------------------------------------------------------------
>
>                 Key: KNOX-2982
>                 URL: https://issues.apache.org/jira/browse/KNOX-2982
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> If one has two identity-assertion providers, e.g.: HadoopGroupProvider and 
> Regexp, where the HadoopGroupProvider is disabled, then the Regex provider 
> doesn't work.
> The workaround is to delete the HadoopGroupProvider altogether (instead of 
> just disabling it).
> This is a bug in JerseyServiceDeploymentContributorBase>contributeService. 
> The addIdentityAssertionFilter is called with null provider names.
> The same thing applies to addAuthenticationFilter, addAuthorizationFilter 
> too. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)